[From nobody Thu Jun 25 05:55:02 2020 Received: from sonic301-4.consmr.mail.bf2.yahoo.com ([74.6.129.43]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gum4i-0007I5-Ly for openwrt-devel@lists.openwrt.org; Fri, 15 Feb 2019 22:35:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1550270114; bh=HF9RrI+u6tkASeD83l/H41UbH9aeZFiMvt1IrJMcsfw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=K8sxAJ/0ie2mJIRG6OrDqecXfStFmtvA+ViKUhKoewCEM4bKEmRLQsxj1isogophY8aVIsLWHw21x9WcLLnPc0CVRLS1nPsqZPeLxcX7XFkWxx72WFDytYMKxyhFipi/wqo32jX7kj0kgD+hks6TAZzeVOiJY0dCKN9woj6k06Cz2mEKV74g7SfGmxArW0MPLoMhZsLjHJwNqHnbnZ5nKgmrT0YZCUcErYO+ArpsdIf1U/SD2KIR3sNeGGp1ZCGoCzTXFw3Xo65y7ZH3xxs++TQUaj6oXBE+E5tSKYgu1MNLHdWYKIX96gvUh4bUWdF12Mna1lxxrrry1D7pNW+fBg== X-YMail-OSG: s4Dj83EVM1k4Whp7pM2wZkX3voj2lvt0_xXdc93AHFMF4PsoftyVy3lZmeSB3xk m_FeyscqHLm_iLPd2yE561o89mkndyjaC4M9ZOdIrnlOegBDCbwOhCYAHPrHzRqOBR2R4vjT1Oq5 gYhhbmvcTcfjXPnO9lNqAEig.bD.mLCqqLdvHZGLEUk2IhYw5HNDLIW2CqIcP6KWgB8JiBQT2C_e zBOUzHaLfgiaopdd7TbWgffJQ7NzMZuNDIxzXXi5A_46PmXSFXZXYxVmuvc.HJ_BM1TWBmgfLPG1 9fH6i9m6BJfLJP99FYXzBH2iHFjHrKdY1XvoQN_lkpg29hZ1cJAaXHj21as1vTJKFtdqAm0n8gT. wQwBLz5vq0vWn166O1FHA3dJKKBh6TFNsryroBTWt16WIXiW9DdpY.Di_Y2aS1uxLgEgCzO4_3GJ UZUlYRSyvMl0CaJSOWvjx96qEnTPfwf8vDsGZ7itz_ps0nCDbJyXcf7N7edfQXbwCRzUBFOUxAPt cWu4Gega0Blh8Oil7CY678ZFgyA9f64_YgUU5dRCO4gQScGMtSejoD3gsHOkEgwYZHzbUQp8nYA9 yy2PCZI4cG5wOYRcji1EsToFuUlLM7WKq2_f1nqHVxerraKPG8UnXu23f46RmadyUnBf9_60O9Ry .kS28LXuvN8ucRFePOSG6EsbGwIlxd6CCqtKQh9WAg7AbMKIXuCwdbPkjXNfenyWzewoRgrNB51G wcq7FaJLKToekyHry5pIsNxZ_Tiruhb62S9REHZJoQBchS3pEUapCXI_ynGQ30IXrQjU02NVLfYs aIFNZ.ori4mynO0CnIUTBCo7KvR.2vF9ieoyrWW3tU2eyvwPsN0KYOHxTwcA11.5haB5_0I5YZ5L 7Mxb.pY2sgpJ0RJyWsheu5kLABIJtrhOzRye29qbmS7aidu1Y4.Y0jCmU4MhBGjzcxWALlfi9JPO lXvWkkvWJDSQR7HXryLhprCKEooQPWQfOp5wvIzn1DSHrTQuZIcDJzXxuBB7XoKWADEsh4CFPLsg cfn6ZPwLCBYJPTuyq8mOrqOVNof8DS.oy5H1RUS8dIOcKFoCUmoH14BQR0Q9iHfNZ3PtjtKYmhbd MbQ-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Fri, 15 Feb 2019 22:35:14 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp415.mail.bf1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 6c9a4467e2f84d0e71162bba5a73a268; Fri, 15 Feb 2019 22:35:13 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH 1/2] openssl: patch to fix devcrypto sessions leak Date: Fri, 15 Feb 2019 20:35:05 -0200 Message-Id: <20190215223506.23244-1-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.19.2 In-Reply-To: <9d3ba48dabfab18f3be4c5d974eab96a375a7e7f> References: <9d3ba48dabfab18f3be4c5d974eab96a375a7e7f> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190215_143516_784679_6C497725 X-CRM114-Status: GOOD ( 10.31 ) X-Spam-Score: -0.2 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.2 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [74.6.129.43 listed in list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Applies a patch from https://github.com/openssl/openssl/pull/8213 that fixes an error where open /dev/crypto sessions were not closed. Thanks to Ansuel Smith for reporting it. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> diff --git a/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch b/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch new file mode 100644 index 0000000000..aec96f4765 --- /dev/null +++ b/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch @@ -0,0 +1,117 @@ +From 82b269fd77d20aa86d0825d798f3045dfe0a7a86 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Tue, 12 Feb 2019 10:44:19 -0200 +Subject: [PATCH] eng_devcrypto: close open session on init + +cipher_init may be called on an already initialized context, without a +necessary cleanup. This separates cleanup from initialization, closing +an eventual open session before creating a new one. + +Move the /dev/crypto session cleanup code to its own function. + +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index 65f1720a0c..0c49238901 100644 +--- a/crypto/engine/eng_devcrypto.c ++++ b/crypto/engine/eng_devcrypto.c +@@ -35,6 +35,15 @@ + */ + static int cfd; + ++static int clean_devcrypto_session(struct session_op *sess) { ++ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { ++ SYSerr(SYS_F_IOCTL, errno); ++ return 0; ++ } ++ memset(sess, 0, sizeof(struct session_op)); ++ return 1; ++} ++ + /****************************************************************************** + * + * Ciphers +@@ -143,7 +152,11 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const struct cipher_data_st *cipher_d = + get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); + +- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); ++ /* cleanup a previous session */ ++ if (cipher_ctx->sess.ses != 0 && ++ clean_devcrypto_session(&cipher_ctx->sess) == 0) ++ return 0; ++ + cipher_ctx->sess.cipher = cipher_d->devcryptoid; + cipher_ctx->sess.keylen = cipher_d->keylen; + cipher_ctx->sess.key = (void *)key; +@@ -282,15 +295,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) + { ++ struct cipher_ctx *cipher_ctx = ++ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; +- struct cipher_ctx *cipher_ctx; ++ struct cipher_ctx *to_cipher_ctx; ++ ++ switch (type) { + +- if (type == EVP_CTRL_COPY) { ++ case EVP_CTRL_COPY: ++ if (cipher_ctx == NULL) ++ return 1; + /* when copying the context, a new session needs to be initialized */ +- cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); +- return (cipher_ctx == NULL) +- || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), ++ to_cipher_ctx = ++ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); ++ memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); ++ return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), + (cipher_ctx->op == COP_ENCRYPT)); ++ ++ case EVP_CTRL_INIT: ++ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); ++ return 1; ++ ++ default: ++ break; + } + + return -1; +@@ -301,12 +328,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + +- if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) { +- SYSerr(SYS_F_IOCTL, errno); +- return 0; +- } +- +- return 1; ++ return clean_devcrypto_session(&cipher_ctx->sess); + } + + /* +@@ -352,6 +374,7 @@ static void prepare_cipher_methods(void) + || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], + cipher_data[i].flags + | EVP_CIPH_CUSTOM_COPY ++ | EVP_CIPH_CTRL_INIT + | EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], +@@ -594,11 +617,8 @@ static int digest_cleanup(EVP_MD_CTX *ctx) + + if (digest_ctx == NULL) + return 1; +- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) { +- SYSerr(SYS_F_IOCTL, errno); +- return 0; +- } +- return 1; ++ ++ return clean_devcrypto_session(&digest_ctx->sess); + } + + static int devcrypto_test_digest(size_t digest_data_index) ]