summaryrefslogtreecommitdiffstats
path: root/recipes-connectivity/openssl
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-connectivity/openssl')
-rw-r--r--recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch50
-rw-r--r--recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch36
-rw-r--r--recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch237
-rw-r--r--recipes-connectivity/openssl/openssl_1.0.2n.bbappend7
4 files changed, 330 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
new file mode 100644
index 0000000..e3da5f3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
@@ -0,0 +1,50 @@
1From: Guido Vranken <guidovranken@gmail.com>
2Date: Mon, 11 Jun 2018 17:38:54 +0000 (+0200)
3Subject: Reject excessively large primes in DH key generation.
4X-Git-Tag: OpenSSL_1_0_2p~40
5X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098
6
7Reject excessively large primes in DH key generation.
8
9CVE-2018-0732
10
11Signed-off-by: Guido Vranken <guidovranken@gmail.com>
12
13(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
14
15Reviewed-by: Tim Hudson <tjh@openssl.org>
16Reviewed-by: Matt Caswell <matt@openssl.org>
17(Merged from https://github.com/openssl/openssl/pull/6457)
18
19CVE: CVE-2018-0732
20Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098]
21
22Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
23---
24 crypto/dh/dh_key.c | 7 ++++++-
25 1 file changed, 6 insertions(+), 1 deletion(-)
26
27diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
28index 387558f..f235e0d 100644
29--- a/crypto/dh/dh_key.c
30+++ b/crypto/dh/dh_key.c
31@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
32 int ok = 0;
33 int generate_new_key = 0;
34 unsigned l;
35- BN_CTX *ctx;
36+ BN_CTX *ctx = NULL;
37 BN_MONT_CTX *mont = NULL;
38 BIGNUM *pub_key = NULL, *priv_key = NULL;
39
40+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
41+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
42+ return 0;
43+ }
44+
45 ctx = BN_CTX_new();
46 if (ctx == NULL)
47 goto err;
48--
492.7.4
50
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch
new file mode 100644
index 0000000..aa92d75
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch
@@ -0,0 +1,36 @@
1From 337da9779c4ef107a4b7bbaaa198824a489a10ed Mon Sep 17 00:00:00 2001
2From: Andreas Wellving <andreas.wellving@enea.com>
3Date: Mon, 22 Oct 2018 12:43:16 +0200
4Subject: RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with...
5X-Git-Tag: OpenSSL_1_0_2p~87
6X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
7
8RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
9
10CVE-2018-0737
11
12Reviewed-by: Rich Salz <rsalz@openssl.org>
13Reviewed-by: Matt Caswell <matt@openssl.org>
14(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
15
16CVE: CVE-2018-0737
17Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f]
18
19Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
20---
21 crypto/rsa/rsa_gen.c | 2 ++
22 1 file changed, 2 insertions(+)
23
24diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
25index a85493d..f5914c0 100644
26--- a/crypto/rsa/rsa_gen.c
27+++ b/crypto/rsa/rsa_gen.c
28@@ -155,6 +155,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
29 if (BN_copy(rsa->e, e_value) == NULL)
30 goto err;
31
32+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
33+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
34 /* generate p and q */
35 for (;;) {
36 if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch
new file mode 100644
index 0000000..8062031
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch
@@ -0,0 +1,237 @@
1From 9310d45087ae546e27e61ddf8f6367f29848220d Mon Sep 17 00:00:00 2001
2From: Matt Caswell <matt@openssl.org>
3Date: Thu, 22 Mar 2018 10:05:40 +0000
4Subject: [PATCH] Limit ASN.1 constructed types recursive definition depth
5
6Constructed types with a recursive definition (such as can be found in
7PKCS7) could eventually exceed the stack given malicious input with
8excessive recursion. Therefore we limit the stack depth.
9
10CVE-2018-0739
11Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9310d45087ae546e27e61ddf8f6367f29848220d]
12
13Credit to OSSFuzz for finding this issue.
14
15Reviewed-by: Rich Salz <rsalz@openssl.org>
16Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
17---
18 crypto/asn1/asn1.h | 1 +
19 crypto/asn1/asn1_err.c | 3 ++-
20 crypto/asn1/tasn_dec.c | 62 +++++++++++++++++++++++++++++++++-----------------
21 3 files changed, 44 insertions(+), 22 deletions(-)
22
23diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
24index 68e791f..35a2b2a 100644
25--- a/crypto/asn1/asn1.h
26+++ b/crypto/asn1/asn1.h
27@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
28 # define ASN1_R_MSTRING_NOT_UNIVERSAL 139
29 # define ASN1_R_MSTRING_WRONG_TAG 140
30 # define ASN1_R_NESTED_ASN1_STRING 197
31+# define ASN1_R_NESTED_TOO_DEEP 219
32 # define ASN1_R_NON_HEX_CHARACTERS 141
33 # define ASN1_R_NOT_ASCII_FORMAT 190
34 # define ASN1_R_NOT_ENOUGH_DATA 142
35diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
36index fd4ac8d..cfc1512 100644
37--- a/crypto/asn1/asn1_err.c
38+++ b/crypto/asn1/asn1_err.c
39@@ -1,6 +1,6 @@
40 /* crypto/asn1/asn1_err.c */
41 /* ====================================================================
42- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
43+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
44 *
45 * Redistribution and use in source and binary forms, with or without
46 * modification, are permitted provided that the following conditions
47@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
48 {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
49 {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
50 {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
51+ {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
52 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
53 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
54 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
55diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
56index d49a5d5..78126e9 100644
57--- a/crypto/asn1/tasn_dec.c
58+++ b/crypto/asn1/tasn_dec.c
59@@ -65,6 +65,14 @@
60 #include <openssl/buffer.h>
61 #include <openssl/err.h>
62
63+/*
64+ * Constructed types with a recursive definition (such as can be found in PKCS7)
65+ * could eventually exceed the stack given malicious input with excessive
66+ * recursion. Therefore we limit the stack depth. This is the maximum number of
67+ * recursive invocations of asn1_item_embed_d2i().
68+ */
69+#define ASN1_MAX_CONSTRUCTED_NEST 30
70+
71 static int asn1_check_eoc(const unsigned char **in, long len);
72 static int asn1_find_end(const unsigned char **in, long len, char inf);
73
74@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
75 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
76 const unsigned char **in, long len,
77 const ASN1_TEMPLATE *tt, char opt,
78- ASN1_TLC *ctx);
79+ ASN1_TLC *ctx, int depth);
80 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
81 const unsigned char **in, long len,
82 const ASN1_TEMPLATE *tt, char opt,
83- ASN1_TLC *ctx);
84+ ASN1_TLC *ctx, int depth);
85 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
86 const unsigned char **in, long len,
87 const ASN1_ITEM *it,
88@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
89 {
90 ASN1_TLC c;
91 asn1_tlc_clear_nc(&c);
92- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
93+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
94 }
95
96 /*
97 * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
98 * tag mismatch return -1 to handle OPTIONAL
99 */
100-
101-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
102- const ASN1_ITEM *it,
103- int tag, int aclass, char opt, ASN1_TLC *ctx)
104+static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
105+ long len, const ASN1_ITEM *it, int tag, int aclass,
106+ char opt, ASN1_TLC *ctx, int depth)
107 {
108 const ASN1_TEMPLATE *tt, *errtt = NULL;
109 const ASN1_COMPAT_FUNCS *cf;
110@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
111 else
112 asn1_cb = 0;
113
114+ if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
115+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
116+ goto err;
117+ }
118+
119 switch (it->itype) {
120 case ASN1_ITYPE_PRIMITIVE:
121 if (it->templates) {
122@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
123 goto err;
124 }
125 return asn1_template_ex_d2i(pval, in, len,
126- it->templates, opt, ctx);
127+ it->templates, opt, ctx, depth);
128 }
129 return asn1_d2i_ex_primitive(pval, in, len, it,
130 tag, aclass, opt, ctx);
131@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
132 /*
133 * We mark field as OPTIONAL so its absence can be recognised.
134 */
135- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
136+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
137 /* If field not present, try the next one */
138 if (ret == -1)
139 continue;
140@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
141 * attempt to read in field, allowing each to be OPTIONAL
142 */
143
144- ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
145+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
146+ depth);
147 if (!ret) {
148 errtt = seqtt;
149 goto err;
150@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
151 return 0;
152 }
153
154+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
155+ const ASN1_ITEM *it,
156+ int tag, int aclass, char opt, ASN1_TLC *ctx)
157+{
158+ return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
159+}
160+
161 /*
162 * Templates are handled with two separate functions. One handles any
163 * EXPLICIT tag and the other handles the rest.
164@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
165 static int asn1_template_ex_d2i(ASN1_VALUE **val,
166 const unsigned char **in, long inlen,
167 const ASN1_TEMPLATE *tt, char opt,
168- ASN1_TLC *ctx)
169+ ASN1_TLC *ctx, int depth)
170 {
171 int flags, aclass;
172 int ret;
173@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
174 return 0;
175 }
176 /* We've found the field so it can't be OPTIONAL now */
177- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
178+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
179 if (!ret) {
180 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
181 return 0;
182@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
183 }
184 }
185 } else
186- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
187+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
188
189 *in = p;
190 return 1;
191@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
192 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
193 const unsigned char **in, long len,
194 const ASN1_TEMPLATE *tt, char opt,
195- ASN1_TLC *ctx)
196+ ASN1_TLC *ctx, int depth)
197 {
198 int flags, aclass;
199 int ret;
200@@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
201 break;
202 }
203 skfield = NULL;
204- if (!ASN1_item_ex_d2i(&skfield, &p, len,
205- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
206+ if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
207+ -1, 0, 0, ctx, depth)) {
208 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
209 ERR_R_NESTED_ASN1_ERROR);
210 goto err;
211@@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
212 }
213 } else if (flags & ASN1_TFLG_IMPTAG) {
214 /* IMPLICIT tagging */
215- ret = ASN1_item_ex_d2i(val, &p, len,
216- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
217- ctx);
218+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
219+ aclass, opt, ctx, depth);
220 if (!ret) {
221 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
222 goto err;
223@@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
224 return -1;
225 } else {
226 /* Nothing special */
227- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
228- -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
229+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
230+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
231+ depth);
232 if (!ret) {
233 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
234 goto err;
235--
2361.9.1
237
diff --git a/recipes-connectivity/openssl/openssl_1.0.2n.bbappend b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend
new file mode 100644
index 0000000..6f2625f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend
@@ -0,0 +1,7 @@
1FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
2
3SRC_URI += " \
4 file://CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch \
5 file://CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch \
6 file://CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch \
7 "