Attachment #188825 for bug #224339

View | Details | Raw Unified | Return to bug 224339
Collapse All | Expand All

Lines 3-9 Link Here

(-)b/lang/erlang-runtime17/Makefile (-1 / +1 lines)
3		3
4	PORTNAME= erlang	4	PORTNAME= erlang
5	PORTVERSION= 17.5.6.9	5	PORTVERSION= 17.5.6.9
6	PORTREVISION= 6	6	PORTREVISION= 7
7	CATEGORIES= lang parallel java	7	CATEGORIES= lang parallel java
8	MASTER_SITES= http://www.erlang.org/download/:erlangorg \	8	MASTER_SITES= http://www.erlang.org/download/:erlangorg \
9	http://erlang.stacken.kth.se/download/:erlangorg \	9	http://erlang.stacken.kth.se/download/:erlangorg \




--- lib/ssl/src/ssl_connection.erl.orig	2015-03-31 12:32:52.000000000 +0000
+++ lib/ssl/src/ssl_connection.erl	2017-12-14 13:13:46.570861000 +0000
@@ -1135,8 +1135,25 @@
     request_client_cert(State2, Connection).
 
 certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
-			    #state{private_key = Key} = State, Connection) ->
-    PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key),
+			    #state{private_key = Key, client_hello_version = {Major, Minor} = Version } = State, Connection) ->
+
+    %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
+    %% and fail handshake later.RFC 5246 section 7.4.7.1.
+    PremasterSecret =
+	try ssl_handshake:premaster_secret(EncPMS, Key) of
+	    Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
+		case Secret of
+		    <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
+			Secret;
+		    <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
+			<<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
+		end;
+	    _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
+		make_premaster_secret(Version, rsa)
+	catch
+	    #alert{description = ?DECRYPT_ERROR} ->
+		make_premaster_secret(Version, rsa)
+	end,
     calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
 
 certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},




--- lib/ssl/src/ssl_connection.hrl.orig	2015-03-31 12:32:52.000000000 +0000
+++ lib/ssl/src/ssl_connection.hrl	2017-12-14 13:18:02.736638000 +0000
@@ -53,7 +53,8 @@
           session               :: #session{} | secret_printout(),
 	  session_cache         :: db_handle(),
 	  session_cache_cb      :: atom(),
-          negotiated_version    :: ssl_record:ssl_version(),
+          negotiated_version    :: ssl_record:ssl_version() | 'undefined',
+          client_hello_version  :: ssl_record:ssl_version() | 'undefined',
           client_certificate_requested = false :: boolean(),
 	  key_algorithm         :: ssl_cipher:key_algo(),
 	  hashsign_algorithm = {undefined, undefined},

Added Link Here

(-)b/lang/erlang-runtime17/files/patch-lib_ssl_src_tls__connection.erl (-1 / +10 lines)
0	-	1	--- lib/ssl/src/tls_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000
		2	+++ lib/ssl/src/tls_connection.erl 2017-12-14 13:22:41.792681000 +0000
		3	@@ -197,6 +197,7 @@
		4	ssl_connection:hello({common_client_hello, Type, ServerHelloExt, HashSign},
		5	State#state{connection_states = ConnectionStates,
		6	negotiated_version = Version,
		7	+ client_hello_version = ClientVersion,
		8	session = Session,
		9	client_ecc = {EllipticCurves, EcPointFormats}}, ?MODULE);
		10	#alert{} = Alert ->

Return to bug 224339

Added Link Here

(-)b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.erl (+30 lines)
1	--- lib/ssl/src/ssl_connection.erl.orig 2015-03-31 12:32:52.000000000 +0000
2	+++ lib/ssl/src/ssl_connection.erl 2017-12-14 13:13:46.570861000 +0000
3	@@ -1135,8 +1135,25 @@
4	request_client_cert(State2, Connection).
5
6	certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
7	- #state{private_key = Key} = State, Connection) ->
8	- PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key),
9	+ #state{private_key = Key, client_hello_version = {Major, Minor} = Version } = State, Connection) ->
10	+
11	+ %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
12	+ %% and fail handshake later.RFC 5246 section 7.4.7.1.
13	+ PremasterSecret =
14	+ try ssl_handshake:premaster_secret(EncPMS, Key) of
15	+ Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
16	+ case Secret of
17	+ <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
18	+ Secret;
19	+ <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
20	+ <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
21	+ end;
22	+ _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
23	+ make_premaster_secret(Version, rsa)
24	+ catch
25	+ #alert{description = ?DECRYPT_ERROR} ->
26	+ make_premaster_secret(Version, rsa)
27	+ end,
28	calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
29
30	certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},

Added Link Here

(-)b/lang/erlang-runtime17/files/patch-lib_ssl_src_ssl__connection.hrl (+12 lines)
1	--- lib/ssl/src/ssl_connection.hrl.orig 2015-03-31 12:32:52.000000000 +0000
2	+++ lib/ssl/src/ssl_connection.hrl 2017-12-14 13:18:02.736638000 +0000
3	@@ -53,7 +53,8 @@
4	session :: #session{} \| secret_printout(),
5	session_cache :: db_handle(),
6	session_cache_cb :: atom(),
7	- negotiated_version :: ssl_record:ssl_version(),
8	+ negotiated_version :: ssl_record:ssl_version() \| 'undefined',
9	+ client_hello_version :: ssl_record:ssl_version() \| 'undefined',
10	client_certificate_requested = false :: boolean(),
11	key_algorithm :: ssl_cipher:key_algo(),
12	hashsign_algorithm = {undefined, undefined},