summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch')
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch487
1 files changed, 487 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch b/meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch
new file mode 100644
index 0000000000..da84cbf57d
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2015-0282-GNUTLS-SA-2015-1.patch
@@ -0,0 +1,487 @@
1From d326f81daed5a1a06476d66a81584f8c7b71141d Mon Sep 17 00:00:00 2001
2From: Nikos Mavrogiannopoulos <nmav@redhat.com>
3Date: Mon, 23 Feb 2015 10:03:47 +0100
4Subject: [PATCH] Added fix for GNUTLS-SA-2015-1
5
6Fixes CVE-2015-0282.
7Upstream-Status: Backport
8
9Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
10---
11 lib/gnutls_algorithms.c | 8 +++++
12 lib/gnutls_algorithms.h | 1 +
13 lib/gnutls_pubkey.c | 4 +--
14 lib/gnutls_sig.c | 14 +++++----
15 lib/x509/common.h | 2 +-
16 lib/x509/crq.c | 49 ++++++++++++++++++++++++++++++-
17 lib/x509/privkey.c | 3 +-
18 lib/x509/verify.c | 77 ++++++++++++++++++++++++++++++++-----------------
19 lib/x509/x509.c | 4 +--
20 lib/x509/x509_int.h | 7 +++--
21 10 files changed, 127 insertions(+), 42 deletions(-)
22
23diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
24index 9ce73ce..b46f6f2 100644
25--- a/lib/gnutls_algorithms.c
26+++ b/lib/gnutls_algorithms.c
27@@ -2056,6 +2056,14 @@ gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
28 return ret;
29 }
30
31+int
32+_gnutls_sign_get_hash (gnutls_sign_algorithm_t algorithm)
33+{
34+ GNUTLS_SIGN_LOOP (if (p->id == algorithm) return p->mac);
35+
36+ return GNUTLS_MAC_UNKNOWN;
37+}
38+
39 gnutls_sign_algorithm_t
40 _gnutls_x509_oid2sign_algorithm (const char *oid)
41 {
42diff --git a/lib/gnutls_algorithms.h b/lib/gnutls_algorithms.h
43index ac2ec71..8fa0fcb 100644
44--- a/lib/gnutls_algorithms.h
45+++ b/lib/gnutls_algorithms.h
46@@ -105,6 +105,7 @@ enum encipher_type
47 enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
48
49 /* Functions for sign algorithms. */
50+int _gnutls_sign_get_hash (gnutls_sign_algorithm_t algorithm);
51 gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
52 gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
53 gnutls_mac_algorithm_t mac);
54diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
55index dc4f545..8b50647 100644
56--- a/lib/gnutls_pubkey.c
57+++ b/lib/gnutls_pubkey.c
58@@ -1048,7 +1048,7 @@ gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
59 return GNUTLS_E_INVALID_REQUEST;
60 }
61
62- ret = pubkey_verify_sig( data, NULL, signature, pubkey->pk_algorithm,
63+ ret = pubkey_verify_sig(GNUTLS_MAC_UNKNOWN, data, NULL, signature, pubkey->pk_algorithm,
64 pubkey->params, pubkey->params_size);
65 if (ret < 0)
66 {
67@@ -1086,7 +1086,7 @@ gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
68 }
69
70 ret =
71- pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
72+ pubkey_verify_sig (GNUTLS_MAC_UNKNOWN, NULL, hash, signature, key->pk_algorithm,
73 key->params, key->params_size);
74
75 return ret;
76diff --git a/lib/gnutls_sig.c b/lib/gnutls_sig.c
77index a2f38e5..9542925 100644
78--- a/lib/gnutls_sig.c
79+++ b/lib/gnutls_sig.c
80@@ -273,7 +273,8 @@ static int
81 verify_tls_hash (gnutls_session_t session, gnutls_protocol_t ver, gnutls_cert * cert,
82 const gnutls_datum_t * hash_concat,
83 gnutls_datum_t * signature, size_t sha1pos,
84- gnutls_pk_algorithm_t pk_algo)
85+ gnutls_pk_algorithm_t pk_algo,
86+ int hashalg)
87 {
88 int ret;
89 gnutls_datum_t vdata;
90@@ -309,7 +310,7 @@ verify_tls_hash (gnutls_session_t session, gnutls_protocol_t ver, gnutls_cert *
91 ret = _gnutls_rsa_verify (&vdata, signature, cert->params,
92 cert->params_size, 1);
93 else
94- ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
95+ ret = pubkey_verify_sig(hashalg, NULL, &vdata, signature, pk_algo,
96 cert->params, cert->params_size);
97
98 if (ret < 0)
99@@ -324,7 +325,7 @@ verify_tls_hash (gnutls_session_t session, gnutls_protocol_t ver, gnutls_cert *
100 vdata.data = &hash_concat->data[sha1pos];
101 vdata.size = hash_concat->size - sha1pos;
102
103- ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
104+ ret = pubkey_verify_sig(hashalg, NULL, &vdata, signature, pk_algo,
105 cert->params, cert->params_size);
106 /* verify signature */
107 if (ret < 0)
108@@ -428,7 +429,8 @@ _gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
109 ret = verify_tls_hash (session, ver, cert, &dconcat, signature,
110 dconcat.size -
111 _gnutls_hash_get_algo_len (hash_algo),
112- _gnutls_sign_get_pk_algorithm (algo));
113+ _gnutls_sign_get_pk_algorithm (algo),
114+ hash_algo);
115 if (ret < 0)
116 {
117 gnutls_assert ();
118@@ -491,7 +493,7 @@ _gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
119
120 ret =
121 verify_tls_hash (session, ver, cert, &dconcat, signature, 0,
122- cert->subject_pk_algorithm);
123+ cert->subject_pk_algorithm, hash_algo);
124 if (ret < 0)
125 {
126 gnutls_assert ();
127@@ -582,7 +584,7 @@ _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
128
129 ret =
130 verify_tls_hash (session, ver, cert, &dconcat, signature, 16,
131- cert->subject_pk_algorithm);
132+ cert->subject_pk_algorithm, GNUTLS_MAC_UNKNOWN);
133 if (ret < 0)
134 {
135 gnutls_assert ();
136diff --git a/lib/x509/common.h b/lib/x509/common.h
137index 5cc6a10..561e31c 100644
138--- a/lib/x509/common.h
139+++ b/lib/x509/common.h
140@@ -151,7 +151,7 @@ int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
141 void _asnstr_append_name (char *name, size_t name_size, const char *part1,
142 const char *part2);
143
144-int pubkey_verify_sig (const gnutls_datum_t * tbs,
145+int pubkey_verify_sig (int hashalg, const gnutls_datum_t * tbs,
146 const gnutls_datum_t * hash,
147 const gnutls_datum_t * signature,
148 gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
149diff --git a/lib/x509/crq.c b/lib/x509/crq.c
150index ed0f844..e0d3346 100644
151--- a/lib/x509/crq.c
152+++ b/lib/x509/crq.c
153@@ -2540,6 +2540,7 @@ gnutls_datum data = { NULL, 0 };
154 gnutls_datum signature = { NULL, 0 };
155 bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
156 int ret, params_size = 0, i;
157+int hashalg, sigalg;
158
159 ret =
160 _gnutls_x509_get_signed_data (crq->crq, "certificationRequestInfo", &data);
161@@ -2565,7 +2566,10 @@ int ret, params_size = 0, i;
162 goto cleanup;
163 }
164
165- ret = pubkey_verify_sig(&data, NULL, &signature,
166+ sigalg = gnutls_x509_crq_get_signature_algorithm (crq);
167+ hashalg = _gnutls_sign_get_hash(sigalg);
168+
169+ ret = pubkey_verify_sig(hashalg, &data, NULL, &signature,
170 gnutls_x509_crq_get_pk_algorithm (crq, NULL),
171 params, params_size);
172 if (ret < 0)
173@@ -2588,5 +2592,48 @@ cleanup:
174 return ret;
175 }
176
177+/**
178+ * gnutls_x509_crq_get_signature_algorithm:
179+ * @crl: should contain a #gnutls_x509_crl_t structure
180+ *
181+ * This function will return a value of the #gnutls_sign_algorithm_t
182+ * enumeration that is the signature algorithm.
183+ *
184+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
185+ * negative error value.
186+ **/
187+int
188+gnutls_x509_crq_get_signature_algorithm (gnutls_x509_crq_t crq)
189+{
190+ int result;
191+ gnutls_datum_t sa;
192+
193+ if (crq == NULL)
194+ {
195+ gnutls_assert ();
196+ return GNUTLS_E_INVALID_REQUEST;
197+ }
198+
199+ /* Read the signature algorithm. Note that parameters are not
200+ * read. They will be read from the issuer's certificate if needed.
201+ */
202+
203+ result =
204+ _gnutls_x509_read_value (crq->crq, "signatureAlgorithm.algorithm",
205+ &sa, 0);
206+
207+ if (result < 0)
208+ {
209+ gnutls_assert ();
210+ return result;
211+ }
212+
213+ result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data);
214+
215+ _gnutls_free_datum (&sa);
216+
217+ return result;
218+}
219+
220 #endif /* ENABLE_PKI */
221
222diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c
223index 41e6587..7f477a1 100644
224--- a/lib/x509/privkey.c
225+++ b/lib/x509/privkey.c
226@@ -1828,7 +1828,8 @@ gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
227 return GNUTLS_E_INVALID_REQUEST;
228 }
229
230- result = _gnutls_x509_privkey_verify_signature (data, signature, key);
231+ result = _gnutls_x509_privkey_verify_signature (GNUTLS_MAC_UNKNOWN, data, signature, key);
232+
233 if (result < 0)
234 {
235 gnutls_assert ();
236diff --git a/lib/x509/verify.c b/lib/x509/verify.c
237index eef85a8..ba4fdcd 100644
238--- a/lib/x509/verify.c
239+++ b/lib/x509/verify.c
240@@ -332,6 +332,7 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
241 gnutls_datum_t cert_signature = { NULL, 0 };
242 gnutls_x509_crt_t issuer = NULL;
243 int issuer_version, result = 0;
244+ int sigalg, hashalg;
245
246 if (output)
247 *output = 0;
248@@ -399,8 +400,18 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
249 goto cleanup;
250 }
251
252+ sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
253+ hashalg = _gnutls_sign_get_hash(sigalg);
254+
255+ if (hashalg == GNUTLS_MAC_UNKNOWN)
256+ {
257+ gnutls_assert();
258+ result = 0;
259+ goto cleanup;
260+ }
261+
262 result =
263- _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
264+ _gnutls_x509_verify_signature (hashalg, &cert_signed_data, NULL, &cert_signature,
265 issuer);
266 if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
267 {
268@@ -423,10 +434,6 @@ _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
269 */
270 if (is_issuer (cert, cert) == 0)
271 {
272- int sigalg;
273-
274- sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
275-
276 if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
277 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
278 ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
279@@ -750,12 +757,12 @@ decode_ber_digest_info (const gnutls_datum_t * info,
280 * params[1] is public key
281 */
282 static int
283-_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
284- const gnutls_datum_t * prehash,
285- const gnutls_datum_t * signature, bigint_t * params,
286- int params_len)
287+_pkcs1_rsa_verify_sig (gnutls_mac_algorithm_t hash, const gnutls_datum_t * text,
288+ const gnutls_datum_t * prehash,
289+ const gnutls_datum_t * signature, bigint_t * params,
290+ int params_len)
291 {
292- gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
293+ gnutls_mac_algorithm_t phash = GNUTLS_MAC_UNKNOWN;
294 int ret;
295 opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
296 int digest_size;
297@@ -775,7 +782,7 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
298
299 digest_size = sizeof (digest);
300 if ((ret =
301- decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0)
302+ decode_ber_digest_info (&decrypted, &phash, digest, &digest_size)) != 0)
303 {
304 gnutls_assert ();
305 _gnutls_free_datum (&decrypted);
306@@ -784,6 +791,15 @@ _pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
307
308 _gnutls_free_datum (&decrypted);
309
310+ if (hash != GNUTLS_MAC_UNKNOWN && hash != phash)
311+ {
312+ gnutls_assert();
313+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
314+ }
315+ else
316+ hash = phash;
317+
318+
319 if (digest_size != _gnutls_hash_get_algo_len (hash))
320 {
321 gnutls_assert ();
322@@ -879,11 +895,11 @@ dsa_verify_sig (const gnutls_datum_t * text,
323 * not verified, or 1 otherwise.
324 */
325 int
326-pubkey_verify_sig (const gnutls_datum_t * tbs,
327- const gnutls_datum_t * hash,
328- const gnutls_datum_t * signature,
329- gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
330- int issuer_params_size)
331+pubkey_verify_sig (int hashalg, const gnutls_datum_t * tbs,
332+ const gnutls_datum_t * hash,
333+ const gnutls_datum_t * signature,
334+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
335+ int issuer_params_size)
336 {
337
338 switch (pk)
339@@ -891,7 +907,7 @@ pubkey_verify_sig (const gnutls_datum_t * tbs,
340 case GNUTLS_PK_RSA:
341
342 if (_pkcs1_rsa_verify_sig
343- (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
344+ (hashalg, tbs, hash, signature, issuer_params, issuer_params_size) != 0)
345 {
346 gnutls_assert ();
347 return GNUTLS_E_PK_SIG_VERIFY_FAILED;
348@@ -1022,7 +1038,7 @@ cleanup:
349 * 'signature' is the signature!
350 */
351 int
352-_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
353+_gnutls_x509_verify_signature (int hashalg, const gnutls_datum_t * tbs,
354 const gnutls_datum_t * hash,
355 const gnutls_datum_t * signature,
356 gnutls_x509_crt_t issuer)
357@@ -1042,7 +1058,7 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
358 }
359
360 ret =
361- pubkey_verify_sig (tbs, hash, signature,
362+ pubkey_verify_sig (hashalg, tbs, hash, signature,
363 gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
364 issuer_params, issuer_params_size);
365 if (ret < 0)
366@@ -1067,13 +1083,13 @@ _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
367 * 'signature' is the signature!
368 */
369 int
370-_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
371+_gnutls_x509_privkey_verify_signature (int hashalg, const gnutls_datum_t * tbs,
372 const gnutls_datum_t * signature,
373 gnutls_x509_privkey_t issuer)
374 {
375 int ret;
376
377- ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
378+ ret = pubkey_verify_sig (hashalg, tbs, NULL, signature, issuer->pk_algorithm,
379 issuer->params, issuer->params_size);
380 if (ret < 0)
381 {
382@@ -1294,6 +1310,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
383 gnutls_datum_t crl_signature = { NULL, 0 };
384 gnutls_x509_crt_t issuer;
385 int result;
386+ int sigalg, hashalg;
387
388 if (output)
389 *output = 0;
390@@ -1335,6 +1352,7 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
391 if (result < 0)
392 {
393 gnutls_assert ();
394+ result = 0;
395 goto cleanup;
396 }
397
398@@ -1342,11 +1360,21 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
399 if (result < 0)
400 {
401 gnutls_assert ();
402+ result = 0;
403+ goto cleanup;
404+ }
405+
406+ sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
407+ hashalg = _gnutls_sign_get_hash(sigalg);
408+ if (hashalg == GNUTLS_MAC_UNKNOWN)
409+ {
410+ gnutls_assert();
411+ result = 0;
412 goto cleanup;
413 }
414
415 result =
416- _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
417+ _gnutls_x509_verify_signature (hashalg, &crl_signed_data, NULL, &crl_signature,
418 issuer);
419 if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
420 {
421@@ -1359,14 +1387,11 @@ _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
422 else if (result < 0)
423 {
424 gnutls_assert ();
425+ result = 0;
426 goto cleanup;
427 }
428
429 {
430- int sigalg;
431-
432- sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
433-
434 if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
435 !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
436 ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
437diff --git a/lib/x509/x509.c b/lib/x509/x509.c
438index f51ba3b..d12d44e 100644
439--- a/lib/x509/x509.c
440+++ b/lib/x509/x509.c
441@@ -2714,7 +2714,7 @@ gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
442 return GNUTLS_E_INVALID_REQUEST;
443 }
444
445- result = _gnutls_x509_verify_signature (data, NULL, signature, crt);
446+ result = _gnutls_x509_verify_signature (GNUTLS_MAC_UNKNOWN, data, NULL, signature, crt);
447 if (result < 0)
448 {
449 gnutls_assert ();
450@@ -2752,7 +2752,7 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
451 return GNUTLS_E_INVALID_REQUEST;
452 }
453
454- result = _gnutls_x509_verify_signature (NULL, hash, signature, crt);
455+ result = _gnutls_x509_verify_signature (GNUTLS_MAC_UNKNOWN, NULL, hash, signature, crt);
456 if (result < 0)
457 {
458 gnutls_assert ();
459diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
460index 1b3cfe5..eed56a9 100644
461--- a/lib/x509/x509_int.h
462+++ b/lib/x509/x509_int.h
463@@ -187,11 +187,11 @@ _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
464 bigint_t * issuer_params,
465 unsigned int issuer_params_size);
466
467-int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
468+int _gnutls_x509_verify_signature (int sigalg, const gnutls_datum_t * tbs,
469 const gnutls_datum_t * hash,
470 const gnutls_datum_t * signature,
471 gnutls_x509_crt_t issuer);
472-int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
473+int _gnutls_x509_privkey_verify_signature (int sigalg, const gnutls_datum_t * tbs,
474 const gnutls_datum_t * signature,
475 gnutls_x509_privkey_t issuer);
476
477@@ -390,5 +390,6 @@ int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
478 const char *ext_id,
479 const gnutls_datum_t * ext_data,
480 unsigned int critical);
481-
482+int
483+gnutls_x509_crq_get_signature_algorithm (gnutls_x509_crq_t crq);
484 #endif
485--
4861.9.1
487