summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch55
-rw-r--r--meta/recipes-connectivity/openssl/openssl_3.0.5.bb1
2 files changed, 56 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
new file mode 100644
index 0000000000..18b2a5a6b2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
@@ -0,0 +1,55 @@
1From 56e1d693f0ec5550a8e3dd52d30e57a02f0287af Mon Sep 17 00:00:00 2001
2From: Hitendra Prajapati <hprajapati@mvista.com>
3Date: Wed, 19 Oct 2022 11:08:23 +0530
4Subject: [PATCH] CVE-2022-3358
5
6Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
7CVE : CVE-2022-3358
8Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
9---
10 crypto/evp/digest.c | 4 +++-
11 crypto/evp/evp_enc.c | 6 ++++--
12 2 files changed, 7 insertions(+), 3 deletions(-)
13
14diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
15index de9a1dc..e6e03ea 100644
16--- a/crypto/evp/digest.c
17+++ b/crypto/evp/digest.c
18@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
19 || tmpimpl != NULL
20 #endif
21 || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
22- || type->origin == EVP_ORIG_METH) {
23+ || (type != NULL && type->origin == EVP_ORIG_METH)
24+ || (type == NULL && ctx->digest != NULL
25+ && ctx->digest->origin == EVP_ORIG_METH)) {
26 if (ctx->digest == ctx->fetched_digest)
27 ctx->digest = NULL;
28 EVP_MD_free(ctx->fetched_digest);
29diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
30index 19a07de..5df08bd 100644
31--- a/crypto/evp/evp_enc.c
32+++ b/crypto/evp/evp_enc.c
33@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
34 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
35 || tmpimpl != NULL
36 #endif
37- || impl != NULL) {
38+ || impl != NULL
39+ || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
40+ || (cipher == NULL && ctx->cipher != NULL
41+ && ctx->cipher->origin == EVP_ORIG_METH)) {
42 if (ctx->cipher == ctx->fetched_cipher)
43 ctx->cipher = NULL;
44 EVP_CIPHER_free(ctx->fetched_cipher);
45@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
46 ctx->cipher_data = NULL;
47 }
48
49-
50 /* Start of non-legacy code below */
51
52 /* Ensure a context left lying around from last time is cleared */
53--
542.25.1
55
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
index 04aff04fab..175692436d 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
@@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ 12 file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
13 file://afalg.patch \ 13 file://afalg.patch \
14 file://0001-Configure-do-not-tweak-mips-cflags.patch \ 14 file://0001-Configure-do-not-tweak-mips-cflags.patch \
15 file://CVE-2022-3358.patch \
15 " 16 "
16 17
17SRC_URI:append:class-nativesdk = " \ 18SRC_URI:append:class-nativesdk = " \