From patchwork Fri Feb 15 22:35:19 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: gio--- via openwrt-devel X-Patchwork-Id: 1043245 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=lists.openwrt.org Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="RGLrcSHD"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 441SlK4JJKz9s3l for ; Sat, 16 Feb 2019 09:35:40 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Date:Sender:Content-Type: Subject:List-Help:Reply-To:List-Archive:List-Unsubscribe:List-Subscribe:Cc: From:List-Post:List-Id:Message-ID:MIME-Version:References:In-Reply-To:To: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=gPG+zgpehcxLZsd+rZ6jnqPgnFtSim7xunfdlRjaYmg=; b=RGLrcSHDT0DQZNt/5g5Aqq2Wm m6+gomOwKmlMxWyZRXPuI5EIJHnAHLeyybhmxXXwRMkAkfqqucsLzvOvf0A6tYIwqh3VC3xzDqtq9 AjElplyB4FIyYH/GwH+R4Ie/nAUdSAz8qcUgxL7iB7kG9oqcPJGCcphn3rr0/tl4hAPOTtWHZQMrl wwGw9NkaJ/JnO3uIjqVSfUZBCY2nyCgHpVffMBlL4wHfxzsmodh2j3gLGmAT46YAolmv3++SglNKX 0kW+x0ghszRnoC7a5YTpRx8hDRGtcdp0f1g3DJlzwWDSLER7x36TjjoLJ63tT2HcU/KjB8M2Cr9XH V/TIU9wSw==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gum4l-0007IO-UM; Fri, 15 Feb 2019 22:35:19 +0000 To: openwrt-devel@lists.openwrt.org In-Reply-To: <9d3ba48dabfab18f3be4c5d974eab96a375a7e7f> References: <9d3ba48dabfab18f3be4c5d974eab96a375a7e7f> MIME-Version: 1.0 Message-ID: List-Id: List-Post: X-Patchwork-Original-From: Eneas U de Queiroz via openwrt-devel From: gio--- via openwrt-devel Precedence: list Cc: Eneas U de Queiroz X-Mailman-Version: 2.1.21 X-BeenThere: openwrt-devel@lists.openwrt.org List-Subscribe: , List-Unsubscribe: , List-Archive: Reply-To: Eneas U de Queiroz List-Help: Subject: [OpenWrt-Devel] [PATCH 1/2] openssl: patch to fix devcrypto sessions leak Sender: "openwrt-devel" Date: Fri, 15 Feb 2019 22:35:19 +0000 Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. Applies a patch from https://github.com/openssl/openssl/pull/8213 that fixes an error where open /dev/crypto sessions were not closed. Thanks to Ansuel Smith for reporting it. Signed-off-by: Eneas U de Queiroz diff --git a/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch b/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch new file mode 100644 index 0000000000..aec96f4765 --- /dev/null +++ b/package/libs/openssl/patches/300-eng_devcrypto-close-open-session-on-init.patch @@ -0,0 +1,117 @@ +From 82b269fd77d20aa86d0825d798f3045dfe0a7a86 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Tue, 12 Feb 2019 10:44:19 -0200 +Subject: [PATCH] eng_devcrypto: close open session on init + +cipher_init may be called on an already initialized context, without a +necessary cleanup. This separates cleanup from initialization, closing +an eventual open session before creating a new one. + +Move the /dev/crypto session cleanup code to its own function. + +Signed-off-by: Eneas U de Queiroz + +diff --git a/crypto/engine/eng_devcrypto.c b/crypto/engine/eng_devcrypto.c +index 65f1720a0c..0c49238901 100644 +--- a/crypto/engine/eng_devcrypto.c ++++ b/crypto/engine/eng_devcrypto.c +@@ -35,6 +35,15 @@ + */ + static int cfd; + ++static int clean_devcrypto_session(struct session_op *sess) { ++ if (ioctl(cfd, CIOCFSESSION, &sess->ses) < 0) { ++ SYSerr(SYS_F_IOCTL, errno); ++ return 0; ++ } ++ memset(sess, 0, sizeof(struct session_op)); ++ return 1; ++} ++ + /****************************************************************************** + * + * Ciphers +@@ -143,7 +152,11 @@ static int cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const struct cipher_data_st *cipher_d = + get_cipher_data(EVP_CIPHER_CTX_nid(ctx)); + +- memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); ++ /* cleanup a previous session */ ++ if (cipher_ctx->sess.ses != 0 && ++ clean_devcrypto_session(&cipher_ctx->sess) == 0) ++ return 0; ++ + cipher_ctx->sess.cipher = cipher_d->devcryptoid; + cipher_ctx->sess.keylen = cipher_d->keylen; + cipher_ctx->sess.key = (void *)key; +@@ -282,15 +295,29 @@ static int ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) + { ++ struct cipher_ctx *cipher_ctx = ++ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + EVP_CIPHER_CTX *to_ctx = (EVP_CIPHER_CTX *)p2; +- struct cipher_ctx *cipher_ctx; ++ struct cipher_ctx *to_cipher_ctx; ++ ++ switch (type) { + +- if (type == EVP_CTRL_COPY) { ++ case EVP_CTRL_COPY: ++ if (cipher_ctx == NULL) ++ return 1; + /* when copying the context, a new session needs to be initialized */ +- cipher_ctx = (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); +- return (cipher_ctx == NULL) +- || cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), ++ to_cipher_ctx = ++ (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(to_ctx); ++ memset(&to_cipher_ctx->sess, 0, sizeof(to_cipher_ctx->sess)); ++ return cipher_init(to_ctx, cipher_ctx->sess.key, EVP_CIPHER_CTX_iv(ctx), + (cipher_ctx->op == COP_ENCRYPT)); ++ ++ case EVP_CTRL_INIT: ++ memset(&cipher_ctx->sess, 0, sizeof(cipher_ctx->sess)); ++ return 1; ++ ++ default: ++ break; + } + + return -1; +@@ -301,12 +328,7 @@ static int cipher_cleanup(EVP_CIPHER_CTX *ctx) + struct cipher_ctx *cipher_ctx = + (struct cipher_ctx *)EVP_CIPHER_CTX_get_cipher_data(ctx); + +- if (ioctl(cfd, CIOCFSESSION, &cipher_ctx->sess.ses) < 0) { +- SYSerr(SYS_F_IOCTL, errno); +- return 0; +- } +- +- return 1; ++ return clean_devcrypto_session(&cipher_ctx->sess); + } + + /* +@@ -352,6 +374,7 @@ static void prepare_cipher_methods(void) + || !EVP_CIPHER_meth_set_flags(known_cipher_methods[i], + cipher_data[i].flags + | EVP_CIPH_CUSTOM_COPY ++ | EVP_CIPH_CTRL_INIT + | EVP_CIPH_FLAG_DEFAULT_ASN1) + || !EVP_CIPHER_meth_set_init(known_cipher_methods[i], cipher_init) + || !EVP_CIPHER_meth_set_do_cipher(known_cipher_methods[i], +@@ -594,11 +617,8 @@ static int digest_cleanup(EVP_MD_CTX *ctx) + + if (digest_ctx == NULL) + return 1; +- if (ioctl(cfd, CIOCFSESSION, &digest_ctx->sess.ses) < 0) { +- SYSerr(SYS_F_IOCTL, errno); +- return 0; +- } +- return 1; ++ ++ return clean_devcrypto_session(&digest_ctx->sess); + } + + static int devcrypto_test_digest(size_t digest_data_index)