OpenSSL Security Advisory

Hubert Kario hkario at redhat.com
Thu Mar 25 17:05:02 UTC 2021 

On Thursday, 25 March 2021 15:03:24 CET, OpenSSL wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> OpenSSL Security Advisory [25 March 2021]
> =========================================
>
> NULL pointer deref in signature_algorithms processing (CVE-2021-3449)
> =====================================================================
>
> Severity: High
>
> An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation
> ClientHello message from a client. If a TLSv1.2 renegotiation 
> ClientHello omits
> the signature_algorithms extension (where it was present in the initial
> ClientHello), but includes a signature_algorithms_cert extension then a NULL
> pointer dereference will result, leading to a crash and a denial of service
> attack.
>
> A server is only vulnerable if it has TLSv1.2 and renegotiation 
> enabled (which
> is the default configuration). OpenSSL TLS clients are not impacted by this
> issue.
>
> All OpenSSL 1.1.1 versions are affected by this issue. Users of 
> these versions
> should upgrade to OpenSSL 1.1.1k.
>
> OpenSSL 1.0.2 is not impacted by this issue.
>
> This issue was reported to OpenSSL on 17th March 2021 by Nokia. The fix was
> developed by Peter Kästle and Samuel Sapalski from Nokia.

I've created a stand-alone reproducer for it using tlsfuzzer:

git clone https://github.com/tlsfuzzer/tlsfuzzer.git
cd tlsfuzzer
# won't be necessary after https://github.com/tlsfuzzer/tlsfuzzer/pull/748 
is merged:
git checkout sig-algs-tests

# install dependencies:
python3 -m venv py3-venv
py3-venv/bin/pip install --pre tlslite-ng

# run the reproducer:
PYTHONPATH=. py3-venv/bin/python3 
scripts/test-sig-algs-renegotiation-resumption.py -h <hostname> -p <port>


In case the server has renegotiation disabled, use the --no-renego option.
In case the server doesn't require presence of signature_algorithms 
extension when signature_algorithms_cert are present (like in case of 
OpenSSL 1.0.2), use the --sig-algs-drop-ok option.

If everything went fine, and the server didn't crash, the test will print
summary like this:

====================
TOTAL: 12
SKIP: 0
PASS: 12
XFAIL: 0
FAIL: 0
XPASS: 0
====================

It's not necessary to install dependencies to a virtual environment,
but that setup is described in the official docs:
https://tlsfuzzer.readthedocs.io/en/latest/quickstart.html
-- 
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list