diff options
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch | 33 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb (renamed from meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb) | 5 |
2 files changed, 2 insertions, 36 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch b/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch deleted file mode 100644 index b9865a69b5..0000000000 --- a/meta/recipes-connectivity/openssl/openssl10/0001-fix-CVE-2018-0734.patch +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | CVE: CVE-2018-0734 | ||
2 | |||
3 | Upstream-Status: Backport | ||
4 | |||
5 | Signed-off-by: Kai Kang <kai.kang@windriver.com> | ||
6 | |||
7 | From 43e6a58d4991a451daf4891ff05a48735df871ac Mon Sep 17 00:00:00 2001 | ||
8 | From: Pauli <paul.dale@oracle.com> | ||
9 | Date: Mon, 29 Oct 2018 08:24:22 +1000 | ||
10 | Subject: [PATCH] Merge DSA reallocation timing fix CVE-2018-0734. | ||
11 | |||
12 | Reviewed-by: Richard Levitte <levitte@openssl.org> | ||
13 | (Merged from https://github.com/openssl/openssl/pull/7513) | ||
14 | --- | ||
15 | crypto/dsa/dsa_ossl.c | 2 +- | ||
16 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c | ||
19 | index 2dcfedeeee..100e269268 100644 | ||
20 | --- a/crypto/dsa/dsa_ossl.c | ||
21 | +++ b/crypto/dsa/dsa_ossl.c | ||
22 | @@ -279,7 +279,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | ||
23 | goto err; | ||
24 | |||
25 | /* Preallocate space */ | ||
26 | - q_bits = BN_num_bits(dsa->q); | ||
27 | + q_bits = BN_num_bits(dsa->q) + sizeof(dsa->q->d[0]) * 16; | ||
28 | if (!BN_set_bit(&k, q_bits) | ||
29 | || !BN_set_bit(&l, q_bits) | ||
30 | || !BN_set_bit(&m, q_bits)) | ||
31 | -- | ||
32 | 2.17.0 | ||
33 | |||
diff --git a/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb index 0925af3456..9d67053b7a 100644 --- a/meta/recipes-connectivity/openssl/openssl10_1.0.2p.bb +++ b/meta/recipes-connectivity/openssl/openssl10_1.0.2q.bb | |||
@@ -40,7 +40,6 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ | |||
40 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ | 40 | file://0001-Fix-build-with-clang-using-external-assembler.patch \ |
41 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ | 41 | file://0001-openssl-force-soft-link-to-avoid-rare-race.patch \ |
42 | file://0001-allow-manpages-to-be-disabled.patch \ | 42 | file://0001-allow-manpages-to-be-disabled.patch \ |
43 | file://0001-fix-CVE-2018-0734.patch \ | ||
44 | " | 43 | " |
45 | 44 | ||
46 | SRC_URI_append_class-target = " \ | 45 | SRC_URI_append_class-target = " \ |
@@ -52,8 +51,8 @@ SRC_URI_append_class-nativesdk = " \ | |||
52 | file://environment.d-openssl.sh \ | 51 | file://environment.d-openssl.sh \ |
53 | " | 52 | " |
54 | 53 | ||
55 | SRC_URI[md5sum] = "ac5eb30bf5798aa14b1ae6d0e7da58df" | 54 | SRC_URI[md5sum] = "7563e1ce046cb21948eeb6ba1a0eb71c" |
56 | SRC_URI[sha256sum] = "50a98e07b1a89eb8f6a99477f262df71c6fa7bef77df4dc83025a2845c827d00" | 55 | SRC_URI[sha256sum] = "5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684" |
57 | 56 | ||
58 | S = "${WORKDIR}/openssl-${PV}" | 57 | S = "${WORKDIR}/openssl-${PV}" |
59 | 58 | ||