2 files changed, 118 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
new file mode 100644
index 0000000000..1702325e66
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
@@ -0,0 +1,117 @@
+From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 22 Aug 2020 17:19:39 +0200
+Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
+ incomplete
+If the initial handshake is incomplete and the server sends a
+no_renegotiation alert, the client should treat it as a fatal error
+even if its level is warning.  Otherwise the same handshake
+state (e.g., DHE parameters) are reused in the next gnutls_handshake
+call, if it is called in the loop idiom:
+  do {
+          ret = gnutls_handshake(session);
+  } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+CVE: CVE-2020-24659
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/gnutls_int.h                              |   1 +
+ lib/handshake.c                               |  48 +++++++++++++-----
+ 2 files changed, 36 insertions(+), 13 deletions(-)
+diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
+index bb6c19713..31cec5c0c 100644
+--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
+@@ -1370,6 +1370,7 @@ typedef struct {
+ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
+ #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
+ #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
+ 
+        /* The hsk_flags are for use within the ongoing handshake;
+         * they are reset to zero prior to handshake start by gnutls_handshake. */
+diff --git a/lib/handshake.c b/lib/handshake.c
+index b40f84b3d..ce2d160e2 100644
+--- a/lib/handshake.c
+++ b/lib/handshake.c
+@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session,
+        if (ret < 0)
+                return gnutls_assert_val(ret);
+ 
+       session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
+
+        return 0;
+ }
+ 
+@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session)
+        return 0;
+ }
+ 
+/* This function checks whether the error code should be treated fatal
+ * or not, and also does the necessary state transition.  In
+ * particular, in the case of a rehandshake abort it resets the
+ * handshake's internal state.
+ */
+ inline static int
+ _gnutls_abort_handshake(gnutls_session_t session, int ret)
+ {
+-       if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+-            (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+-           || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+-               return 0;
+       switch (ret) {
+       case GNUTLS_E_WARNING_ALERT_RECEIVED:
+               if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
+                       /* The server always toleretes a "no_renegotiation" alert. */
+                       if (session->security_parameters.entity == GNUTLS_SERVER) {
+                               STATE = STATE0;
+                               return ret;
+                       }
+
+                       /* The client should tolerete a "no_renegotiation" alert only if:
+                        * - the initial handshake has completed, or
+                        * - a Server Hello is not yet received
+                        */
+                       if (session->internals.initial_negotiation_completed ||
+                           !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
+                               STATE = STATE0;
+                               return ret;
+                       }
+ 
+-       /* this doesn't matter */
+-       return GNUTLS_E_INTERNAL_ERROR;
+                       return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+               }
+               return ret;
+       case GNUTLS_E_GOT_APPLICATION_DATA:
+               STATE = STATE0;
+               return ret;
+       default:
+               return ret;
+       }
+ }
+ 
+ 
+@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session)
+        }
+ 
+        if (ret < 0) {
+-               /* In the case of a rehandshake abort
+-                * we should reset the handshake's internal state.
+-                */
+-               if (_gnutls_abort_handshake(session, ret) == 0)
+-                       STATE = STATE0;
+-
+-               return ret;
+               return _gnutls_abort_handshake(session, ret);
+        }
+ 
+        /* clear handshake buffer */
+-- 
+2.17.0
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
index cc0454a561..51578b4b3b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -20,6 +20,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
 SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
           file://arm_eabi.patch \
           file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
+           file://CVE-2020-24659.patch \
 "
 SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch new file mode 100644 index 0000000000..1702325e66 --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
@@ -0,0 +1,117 @@
		1	From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
		2	From: Daiki Ueno <ueno@gnu.org>
		3	Date: Sat, 22 Aug 2020 17:19:39 +0200
		4	Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
		5	incomplete
		6
		7	If the initial handshake is incomplete and the server sends a
		8	no_renegotiation alert, the client should treat it as a fatal error
		9	even if its level is warning. Otherwise the same handshake
		10	state (e.g., DHE parameters) are reused in the next gnutls_handshake
		11	call, if it is called in the loop idiom:
		12
		13	do {
		14	ret = gnutls_handshake(session);
		15	} while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
		16
		17	Signed-off-by: Daiki Ueno <ueno@gnu.org>
		18	CVE: CVE-2020-24659
		19	Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git]
		20	Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
		21	---
		22	lib/gnutls_int.h \| 1 +
		23	lib/handshake.c \| 48 +++++++++++++-----
		24	2 files changed, 36 insertions(+), 13 deletions(-)
		25
		26	diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
		27	index bb6c19713..31cec5c0c 100644
		28	--- a/lib/gnutls_int.h
		29	+++ b/lib/gnutls_int.h
		30	@@ -1370,6 +1370,7 @@ typedef struct {
		31	#define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
		32	#define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
		33	#define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
		34	+#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
		35
		36	/* The hsk_flags are for use within the ongoing handshake;
		37	* they are reset to zero prior to handshake start by gnutls_handshake. */
		38	diff --git a/lib/handshake.c b/lib/handshake.c
		39	index b40f84b3d..ce2d160e2 100644
		40	--- a/lib/handshake.c
		41	+++ b/lib/handshake.c
		42	@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session,
		43	if (ret < 0)
		44	return gnutls_assert_val(ret);
		45
		46	+ session->internals.hsk_flags \|= HSK_SERVER_HELLO_RECEIVED;
		47	+
		48	return 0;
		49	}
		50
		51	@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session)
		52	return 0;
		53	}
		54
		55	+/* This function checks whether the error code should be treated fatal
		56	+ * or not, and also does the necessary state transition. In
		57	+ * particular, in the case of a rehandshake abort it resets the
		58	+ * handshake's internal state.
		59	+ */
		60	inline static int
		61	_gnutls_abort_handshake(gnutls_session_t session, int ret)
		62	{
		63	- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
		64	- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
		65	- \|\| ret == GNUTLS_E_GOT_APPLICATION_DATA)
		66	- return 0;
		67	+ switch (ret) {
		68	+ case GNUTLS_E_WARNING_ALERT_RECEIVED:
		69	+ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
		70	+ /* The server always toleretes a "no_renegotiation" alert. */
		71	+ if (session->security_parameters.entity == GNUTLS_SERVER) {
		72	+ STATE = STATE0;
		73	+ return ret;
		74	+ }
		75	+
		76	+ /* The client should tolerete a "no_renegotiation" alert only if:
		77	+ * - the initial handshake has completed, or
		78	+ * - a Server Hello is not yet received
		79	+ */
		80	+ if (session->internals.initial_negotiation_completed \|\|
		81	+ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
		82	+ STATE = STATE0;
		83	+ return ret;
		84	+ }
		85
		86	- /* this doesn't matter */
		87	- return GNUTLS_E_INTERNAL_ERROR;
		88	+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
		89	+ }
		90	+ return ret;
		91	+ case GNUTLS_E_GOT_APPLICATION_DATA:
		92	+ STATE = STATE0;
		93	+ return ret;
		94	+ default:
		95	+ return ret;
		96	+ }
		97	}
		98
		99
		100	@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session)
		101	}
		102
		103	if (ret < 0) {
		104	- /* In the case of a rehandshake abort
		105	- * we should reset the handshake's internal state.
		106	- */
		107	- if (_gnutls_abort_handshake(session, ret) == 0)
		108	- STATE = STATE0;
		109	-
		110	- return ret;
		111	+ return _gnutls_abort_handshake(session, ret);
		112	}
		113
		114	/* clear handshake buffer */
		115	--
		116	2.17.0
		117


diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb index cc0454a561..51578b4b3b 100644 --- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb +++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -20,6 +20,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
20	SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \	20	SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
21	file://arm_eabi.patch \	21	file://arm_eabi.patch \
22	file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \	22	file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
		23	file://CVE-2020-24659.patch \
23	"	24	"
24		25
25	SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"	26	SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"