summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support/gnutls
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-support/gnutls')
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch67
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch65
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch37
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch282
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch85
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch206
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch125
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.6.14.bb11
-rw-r--r--meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch45
-rw-r--r--meta/recipes-support/gnutls/libtasn1_4.16.0.bb3
10 files changed, 925 insertions, 1 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
new file mode 100644
index 0000000000..6fe7a21e33
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20231.patch
@@ -0,0 +1,67 @@
1From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Fri, 29 Jan 2021 14:06:32 +0100
4Subject: [PATCH] key_share: avoid use-after-free around realloc
5
6Signed-off-by: Daiki Ueno <ueno@gnu.org>
7
8https://gitlab.com/gnutls/gnutls/-/commit/15beb4b193b2714d88107e7dffca781798684e7e
9Upstream-Status: Backport
10CVE: CVE-2021-CVE-2021-20231
11Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
12---
13 lib/ext/key_share.c | 12 +++++-------
14 1 file changed, 5 insertions(+), 7 deletions(-)
15
16diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c
17index ab8abf8fe6..a8c4bb5cff 100644
18--- a/lib/ext/key_share.c
19+++ b/lib/ext/key_share.c
20@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session,
21 {
22 unsigned i;
23 int ret;
24- unsigned char *lengthp;
25- unsigned int cur_length;
26 unsigned int generated = 0;
27 const gnutls_group_entry_st *group;
28 const version_entry_st *ver;
29
30 /* this extension is only being sent on client side */
31 if (session->security_parameters.entity == GNUTLS_CLIENT) {
32+ unsigned int length_pos;
33+
34 ver = _gnutls_version_max(session);
35 if (unlikely(ver == NULL || ver->key_shares == 0))
36 return 0;
37@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session,
38 if (!have_creds_for_tls13(session))
39 return 0;
40
41- /* write the total length later */
42- lengthp = &extdata->data[extdata->length];
43+ length_pos = extdata->length;
44
45 ret =
46 _gnutls_buffer_append_prefix(extdata, 16, 0);
47 if (ret < 0)
48 return gnutls_assert_val(ret);
49
50- cur_length = extdata->length;
51-
52 if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */
53 group = get_group(session);
54 if (unlikely(group == NULL))
55@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session,
56 }
57
58 /* copy actual length */
59- _gnutls_write_uint16(extdata->length - cur_length, lengthp);
60+ _gnutls_write_uint16(extdata->length - length_pos - 2,
61+ &extdata->data[length_pos]);
62
63 } else { /* server */
64 ver = get_version(session);
65--
66GitLab
67
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
new file mode 100644
index 0000000000..e13917cddb
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-20232.patch
@@ -0,0 +1,65 @@
1From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Fri, 29 Jan 2021 14:06:50 +0100
4Subject: [PATCH] pre_shared_key: avoid use-after-free around realloc
5
6Signed-off-by: Daiki Ueno <ueno@gnu.org>
7
8https://gitlab.com/gnutls/gnutls/-/commit/75a937d97f4fefc6f9b08e3791f151445f551cb3
9Upstream-Status: Backport
10CVE: CVE-2021-CVE-2021-20232
11Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
12---
13 lib/ext/pre_shared_key.c | 15 ++++++++++++---
14 1 file changed, 12 insertions(+), 3 deletions(-)
15
16diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c
17index a042c6488e..380bf39ed5 100644
18--- a/lib/ext/pre_shared_key.c
19+++ b/lib/ext/pre_shared_key.c
20@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session,
21 size_t spos;
22 gnutls_datum_t username = {NULL, 0};
23 gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0};
24- gnutls_datum_t client_hello;
25+ unsigned client_hello_len;
26 unsigned next_idx;
27 const mac_entry_st *prf_res = NULL;
28 const mac_entry_st *prf_psk = NULL;
29@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session,
30 assert(extdata->length >= sizeof(mbuffer_st));
31 assert(ext_offset >= (ssize_t)sizeof(mbuffer_st));
32 ext_offset -= sizeof(mbuffer_st);
33- client_hello.data = extdata->data+sizeof(mbuffer_st);
34- client_hello.size = extdata->length-sizeof(mbuffer_st);
35+ client_hello_len = extdata->length-sizeof(mbuffer_st);
36
37 next_idx = 0;
38
39@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session,
40 }
41
42 if (prf_res && rkey.size > 0) {
43+ gnutls_datum_t client_hello;
44+
45+ client_hello.data = extdata->data+sizeof(mbuffer_st);
46+ client_hello.size = client_hello_len;
47+
48 ret = compute_psk_binder(session, prf_res,
49 binders_len, binders_pos,
50 ext_offset, &rkey, &client_hello, 1,
51@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session,
52 }
53
54 if (prf_psk && user_key.size > 0 && info) {
55+ gnutls_datum_t client_hello;
56+
57+ client_hello.data = extdata->data+sizeof(mbuffer_st);
58+ client_hello.size = client_hello_len;
59+
60 ret = compute_psk_binder(session, prf_psk,
61 binders_len, binders_pos,
62 ext_offset, &user_key, &client_hello, 0,
63--
64GitLab
65
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch b/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch
new file mode 100644
index 0000000000..0bcb55e573
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2021-4209.patch
@@ -0,0 +1,37 @@
1From 3db352734472d851318944db13be73da61300568 Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Wed, 22 Dec 2021 09:12:25 +0100
4Subject: [PATCH] wrap_nettle_hash_fast: avoid calling _update with zero-length
5 input
6
7As Nettle's hash update functions internally call memcpy, providing
8zero-length input may cause undefined behavior.
9
10Signed-off-by: Daiki Ueno <ueno@gnu.org>
11
12https://gitlab.com/gnutls/gnutls/-/commit/3db352734472d851318944db13be73da61300568
13Upstream-Status: Backport
14CVE: CVE-2021-4209
15Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
16---
17 lib/nettle/mac.c | 4 +++-
18 1 file changed, 3 insertions(+), 1 deletion(-)
19
20diff --git a/lib/nettle/mac.c b/lib/nettle/mac.c
21index f9d4d7a8df..35e070fab0 100644
22--- a/lib/nettle/mac.c
23+++ b/lib/nettle/mac.c
24@@ -788,7 +788,9 @@ static int wrap_nettle_hash_fast(gnutls_digest_algorithm_t algo,
25 if (ret < 0)
26 return gnutls_assert_val(ret);
27
28- ctx.update(&ctx, text_size, text);
29+ if (text_size > 0) {
30+ ctx.update(&ctx, text_size, text);
31+ }
32 ctx.digest(&ctx, ctx.length, digest);
33
34 return 0;
35--
36GitLab
37
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch b/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch
new file mode 100644
index 0000000000..f8954945d0
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2022-2509.patch
@@ -0,0 +1,282 @@
1From 9835638d4e1f37781a47e777c76d5bb14218929b Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Tue, 16 Aug 2022 12:23:14 +0530
4Subject: [PATCH] CVE-2022-2509
5
6Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/ce37f9eb265dbe9b6d597f5767449e8ee95848e2]
7CVE: CVE-2022-2509
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9---
10 NEWS | 4 +
11 lib/x509/pkcs7.c | 3 +-
12 tests/Makefile.am | 2 +-
13 tests/pkcs7-verify-double-free.c | 215 +++++++++++++++++++++++++++++++
14 4 files changed, 222 insertions(+), 2 deletions(-)
15 create mode 100644 tests/pkcs7-verify-double-free.c
16
17diff --git a/NEWS b/NEWS
18index 755a67c..ba70bb3 100644
19--- a/NEWS
20+++ b/NEWS
21@@ -7,6 +7,10 @@ See the end for copying conditions.
22
23 * Version 3.6.14 (released 2020-06-03)
24
25+** libgnutls: Fixed double free during verification of pkcs7 signatures.
26+ Reported by Jaak Ristioja (#1383). [GNUTLS-SA-2022-07-07, CVSS: medium]
27+ [CVE-2022-2509]
28+
29 ** libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
30 The TLS server would not bind the session ticket encryption key with a
31 value supplied by the application until the initial key rotation, allowing
32diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c
33index 98669e8..ccbc69d 100644
34--- a/lib/x509/pkcs7.c
35+++ b/lib/x509/pkcs7.c
36@@ -1318,7 +1318,8 @@ gnutls_x509_crt_t find_signer(gnutls_pkcs7_t pkcs7, gnutls_x509_trust_list_t tl,
37 issuer = find_verified_issuer_of(pkcs7, issuer, purpose, vflags);
38
39 if (issuer != NULL && gnutls_x509_crt_check_issuer(issuer, issuer)) {
40- if (prev) gnutls_x509_crt_deinit(prev);
41+ if (prev && prev != signer)
42+ gnutls_x509_crt_deinit(prev);
43 prev = issuer;
44 break;
45 }
46diff --git a/tests/Makefile.am b/tests/Makefile.am
47index 11a083c..cd43a0f 100644
48--- a/tests/Makefile.am
49+++ b/tests/Makefile.am
50@@ -219,7 +219,7 @@ ctests += mini-record-2 simple gnutls_hmac_fast set_pkcs12_cred cert certuniquei
51 tls-record-size-limit-asym dh-compute ecdh-compute sign-verify-data-newapi \
52 sign-verify-newapi sign-verify-deterministic iov aead-cipher-vec \
53 tls13-without-timeout-func buffer status-request-revoked \
54- set_x509_ocsp_multi_cli kdf-api keylog-func \
55+ set_x509_ocsp_multi_cli kdf-api keylog-func pkcs7-verify-double-free \
56 dtls_hello_random_value tls_hello_random_value x509cert-dntypes
57
58 if HAVE_SECCOMP_TESTS
59diff --git a/tests/pkcs7-verify-double-free.c b/tests/pkcs7-verify-double-free.c
60new file mode 100644
61index 0000000..fadf307
62--- /dev/null
63+++ b/tests/pkcs7-verify-double-free.c
64@@ -0,0 +1,215 @@
65+/*
66+ * Copyright (C) 2022 Red Hat, Inc.
67+ *
68+ * Author: Zoltan Fridrich
69+ *
70+ * This file is part of GnuTLS.
71+ *
72+ * GnuTLS is free software: you can redistribute it and/or modify it
73+ * under the terms of the GNU General Public License as published by
74+ * the Free Software Foundation, either version 3 of the License, or
75+ * (at your option) any later version.
76+ *
77+ * GnuTLS is distributed in the hope that it will be useful, but
78+ * WITHOUT ANY WARRANTY; without even the implied warranty of
79+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
80+ * General Public License for more details.
81+ *
82+ * You should have received a copy of the GNU General Public License
83+ * along with GnuTLS. If not, see <https://www.gnu.org/licenses/>.
84+ */
85+
86+#ifdef HAVE_CONFIG_H
87+#include <config.h>
88+#endif
89+
90+#include <stdio.h>
91+#include <gnutls/pkcs7.h>
92+#include <gnutls/x509.h>
93+
94+#include "utils.h"
95+
96+static char rca_pem[] =
97+ "-----BEGIN CERTIFICATE-----\n"
98+ "MIIDCjCCAfKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
99+ "cGxlIENBMCAXDTE3MDcyMTE0NDMzNloYDzIyMjIwNzIxMTQ0MzM2WjAVMRMwEQYD\n"
100+ "VQQKDApFeGFtcGxlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n"
101+ "v8hnKPJ/IA0SQB/A/a0Uh+npZ67vsgIMrtTQo0r0kJkmkBz5323xO3DVuJfB3QmX\n"
102+ "v9zvoeCQLuDvWar5Aixfxgm6s5Q+yPvJj9t3NebDrU+Y4+qyewBIJUF8EF/5iBPC\n"
103+ "ZHONmzbfIRWvQWGGgb2CRcOHp2J7AY/QLB6LsWPaLjs/DHva28Q13JaTTHIpdu8v\n"
104+ "t6vHr0nXf66DN4MvtoF3N+o+v3snJCMsfXOqASi4tbWR7gtOfCfiz9uBjh0W2Dut\n"
105+ "/jclBQkJkLe6esNSM+f4YiOpctVDjmfj8yoHCp394vt0wFqhG38wsTFAyVP6qIcf\n"
106+ "5zoSu9ovEt2cTkhnZHjiiwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud\n"
107+ "DwEB/wQEAwIBBjAdBgNVHQ4EFgQUhjeO6Uc5imbjOl2I2ltVA27Hu9YwHwYDVR0j\n"
108+ "BBgwFoAUhjeO6Uc5imbjOl2I2ltVA27Hu9YwDQYJKoZIhvcNAQELBQADggEBAD+r\n"
109+ "i/7FsbG0OFKGF2+JOnth6NjJQcMfM8LiglqAuBUijrv7vltoZ0Z3FJH1Vi4OeMXn\n"
110+ "l7X/9tWUve0uFl75MfjDrf0+lCEdYRY1LCba2BrUgpbbkLywVUdnbsvndehegCgS\n"
111+ "jss2/zys3Hlo3ZaHlTMQ/NQ4nrxcxkjOvkZSEOqgxJTLpzm6pr7YUts4k6c6lNiB\n"
112+ "FSiJiDzsJCmWR9C3fBbUlfDfTJYGN3JwqX270KchXDElo8gNoDnF7jBMpLFFSEKm\n"
113+ "MyfbNLX/srh+CEfZaN/OZV4A3MQ0L8vQEp6M4CJhvRLIuMVabZ2coJ0AzystrOMU\n"
114+ "LirBWjg89RoAjFQ7bTE=\n"
115+ "-----END CERTIFICATE-----\n";
116+
117+static char ca_pem[] =
118+ "-----BEGIN CERTIFICATE-----\n"
119+ "MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQKDApFeGFt\n"
120+ "cGxlIENBMCAXDTE3MDcyMTE0NDQzNFoYDzIyMjIwNzIxMTQ0NDM0WjAiMSAwHgYD\n"
121+ "VQQKDBdFeGFtcGxlIGludGVybWVkaWF0ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD\n"
122+ "ggEPADCCAQoCggEBAKb9ACB8u//sP6MfNU1OsVw68xz3eTPLgKxS0vpqexm6iGVg\n"
123+ "ug/o9uYRLzqiEukv/eyz9WzHmY7sqlOJjOFdv92+SaNg79Jc51WHPFXgea4/qyfr\n"
124+ "4y14PGs0SNxm6T44sXurUs7cXydQVUgnq2VCaWFOTUdxXoAWkV8r8GaUoPD/klVz\n"
125+ "RqxSZVETmX1XBKhsMnnov41kRwVph2C+VfUspsbaUZaz/o/S1/nokhXRACzKsMBr\n"
126+ "obqiGxbY35uVzsmbAW5ErhQz98AWJL3Bub1fsEMXg6OEMmPH4AtX888dTIYZNw0E\n"
127+ "bUIESspz1kjJQTtVQDHTprhwz16YiSVeUonlLgMCAwEAAaNjMGEwDwYDVR0TAQH/\n"
128+ "BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFPBjxDWjMhjXERirKF9O\n"
129+ "o/5Cllc5MB8GA1UdIwQYMBaAFIY3julHOYpm4zpdiNpbVQNux7vWMA0GCSqGSIb3\n"
130+ "DQEBCwUAA4IBAQCTm+vv3hBa6lL5IT+Fw8aTxQ2Ne7mZ5oyazhvXYwwfKNMX3SML\n"
131+ "W2JdPaL64ZwbxxxYvW401o5Z0CEgru3YFrsqB/hEdl0Uf8UWWJmE1rRa+miTmbjt\n"
132+ "lrLNCWdrs6CiwvsPITTHg7jevB4KyZYsTSxQFcyr3N3xF+6EmOTC4IkhPPnXYXcp\n"
133+ "248ih+WOavSYoRvzgB/Dip1WnPYU2mfIV3O8JReRryngA0TzWCLPLUoWR3R4jwtC\n"
134+ "+1uSLoqaenz3qv3F1WEbke37az9YJuXx/5D8CqFQiZ62TUUtI6fYd8mkMBM4Qfh6\n"
135+ "NW9XrCkI9wlpL5K9HllhuW0BhKeJkuPpyQ2p\n"
136+ "-----END CERTIFICATE-----\n";
137+
138+static char ee_pem[] =
139+ "-----BEGIN CERTIFICATE-----\n"
140+ "MIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdFeGFt\n"
141+ "cGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzdaGA8yMjIyMDcyMTE0\n"
142+ "NDUzN1owFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEBBQAD\n"
143+ "ggEPADCCAQoCggEBAMb1uuxppBFY+WVD45iyHUq7DkIJNNOI/JRaybVJfPktWq2E\n"
144+ "eNe7XhV05KKnqZTbDO2iYqNHqGhZ8pz/IstDRTZP3z/q1vXTG0P9Gx28rEy5TaUY\n"
145+ "QjtD+ZoFUQm0ORMDBjd8jikqtJ87hKeuOPMH4rzdydotMaPQSm7KLzHBGBr6gg7z\n"
146+ "g1IxPWkhMyHapoMqqrhjwjzoTY97UIXpZTEoIA+KpEC8f9CciBtL0i1MPBjWozB6\n"
147+ "Jma9q5iEwZXuRr3cnPYeIPlK2drgDZCMuSFcYiT8ApLw5OhKqY1m2EvfZ2ox2s9R\n"
148+ "68/HzYdPi3kZwiNEtlBvMlpt5yKBJAflp76d7DkCAwEAAaNuMGwwCwYDVR0PBAQD\n"
149+ "AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUc+Mi\n"
150+ "kr8WMCk00SQo+P2iggp/oQkwHwYDVR0jBBgwFoAU8GPENaMyGNcRGKsoX06j/kKW\n"
151+ "VzkwDQYJKoZIhvcNAQELBQADggEBAKU9+CUR0Jcfybd1+8Aqgh1RH96yQygnVuyt\n"
152+ "Na9rFz4fM3ij9tGXDHXrkZw8bW1dWLU9quu8zeTxKxc3aiDIw739Alz0tukttDo7\n"
153+ "dW7YqIb77zsIsWB9p7G9dlxT6ieUy+5IKk69BbeK8KR0vAciAG4KVQxPhuPy/LGX\n"
154+ "PzqlJIJ4h61s3UOroReHPB1keLZgpORqrvtpClOmABH9TLFRJA/WFg8Q2XYB/p0x\n"
155+ "l/pWiaoBC+8wK9cDoMUK5yOwXeuCLffCb+UlAD0+z/qxJ2pisE8E9X8rRKRrWI+i\n"
156+ "G7LtJCEn86EQK8KuRlJxKgj8lClZhoULB0oL4jbblBuNow9WRmM=\n"
157+ "-----END CERTIFICATE-----\n";
158+
159+static char msg_pem[] =
160+ "-----BEGIN PKCS7-----\n"
161+ "MIIK2QYJKoZIhvcNAQcCoIIKyjCCCsYCAQExDTALBglghkgBZQMEAgEwCwYJKoZI\n"
162+ "hvcNAQcBoIIJTzCCAwowggHyoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwFTETMBEG\n"
163+ "A1UECgwKRXhhbXBsZSBDQTAgFw0xNzA3MjExNDQzMjFaGA8yMjIyMDcyMTE0NDMy\n"
164+ "MVowFTETMBEGA1UECgwKRXhhbXBsZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
165+ "ADCCAQoCggEBAL51eyE4j8wAKQKMGlO9HEY2iaGvsdPSJmidSdmCi1jnNK39Lx4Y\n"
166+ "31h279hSHF5wtI6VM91HHfeLf1mjEZHlKrXXJQzBPLpbHWapD778drHBitOP8e56\n"
167+ "fDMIfofLV4tkMk8690vPe4cJH1UHGspMyz6EQF9kPRaW80XtMV/6dalgL/9Esmaw\n"
168+ "XBNPJAS1VutDuXQkJ/3/rWFLmkpYHHtGPjX782YRmT1s+VOVTsLqmKx0TEL8A381\n"
169+ "bbElHPUAMjPcyWR5qqA8KWnS5Dwqk3LwI0AvuhQytCq0S7Xl4DXauvxwTRXv0UU7\n"
170+ "W8r3MLAw9DnlnJiD/RFjw5rbGO3wMePk/qUCAwEAAaNjMGEwDwYDVR0TAQH/BAUw\n"
171+ "AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFIh2KRoKJoe2VtpOwWMkRAkR\n"
172+ "mLWKMB8GA1UdIwQYMBaAFIh2KRoKJoe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEB\n"
173+ "CwUAA4IBAQBovvlOjoy0MCT5U0eWfcPQQjY4Ssrn3IiPNlVkqSNo+FHX+2baTLVQ\n"
174+ "5QTHxwXwzdIJiwtjFWDdGEQXqmuIvnFG+u/whGbeg6oQygfnQ5Y+q6epOxCsPgLQ\n"
175+ "mKKEaF7mvh8DauUx4QSbYCNGCctOZuB1vlN9bJ3/5QbH+2pFPOfCr5CAyPDwHo6S\n"
176+ "qO3yPcutRwT9xS7gXEHM9HhLp+DmdCGh4eVBPiFilyZm1d92lWxU8oxoSfXgzDT/\n"
177+ "GCzlMykNZNs4JD9QmiRClP/3U0dQbOhah/Fda+N+L90xaqEgGcvwKKZa3pzo59pl\n"
178+ "BbkcIP4YPyHeinwkgAn5UVJg9DOxNCS0MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG\n"
179+ "9w0BAQsFADAVMRMwEQYDVQQKDApFeGFtcGxlIENBMCAXDTE3MDcyMTE0NDQxM1oY\n"
180+ "DzIyMjIwNzIxMTQ0NDEzWjAiMSAwHgYDVQQKDBdFeGFtcGxlIGludGVybWVkaWF0\n"
181+ "ZSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMPFDEvDANwvhviu\n"
182+ "pwXTvaKyxyX94jVu1wgAhIRyQBVRiMbrn8MEufLG8oA0vKd8s92gv/lWe1jFb2rn\n"
183+ "91jMkZWsjWjiJFD6SzqFfBo+XxOGikEqO1MAf92UqavmSGlXVRG1Vy7T7dWibZP0\n"
184+ "WODhHYWayR0Y6owSz5IqNfrHXzDME+lSJxHgRFI7pK+b0OgiVmvyXDKFPvyU6GrP\n"
185+ "lxXDi/XbjyPvC5gpiwtTgm+s8KERwmdlfZUNjkh2PpHx1g1joijHT3wIvO/Pek1E\n"
186+ "C+Xs6w3XxGgL6TTL7FDuv4AjZVX9KK66/yBhX3aN8bkqAg+hs9XNk3zzWC0XEFOS\n"
187+ "Qoh2va0CAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\n"
188+ "HQYDVR0OBBYEFHwi/7dUWGjkMWJctOm7MCjjQj1cMB8GA1UdIwQYMBaAFIh2KRoK\n"
189+ "Joe2VtpOwWMkRAkRmLWKMA0GCSqGSIb3DQEBCwUAA4IBAQCF6sHCBdYRwBwvfCve\n"
190+ "og9cPnmPqZrG4AtmSvtoSsMvgvKb/4z3/gG8oPtTBkeRcAHoMoEp/oA+B2ylwIAc\n"
191+ "S5U7jx+lYH/Pqih0X/OcOLbaMv8uzGSGQxk+L9LuuIT6E/THfRRIPEvkDkzC+/uk\n"
192+ "7vUbG17bSEWeF0o/6sjzAY2aH1jnbCDyu0UC78GXkc6bZ5QlH98uLMDMrOmqcZjS\n"
193+ "JFfvuRDQyKV5yBdBkYaobsIWSQDsgYxJzf/2y8c3r+HXqT+jhrXPWJ3btgMPxpu7\n"
194+ "E8KmoFgp9EM+48oYlXJ66rk08/KjaVmgN7R+Hm3e2+MFT2kme4fBKalLjcazTe3x\n"
195+ "0FisMIIDIjCCAgqgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQKDBdF\n"
196+ "eGFtcGxlIGludGVybWVkaWF0ZSBDQTAgFw0yMjA3MjExNDQ1MzBaGA8yMjIyMDcy\n"
197+ "MTE0NDUzMVowFTETMBEGA1UEAwwKSm9obiBTbWl0aDCCASIwDQYJKoZIhvcNAQEB\n"
198+ "BQADggEPADCCAQoCggEBAMjhSqhdD5RjmOm6W3hG7zkgKBP9whRN/SipcdEMlkgc\n"
199+ "F/U3QMu66qIfKwheNdWalC1JLtruLDWP92ysa6Vw+CCG8aSax1AgB//RKQB7kgPA\n"
200+ "9js9hi/oCdBmCv2HJxhWSLz+MVoxgzW4C7S9FenI+btxe/99Uw4nOw7kwjsYDLKr\n"
201+ "tMw8myv7aCW/63CuBYGtohiZupM3RI3kKFcZots+KRPLlZpjv+I2h9xSln8VxKNb\n"
202+ "XiMrYwGfHB7iX7ghe1TvFjKatEUhsqa7AvIq7nfe/cyq97f0ODQO814njgZtk5iQ\n"
203+ "JVavXHdhTVaypt1HdAFMuHX5UATylHxx9tRCgSIijUsCAwEAAaNuMGwwCwYDVR0P\n"
204+ "BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQU\n"
205+ "31+vHl4E/2Jpnwinbzf+d7usshcwHwYDVR0jBBgwFoAUfCL/t1RYaOQxYly06bsw\n"
206+ "KONCPVwwDQYJKoZIhvcNAQELBQADggEBAAWe63DcNwmleQ3INFGDJZ/m2I/R/cBa\n"
207+ "nnrxgR5Ey1ljHdA/x1z1JLTGmGVwqGExs5DNG9Q//Pmc9pZ1yPa8J4Xf8AvFcmkY\n"
208+ "mWoH1HvW0xu/RF1UN5SAoD2PRQ+Vq4OSPD58IlEu/u4o1wZV7Wl91Cv6VNpiAb63\n"
209+ "j9PA1YacOpOtcRqG59Vuj9HFm9f30ejHVo2+KJcpo290cR3Zg4fOm8mtjeMdt/QS\n"
210+ "Atq+RqPAQ7yxqvEEv8zPIZj2kAOQm3mh/yYqBrR68lQUD/dBTP7ApIZkhUK3XK6U\n"
211+ "nf9JvoF6Fn2+Cnqb//FLBgHSnoeqeQNwDLUXTsD02iYxHzJrhokSY4YxggFQMIIB\n"
212+ "TAIBATAnMCIxIDAeBgNVBAoMF0V4YW1wbGUgaW50ZXJtZWRpYXRlIENBAgEBMAsG\n"
213+ "CWCGSAFlAwQCATANBgkqhkiG9w0BAQEFAASCAQATHg6wNsBcs/Ub1GQfKwTpKCk5\n"
214+ "8QXuNnZ0u7b6mKgrSY2Gf47fpL2aRgaR+BAQncbctu5EH/IL38pWjaGtOhFAj/5q\n"
215+ "7luVQW11kuyJN3Bd/dtLqawWOwMmAIEigw6X50l5ZHnEVzFfxt+RKTNhk4XWVtbi\n"
216+ "2iIlITOplW0rnvxYAwCxKL9ocaB7etK8au7ixMxbFp75Ts4iLX8dhlAFdCuFCk8k\n"
217+ "B8mi9HHuwr3QYRqMPW61hu1wBL3yB8eoZNOwPXb0gkIh6ZvgptxgQzm/cc+Iw9fP\n"
218+ "QkR0fTM7ElJ5QZmSV98AUbZDHmDvpmcjcUxfSPMc3IoT8T300usRu7QHqKJi\n"
219+ "-----END PKCS7-----\n";
220+
221+const gnutls_datum_t rca_datum = { (void *)rca_pem, sizeof(rca_pem) - 1 };
222+const gnutls_datum_t ca_datum = { (void *)ca_pem, sizeof(ca_pem) - 1 };
223+const gnutls_datum_t ee_datum = { (void *)ee_pem, sizeof(ee_pem) - 1 };
224+const gnutls_datum_t msg_datum = { (void *)msg_pem, sizeof(msg_pem) - 1 };
225+
226+static void tls_log_func(int level, const char *str)
227+{
228+ fprintf(stderr, "%s |<%d>| %s", "err", level, str);
229+}
230+
231+#define CHECK(X)\
232+{\
233+ r = X;\
234+ if (r < 0)\
235+ fail("error in %d: %s\n", __LINE__, gnutls_strerror(r));\
236+}\
237+
238+void doit(void)
239+{
240+ int r;
241+ gnutls_x509_crt_t rca_cert = NULL;
242+ gnutls_x509_crt_t ca_cert = NULL;
243+ gnutls_x509_crt_t ee_cert = NULL;
244+ gnutls_x509_trust_list_t tlist = NULL;
245+ gnutls_pkcs7_t pkcs7 = NULL;
246+ gnutls_datum_t data = { (unsigned char *)"xxx", 3 };
247+
248+ if (debug) {
249+ gnutls_global_set_log_function(tls_log_func);
250+ gnutls_global_set_log_level(4711);
251+ }
252+
253+ // Import certificates
254+ CHECK(gnutls_x509_crt_init(&rca_cert));
255+ CHECK(gnutls_x509_crt_import(rca_cert, &rca_datum, GNUTLS_X509_FMT_PEM));
256+ CHECK(gnutls_x509_crt_init(&ca_cert));
257+ CHECK(gnutls_x509_crt_import(ca_cert, &ca_datum, GNUTLS_X509_FMT_PEM));
258+ CHECK(gnutls_x509_crt_init(&ee_cert));
259+ CHECK(gnutls_x509_crt_import(ee_cert, &ee_datum, GNUTLS_X509_FMT_PEM));
260+
261+ // Setup trust store
262+ CHECK(gnutls_x509_trust_list_init(&tlist, 0));
263+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, rca_cert, "rca", 3, 0));
264+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ca_cert, "ca", 2, 0));
265+ CHECK(gnutls_x509_trust_list_add_named_crt(tlist, ee_cert, "ee", 2, 0));
266+
267+ // Setup pkcs7 structure
268+ CHECK(gnutls_pkcs7_init(&pkcs7));
269+ CHECK(gnutls_pkcs7_import(pkcs7, &msg_datum, GNUTLS_X509_FMT_PEM));
270+
271+ // Signature verification
272+ gnutls_pkcs7_verify(pkcs7, tlist, NULL, 0, 0, &data, 0);
273+
274+ gnutls_x509_crt_deinit(rca_cert);
275+ gnutls_x509_crt_deinit(ca_cert);
276+ gnutls_x509_crt_deinit(ee_cert);
277+ gnutls_x509_trust_list_deinit(tlist, 0);
278+ gnutls_pkcs7_deinit(pkcs7);
279+}
280--
2812.25.1
282
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch b/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
new file mode 100644
index 0000000000..943f4ca704
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2023-0361.patch
@@ -0,0 +1,85 @@
1From 80a6ce8ddb02477cd724cd5b2944791aaddb702a Mon Sep 17 00:00:00 2001
2From: Alexander Sosedkin <asosedkin@redhat.com>
3Date: Tue, 9 Aug 2022 16:05:53 +0200
4Subject: [PATCH] auth/rsa: side-step potential side-channel
5
6Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>
7Signed-off-by: Hubert Kario <hkario@redhat.com>
8Tested-by: Hubert Kario <hkario@redhat.com>
9Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/80a6ce8ddb02477cd724cd5b2944791aaddb702a
10 https://gitlab.com/gnutls/gnutls/-/commit/4b7ff428291c7ed77c6d2635577c83a43bbae558]
11CVE: CVE-2023-0361
12Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
13---
14 lib/auth/rsa.c | 30 +++---------------------------
15 1 file changed, 3 insertions(+), 27 deletions(-)
16
17diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
18index 8108ee8..858701f 100644
19--- a/lib/auth/rsa.c
20+++ b/lib/auth/rsa.c
21@@ -155,13 +155,10 @@ static int
22 proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
23 size_t _data_size)
24 {
25- const char attack_error[] = "auth_rsa: Possible PKCS #1 attack\n";
26 gnutls_datum_t ciphertext;
27 int ret, dsize;
28 ssize_t data_size = _data_size;
29 volatile uint8_t ver_maj, ver_min;
30- volatile uint8_t check_ver_min;
31- volatile uint32_t ok;
32
33 #ifdef ENABLE_SSL3
34 if (get_num_version(session) == GNUTLS_SSL3) {
35@@ -187,7 +184,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
36
37 ver_maj = _gnutls_get_adv_version_major(session);
38 ver_min = _gnutls_get_adv_version_minor(session);
39- check_ver_min = (session->internals.allow_wrong_pms == 0);
40
41 session->key.key.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
42 if (session->key.key.data == NULL) {
43@@ -206,10 +202,9 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
44 return ret;
45 }
46
47- ret =
48- gnutls_privkey_decrypt_data2(session->internals.selected_key,
49- 0, &ciphertext, session->key.key.data,
50- session->key.key.size);
51+ gnutls_privkey_decrypt_data2(session->internals.selected_key,
52+ 0, &ciphertext, session->key.key.data,
53+ session->key.key.size);
54 /* After this point, any conditional on failure that cause differences
55 * in execution may create a timing or cache access pattern side
56 * channel that can be used as an oracle, so treat very carefully */
57@@ -225,25 +220,6 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
58 * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
59 */
60
61- /* ok is 0 in case of error and 1 in case of success. */
62-
63- /* if ret < 0 */
64- ok = CONSTCHECK_EQUAL(ret, 0);
65- /* session->key.key.data[0] must equal ver_maj */
66- ok &= CONSTCHECK_EQUAL(session->key.key.data[0], ver_maj);
67- /* if check_ver_min then session->key.key.data[1] must equal ver_min */
68- ok &= CONSTCHECK_NOT_EQUAL(check_ver_min, 0) &
69- CONSTCHECK_EQUAL(session->key.key.data[1], ver_min);
70-
71- if (ok) {
72- /* call logging function unconditionally so all branches are
73- * indistinguishable for timing and cache access when debug
74- * logging is disabled */
75- _gnutls_no_log("%s", attack_error);
76- } else {
77- _gnutls_debug_log("%s", attack_error);
78- }
79-
80 /* This is here to avoid the version check attack
81 * discussed above.
82 */
83--
842.25.1
85
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch b/meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch
new file mode 100644
index 0000000000..c518cfa0ac
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2023-5981.patch
@@ -0,0 +1,206 @@
1Backport of:
2
3From 29d6298d0b04cfff970b993915db71ba3f580b6d Mon Sep 17 00:00:00 2001
4From: Daiki Ueno <ueno@gnu.org>
5Date: Mon, 23 Oct 2023 09:26:57 +0900
6Subject: [PATCH] auth/rsa_psk: side-step potential side-channel
7
8This removes branching that depends on secret data, porting changes
9for regular RSA key exchange from
104804febddc2ed958e5ae774de2a8f85edeeff538 and
1180a6ce8ddb02477cd724cd5b2944791aaddb702a. This also removes the
12allow_wrong_pms as it was used sorely to control debug output
13depending on the branching.
14
15Signed-off-by: Daiki Ueno <ueno@gnu.org>
16
17Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/gnutls28/3.6.13-2ubuntu1.9/gnutls28_3.6.13-2ubuntu1.9.debian.tar.xz
18Upstream-Commit: https://gitlab.com/gnutls/gnutls/-/commit/29d6298d0b04cfff970b993915db71ba3f580b6d]
19CVE: CVE-2023-5981
20Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
21---
22 lib/auth/rsa.c | 2 +-
23 lib/auth/rsa_psk.c | 90 ++++++++++++++++++----------------------------
24 lib/gnutls_int.h | 4 ---
25 lib/priority.c | 1 -
26 4 files changed, 35 insertions(+), 62 deletions(-)
27
28--- a/lib/auth/rsa.c
29+++ b/lib/auth/rsa.c
30@@ -207,7 +207,7 @@ proc_rsa_client_kx(gnutls_session_t sess
31 session->key.key.size);
32 /* After this point, any conditional on failure that cause differences
33 * in execution may create a timing or cache access pattern side
34- * channel that can be used as an oracle, so treat very carefully */
35+ * channel that can be used as an oracle, so tread carefully */
36
37 /* Error handling logic:
38 * In case decryption fails then don't inform the peer. Just use the
39--- a/lib/auth/rsa_psk.c
40+++ b/lib/auth/rsa_psk.c
41@@ -264,14 +264,13 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se
42 {
43 gnutls_datum_t username;
44 psk_auth_info_t info;
45- gnutls_datum_t plaintext;
46 gnutls_datum_t ciphertext;
47 gnutls_datum_t pwd_psk = { NULL, 0 };
48 int ret, dsize;
49- int randomize_key = 0;
50 ssize_t data_size = _data_size;
51 gnutls_psk_server_credentials_t cred;
52 gnutls_datum_t premaster_secret = { NULL, 0 };
53+ volatile uint8_t ver_maj, ver_min;
54
55 cred = (gnutls_psk_server_credentials_t)
56 _gnutls_get_cred(session, GNUTLS_CRD_PSK);
57@@ -327,71 +326,47 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_se
58 }
59 ciphertext.size = dsize;
60
61- ret =
62- gnutls_privkey_decrypt_data(session->internals.selected_key, 0,
63- &ciphertext, &plaintext);
64- if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
65- /* In case decryption fails then don't inform
66- * the peer. Just use a random key. (in order to avoid
67- * attack against pkcs-1 formatting).
68- */
69- gnutls_assert();
70- _gnutls_debug_log
71- ("auth_rsa_psk: Possible PKCS #1 format attack\n");
72- if (ret >= 0) {
73- gnutls_free(plaintext.data);
74- }
75- randomize_key = 1;
76- } else {
77- /* If the secret was properly formatted, then
78- * check the version number.
79- */
80- if (_gnutls_get_adv_version_major(session) !=
81- plaintext.data[0]
82- || (session->internals.allow_wrong_pms == 0
83- && _gnutls_get_adv_version_minor(session) !=
84- plaintext.data[1])) {
85- /* No error is returned here, if the version number check
86- * fails. We proceed normally.
87- * That is to defend against the attack described in the paper
88- * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
89- * Ondej Pokorny and Tomas Rosa.
90- */
91- gnutls_assert();
92- _gnutls_debug_log
93- ("auth_rsa: Possible PKCS #1 version check format attack\n");
94- }
95- }
96+ ver_maj = _gnutls_get_adv_version_major(session);
97+ ver_min = _gnutls_get_adv_version_minor(session);
98
99+ premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
100+ if (premaster_secret.data == NULL) {
101+ gnutls_assert();
102+ return GNUTLS_E_MEMORY_ERROR;
103+ }
104+ premaster_secret.size = GNUTLS_MASTER_SIZE;
105
106- if (randomize_key != 0) {
107- premaster_secret.size = GNUTLS_MASTER_SIZE;
108- premaster_secret.data =
109- gnutls_malloc(premaster_secret.size);
110- if (premaster_secret.data == NULL) {
111- gnutls_assert();
112- return GNUTLS_E_MEMORY_ERROR;
113- }
114-
115- /* we do not need strong random numbers here.
116- */
117- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
118- premaster_secret.size);
119- if (ret < 0) {
120- gnutls_assert();
121- goto cleanup;
122- }
123- } else {
124- premaster_secret.data = plaintext.data;
125- premaster_secret.size = plaintext.size;
126+ /* Fallback value when decryption fails. Needs to be unpredictable. */
127+ ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
128+ premaster_secret.size);
129+ if (ret < 0) {
130+ gnutls_assert();
131+ goto cleanup;
132 }
133
134+ gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
135+ &ciphertext, premaster_secret.data,
136+ premaster_secret.size);
137+ /* After this point, any conditional on failure that cause differences
138+ * in execution may create a timing or cache access pattern side
139+ * channel that can be used as an oracle, so tread carefully */
140+
141+ /* Error handling logic:
142+ * In case decryption fails then don't inform the peer. Just use the
143+ * random key previously generated. (in order to avoid attack against
144+ * pkcs-1 formatting).
145+ *
146+ * If we get version mismatches no error is returned either. We
147+ * proceed normally. This is to defend against the attack described
148+ * in the paper "Attacking RSA-based sessions in SSL/TLS" by
149+ * Vlastimil Klima, Ondej Pokorny and Tomas Rosa.
150+ */
151+
152 /* This is here to avoid the version check attack
153 * discussed above.
154 */
155-
156- premaster_secret.data[0] = _gnutls_get_adv_version_major(session);
157- premaster_secret.data[1] = _gnutls_get_adv_version_minor(session);
158+ premaster_secret.data[0] = ver_maj;
159+ premaster_secret.data[1] = ver_min;
160
161 /* find the key of this username
162 */
163--- a/lib/gnutls_int.h
164+++ b/lib/gnutls_int.h
165@@ -989,7 +989,6 @@ struct gnutls_priority_st {
166 bool _no_etm;
167 bool _no_ext_master_secret;
168 bool _allow_key_usage_violation;
169- bool _allow_wrong_pms;
170 bool _dumbfw;
171 unsigned int _dh_prime_bits; /* old (deprecated) variable */
172
173@@ -1007,7 +1006,6 @@ struct gnutls_priority_st {
174 (x)->no_etm = 1; \
175 (x)->no_ext_master_secret = 1; \
176 (x)->allow_key_usage_violation = 1; \
177- (x)->allow_wrong_pms = 1; \
178 (x)->dumbfw = 1
179
180 #define ENABLE_PRIO_COMPAT(x) \
181@@ -1016,7 +1014,6 @@ struct gnutls_priority_st {
182 (x)->_no_etm = 1; \
183 (x)->_no_ext_master_secret = 1; \
184 (x)->_allow_key_usage_violation = 1; \
185- (x)->_allow_wrong_pms = 1; \
186 (x)->_dumbfw = 1
187
188 /* DH and RSA parameters types.
189@@ -1141,7 +1138,6 @@ typedef struct {
190 bool no_etm;
191 bool no_ext_master_secret;
192 bool allow_key_usage_violation;
193- bool allow_wrong_pms;
194 bool dumbfw;
195
196 /* old (deprecated) variable. This is used for both srp_prime_bits
197--- a/lib/priority.c
198+++ b/lib/priority.c
199@@ -681,7 +681,6 @@ gnutls_priority_set(gnutls_session_t ses
200 COPY_TO_INTERNALS(no_etm);
201 COPY_TO_INTERNALS(no_ext_master_secret);
202 COPY_TO_INTERNALS(allow_key_usage_violation);
203- COPY_TO_INTERNALS(allow_wrong_pms);
204 COPY_TO_INTERNALS(dumbfw);
205 COPY_TO_INTERNALS(dh_prime_bits);
206
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch b/meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch
new file mode 100644
index 0000000000..f15c470879
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2024-0553.patch
@@ -0,0 +1,125 @@
1From 40dbbd8de499668590e8af51a15799fbc430595e Mon Sep 17 00:00:00 2001
2From: Daiki Ueno <ueno@gnu.org>
3Date: Wed, 10 Jan 2024 19:13:17 +0900
4Subject: [PATCH] rsa-psk: minimize branching after decryption
5
6This moves any non-trivial code between gnutls_privkey_decrypt_data2
7and the function return in _gnutls_proc_rsa_psk_client_kx up until the
8decryption. This also avoids an extra memcpy to session->key.key.
9
10Signed-off-by: Daiki Ueno <ueno@gnu.org>
11
12Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls/-/commit/40dbbd8de499668590e8af51a15799fbc430595e]
13CVE: CVE-2024-0553
14Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
15---
16 lib/auth/rsa_psk.c | 68 ++++++++++++++++++++++++----------------------
17 1 file changed, 35 insertions(+), 33 deletions(-)
18
19diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
20index 93c2dc9..c6cfb92 100644
21--- a/lib/auth/rsa_psk.c
22+++ b/lib/auth/rsa_psk.c
23@@ -269,7 +269,6 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
24 int ret, dsize;
25 ssize_t data_size = _data_size;
26 gnutls_psk_server_credentials_t cred;
27- gnutls_datum_t premaster_secret = { NULL, 0 };
28 volatile uint8_t ver_maj, ver_min;
29
30 cred = (gnutls_psk_server_credentials_t)
31@@ -329,24 +328,48 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
32 ver_maj = _gnutls_get_adv_version_major(session);
33 ver_min = _gnutls_get_adv_version_minor(session);
34
35- premaster_secret.data = gnutls_malloc(GNUTLS_MASTER_SIZE);
36- if (premaster_secret.data == NULL) {
37+ /* Find the key of this username. A random value will be
38+ * filled in if the key is not found.
39+ */
40+ ret = _gnutls_psk_pwd_find_entry(session, info->username,
41+ strlen(info->username), &pwd_psk);
42+ if (ret < 0)
43+ return gnutls_assert_val(ret);
44+
45+ /* Allocate memory for premaster secret, and fill in the
46+ * fields except the decryption result.
47+ */
48+ session->key.key.size = 2 + GNUTLS_MASTER_SIZE + 2 + pwd_psk.size;
49+ session->key.key.data = gnutls_malloc(session->key.key.size);
50+ if (session->key.key.data == NULL) {
51 gnutls_assert();
52+ _gnutls_free_key_datum(&pwd_psk);
53+ /* No need to zeroize, as the secret is not copied in yet */
54+ _gnutls_free_datum(&session->key.key);
55 return GNUTLS_E_MEMORY_ERROR;
56 }
57- premaster_secret.size = GNUTLS_MASTER_SIZE;
58
59 /* Fallback value when decryption fails. Needs to be unpredictable. */
60- ret = gnutls_rnd(GNUTLS_RND_NONCE, premaster_secret.data,
61- premaster_secret.size);
62+ ret = gnutls_rnd(GNUTLS_RND_NONCE, session->key.key.data + 2,
63+ GNUTLS_MASTER_SIZE);
64 if (ret < 0) {
65 gnutls_assert();
66- goto cleanup;
67+ _gnutls_free_key_datum(&pwd_psk);
68+ /* No need to zeroize, as the secret is not copied in yet */
69+ _gnutls_free_datum(&session->key.key);
70+ return ret;
71 }
72
73+ _gnutls_write_uint16(GNUTLS_MASTER_SIZE, session->key.key.data);
74+ _gnutls_write_uint16(pwd_psk.size,
75+ &session->key.key.data[2 + GNUTLS_MASTER_SIZE]);
76+ memcpy(&session->key.key.data[2 + GNUTLS_MASTER_SIZE + 2], pwd_psk.data,
77+ pwd_psk.size);
78+ _gnutls_free_key_datum(&pwd_psk);
79+
80 gnutls_privkey_decrypt_data2(session->internals.selected_key, 0,
81- &ciphertext, premaster_secret.data,
82- premaster_secret.size);
83+ &ciphertext, session->key.key.data + 2,
84+ GNUTLS_MASTER_SIZE);
85 /* After this point, any conditional on failure that cause differences
86 * in execution may create a timing or cache access pattern side
87 * channel that can be used as an oracle, so tread carefully */
88@@ -365,31 +388,10 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
89 /* This is here to avoid the version check attack
90 * discussed above.
91 */
92- premaster_secret.data[0] = ver_maj;
93- premaster_secret.data[1] = ver_min;
94+ session->key.key.data[2] = ver_maj;
95+ session->key.key.data[3] = ver_min;
96
97- /* find the key of this username
98- */
99- ret =
100- _gnutls_psk_pwd_find_entry(session, info->username, strlen(info->username), &pwd_psk);
101- if (ret < 0) {
102- gnutls_assert();
103- goto cleanup;
104- }
105-
106- ret =
107- set_rsa_psk_session_key(session, &pwd_psk, &premaster_secret);
108- if (ret < 0) {
109- gnutls_assert();
110- goto cleanup;
111- }
112-
113- ret = 0;
114- cleanup:
115- _gnutls_free_key_datum(&pwd_psk);
116- _gnutls_free_temp_key_datum(&premaster_secret);
117-
118- return ret;
119+ return 0;
120 }
121
122 static int
123--
1242.25.1
125
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
index 51578b4b3b..a1451daf2c 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -1,5 +1,7 @@
1SUMMARY = "GNU Transport Layer Security Library" 1SUMMARY = "GNU Transport Layer Security Library"
2HOMEPAGE = "http://www.gnu.org/software/gnutls/" 2DESCRIPTION = "a secure communications library implementing the SSL, \
3TLS and DTLS protocols and technologies around them."
4HOMEPAGE = "https://gnutls.org/"
3BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls" 5BUGTRACKER = "https://savannah.gnu.org/support/?group=gnutls"
4 6
5LICENSE = "GPLv3+ & LGPLv2.1+" 7LICENSE = "GPLv3+ & LGPLv2.1+"
@@ -21,6 +23,13 @@ SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar
21 file://arm_eabi.patch \ 23 file://arm_eabi.patch \
22 file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \ 24 file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
23 file://CVE-2020-24659.patch \ 25 file://CVE-2020-24659.patch \
26 file://CVE-2021-20231.patch \
27 file://CVE-2021-20232.patch \
28 file://CVE-2022-2509.patch \
29 file://CVE-2021-4209.patch \
30 file://CVE-2023-0361.patch \
31 file://CVE-2023-5981.patch \
32 file://CVE-2024-0553.patch \
24" 33"
25 34
26SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63" 35SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"
diff --git a/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
new file mode 100644
index 0000000000..9a8ceecbe7
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/CVE-2021-46848.patch
@@ -0,0 +1,45 @@
1From 22fd12b290adea788122044cb58dc9e77754644f Mon Sep 17 00:00:00 2001
2From: Vivek Kumbhar <vkumbhar@mvista.com>
3Date: Thu, 17 Nov 2022 12:07:50 +0530
4Subject: [PATCH] CVE-2021-46848
5
6Upstream-Status: Backport [https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5]
7CVE: CVE-2021-46848
8Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
9
10Fix ETYPE_OK off by one array size check.
11---
12 NEWS | 4 ++++
13 lib/int.h | 2 +-
14 2 files changed, 5 insertions(+), 1 deletion(-)
15
16diff --git a/NEWS b/NEWS
17index f042481..d8f684e 100644
18--- a/NEWS
19+++ b/NEWS
20@@ -1,5 +1,9 @@
21 GNU Libtasn1 NEWS -*- outline -*-
22
23+* Noteworthy changes in release ?.? (????-??-??) [?]
24+- Fix ETYPE_OK out of bounds read. Closes: #32.
25+- Update gnulib files and various maintenance fixes.
26+
27 * Noteworthy changes in release 4.16.0 (released 2020-02-01) [stable]
28 - asn1_decode_simple_ber: added support for constructed definite
29 octet strings. This allows this function decode the whole set of
30diff --git a/lib/int.h b/lib/int.h
31index ea16257..c877282 100644
32--- a/lib/int.h
33+++ b/lib/int.h
34@@ -97,7 +97,7 @@ typedef struct tag_and_class_st
35 #define ETYPE_TAG(etype) (_asn1_tags[etype].tag)
36 #define ETYPE_CLASS(etype) (_asn1_tags[etype].class)
37 #define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \
38- (etype) <= _asn1_tags_size && \
39+ (etype) < _asn1_tags_size && \
40 _asn1_tags[(etype)].desc != NULL)?1:0)
41
42 #define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \
43--
442.25.1
45
diff --git a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
index 8337b70241..d2b3c492ec 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.16.0.bb
@@ -1,4 +1,6 @@
1SUMMARY = "Library for ASN.1 and DER manipulation" 1SUMMARY = "Library for ASN.1 and DER manipulation"
2DESCRIPTION = "A highly portable C library that encodes and decodes \
3DER/BER data following an ASN.1 schema. "
2HOMEPAGE = "http://www.gnu.org/software/libtasn1/" 4HOMEPAGE = "http://www.gnu.org/software/libtasn1/"
3 5
4LICENSE = "GPLv3+ & LGPLv2.1+" 6LICENSE = "GPLv3+ & LGPLv2.1+"
@@ -10,6 +12,7 @@ LIC_FILES_CHKSUM = "file://doc/COPYING;md5=d32239bcb673463ab874e80d47fae504 \
10 12
11SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ 13SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
12 file://dont-depend-on-help2man.patch \ 14 file://dont-depend-on-help2man.patch \
15 file://CVE-2021-46848.patch \
13 " 16 "
14 17
15DEPENDS = "bison-native" 18DEPENDS = "bison-native"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-08 12:14:25 +0000