1 files changed, 172 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch
new file mode 100644
index 0000000000..6a6b829505
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch
@@ -0,0 +1,172 @@
+From a8565530e27718760220df469f0a071c85b9e731 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Sat, 20 Dec 2014 15:09:50 +0000
+Subject: [PATCH] Fix various certificate fingerprint issues.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+By using non-DER or invalid encodings outside the signed portion of a
+certificate the fingerprint can be changed without breaking the signature.
+Although no details of the signed portion of the certificate can be changed
+this can cause problems with some applications: e.g. those using the
+certificate fingerprint for blacklists.
+1. Reject signatures with non zero unused bits.
+If the BIT STRING containing the signature has non zero unused bits reject
+the signature. All current signature algorithms require zero unused bits.
+2. Check certificate algorithm consistency.
+Check the AlgorithmIdentifier inside TBS matches the one in the
+certificate signature. NB: this will result in signature failure
+errors for some broken certificates.
+3. Check DSA/ECDSA signatures use DER.
+Reencode DSA/ECDSA signatures and compare with the original received
+signature. Return an error if there is a mismatch.
+This will reject various cases including garbage after signature
+(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+(negative or with leading zeroes).
+CVE-2014-8275
+Upstream-Status: Backport
+Reviewed-by: Emilia Käsper <emilia@openssl.org>
+(cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e)
+Conflicts:
+Changes in the "CHANGES" file have been removed from this pacth since
+it fails to apply. These cahnges have been added manually in another patch.
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ CHANGES                | 37 +++++++++++++++++++++++++++++++++++++
+ crypto/asn1/a_verify.c | 12 ++++++++++++
+ crypto/dsa/dsa_asn1.c  | 14 +++++++++++++-
+ crypto/ecdsa/ecs_vrf.c | 15 ++++++++++++++-
+ crypto/x509/x_all.c    |  2 ++
+ 5 files changed, 78 insertions(+), 2 deletions(-)
+diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
+index fc84cd3..a571009 100644
+--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
+@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+                ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                goto err;
+                }
+
+       if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+               goto err;
+               }
+        
+        inl=i2d(data,NULL);
+        buf_in=OPENSSL_malloc((unsigned int)inl);
+@@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+                return -1;
+                }
+ 
+       if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+               return -1;
+               }
+
+        EVP_MD_CTX_init(&ctx);
+ 
+        /* Convert signature OID into digest and public key OIDs */
+diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
+index 6058534..473af87 100644
+--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
+@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+             const unsigned char *sigbuf, int siglen, DSA *dsa)
+        {
+        DSA_SIG *s;
+       const unsigned char *p = sigbuf;
+       unsigned char *der = NULL;
+       int derlen = -1;
+        int ret=-1;
+ 
+        s = DSA_SIG_new();
+        if (s == NULL) return(ret);
+-       if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+       if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
+       /* Ensure signature uses DER and doesn't have trailing garbage */
+       derlen = i2d_DSA_SIG(s, &der);
+       if (derlen != siglen || memcmp(sigbuf, der, derlen))
+               goto err;
+        ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+ err:
+       if (derlen > 0)
+               {
+               OPENSSL_cleanse(der, derlen);
+               OPENSSL_free(der);
+               }
+        DSA_SIG_free(s);
+        return(ret);
+        }
+diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c
+index ef9acf7..2836efe 100644
+--- a/crypto/ecdsa/ecs_vrf.c
+++ b/crypto/ecdsa/ecs_vrf.c
+@@ -57,6 +57,7 @@
+  */
+ 
+ #include "ecs_locl.h"
+#include "cryptlib.h"
+ #ifndef OPENSSL_NO_ENGINE
+ #include <openssl/engine.h>
+ #endif
+@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+                const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+        {
+        ECDSA_SIG *s;
+       const unsigned char *p = sigbuf;
+       unsigned char *der = NULL;
+       int derlen = -1;
+        int ret=-1;
+ 
+        s = ECDSA_SIG_new();
+        if (s == NULL) return(ret);
+-       if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
+       if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
+       /* Ensure signature uses DER and doesn't have trailing garbage */
+       derlen = i2d_ECDSA_SIG(s, &der);
+       if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+               goto err;
+        ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+       if (derlen > 0)
+               {
+               OPENSSL_cleanse(der, derlen);
+               OPENSSL_free(der);
+               }
+        ECDSA_SIG_free(s);
+        return(ret);
+        }
+diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
+index e06602d..fef55f8 100644
+--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
+@@ -72,6 +72,8 @@
+ 
+ int X509_verify(X509 *a, EVP_PKEY *r)
+        {
+       if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+               return 0;
+        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
+                a->signature,a->cert_info,r));
+        }
+-- 
+1.9.1

diff --git a/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch new file mode 100644 index 0000000000..6a6b829505 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0006-CVE-2014-8275.patch
@@ -0,0 +1,172 @@
	1	From a8565530e27718760220df469f0a071c85b9e731 Mon Sep 17 00:00:00 2001
	2	From: "Dr. Stephen Henson" <steve@openssl.org>
	3	Date: Sat, 20 Dec 2014 15:09:50 +0000
	4	Subject: [PATCH] Fix various certificate fingerprint issues.
	5	MIME-Version: 1.0
	6	Content-Type: text/plain; charset=UTF-8
	7	Content-Transfer-Encoding: 8bit
	8
	9	By using non-DER or invalid encodings outside the signed portion of a
	10	certificate the fingerprint can be changed without breaking the signature.
	11	Although no details of the signed portion of the certificate can be changed
	12	this can cause problems with some applications: e.g. those using the
	13	certificate fingerprint for blacklists.
	14
	15	1. Reject signatures with non zero unused bits.
	16
	17	If the BIT STRING containing the signature has non zero unused bits reject
	18	the signature. All current signature algorithms require zero unused bits.
	19
	20	2. Check certificate algorithm consistency.
	21
	22	Check the AlgorithmIdentifier inside TBS matches the one in the
	23	certificate signature. NB: this will result in signature failure
	24	errors for some broken certificates.
	25
	26	3. Check DSA/ECDSA signatures use DER.
	27
	28	Reencode DSA/ECDSA signatures and compare with the original received
	29	signature. Return an error if there is a mismatch.
	30
	31	This will reject various cases including garbage after signature
	32	(thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
	33	program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
	34	(negative or with leading zeroes).
	35
	36	CVE-2014-8275
	37
	38	Upstream-Status: Backport
	39
	40	Reviewed-by: Emilia Käsper <emilia@openssl.org>
	41
	42	(cherry picked from commit 684400ce192dac51df3d3e92b61830a6ef90be3e)
	43
	44	Conflicts:
	45	Changes in the "CHANGES" file have been removed from this pacth since
	46	it fails to apply. These cahnges have been added manually in another patch.
	47
	48	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	49	---
	50	CHANGES \| 37 +++++++++++++++++++++++++++++++++++++
	51	crypto/asn1/a_verify.c \| 12 ++++++++++++
	52	crypto/dsa/dsa_asn1.c \| 14 +++++++++++++-
	53	crypto/ecdsa/ecs_vrf.c \| 15 ++++++++++++++-
	54	crypto/x509/x_all.c \| 2 ++
	55	5 files changed, 78 insertions(+), 2 deletions(-)
	56
	57	diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
	58	index fc84cd3..a571009 100644
	59	--- a/crypto/asn1/a_verify.c
	60	+++ b/crypto/asn1/a_verify.c
	61	@@ -90,6 +90,12 @@ int ASN1_verify(i2d_of_void i2d, X509_ALGOR a, ASN1_BIT_STRING *signature,
	62	ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
	63	goto err;
	64	}
	65	+
	66	+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
	67	+ {
	68	+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
	69	+ goto err;
	70	+ }
	71
	72	inl=i2d(data,NULL);
	73	buf_in=OPENSSL_malloc((unsigned int)inl);
	74	@@ -146,6 +152,12 @@ int ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,
	75	return -1;
	76	}
	77
	78	+ if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
	79	+ {
	80	+ ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
	81	+ return -1;
	82	+ }
	83	+
	84	EVP_MD_CTX_init(&ctx);
	85
	86	/* Convert signature OID into digest and public key OIDs */
	87	diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
	88	index 6058534..473af87 100644
	89	--- a/crypto/dsa/dsa_asn1.c
	90	+++ b/crypto/dsa/dsa_asn1.c
	91	@@ -176,13 +176,25 @@ int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
	92	const unsigned char sigbuf, int siglen, DSA dsa)
	93	{
	94	DSA_SIG *s;
	95	+ const unsigned char *p = sigbuf;
	96	+ unsigned char *der = NULL;
	97	+ int derlen = -1;
	98	int ret=-1;
	99
	100	s = DSA_SIG_new();
	101	if (s == NULL) return(ret);
	102	- if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
	103	+ if (d2i_DSA_SIG(&s,&p,siglen) == NULL) goto err;
	104	+ /* Ensure signature uses DER and doesn't have trailing garbage */
	105	+ derlen = i2d_DSA_SIG(s, &der);
	106	+ if (derlen != siglen \|\| memcmp(sigbuf, der, derlen))
	107	+ goto err;
	108	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
	109	err:
	110	+ if (derlen > 0)
	111	+ {
	112	+ OPENSSL_cleanse(der, derlen);
	113	+ OPENSSL_free(der);
	114	+ }
	115	DSA_SIG_free(s);
	116	return(ret);
	117	}
	118	diff --git a/crypto/ecdsa/ecs_vrf.c b/crypto/ecdsa/ecs_vrf.c
	119	index ef9acf7..2836efe 100644
	120	--- a/crypto/ecdsa/ecs_vrf.c
	121	+++ b/crypto/ecdsa/ecs_vrf.c
	122	@@ -57,6 +57,7 @@
	123	*/
	124
	125	#include "ecs_locl.h"
	126	+#include "cryptlib.h"
	127	#ifndef OPENSSL_NO_ENGINE
	128	#include <openssl/engine.h>
	129	#endif
	130	@@ -84,13 +85,25 @@ int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
	131	const unsigned char sigbuf, int sig_len, EC_KEY eckey)
	132	{
	133	ECDSA_SIG *s;
	134	+ const unsigned char *p = sigbuf;
	135	+ unsigned char *der = NULL;
	136	+ int derlen = -1;
	137	int ret=-1;
	138
	139	s = ECDSA_SIG_new();
	140	if (s == NULL) return(ret);
	141	- if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
	142	+ if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) goto err;
	143	+ /* Ensure signature uses DER and doesn't have trailing garbage */
	144	+ derlen = i2d_ECDSA_SIG(s, &der);
	145	+ if (derlen != sig_len \|\| memcmp(sigbuf, der, derlen))
	146	+ goto err;
	147	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
	148	err:
	149	+ if (derlen > 0)
	150	+ {
	151	+ OPENSSL_cleanse(der, derlen);
	152	+ OPENSSL_free(der);
	153	+ }
	154	ECDSA_SIG_free(s);
	155	return(ret);
	156	}
	157	diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c
	158	index e06602d..fef55f8 100644
	159	--- a/crypto/x509/x_all.c
	160	+++ b/crypto/x509/x_all.c
	161	@@ -72,6 +72,8 @@
	162
	163	int X509_verify(X509 a, EVP_PKEY r)
	164	{
	165	+ if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
	166	+ return 0;
	167	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
	168	a->signature,a->cert_info,r));
	169	}
	170	--
	171	1.9.1
	172