[Pkg-swan-devel] [Git][debian/strongswan][debian/bullseye-security] 3 commits: d/p/0009-credential-manager-Do-online-revocation-checks-only- added
Yves-Alexis Perez (@corsac)
gitlab at salsa.debian.org
Thu Nov 3 16:34:38 GMT 2022
Yves-Alexis Perez pushed to branch debian/bullseye-security at Debian / strongswan
Commits:
f9b5f80b by Yves-Alexis Perez at 2022-10-06T09:21:59+02:00
d/p/0009-credential-manager-Do-online-revocation-checks-only- added
Fix CVE-2022-40617, denial of service due to revocation plugin
potentially using untrusted OCSP URIs and CRL distribution in
certificates
Closes: #1021271
- - - - -
209c4ef1 by Yves-Alexis Perez at 2022-10-06T09:24:27+02:00
finalize changelog
- - - - -
af8f9c31 by Yves-Alexis Perez at 2022-10-06T09:36:21+02:00
upload strongSwan 5.9.1-1+deb11u3 to bullseye-security
- - - - -
3 changed files:
- debian/changelog
- + debian/patches/0009-credential-manager-Do-online-revocation-checks-only-.patch
- debian/patches/series
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+strongswan (5.9.1-1+deb11u3) bullseye-security; urgency=medium
+
+ * d/p/0009-credential-manager-Do-online-revocation-checks-only- added.
+ Fix CVE-2022-40617, denial of service due to revocation plugin
+ potentially using untrusted OCSP URIs and CRL distribution in
+ certificates (Closes: #1021271)
+
+ -- Yves-Alexis Perez <corsac at debian.org> Thu, 06 Oct 2022 09:36:12 +0200
+
strongswan (5.9.1-1+deb11u2) bullseye-security; urgency=medium
* gbp: revert upstream branch name change
=====================================
debian/patches/0009-credential-manager-Do-online-revocation-checks-only-.patch
=====================================
@@ -0,0 +1,199 @@
+From: Tobias Brunner <tobias at strongswan.org>
+Date: Fri, 22 Jul 2022 15:37:43 +0200
+Subject: credential-manager: Do online revocation checks only after basic
+ trust chain validation
+
+This avoids querying URLs of potentially untrusted certificates, e.g. if
+an attacker sends a specially crafted end-entity and intermediate CA
+certificate with a CDP that points to a server that completes the
+TCP handshake but then does not send any further data, which will block
+the fetcher thread (depending on the plugin) for as long as the default
+timeout for TCP. Doing that multiple times will block all worker threads,
+leading to a DoS attack.
+
+The logging during the certificate verification obviously changes. The
+following example shows the output of `pki --verify` for the current
+strongswan.org certificate:
+
+new:
+
+ using certificate "CN=www.strongswan.org"
+ using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=R3"
+ using trusted ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+ reached self-signed root ca with a path length of 1
+checking certificate status of "CN=www.strongswan.org"
+ requesting ocsp status from 'http://r3.o.lencr.org' ...
+ ocsp response correctly signed by "C=US, O=Let's Encrypt, CN=R3"
+ ocsp response is valid: until Jul 27 12:59:58 2022
+certificate status is good
+checking certificate status of "C=US, O=Let's Encrypt, CN=R3"
+ocsp response verification failed, no signer certificate 'C=US, O=Let's Encrypt, CN=R3' found
+ fetching crl from 'http://x1.c.lencr.org/' ...
+ using trusted certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+ crl correctly signed by "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+ crl is valid: until Apr 18 01:59:59 2023
+certificate status is good
+certificate trusted, lifetimes valid, certificate not revoked
+
+old:
+
+ using certificate "CN=www.strongswan.org"
+ using trusted intermediate ca certificate "C=US, O=Let's Encrypt, CN=R3"
+checking certificate status of "CN=www.strongswan.org"
+ requesting ocsp status from 'http://r3.o.lencr.org' ...
+ ocsp response correctly signed by "C=US, O=Let's Encrypt, CN=R3"
+ ocsp response is valid: until Jul 27 12:59:58 2022
+certificate status is good
+ using trusted ca certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+checking certificate status of "C=US, O=Let's Encrypt, CN=R3"
+ocsp response verification failed, no signer certificate 'C=US, O=Let's Encrypt, CN=R3' found
+ fetching crl from 'http://x1.c.lencr.org/' ...
+ using trusted certificate "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+ crl correctly signed by "C=US, O=Internet Security Research Group, CN=ISRG Root X1"
+ crl is valid: until Apr 18 01:59:59 2023
+certificate status is good
+ reached self-signed root ca with a path length of 1
+certificate trusted, lifetimes valid, certificate not revoked
+
+Note that this also fixes an issue with the previous dual-use of the
+`trusted` flag. It not only indicated whether the chain is trusted but
+also whether the current issuer is the root anchor (the corresponding
+flag in the `cert_validator_t` interface is called `anchor`). This is
+was problem when building multi-level trust chains for pre-trusted
+end-entity certificates (i.e. where `trusted` is TRUE from the start).
+This caused the main loop to get aborted after the first intermediate CA
+certificate and the mentioned `anchor` flag wasn't correct in any calls
+to `cert_validator_t` implementations.
+---
+ src/libstrongswan/credentials/credential_manager.c | 54 ++++++++++++++++++----
+ 1 file changed, 45 insertions(+), 9 deletions(-)
+
+diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c
+index 3be0190..f65372b 100644
+--- a/src/libstrongswan/credentials/credential_manager.c
++++ b/src/libstrongswan/credentials/credential_manager.c
+@@ -555,7 +555,7 @@ static void cache_queue(private_credential_manager_t *this)
+ */
+ static bool check_lifetime(private_credential_manager_t *this,
+ certificate_t *cert, char *label,
+- int pathlen, bool trusted, auth_cfg_t *auth)
++ int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ time_t not_before, not_after;
+ cert_validator_t *validator;
+@@ -570,7 +570,7 @@ static bool check_lifetime(private_credential_manager_t *this,
+ continue;
+ }
+ status = validator->check_lifetime(validator, cert,
+- pathlen, trusted, auth);
++ pathlen, anchor, auth);
+ if (status != NEED_MORE)
+ {
+ break;
+@@ -603,13 +603,13 @@ static bool check_lifetime(private_credential_manager_t *this,
+ */
+ static bool check_certificate(private_credential_manager_t *this,
+ certificate_t *subject, certificate_t *issuer, bool online,
+- int pathlen, bool trusted, auth_cfg_t *auth)
++ int pathlen, bool anchor, auth_cfg_t *auth)
+ {
+ cert_validator_t *validator;
+ enumerator_t *enumerator;
+
+ if (!check_lifetime(this, subject, "subject", pathlen, FALSE, auth) ||
+- !check_lifetime(this, issuer, "issuer", pathlen + 1, trusted, auth))
++ !check_lifetime(this, issuer, "issuer", pathlen + 1, anchor, auth))
+ {
+ return FALSE;
+ }
+@@ -622,7 +622,7 @@ static bool check_certificate(private_credential_manager_t *this,
+ continue;
+ }
+ if (!validator->validate(validator, subject, issuer,
+- online, pathlen, trusted, auth))
++ online, pathlen, anchor, auth))
+ {
+ enumerator->destroy(enumerator);
+ return FALSE;
+@@ -725,6 +725,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ auth_cfg_t *auth;
+ signature_params_t *scheme;
+ int pathlen;
++ bool is_anchor = FALSE;
+
+ auth = auth_cfg_create();
+ get_key_strength(subject, auth);
+@@ -742,7 +743,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ auth->add(auth, AUTH_RULE_CA_CERT, issuer->get_ref(issuer));
+ DBG1(DBG_CFG, " using trusted ca certificate \"%Y\"",
+ issuer->get_subject(issuer));
+- trusted = TRUE;
++ trusted = is_anchor = TRUE;
+ }
+ else
+ {
+@@ -777,11 +778,18 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ DBG1(DBG_CFG, " issuer is \"%Y\"",
+ current->get_issuer(current));
+ call_hook(this, CRED_HOOK_NO_ISSUER, current);
++ if (trusted)
++ {
++ DBG1(DBG_CFG, " reached end of incomplete trust chain for "
++ "trusted certificate \"%Y\"",
++ subject->get_subject(subject));
++ }
+ break;
+ }
+ }
+- if (!check_certificate(this, current, issuer, online,
+- pathlen, trusted, auth))
++ /* don't do online verification here */
++ if (!check_certificate(this, current, issuer, FALSE,
++ pathlen, is_anchor, auth))
+ {
+ trusted = FALSE;
+ issuer->destroy(issuer);
+@@ -793,7 +801,7 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ }
+ current->destroy(current);
+ current = issuer;
+- if (trusted)
++ if (is_anchor)
+ {
+ DBG1(DBG_CFG, " reached self-signed root ca with a "
+ "path length of %d", pathlen);
+@@ -806,6 +814,34 @@ static bool verify_trust_chain(private_credential_manager_t *this,
+ DBG1(DBG_CFG, "maximum path length of %d exceeded", MAX_TRUST_PATH_LEN);
+ call_hook(this, CRED_HOOK_EXCEEDED_PATH_LEN, subject);
+ }
++ else if (trusted && online)
++ {
++ enumerator_t *enumerator;
++ auth_rule_t rule;
++
++ /* do online revocation checks after basic validation of the chain */
++ pathlen = 0;
++ current = subject;
++ enumerator = auth->create_enumerator(auth);
++ while (enumerator->enumerate(enumerator, &rule, &issuer))
++ {
++ if (rule == AUTH_RULE_CA_CERT || rule == AUTH_RULE_IM_CERT)
++ {
++ if (!check_certificate(this, current, issuer, TRUE, pathlen++,
++ rule == AUTH_RULE_CA_CERT, auth))
++ {
++ trusted = FALSE;
++ break;
++ }
++ else if (rule == AUTH_RULE_CA_CERT)
++ {
++ break;
++ }
++ current = issuer;
++ }
++ }
++ enumerator->destroy(enumerator);
++ }
+ if (trusted)
+ {
+ result->merge(result, auth, FALSE);
=====================================
debian/patches/series
=====================================
@@ -6,3 +6,4 @@ dont-load-kernel-libipsec-plugin-by-default.patch
0006-cert-cache-Prevent-crash-due-to-integer-overflow-sig.patch
0007-Reject-RSASSA-PSS-params-with-negative-salt-length.patch
0008-eap-authenticator-Enforce-failure-if-MSK-generation-.patch
+0009-credential-manager-Do-online-revocation-checks-only-.patch
View it on GitLab: https://salsa.debian.org/debian/strongswan/-/compare/0d6fa4da9db54f95e978bdecd20908b0a847f406...af8f9c3129d81376424d58785b82f3a3dff3b022
--
View it on GitLab: https://salsa.debian.org/debian/strongswan/-/compare/0d6fa4da9db54f95e978bdecd20908b0a847f406...af8f9c3129d81376424d58785b82f3a3dff3b022
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-swan-devel/attachments/20221103/044356ca/attachment-0001.htm>
More information about the Pkg-swan-devel
mailing list