From d8b1898f8ce3fea478b445df87b1fd9719fe9fe1 Mon Sep 17 00:00:00 2001 From: Adrian Bunk Date: Fri, 17 Jan 2020 18:58:15 +0200 Subject: openssl: Upgrade 1.1.1b -> 1.1.1c Backported patch removed. (From OE-Core rev: 3402c001bc585bacb6e00495a7c3c66c75d16e7c) Signed-off-by: Adrian Bunk Signed-off-by: Richard Purdie Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- .../openssl/openssl/CVE-2019-1543.patch | 69 ---------------------- 1 file changed, 69 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch deleted file mode 100644 index 900ef97fce..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2019-1543.patch +++ /dev/null @@ -1,69 +0,0 @@ -Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3] -Signed-off-by: Ross Burton - -From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 5 Mar 2019 14:39:15 +0000 -Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305 - -ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for -every encryption operation. RFC 7539 specifies that the nonce value (IV) -should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and -front pads the nonce with 0 bytes if it is less than 12 bytes. However it -also incorrectly allows a nonce to be set of up to 16 bytes. In this case -only the last 12 bytes are significant and any additional leading bytes are -ignored. - -It is a requirement of using this cipher that nonce values are unique. -Messages encrypted using a reused nonce value are susceptible to serious -confidentiality and integrity attacks. If an application changes the -default nonce length to be longer than 12 bytes and then makes a change to -the leading bytes of the nonce expecting the new value to be a new unique -nonce then such an application could inadvertently encrypt messages with a -reused nonce. - -Additionally the ignored bytes in a long nonce are not covered by the -integrity guarantee of this cipher. Any application that relies on the -integrity of these ignored leading bytes of a long nonce may be further -affected. - -Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe -because no such use sets such a long nonce value. However user -applications that use this cipher directly and set a non-default nonce -length to be longer than 12 bytes may be vulnerable. - -CVE: CVE-2019-1543 - -Fixes #8345 - -Reviewed-by: Paul Dale -Reviewed-by: Richard Levitte -(Merged from https://github.com/openssl/openssl/pull/8406) - -(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6) ---- - crypto/evp/e_chacha20_poly1305.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c -index c1917bb86a6..d3e2c622a1b 100644 ---- a/crypto/evp/e_chacha20_poly1305.c -+++ b/crypto/evp/e_chacha20_poly1305.c -@@ -30,6 +30,8 @@ typedef struct { - - #define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data) - -+#define CHACHA20_POLY1305_MAX_IVLEN 12 -+ - static int chacha_init_key(EVP_CIPHER_CTX *ctx, - const unsigned char user_key[CHACHA_KEY_SIZE], - const unsigned char iv[CHACHA_CTR_SIZE], int enc) -@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, - return 1; - - case EVP_CTRL_AEAD_SET_IVLEN: -- if (arg <= 0 || arg > CHACHA_CTR_SIZE) -+ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN) - return 0; - actx->nonce_len = arg; - return 1; -- cgit v1.2.3-54-g00ecf