diff options
author | haiqing <haiqing.bai@windriver.com> | 2020-06-15 16:15:24 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2020-07-08 10:47:50 +0100 |
commit | 577f1b0b2fba641106959758cd59250ea38d0a64 (patch) | |
tree | bbe63c0c7a29f4e31d649e6fb8f9392047043732 /meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch | |
parent | 4e90fb17b129b7a5df584799ec9629474362d50c (diff) | |
download | poky-577f1b0b2fba641106959758cd59250ea38d0a64.tar.gz |
gnutls: fixed CVE-2020-13777
GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography
for encrypting a session ticket
Backport the patch from upstream:
https://gitlab.com/gnutls/gnutls.git
commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
commit 50ad8778a81f9421effa4c5a3b457f98e559b178
commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da
(From OE-Core rev: 86870cd2ff3555161ea5bb434740338ec20495a0)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch')
-rw-r--r-- | meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch new file mode 100644 index 0000000000..2d8efeb889 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-c.patch | |||
@@ -0,0 +1,68 @@ | |||
1 | From b34da057dc9eb01df30b436ba9cb047c21fb0151 Mon Sep 17 00:00:00 2001 | ||
2 | From: Daiki Ueno <ueno@gnu.org> | ||
3 | Date: Tue, 2 Jun 2020 21:45:17 +0200 | ||
4 | Subject: [PATCH 3/3] valgrind: check if session ticket key is used without | ||
5 | initialization | ||
6 | |||
7 | commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da from https://gitlab.com/gnutls/gnutls.git | ||
8 | |||
9 | This adds a valgrind client request for | ||
10 | session->key.session_ticket_key to make sure that it is not used | ||
11 | without initialization. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | |||
15 | Signed-off-by: Daiki Ueno <ueno@gnu.org> | ||
16 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
17 | --- | ||
18 | lib/state.c | 5 ++++- | ||
19 | lib/stek.c | 8 ++++++++ | ||
20 | 2 files changed, 12 insertions(+), 1 deletion(-) | ||
21 | |||
22 | diff --git a/lib/state.c b/lib/state.c | ||
23 | index 98900c1..cabdf7d 100644 | ||
24 | --- a/lib/state.c | ||
25 | +++ b/lib/state.c | ||
26 | @@ -578,9 +578,12 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags) | ||
27 | if (flags & GNUTLS_CLIENT) | ||
28 | VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.client_random, | ||
29 | GNUTLS_RANDOM_SIZE); | ||
30 | - if (flags & GNUTLS_SERVER) | ||
31 | + if (flags & GNUTLS_SERVER) { | ||
32 | VALGRIND_MAKE_MEM_UNDEFINED((*session)->security_parameters.server_random, | ||
33 | GNUTLS_RANDOM_SIZE); | ||
34 | + VALGRIND_MAKE_MEM_UNDEFINED((*session)->key.session_ticket_key, | ||
35 | + TICKET_MASTER_KEY_SIZE); | ||
36 | + } | ||
37 | } | ||
38 | #endif | ||
39 | handshake_internal_state_clear1(*session); | ||
40 | diff --git a/lib/stek.c b/lib/stek.c | ||
41 | index 5ab9e7d..316555b 100644 | ||
42 | --- a/lib/stek.c | ||
43 | +++ b/lib/stek.c | ||
44 | @@ -21,6 +21,9 @@ | ||
45 | */ | ||
46 | #include "gnutls_int.h" | ||
47 | #include "stek.h" | ||
48 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
49 | +#include <valgrind/memcheck.h> | ||
50 | +#endif | ||
51 | |||
52 | #define NAME_POS (0) | ||
53 | #define KEY_POS (TICKET_KEY_NAME_SIZE) | ||
54 | @@ -143,6 +146,11 @@ static int rotate(gnutls_session_t session) | ||
55 | call_rotation_callback(session, key, t); | ||
56 | session->key.totp.last_result = t; | ||
57 | memcpy(session->key.session_ticket_key, key, sizeof(key)); | ||
58 | +#ifdef HAVE_VALGRIND_MEMCHECK_H | ||
59 | + if (RUNNING_ON_VALGRIND) | ||
60 | + VALGRIND_MAKE_MEM_DEFINED(session->key.session_ticket_key, | ||
61 | + TICKET_MASTER_KEY_SIZE); | ||
62 | +#endif | ||
63 | |||
64 | session->key.totp.was_rotated = 1; | ||
65 | } else if (t < 0) { | ||
66 | -- | ||
67 | 2.17.1 | ||
68 | |||