mirror of
https://git.yoctoproject.org/poky
synced 2026-05-30 12:29:55 +00:00
openssl: Upgrade 1.1.1b -> 1.1.1c
Backported patch removed. (From OE-Core rev: 147d66495622332fdbf3cb1d0c3f0948402e1d1b) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Adrian Bunk
committed by
Richard Purdie
Richard Purdie
parent
2ac6bfc088
commit
9f348884ab
@@ -1,69 +0,0 @@
|
|||||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/f426625b6ae9a7831010750490a5f0ad689c5ba3]
|
|
||||||
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
||||||
|
|
||||||
From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Tue, 5 Mar 2019 14:39:15 +0000
|
|
||||||
Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
|
|
||||||
|
|
||||||
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
|
|
||||||
every encryption operation. RFC 7539 specifies that the nonce value (IV)
|
|
||||||
should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
|
|
||||||
front pads the nonce with 0 bytes if it is less than 12 bytes. However it
|
|
||||||
also incorrectly allows a nonce to be set of up to 16 bytes. In this case
|
|
||||||
only the last 12 bytes are significant and any additional leading bytes are
|
|
||||||
ignored.
|
|
||||||
|
|
||||||
It is a requirement of using this cipher that nonce values are unique.
|
|
||||||
Messages encrypted using a reused nonce value are susceptible to serious
|
|
||||||
confidentiality and integrity attacks. If an application changes the
|
|
||||||
default nonce length to be longer than 12 bytes and then makes a change to
|
|
||||||
the leading bytes of the nonce expecting the new value to be a new unique
|
|
||||||
nonce then such an application could inadvertently encrypt messages with a
|
|
||||||
reused nonce.
|
|
||||||
|
|
||||||
Additionally the ignored bytes in a long nonce are not covered by the
|
|
||||||
integrity guarantee of this cipher. Any application that relies on the
|
|
||||||
integrity of these ignored leading bytes of a long nonce may be further
|
|
||||||
affected.
|
|
||||||
|
|
||||||
Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
|
|
||||||
because no such use sets such a long nonce value. However user
|
|
||||||
applications that use this cipher directly and set a non-default nonce
|
|
||||||
length to be longer than 12 bytes may be vulnerable.
|
|
||||||
|
|
||||||
CVE: CVE-2019-1543
|
|
||||||
|
|
||||||
Fixes #8345
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <paul.dale@oracle.com>
|
|
||||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/8406)
|
|
||||||
|
|
||||||
(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
|
|
||||||
---
|
|
||||||
crypto/evp/e_chacha20_poly1305.c | 4 +++-
|
|
||||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
|
|
||||||
index c1917bb86a6..d3e2c622a1b 100644
|
|
||||||
--- a/crypto/evp/e_chacha20_poly1305.c
|
|
||||||
+++ b/crypto/evp/e_chacha20_poly1305.c
|
|
||||||
@@ -30,6 +30,8 @@ typedef struct {
|
|
||||||
|
|
||||||
#define data(ctx) ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
|
|
||||||
|
|
||||||
+#define CHACHA20_POLY1305_MAX_IVLEN 12
|
|
||||||
+
|
|
||||||
static int chacha_init_key(EVP_CIPHER_CTX *ctx,
|
|
||||||
const unsigned char user_key[CHACHA_KEY_SIZE],
|
|
||||||
const unsigned char iv[CHACHA_CTR_SIZE], int enc)
|
|
||||||
@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
|
|
||||||
return 1;
|
|
||||||
|
|
||||||
case EVP_CTRL_AEAD_SET_IVLEN:
|
|
||||||
- if (arg <= 0 || arg > CHACHA_CTR_SIZE)
|
|
||||||
+ if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
|
|
||||||
return 0;
|
|
||||||
actx->nonce_len = arg;
|
|
||||||
return 1;
|
|
||||||
@@ -18,14 +18,14 @@ index 3baa8ce..9ef52ed 100755
|
|||||||
- ($mi2) = $mi2 =~ /(\d+)/;
|
- ($mi2) = $mi2 =~ /(\d+)/;
|
||||||
- my $ver = $ma*10000 + $mi1*100 + $mi2;
|
- my $ver = $ma*10000 + $mi1*100 + $mi2;
|
||||||
- if ($ver < $minver) {
|
- if ($ver < $minver) {
|
||||||
- $disabled{afalgeng} = "too-old-kernel";
|
- disable('too-old-kernel', 'afalgeng');
|
||||||
- } else {
|
- } else {
|
||||||
- push @{$config{engdirs}}, "afalg";
|
- push @{$config{engdirs}}, "afalg";
|
||||||
- }
|
- }
|
||||||
- } else {
|
- } else {
|
||||||
- $disabled{afalgeng} = "cross-compiling";
|
- disable('cross-compiling', 'afalgeng');
|
||||||
- }
|
- }
|
||||||
+ push @{$config{engdirs}}, "afalg";
|
+ push @{$config{engdirs}}, "afalg";
|
||||||
} else {
|
} else {
|
||||||
$disabled{afalgeng} = "not-linux";
|
disable('not-linux', 'afalgeng');
|
||||||
}
|
}
|
||||||
|
|||||||
+2
-3
@@ -16,15 +16,14 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
|
|||||||
file://0001-skip-test_symbol_presence.patch \
|
file://0001-skip-test_symbol_presence.patch \
|
||||||
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
|
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
|
||||||
file://afalg.patch \
|
file://afalg.patch \
|
||||||
file://CVE-2019-1543.patch \
|
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI_append_class-nativesdk = " \
|
SRC_URI_append_class-nativesdk = " \
|
||||||
file://environment.d-openssl.sh \
|
file://environment.d-openssl.sh \
|
||||||
"
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "4532712e7bcc9414f5bce995e4e13930"
|
SRC_URI[md5sum] = "15e21da6efe8aa0e0768ffd8cd37a5f6"
|
||||||
SRC_URI[sha256sum] = "5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b"
|
SRC_URI[sha256sum] = "f6fb3079ad15076154eda9413fed42877d668e7069d9b87396d0804fdb3f4c90"
|
||||||
|
|
||||||
inherit lib_package multilib_header ptest
|
inherit lib_package multilib_header ptest
|
||||||
|
|
||||||
Reference in New Issue
Block a user