summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorZhixiong Chi <zhixiong.chi@windriver.com>2020-09-07 19:57:36 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-09-08 16:43:35 +0100
commit84b1bc500e318657cb7a8a189b59cc63bc91dca3 (patch)
tree88f672f82aefe5a4d9849aa3209d64cd3502c381
parent889005dc17d3e3b8eadee907ee2c05b8ff613285 (diff)
downloadopenembedded-core-contrib-84b1bc500e318657cb7a8a189b59cc63bc91dca3.tar.gz
gnutls: CVE-2020-24659
Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch117
-rw-r--r--meta/recipes-support/gnutls/gnutls_3.6.14.bb1
2 files changed, 118 insertions, 0 deletions
diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
new file mode 100644
index 0000000000..1702325e66
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2020-24659.patch
@@ -0,0 +1,117 @@
+From 29ee67c205855e848a0a26e6d0e4f65b6b943e0a Mon Sep 17 00:00:00 2001
+From: Daiki Ueno <ueno@gnu.org>
+Date: Sat, 22 Aug 2020 17:19:39 +0200
+Subject: [PATCH] handshake: reject no_renegotiation alert if handshake is
+ incomplete
+
+If the initial handshake is incomplete and the server sends a
+no_renegotiation alert, the client should treat it as a fatal error
+even if its level is warning. Otherwise the same handshake
+state (e.g., DHE parameters) are reused in the next gnutls_handshake
+call, if it is called in the loop idiom:
+
+ do {
+ ret = gnutls_handshake(session);
+ } while (ret < 0 && gnutls_error_is_fatal(ret) == 0);
+
+Signed-off-by: Daiki Ueno <ueno@gnu.org>
+CVE: CVE-2020-24659
+Upstream-Status: Backport [https://gitlab.com/gnutls/gnutls.git]
+Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
+---
+ lib/gnutls_int.h | 1 +
+ lib/handshake.c | 48 +++++++++++++-----
+ 2 files changed, 36 insertions(+), 13 deletions(-)
+
+diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
+index bb6c19713..31cec5c0c 100644
+--- a/lib/gnutls_int.h
++++ b/lib/gnutls_int.h
+@@ -1370,6 +1370,7 @@ typedef struct {
+ #define HSK_RECORD_SIZE_LIMIT_RECEIVED (1<<26) /* server: record_size_limit extension was seen but not accepted yet */
+ #define HSK_OCSP_REQUESTED (1<<27) /* server: client requested OCSP stapling */
+ #define HSK_CLIENT_OCSP_REQUESTED (1<<28) /* client: server requested OCSP stapling */
++#define HSK_SERVER_HELLO_RECEIVED (1<<29) /* client: Server Hello message has been received */
+
+ /* The hsk_flags are for use within the ongoing handshake;
+ * they are reset to zero prior to handshake start by gnutls_handshake. */
+diff --git a/lib/handshake.c b/lib/handshake.c
+index b40f84b3d..ce2d160e2 100644
+--- a/lib/handshake.c
++++ b/lib/handshake.c
+@@ -2051,6 +2051,8 @@ read_server_hello(gnutls_session_t session,
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
++ session->internals.hsk_flags |= HSK_SERVER_HELLO_RECEIVED;
++
+ return 0;
+ }
+
+@@ -2575,16 +2577,42 @@ int gnutls_rehandshake(gnutls_session_t session)
+ return 0;
+ }
+
++/* This function checks whether the error code should be treated fatal
++ * or not, and also does the necessary state transition. In
++ * particular, in the case of a rehandshake abort it resets the
++ * handshake's internal state.
++ */
+ inline static int
+ _gnutls_abort_handshake(gnutls_session_t session, int ret)
+ {
+- if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+- (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION))
+- || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+- return 0;
++ switch (ret) {
++ case GNUTLS_E_WARNING_ALERT_RECEIVED:
++ if (gnutls_alert_get(session) == GNUTLS_A_NO_RENEGOTIATION) {
++ /* The server always toleretes a "no_renegotiation" alert. */
++ if (session->security_parameters.entity == GNUTLS_SERVER) {
++ STATE = STATE0;
++ return ret;
++ }
++
++ /* The client should tolerete a "no_renegotiation" alert only if:
++ * - the initial handshake has completed, or
++ * - a Server Hello is not yet received
++ */
++ if (session->internals.initial_negotiation_completed ||
++ !(session->internals.hsk_flags & HSK_SERVER_HELLO_RECEIVED)) {
++ STATE = STATE0;
++ return ret;
++ }
+
+- /* this doesn't matter */
+- return GNUTLS_E_INTERNAL_ERROR;
++ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
++ }
++ return ret;
++ case GNUTLS_E_GOT_APPLICATION_DATA:
++ STATE = STATE0;
++ return ret;
++ default:
++ return ret;
++ }
+ }
+
+
+@@ -2747,13 +2774,7 @@ int gnutls_handshake(gnutls_session_t session)
+ }
+
+ if (ret < 0) {
+- /* In the case of a rehandshake abort
+- * we should reset the handshake's internal state.
+- */
+- if (_gnutls_abort_handshake(session, ret) == 0)
+- STATE = STATE0;
+-
+- return ret;
++ return _gnutls_abort_handshake(session, ret);
+ }
+
+ /* clear handshake buffer */
+--
+2.17.0
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.6.14.bb b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
index cc0454a561..51578b4b3b 100644
--- a/meta/recipes-support/gnutls/gnutls_3.6.14.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.14.bb
@@ -20,6 +20,7 @@ SHRT_VER = "${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}"
SRC_URI = "https://www.gnupg.org/ftp/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz \
file://arm_eabi.patch \
file://0001-Modied-the-license-to-GPLv2.1-to-keep-with-LICENSE-f.patch \
+ file://CVE-2020-24659.patch \
"
SRC_URI[sha256sum] = "5630751adec7025b8ef955af4d141d00d252a985769f51b4059e5affa3d39d63"