4 files changed, 330 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
new file mode 100644
index 0000000..e3da5f3
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
@@ -0,0 +1,50 @@
+From: Guido Vranken <guidovranken@gmail.com>
+Date: Mon, 11 Jun 2018 17:38:54 +0000 (+0200)
+Subject: Reject excessively large primes in DH key generation.
+X-Git-Tag: OpenSSL_1_0_2p~40
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098
+Reject excessively large primes in DH key generation.
+CVE-2018-0732
+Signed-off-by: Guido Vranken <guidovranken@gmail.com>
+(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/6457)
+CVE: CVE-2018-0732
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ crypto/dh/dh_key.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index 387558f..f235e0d 100644
+--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
+@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
+     int ok = 0;
+     int generate_new_key = 0;
+     unsigned l;
+-    BN_CTX *ctx;
+    BN_CTX *ctx = NULL;
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+-- 
+2.7.4
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch
new file mode 100644
index 0000000..aa92d75
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch
@@ -0,0 +1,36 @@
+From 337da9779c4ef107a4b7bbaaa198824a489a10ed Mon Sep 17 00:00:00 2001
+From: Andreas Wellving <andreas.wellving@enea.com>
+Date: Mon, 22 Oct 2018 12:43:16 +0200
+Subject: RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with...
+X-Git-Tag: OpenSSL_1_0_2p~87
+X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
+RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
+CVE-2018-0737
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
+CVE: CVE-2018-0737
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f]
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ crypto/rsa/rsa_gen.c | 2 ++
+ 1 file changed, 2 insertions(+)
+diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
+index a85493d..f5914c0 100644
+--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
+@@ -155,6 +155,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+     if (BN_copy(rsa->e, e_value) == NULL)
+         goto err;
+ 
+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+     /* generate p and q */
+     for (;;) {
+         if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch
new file mode 100644
index 0000000..8062031
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch
@@ -0,0 +1,237 @@
+From 9310d45087ae546e27e61ddf8f6367f29848220d Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 22 Mar 2018 10:05:40 +0000
+Subject: [PATCH] Limit ASN.1 constructed types recursive definition depth
+Constructed types with a recursive definition (such as can be found in
+PKCS7) could eventually exceed the stack given malicious input with
+excessive recursion. Therefore we limit the stack depth.
+CVE-2018-0739
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9310d45087ae546e27e61ddf8f6367f29848220d]
+Credit to OSSFuzz for finding this issue.
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ crypto/asn1/asn1.h     |  1 +
+ crypto/asn1/asn1_err.c |  3 ++-
+ crypto/asn1/tasn_dec.c | 62 +++++++++++++++++++++++++++++++++-----------------
+ 3 files changed, 44 insertions(+), 22 deletions(-)
+diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
+index 68e791f..35a2b2a 100644
+--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
+@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
+ # define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+ # define ASN1_R_MSTRING_WRONG_TAG                         140
+ # define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           219
+ # define ASN1_R_NON_HEX_CHARACTERS                        141
+ # define ASN1_R_NOT_ASCII_FORMAT                          190
+ # define ASN1_R_NOT_ENOUGH_DATA                           142
+diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
+index fd4ac8d..cfc1512 100644
+--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
+@@ -1,6 +1,6 @@
+ /* crypto/asn1/asn1_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2018 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+     {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
+     {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+     {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+    {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+     {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
+     {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+     {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
+index d49a5d5..78126e9 100644
+--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
+@@ -65,6 +65,14 @@
+ #include <openssl/buffer.h>
+ #include <openssl/err.h>
+ 
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
+ static int asn1_check_eoc(const unsigned char **in, long len);
+ static int asn1_find_end(const unsigned char **in, long len, char inf);
+ 
+@@ -81,11 +89,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+ static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_TEMPLATE *tt, char opt,
+-                                ASN1_TLC *ctx);
+                                ASN1_TLC *ctx, int depth);
+ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                    const unsigned char **in, long len,
+                                    const ASN1_TEMPLATE *tt, char opt,
+-                                   ASN1_TLC *ctx);
+                                   ASN1_TLC *ctx, int depth);
+ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                  const unsigned char **in, long len,
+                                  const ASN1_ITEM *it,
+@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
+ {
+     ASN1_TLC c;
+     asn1_tlc_clear_nc(&c);
+-    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
+ }
+ 
+ /*
+  * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+  * tag mismatch return -1 to handle OPTIONAL
+  */
+-
+-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+-                     const ASN1_ITEM *it,
+-                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                            long len, const ASN1_ITEM *it, int tag, int aclass,
+                            char opt, ASN1_TLC *ctx, int depth)
+ {
+     const ASN1_TEMPLATE *tt, *errtt = NULL;
+     const ASN1_COMPAT_FUNCS *cf;
+@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+     else
+         asn1_cb = 0;
+ 
+    if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
+        goto err;
+    }
+
+     switch (it->itype) {
+     case ASN1_ITYPE_PRIMITIVE:
+         if (it->templates) {
+@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                 goto err;
+             }
+             return asn1_template_ex_d2i(pval, in, len,
+-                                        it->templates, opt, ctx);
+                                        it->templates, opt, ctx, depth);
+         }
+         return asn1_d2i_ex_primitive(pval, in, len, it,
+                                      tag, aclass, opt, ctx);
+@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+             /*
+              * We mark field as OPTIONAL so its absence can be recognised.
+              */
+-            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
+             /* If field not present, try the next one */
+             if (ret == -1)
+                 continue;
+@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+              * attempt to read in field, allowing each to be OPTIONAL
+              */
+ 
+-            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+                                       depth);
+             if (!ret) {
+                 errtt = seqtt;
+                 goto err;
+@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+     return 0;
+ }
+ 
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+}
+
+ /*
+  * Templates are handled with two separate functions. One handles any
+  * EXPLICIT tag and the other handles the rest.
+@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_TEMPLATE *tt, char opt,
+-                                ASN1_TLC *ctx)
+                                ASN1_TLC *ctx, int depth)
+ {
+     int flags, aclass;
+     int ret;
+@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
+             return 0;
+         }
+         /* We've found the field so it can't be OPTIONAL now */
+-        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
+         if (!ret) {
+             ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+             return 0;
+@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
+             }
+         }
+     } else
+-        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
+ 
+     *in = p;
+     return 1;
+@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
+ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                    const unsigned char **in, long len,
+                                    const ASN1_TEMPLATE *tt, char opt,
+-                                   ASN1_TLC *ctx)
+                                   ASN1_TLC *ctx, int depth)
+ {
+     int flags, aclass;
+     int ret;
+@@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                 break;
+             }
+             skfield = NULL;
+-            if (!ASN1_item_ex_d2i(&skfield, &p, len,
+-                                  ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+            if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
+                                  -1, 0, 0, ctx, depth)) {
+                 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                         ERR_R_NESTED_ASN1_ERROR);
+                 goto err;
+@@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+         }
+     } else if (flags & ASN1_TFLG_IMPTAG) {
+         /* IMPLICIT tagging */
+-        ret = ASN1_item_ex_d2i(val, &p, len,
+-                               ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+-                               ctx);
+        ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
+                               aclass, opt, ctx, depth);
+         if (!ret) {
+             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+             goto err;
+@@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+             return -1;
+     } else {
+         /* Nothing special */
+-        ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+-                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+        ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                               -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
+                               depth);
+         if (!ret) {
+             ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+             goto err;
+-- 
+1.9.1
diff --git a/recipes-connectivity/openssl/openssl_1.0.2n.bbappend b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend
new file mode 100644
index 0000000..6f2625f
--- /dev/null
+++ b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend
@@ -0,0 +1,7 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+SRC_URI += " \
+        file://CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch \
+        file://CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch \
+        file://CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch \
+        "

diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch new file mode 100644 index 0000000..e3da5f3 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch
@@ -0,0 +1,50 @@
	1	From: Guido Vranken <guidovranken@gmail.com>
	2	Date: Mon, 11 Jun 2018 17:38:54 +0000 (+0200)
	3	Subject: Reject excessively large primes in DH key generation.
	4	X-Git-Tag: OpenSSL_1_0_2p~40
	5	X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098
	6
	7	Reject excessively large primes in DH key generation.
	8
	9	CVE-2018-0732
	10
	11	Signed-off-by: Guido Vranken <guidovranken@gmail.com>
	12
	13	(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
	14
	15	Reviewed-by: Tim Hudson <tjh@openssl.org>
	16	Reviewed-by: Matt Caswell <matt@openssl.org>
	17	(Merged from https://github.com/openssl/openssl/pull/6457)
	18
	19	CVE: CVE-2018-0732
	20	Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=3984ef0b72831da8b3ece4745cac4f8575b19098]
	21
	22	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	23	---
	24	crypto/dh/dh_key.c \| 7 ++++++-
	25	1 file changed, 6 insertions(+), 1 deletion(-)
	26
	27	diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
	28	index 387558f..f235e0d 100644
	29	--- a/crypto/dh/dh_key.c
	30	+++ b/crypto/dh/dh_key.c
	31	@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
	32	int ok = 0;
	33	int generate_new_key = 0;
	34	unsigned l;
	35	- BN_CTX *ctx;
	36	+ BN_CTX *ctx = NULL;
	37	BN_MONT_CTX *mont = NULL;
	38	BIGNUM pub_key = NULL, priv_key = NULL;
	39
	40	+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
	41	+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
	42	+ return 0;
	43	+ }
	44	+
	45	ctx = BN_CTX_new();
	46	if (ctx == NULL)
	47	goto err;
	48	--
	49	2.7.4
	50


diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch new file mode 100644 index 0000000..aa92d75 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch
@@ -0,0 +1,36 @@
	1	From 337da9779c4ef107a4b7bbaaa198824a489a10ed Mon Sep 17 00:00:00 2001
	2	From: Andreas Wellving <andreas.wellving@enea.com>
	3	Date: Mon, 22 Oct 2018 12:43:16 +0200
	4	Subject: RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with...
	5	X-Git-Tag: OpenSSL_1_0_2p~87
	6	X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
	7
	8	RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set.
	9
	10	CVE-2018-0737
	11
	12	Reviewed-by: Rich Salz <rsalz@openssl.org>
	13	Reviewed-by: Matt Caswell <matt@openssl.org>
	14	(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
	15
	16	CVE: CVE-2018-0737
	17	Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f]
	18
	19	Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
	20	---
	21	crypto/rsa/rsa_gen.c \| 2 ++
	22	1 file changed, 2 insertions(+)
	23
	24	diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
	25	index a85493d..f5914c0 100644
	26	--- a/crypto/rsa/rsa_gen.c
	27	+++ b/crypto/rsa/rsa_gen.c
	28	@@ -155,6 +155,8 @@ static int rsa_builtin_keygen(RSA rsa, int bits, BIGNUM e_value,
	29	if (BN_copy(rsa->e, e_value) == NULL)
	30	goto err;
	31
	32	+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
	33	+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
	34	/* generate p and q */
	35	for (;;) {
	36	if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))


diff --git a/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch new file mode 100644 index 0000000..8062031 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch
@@ -0,0 +1,237 @@
	1	From 9310d45087ae546e27e61ddf8f6367f29848220d Mon Sep 17 00:00:00 2001
	2	From: Matt Caswell <matt@openssl.org>
	3	Date: Thu, 22 Mar 2018 10:05:40 +0000
	4	Subject: [PATCH] Limit ASN.1 constructed types recursive definition depth
	5
	6	Constructed types with a recursive definition (such as can be found in
	7	PKCS7) could eventually exceed the stack given malicious input with
	8	excessive recursion. Therefore we limit the stack depth.
	9
	10	CVE-2018-0739
	11	Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9310d45087ae546e27e61ddf8f6367f29848220d]
	12
	13	Credit to OSSFuzz for finding this issue.
	14
	15	Reviewed-by: Rich Salz <rsalz@openssl.org>
	16	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	17	---
	18	crypto/asn1/asn1.h \| 1 +
	19	crypto/asn1/asn1_err.c \| 3 ++-
	20	crypto/asn1/tasn_dec.c \| 62 +++++++++++++++++++++++++++++++++-----------------
	21	3 files changed, 44 insertions(+), 22 deletions(-)
	22
	23	diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
	24	index 68e791f..35a2b2a 100644
	25	--- a/crypto/asn1/asn1.h
	26	+++ b/crypto/asn1/asn1.h
	27	@@ -1365,6 +1365,7 @@ void ERR_load_ASN1_strings(void);
	28	# define ASN1_R_MSTRING_NOT_UNIVERSAL 139
	29	# define ASN1_R_MSTRING_WRONG_TAG 140
	30	# define ASN1_R_NESTED_ASN1_STRING 197
	31	+# define ASN1_R_NESTED_TOO_DEEP 219
	32	# define ASN1_R_NON_HEX_CHARACTERS 141
	33	# define ASN1_R_NOT_ASCII_FORMAT 190
	34	# define ASN1_R_NOT_ENOUGH_DATA 142
	35	diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
	36	index fd4ac8d..cfc1512 100644
	37	--- a/crypto/asn1/asn1_err.c
	38	+++ b/crypto/asn1/asn1_err.c
	39	@@ -1,6 +1,6 @@
	40	/* crypto/asn1/asn1_err.c */
	41	/* ====================================================================
	42	- * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
	43	+ * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved.
	44	*
	45	* Redistribution and use in source and binary forms, with or without
	46	* modification, are permitted provided that the following conditions
	47	@@ -279,6 +279,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
	48	{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
	49	{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
	50	{ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
	51	+ {ERR_REASON(ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
	52	{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
	53	{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
	54	{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
	55	diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
	56	index d49a5d5..78126e9 100644
	57	--- a/crypto/asn1/tasn_dec.c
	58	+++ b/crypto/asn1/tasn_dec.c
	59	@@ -65,6 +65,14 @@
	60	#include <openssl/buffer.h>
	61	#include <openssl/err.h>
	62
	63	+/*
	64	+ * Constructed types with a recursive definition (such as can be found in PKCS7)
	65	+ * could eventually exceed the stack given malicious input with excessive
	66	+ * recursion. Therefore we limit the stack depth. This is the maximum number of
	67	+ * recursive invocations of asn1_item_embed_d2i().
	68	+ */
	69	+#define ASN1_MAX_CONSTRUCTED_NEST 30
	70	+
	71	static int asn1_check_eoc(const unsigned char **in, long len);
	72	static int asn1_find_end(const unsigned char **in, long len, char inf);
	73
	74	@@ -81,11 +89,11 @@ static int asn1_check_tlen(long olen, int otag, unsigned char *oclass,
	75	static int asn1_template_ex_d2i(ASN1_VALUE **pval,
	76	const unsigned char **in, long len,
	77	const ASN1_TEMPLATE *tt, char opt,
	78	- ASN1_TLC *ctx);
	79	+ ASN1_TLC *ctx, int depth);
	80	static int asn1_template_noexp_d2i(ASN1_VALUE **val,
	81	const unsigned char **in, long len,
	82	const ASN1_TEMPLATE *tt, char opt,
	83	- ASN1_TLC *ctx);
	84	+ ASN1_TLC *ctx, int depth);
	85	static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
	86	const unsigned char **in, long len,
	87	const ASN1_ITEM *it,
	88	@@ -154,17 +162,16 @@ int ASN1_template_d2i(ASN1_VALUE **pval,
	89	{
	90	ASN1_TLC c;
	91	asn1_tlc_clear_nc(&c);
	92	- return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
	93	+ return asn1_template_ex_d2i(pval, in, len, tt, 0, &c, 0);
	94	}
	95
	96	/*
	97	* Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
	98	* tag mismatch return -1 to handle OPTIONAL
	99	*/
	100	-
	101	-int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	102	- const ASN1_ITEM *it,
	103	- int tag, int aclass, char opt, ASN1_TLC *ctx)
	104	+static int asn1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in,
	105	+ long len, const ASN1_ITEM *it, int tag, int aclass,
	106	+ char opt, ASN1_TLC *ctx, int depth)
	107	{
	108	const ASN1_TEMPLATE tt, errtt = NULL;
	109	const ASN1_COMPAT_FUNCS *cf;
	110	@@ -189,6 +196,11 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	111	else
	112	asn1_cb = 0;
	113
	114	+ if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
	115	+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NESTED_TOO_DEEP);
	116	+ goto err;
	117	+ }
	118	+
	119	switch (it->itype) {
	120	case ASN1_ITYPE_PRIMITIVE:
	121	if (it->templates) {
	122	@@ -204,7 +216,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	123	goto err;
	124	}
	125	return asn1_template_ex_d2i(pval, in, len,
	126	- it->templates, opt, ctx);
	127	+ it->templates, opt, ctx, depth);
	128	}
	129	return asn1_d2i_ex_primitive(pval, in, len, it,
	130	tag, aclass, opt, ctx);
	131	@@ -326,7 +338,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	132	/*
	133	* We mark field as OPTIONAL so its absence can be recognised.
	134	*/
	135	- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
	136	+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
	137	/* If field not present, try the next one */
	138	if (ret == -1)
	139	continue;
	140	@@ -444,7 +456,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	141	* attempt to read in field, allowing each to be OPTIONAL
	142	*/
	143
	144	- ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
	145	+ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
	146	+ depth);
	147	if (!ret) {
	148	errtt = seqtt;
	149	goto err;
	150	@@ -514,6 +527,13 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	151	return 0;
	152	}
	153
	154	+int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	155	+ const ASN1_ITEM *it,
	156	+ int tag, int aclass, char opt, ASN1_TLC *ctx)
	157	+{
	158	+ return asn1_item_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
	159	+}
	160	+
	161	/*
	162	* Templates are handled with two separate functions. One handles any
	163	* EXPLICIT tag and the other handles the rest.
	164	@@ -522,7 +542,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE pval, const unsigned char in, long len,
	165	static int asn1_template_ex_d2i(ASN1_VALUE **val,
	166	const unsigned char **in, long inlen,
	167	const ASN1_TEMPLATE *tt, char opt,
	168	- ASN1_TLC *ctx)
	169	+ ASN1_TLC *ctx, int depth)
	170	{
	171	int flags, aclass;
	172	int ret;
	173	@@ -557,7 +577,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
	174	return 0;
	175	}
	176	/* We've found the field so it can't be OPTIONAL now */
	177	- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
	178	+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
	179	if (!ret) {
	180	ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
	181	return 0;
	182	@@ -581,7 +601,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
	183	}
	184	}
	185	} else
	186	- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
	187	+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
	188
	189	*in = p;
	190	return 1;
	191	@@ -594,7 +614,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
	192	static int asn1_template_noexp_d2i(ASN1_VALUE **val,
	193	const unsigned char **in, long len,
	194	const ASN1_TEMPLATE *tt, char opt,
	195	- ASN1_TLC *ctx)
	196	+ ASN1_TLC *ctx, int depth)
	197	{
	198	int flags, aclass;
	199	int ret;
	200	@@ -665,8 +685,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
	201	break;
	202	}
	203	skfield = NULL;
	204	- if (!ASN1_item_ex_d2i(&skfield, &p, len,
	205	- ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
	206	+ if (!asn1_item_ex_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item),
	207	+ -1, 0, 0, ctx, depth)) {
	208	ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
	209	ERR_R_NESTED_ASN1_ERROR);
	210	goto err;
	211	@@ -684,9 +704,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
	212	}
	213	} else if (flags & ASN1_TFLG_IMPTAG) {
	214	/* IMPLICIT tagging */
	215	- ret = ASN1_item_ex_d2i(val, &p, len,
	216	- ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
	217	- ctx);
	218	+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag,
	219	+ aclass, opt, ctx, depth);
	220	if (!ret) {
	221	ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
	222	goto err;
	223	@@ -694,8 +713,9 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
	224	return -1;
	225	} else {
	226	/* Nothing special */
	227	- ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
	228	- -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
	229	+ ret = asn1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
	230	+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx,
	231	+ depth);
	232	if (!ret) {
	233	ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
	234	goto err;
	235	--
	236	1.9.1
	237


diff --git a/recipes-connectivity/openssl/openssl_1.0.2n.bbappend b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend new file mode 100644 index 0000000..6f2625f --- /dev/null +++ b/recipes-connectivity/openssl/openssl_1.0.2n.bbappend
@@ -0,0 +1,7 @@
	1	FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
	2
	3	SRC_URI += " \
	4	file://CVE-2018-0732-reject-excessively-large-primes-in-DH-key-generation.patch \
	5	file://CVE-2018-0737-ensure-BN_mod_inverse-and-BN_mod_exp_mont-both-get-called.patch \
	6	file://CVE-2018-0739-limit-ASN.1-constructed-types-recursive-definition-depth.patch \
	7	"