OpenSSL Security Advisory

Matt Caswell matt at openssl.org
Tue Apr 21 21:37:24 UTC 2020 


On 21/04/2020 20:46, Sam Roberts wrote:
> The announcement claims that this affects SSL_check_chain().
>
> Is that an exhaustive list? If an application does NOT call that
> function, does this mean the vulnerability is not exploitable?

As Ben says - this is correct.

>
> I ask because the the fixed function tls1_check_sig_alg is called by
> tls1_check_chain, and that is called directly by SSL_check_chain, but
> it is also called by tls1_set_cert_validity, and that is called from

You will note that tls1_check_sig_alg is only affected if we go down the
TLSv1.3 codepath. However tls1_set_cert_validity() only has one caller
and it looks like this:

    if (SSL_IS_TLS13(s)) {
        ...
    } else {
        tls1_set_cert_validity(s);
        ssl_set_masks(s);
    }

So it is only ever called in a non-TLSv1.3 handshake.

Matt


> inside the tls state machine, but with different parameters, so its a
> bit hard to see if it is affected or not.
>
> Thanks,
> Sam
>
> On Tue, Apr 21, 2020 at 6:26 AM OpenSSL <openssl at openssl.org> wrote:
>>
> OpenSSL Security Advisory [21 April 2020]
> =========================================
> 
> Segmentation fault in SSL_check_chain (CVE-2020-1967)
> =====================================================
> 
> Severity: High
> 
> Server or client applications that call the SSL_check_chain() function during or
> after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
> result of incorrect handling of the "signature_algorithms_cert" TLS extension.
> The crash occurs if an invalid or unrecognised signature algorithm is received
> from the peer. This could be exploited by a malicious peer in a Denial of
> Service attack.
> 
> OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue.  This
> issue did not affect OpenSSL versions prior to 1.1.1d.
> 
> Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g
> 
> This issue was found by Bernd Edlinger and reported to OpenSSL on 7th April
> 2020. It was found using the new static analysis pass being implemented in GCC,
> -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin
> Kaduk.
> 
> Note
> =====
> 
> This issue did not affect OpenSSL 1.0.2 however these versions are out of
> support and no longer receiving public updates. Extended support is available
> for premium support customers: https://www.openssl.org/support/contracts.html
> 
> This issue did not affect OpenSSL 1.1.0 however these versions are out of
> support and no longer receiving updates.
> 
> Users of these versions should upgrade to OpenSSL 1.1.1.
> 
> References
> ==========
> 
> URL for this Security Advisory:
> https://www.openssl.org/news/secadv/20200421.txt
> 
> Note: the online version of the advisory may be updated with additional details
> over time.
> 
> For details of OpenSSL severity classifications please see:
> https://www.openssl.org/policies/secpolicy.html
>

More information about the openssl-users mailing list