1 files changed, 90 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch
new file mode 100644
index 0000000000..1811afc2ff
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch
@@ -0,0 +1,90 @@
+From 6e798091d057de6b7f94b9dede4c5c919ec41f89 Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Tue, 2 Jun 2020 20:53:11 +0200
+Subject: [PATCH 1/3] stek: differentiate initial state from valid time window
+ of TOTP
+commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca from https://gitlab.com/gnutls/gnutls.git
+There was a confusion in the TOTP implementation in stek.c.  When the
+mechanism is initialized at the first time, it records the timestamp
+but doesn't initialize the key.  This removes the timestamp recording
+at the initialization phase, so the key is properly set later.
+Upstream-Status: Backport
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
+---
+ lib/stek.c                        | 17 +++++------------
+ tests/resume-with-previous-stek.c |  4 ++--
+ tests/tls13/prf-early.c           |  8 ++++----
+ 3 files changed, 11 insertions(+), 18 deletions(-)
+diff --git a/lib/stek.c b/lib/stek.c
+index 2f885ce..5ab9e7d 100644
+--- a/lib/stek.c
+++ b/lib/stek.c
+@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
+        if (unlikely(session == NULL || key == NULL))
+                return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ 
+-       if (session->key.totp.last_result == 0) {
+-               int64_t t;
+-               memcpy(session->key.initial_stek, key->data, key->size);
+-               t = totp_next(session);
+-               if (t < 0)
+-                       return gnutls_assert_val(t);
+       if (unlikely(session->key.totp.last_result != 0))
+               return GNUTLS_E_INVALID_REQUEST;
+ 
+-               session->key.totp.last_result = t;
+-               session->key.totp.was_rotated = 0;
+-
+-               return GNUTLS_E_SUCCESS;
+-       }
+       memcpy(session->key.initial_stek, key->data, key->size);
+ 
+-       return GNUTLS_E_INVALID_REQUEST;
+       session->key.totp.was_rotated = 0;
+       return 0;
+ }
+ 
+ /*
+diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
+index f212b18..05c1c90 100644
+--- a/tests/resume-with-previous-stek.c
+++ b/tests/resume-with-previous-stek.c
+@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
+                serverx509cred = NULL;
+        }
+ 
+-       if (num_stek_rotations != 2)
+-               fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
+       if (num_stek_rotations != 3)
+               fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
+ 
+        if (serverx509cred)
+                gnutls_certificate_free_credentials(serverx509cred);
+diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c
+index 414b1db..bc31962 100644
+--- a/tests/tls13/prf-early.c
+++ b/tests/tls13/prf-early.c
+@@ -123,10 +123,10 @@ static void dump(const char *name, const uint8_t *data, unsigned data_size)
+        } \
+        }
+ 
+-#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68"
+-#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b"
+-#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62"
+-#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b"
+#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04"
+#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f"
+#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec"
+#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0"
+ 
+ static int handshake_callback_called;
+ 
+-- 
+2.17.1

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch new file mode 100644 index 0000000000..1811afc2ff --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-13777-a.patch
@@ -0,0 +1,90 @@
	1	From 6e798091d057de6b7f94b9dede4c5c919ec41f89 Mon Sep 17 00:00:00 2001
	2	From: Daiki Ueno <ueno@gnu.org>
	3	Date: Tue, 2 Jun 2020 20:53:11 +0200
	4	Subject: [PATCH 1/3] stek: differentiate initial state from valid time window
	5	of TOTP
	6
	7	commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca from https://gitlab.com/gnutls/gnutls.git
	8
	9	There was a confusion in the TOTP implementation in stek.c. When the
	10	mechanism is initialized at the first time, it records the timestamp
	11	but doesn't initialize the key. This removes the timestamp recording
	12	at the initialization phase, so the key is properly set later.
	13
	14	Upstream-Status: Backport
	15
	16	Signed-off-by: Daiki Ueno <ueno@gnu.org>
	17	Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
	18	---
	19	lib/stek.c \| 17 +++++------------
	20	tests/resume-with-previous-stek.c \| 4 ++--
	21	tests/tls13/prf-early.c \| 8 ++++----
	22	3 files changed, 11 insertions(+), 18 deletions(-)
	23
	24	diff --git a/lib/stek.c b/lib/stek.c
	25	index 2f885ce..5ab9e7d 100644
	26	--- a/lib/stek.c
	27	+++ b/lib/stek.c
	28	@@ -323,20 +323,13 @@ int _gnutls_initialize_session_ticket_key_rotation(gnutls_session_t session, con
	29	if (unlikely(session == NULL \|\| key == NULL))
	30	return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
	31
	32	- if (session->key.totp.last_result == 0) {
	33	- int64_t t;
	34	- memcpy(session->key.initial_stek, key->data, key->size);
	35	- t = totp_next(session);
	36	- if (t < 0)
	37	- return gnutls_assert_val(t);
	38	+ if (unlikely(session->key.totp.last_result != 0))
	39	+ return GNUTLS_E_INVALID_REQUEST;
	40
	41	- session->key.totp.last_result = t;
	42	- session->key.totp.was_rotated = 0;
	43	-
	44	- return GNUTLS_E_SUCCESS;
	45	- }
	46	+ memcpy(session->key.initial_stek, key->data, key->size);
	47
	48	- return GNUTLS_E_INVALID_REQUEST;
	49	+ session->key.totp.was_rotated = 0;
	50	+ return 0;
	51	}
	52
	53	/*
	54	diff --git a/tests/resume-with-previous-stek.c b/tests/resume-with-previous-stek.c
	55	index f212b18..05c1c90 100644
	56	--- a/tests/resume-with-previous-stek.c
	57	+++ b/tests/resume-with-previous-stek.c
	58	@@ -196,8 +196,8 @@ static void server(int fd, unsigned rounds, const char *prio)
	59	serverx509cred = NULL;
	60	}
	61
	62	- if (num_stek_rotations != 2)
	63	- fail("STEK should be rotated exactly twice (%d)!\n", num_stek_rotations);
	64	+ if (num_stek_rotations != 3)
	65	+ fail("STEK should be rotated exactly three times (%d)!\n", num_stek_rotations);
	66
	67	if (serverx509cred)
	68	gnutls_certificate_free_credentials(serverx509cred);
	69	diff --git a/tests/tls13/prf-early.c b/tests/tls13/prf-early.c
	70	index 414b1db..bc31962 100644
	71	--- a/tests/tls13/prf-early.c
	72	+++ b/tests/tls13/prf-early.c
	73	@@ -123,10 +123,10 @@ static void dump(const char name, const uint8_t data, unsigned data_size)
	74	} \
	75	}
	76
	77	-#define KEY_EXP_VALUE "\xc0\x1e\xc2\xa4\xb7\xb4\x04\xaa\x91\x5d\xaf\xe8\xf7\x4d\x19\xdf\xd0\xe6\x08\xd6\xb4\x3b\xcf\xca\xc9\x32\x75\x3b\xe3\x11\x19\xb1\xac\x68"
	78	-#define HELLO_VALUE "\x77\xdb\x10\x0b\xe8\xd0\xb9\x38\xbc\x49\xe6\xbe\xf2\x47\x2a\xcc\x6b\xea\xce\x85\x04\xd3\x9e\xd8\x06\x16\xad\xff\xcd\xbf\x4b"
	79	-#define CONTEXT_VALUE "\xf2\x17\x9f\xf2\x66\x56\x87\x66\xf9\x5c\x8a\xd7\x4e\x1d\x46\xee\x0e\x44\x41\x4c\xcd\xac\xcb\xc0\x31\x41\x2a\xb6\xd7\x01\x62"
	80	-#define NULL_CONTEXT_VALUE "\xcd\x79\x07\x93\xeb\x96\x07\x3e\xec\x78\x90\x89\xf7\x16\x42\x6d\x27\x87\x56\x7c\x7b\x60\x2b\x20\x44\xd1\xea\x0c\x89\xfb\x8b"
	81	+#define KEY_EXP_VALUE "\xc1\x6b\x6c\xb9\x88\x33\xd5\x28\x80\xec\x27\x87\xa2\x6f\x4b\xd0\x01\x5e\x7f\xca\xd7\xd4\x8a\x3f\xe2\x48\x92\xef\x02\x14\xfb\x81\x90\x04"
	82	+#define HELLO_VALUE "\x2a\x73\xd9\x74\x04\x4e\x0a\x5f\x41\x8a\x09\xcb\x45\x33\x1a\xec\xd3\xfc\xdc\x1b\x2c\x67\x26\xe4\x9c\xfe\x1f\xa5\x74\xf1\x4f"
	83	+#define CONTEXT_VALUE "\x87\xf6\x88\xe3\xd7\xf2\x05\xbc\xa4\x10\xa3\x48\x9f\xf5\xcf\x97\x06\x22\x4e\xfd\x18\x32\x52\x1d\xbd\x26\xf5\x5b\x21\x20\xec"
	84	+#define NULL_CONTEXT_VALUE "\xf9\xca\xfe\x45\x44\x96\xdb\xc5\x41\x8f\x7e\x8e\xd7\xb0\x7d\x19\x45\xaf\x09\xbc\x1e\x82\x94\xac\x55\xe5\xb9\xb4\x3b\xe8\xc0"
	85
	86	static int handshake_callback_called;
	87
	88	--
	89	2.17.1
	90