diff options
| author | haiqing <haiqing.bai@windriver.com> | 2020-06-15 16:15:24 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-07-08 10:47:50 +0100 |
| commit | 577f1b0b2fba641106959758cd59250ea38d0a64 (patch) | |
| tree | bbe63c0c7a29f4e31d649e6fb8f9392047043732 /meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch | |
| parent | 4e90fb17b129b7a5df584799ec9629474362d50c (diff) | |
| download | poky-577f1b0b2fba641106959758cd59250ea38d0a64.tar.gz | |
gnutls: fixed CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography
for encrypting a session ticket
Backport the patch from upstream:
https://gitlab.com/gnutls/gnutls.git
commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
commit 50ad8778a81f9421effa4c5a3b457f98e559b178
commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da
(From OE-Core rev: 86870cd2ff3555161ea5bb434740338ec20495a0)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch')
| -rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch | 90 |
1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch new file mode 100644 index 0000000000..1811afc2ff --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch | |||
| @@ -0,0 +1,90 @@ | |||
| 1 | From 6e798091d057de6b7f94b9dede4c5c919ec41f89 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Daiki Ueno <ueno@gnu.org> | ||
| 3 | Date: Tue, 2 Jun 2020 20:53:11 +0200 | ||
| 4 | Subject: [PATCH 1/3] stek: differentiate initial state from valid time window | ||
| 5 | of TOTP | ||
| 6 | |||
| 7 | commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca from https://gitlab.com/gnutls/gnutls.git | ||
| 8 | |||
| 9 | There was a confusion in the TOTP implementation in stek.c. When the | ||
| 10 | mechanism is initialized at the first time, it records the timestamp | ||
| 11 | but doesn't initialize the key. This removes the timestamp recording | ||
| 12 | at the initialization phase, so the key is properly set later. | ||
| 13 | |||
| 14 | Upstream-Status: Backport | ||
| 15 | |||
| 16 | Signed-off-by: Daiki Ueno <ueno@gnu.org> | ||
| 17 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
| 18 | --- | ||
| 19 | lib/stek.c | 17 +++++------------ | ||
| 20 | tests/resume-with-previous-stek.c | 4 ++-- | ||
| 21 | tests/tls13/prf-early.c | 8 ++++---- | ||
| 22 | 3 files changed, 11 insertions(+), 18 deletions(-) | ||
| 23 | |||
| 24 | diff --git a/lib/stek.c b/lib/stek.c | ||
| 25 | index 2f885ce..5ab9e7d 100644 | ||
| 26 | --- a/lib/stek.c | ||
| 27 | +++ b/lib/stek.c | ||
| 28 | @@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con | ||
| 29 | if (unlikely(session == NULL || key == NULL)) | ||
| 30 | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); | ||
| 31 | |||
| 32 | - if (session->key.totp.last_result == 0) { | ||
| 33 | - int64_t t; | ||
| 34 | - memcpy(session->key.initial_stek, key->data, key->size); | ||
| 35 | - t = totp_next(session); | ||
| 36 | - if (t < 0) | ||
| 37 | - return gnutls_assert_val(t); | ||
| 38 | + if (unlikely(session->key.totp.last_result != 0)) | ||
| 39 | + return GNUTLS_E_INVALID_REQUEST; | ||
| 40 | |||
| 41 | - session->key.totp.last_result = t; | ||
| 42 | - session->key.totp.was_rotated = 0; | ||
| 43 | - | ||
| 44 | - return GNUTLS_E_SUCCESS; | ||
| 45 | - } | ||
| 46 | + memcpy(session->key.initial_stek, key->data, key->size); | ||
| 47 | |||
| 48 | - return GNUTLS_E_INVALID_REQUEST; | ||
| 49 | + session->key.totp.was_rotated = 0; | ||
| 50 | + return 0; | ||
| 51 | } | ||
| 52 | |||
| 53 | /* | ||
| 54 | diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c | ||
| 55 | index f212b18..05c1c90 100644 | ||
| 56 | --- a/tests/resume-with-previous-stek.c | ||
| 57 | +++ b/tests/resume-with-previous-stek.c | ||
| 58 | @@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio) | ||
| 59 | serverx509cred = NULL; | ||
| 60 | } | ||
| 61 | |||
| 62 | - if (num_stek_rotations != 2) | ||
| 63 | - fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations); | ||
| 64 | + if (num_stek_rotations != 3) | ||
| 65 | + fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations); | ||
| 66 | |||
| 67 | if (serverx509cred) | ||
| 68 | gnutls_certificate_free_credentials(serverx509cred); | ||
| 69 | diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c | ||
| 70 | index 414b1db..bc31962 100644 | ||
| 71 | --- a/tests/tls13/prf-early.c | ||
| 72 | +++ b/tests/tls13/prf-early.c | ||
| 73 | @@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size) | ||
| 74 | } \ | ||
| 75 | } | ||
| 76 | |||
| 77 | -#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68" | ||
| 78 | -#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b" | ||
| 79 | -#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62" | ||
| 80 | -#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b" | ||
| 81 | +#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04" | ||
| 82 | +#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f" | ||
| 83 | +#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec" | ||
| 84 | +#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0" | ||
| 85 | |||
| 86 | static int handshake_callback_called; | ||
| 87 | |||
| 88 | -- | ||
| 89 | 2.17.1 | ||
| 90 | |||