Merge branch 'ingela/maint-19/ssl/Bleichenbacher/OTP-14748' into maint-19

* ingela/maint-19/ssl/Bleichenbacher/OTP-14748: ssl: Prepare for release ssl: Countermeasurements for Bleichenbacher attack
author: Erlang/OTP <[email protected]> 2017-11-22 15:55:40 +0100
committer: Erlang/OTP <[email protected]> 2017-11-22 15:55:40 +0100
commit: 5e92c1ab16705c0de5e9579d255e83ede07d0244 (patch)
tree: bba148d43065db6de95d35d0329b4b687bc11ab5
parent: 2cc46961352aded5c84ecb9bcb32581461dbc047 (diff)
parent: 91c707c99a0574677284a9ca225b5fb54375ad7a (diff)
download: otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.tar.gz
otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.tar.bz2
otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.zip
6 files changed, 23 insertions, 5 deletions
diff --git a/lib/ssl/src/dtls_connection.erl b/lib/ssl/src/dtls_connection.erl
index 745db788e7..130a8bb1c5 100644
--- a/lib/ssl/src/dtls_connection.erl
+++ b/lib/ssl/src/dtls_connection.erl
@@ -575,6 +575,7 @@ handle_client_hello(#client_hello{client_version = ClientVersion} = Hello,
 
 	    State = prepare_flight(State0#state{connection_states = ConnectionStates,
 						negotiated_version = Version,
+                                                client_hello_version = ClientVersion,
 						hashsign_algorithm = HashSign,
 						session = Session,
 						negotiated_protocol = Protocol}),
diff --git a/lib/ssl/src/ssl.appup.src b/lib/ssl/src/ssl.appup.src
index 2eda9d9491..bfdd0c205b 100644
--- a/lib/ssl/src/ssl.appup.src
+++ b/lib/ssl/src/ssl.appup.src
@@ -1,7 +1,6 @@
 %% -*- erlang -*-
 {"%VSN%",
  [
-  {<<"8.1.1">>, [{load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
@@ -10,7 +9,6 @@
   {<<"3\\..*">>, [{restart_application, ssl}]}
  ], 
  [
-  {<<"8.1.1">>, [{load_module, tls_connection, soft_purge, soft_purge, []}]},
   {<<"8\\..*">>, [{restart_application, ssl}]},
   {<<"7\\..*">>, [{restart_application, ssl}]},
   {<<"6\\..*">>, [{restart_application, ssl}]},
diff --git a/lib/ssl/src/ssl_connection.erl b/lib/ssl/src/ssl_connection.erl
index ad220ae9de..0e51106bfb 100644
--- a/lib/ssl/src/ssl_connection.erl
+++ b/lib/ssl/src/ssl_connection.erl
@@ -1367,8 +1367,25 @@ server_certify_and_key_exchange(State0, Connection) ->
     request_client_cert(State2, Connection).
 
 certify_client_key_exchange(#encrypted_premaster_secret{premaster_secret= EncPMS},
-			    #state{private_key = Key} = State, Connection) ->
-    PremasterSecret = ssl_handshake:premaster_secret(EncPMS, Key),
+			    #state{private_key = Key, client_hello_version = {Major, Minor} = Version} = State, Connection) ->
+
+    %% Countermeasure for Bleichenbacher attack always provide some kind of premaster secret
+    %% and fail handshake later.RFC 5246 section 7.4.7.1.
+    PremasterSecret =
+        try ssl_handshake:premaster_secret(EncPMS, Key) of
+            Secret when erlang:byte_size(Secret) == ?NUM_OF_PREMASTERSECRET_BYTES ->
+                case Secret of
+                    <<?BYTE(Major), ?BYTE(Minor), _/binary>> -> %% Correct
+                        Secret;
+                    <<?BYTE(_), ?BYTE(_), Rest/binary>> -> %% Version mismatch
+                        <<?BYTE(Major), ?BYTE(Minor), Rest/binary>>
+                end;
+            _ -> %% erlang:byte_size(Secret) =/= ?NUM_OF_PREMASTERSECRET_BYTES
+                make_premaster_secret(Version, rsa)
+        catch 
+            #alert{description = ?DECRYPT_ERROR} ->
+                make_premaster_secret(Version, rsa)     
+        end,        
     calculate_master_secret(PremasterSecret, State, Connection, certify, cipher);
 
 certify_client_key_exchange(#client_diffie_hellman_public{dh_public = ClientPublicDhKey},
diff --git a/lib/ssl/src/ssl_connection.hrl b/lib/ssl/src/ssl_connection.hrl
index b597c059af..016cc4b525 100644
--- a/lib/ssl/src/ssl_connection.hrl
+++ b/lib/ssl/src/ssl_connection.hrl
@@ -57,6 +57,7 @@
 	  session_cache_cb      :: atom(),
 	  crl_db                :: term(), 
           negotiated_version    :: ssl_record:ssl_version() | 'undefined',
+          client_hello_version  :: ssl_record:ssl_version() | 'undefined',
           client_certificate_requested = false :: boolean(),
 	  key_algorithm         :: ssl_cipher:key_algo(),
 	  hashsign_algorithm = {undefined, undefined},
diff --git a/lib/ssl/src/tls_connection.erl b/lib/ssl/src/tls_connection.erl
index 831bbefc59..b18c69c740 100644
--- a/lib/ssl/src/tls_connection.erl
+++ b/lib/ssl/src/tls_connection.erl
@@ -280,6 +280,7 @@ hello(internal, #client_hello{client_version = ClientVersion} = Hello,
 	    gen_handshake(ssl_connection, hello, internal, {common_client_hello, Type, ServerHelloExt},
 				 State#state{connection_states  = ConnectionStates,
 					     negotiated_version = Version,
+                                             client_hello_version = ClientVersion,
 					     hashsign_algorithm = HashSign,
 					     session = Session,
 					     negotiated_protocol = Protocol})
diff --git a/lib/ssl/vsn.mk b/lib/ssl/vsn.mk
index 7c2d9bec48..1743a61cb7 100644
--- a/lib/ssl/vsn.mk
+++ b/lib/ssl/vsn.mk
@@ -1 +1 @@
-SSL_VSN = 8.1.3
+SSL_VSN = 8.1.3.1
author	Erlang/OTP <[email protected]>	2017-11-22 15:55:40 +0100
committer	Erlang/OTP <[email protected]>	2017-11-22 15:55:40 +0100
commit	5e92c1ab16705c0de5e9579d255e83ede07d0244 (patch)
tree	bba148d43065db6de95d35d0329b4b687bc11ab5
parent	2cc46961352aded5c84ecb9bcb32581461dbc047 (diff)
parent	91c707c99a0574677284a9ca225b5fb54375ad7a (diff)
download	otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.tar.gz otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.tar.bz2 otp-5e92c1ab16705c0de5e9579d255e83ede07d0244.zip