diff mbox series

[langdale,01/20] openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption

Message ID c28dc71f17133f6e4470fc0c1a552c743869b3ad.1667356805.git.steve@sakoman.com
State New
Headers show
Series [langdale,01/20] openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption | expand

Commit Message

Steve Sakoman Nov. 2, 2022, 2:41 a.m. UTC 
From: Hitendra Prajapati <hprajapati@mvista.com>

Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
Description:
	CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
Affects "openssl < 3.0.6"

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/openssl/CVE-2022-3358.patch       | 55 +++++++++++++++++++
 .../openssl/openssl_3.0.5.bb                  |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch

Comments

Patrick Williams Nov. 3, 2022, 3:54 p.m. UTC | #1 
On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote:
> From: Hitendra Prajapati <hprajapati@mvista.com>
> 
> Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
> Description:
> 	CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
> Affects "openssl < 3.0.6"
> 
> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> (cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Instead of picking up this patch, wouldn't it make a lot more sense to
go to 3.0.7 like we did with [1]?  Since 3.0.7 contains a HIGH severity
CVE fix as well as the one mentioned here, it seems like we should get
that backported to both Langdale and Kirkstone quickly.


1. https://lore.kernel.org/openembedded-core/20221101170310.2740317-1-edtanous@google.com/
Steve Sakoman Nov. 3, 2022, 4:28 p.m. UTC | #2 
On Thu, Nov 3, 2022 at 5:54 AM Patrick Williams <patrick@stwcx.xyz> wrote:
>
> On Tue, Nov 01, 2022 at 04:41:51PM -1000, Steve Sakoman wrote:
> > From: Hitendra Prajapati <hprajapati@mvista.com>
> >
> > Upstream-Status: Backport from https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
> > Description:
> >       CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption.
> > Affects "openssl < 3.0.6"
> >
> > Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
> > Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> > (cherry picked from commit f98b2273c6f03f8f6029a7a409600ce290817e27)
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
>
> Instead of picking up this patch, wouldn't it make a lot more sense to
> go to 3.0.7 like we did with [1]?  Since 3.0.7 contains a HIGH severity
> CVE fix as well as the one mentioned here, it seems like we should get
> that backported to both Langdale and Kirkstone quickly.

This patchset was tested and sent out for review prior to the 3.0.7
upgrade hitting master.

Note that I have the 3.0.7 upgrade in the patches currently under test
for both langdale and kirkstone:

https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/langdale-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut

If the langdale test succeeds I will include the 3.0.7 upgrade patch
in the pull request for the above series (hopefully later today)

Steve

> 1. https://lore.kernel.org/openembedded-core/20221101170310.2740317-1-edtanous@google.com/
>
> --
> Patrick Williams
Patrick Williams Nov. 3, 2022, 4:48 p.m. UTC | #3 
On Thu, Nov 03, 2022 at 06:28:04AM -1000, Steve Sakoman wrote:
> On Thu, Nov 3, 2022 at 5:54 AM Patrick Williams <patrick@stwcx.xyz> wrote:
> > Instead of picking up this patch, wouldn't it make a lot more sense to
> > go to 3.0.7 like we did with [1]?  Since 3.0.7 contains a HIGH severity
> > CVE fix as well as the one mentioned here, it seems like we should get
> > that backported to both Langdale and Kirkstone quickly.
> 
> This patchset was tested and sent out for review prior to the 3.0.7
> upgrade hitting master.

Understood.

> Note that I have the 3.0.7 upgrade in the patches currently under test
> for both langdale and kirkstone:
> 
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/langdale-nut
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
> 
> If the langdale test succeeds I will include the 3.0.7 upgrade patch
> in the pull request for the above series (hopefully later today)

Great.  Thank you.
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
new file mode 100644
index 0000000000..18b2a5a6b2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch
@@ -0,0 +1,55 @@ 
+From 56e1d693f0ec5550a8e3dd52d30e57a02f0287af Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Wed, 19 Oct 2022 11:08:23 +0530
+Subject: [PATCH] CVE-2022-3358
+
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b]
+CVE : CVE-2022-3358
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ crypto/evp/digest.c  | 4 +++-
+ crypto/evp/evp_enc.c | 6 ++++--
+ 2 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index de9a1dc..e6e03ea 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_CTX *ctx, const EVP_MD *type,
+             || tmpimpl != NULL
+ #endif
+             || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0
+-            || type->origin == EVP_ORIG_METH) {
++            || (type != NULL && type->origin == EVP_ORIG_METH)
++            || (type == NULL && ctx->digest != NULL
++                             && ctx->digest->origin == EVP_ORIG_METH)) {
+         if (ctx->digest == ctx->fetched_digest)
+             ctx->digest = NULL;
+         EVP_MD_free(ctx->fetched_digest);
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index 19a07de..5df08bd 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
+             || tmpimpl != NULL
+ #endif
+-            || impl != NULL) {
++            || impl != NULL
++            || (cipher != NULL && cipher->origin == EVP_ORIG_METH)
++            || (cipher == NULL && ctx->cipher != NULL
++                               && ctx->cipher->origin == EVP_ORIG_METH)) {
+         if (ctx->cipher == ctx->fetched_cipher)
+             ctx->cipher = NULL;
+         EVP_CIPHER_free(ctx->fetched_cipher);
+@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
+         ctx->cipher_data = NULL;
+     }
+ 
+-
+     /* Start of non-legacy code below */
+ 
+     /* Ensure a context left lying around from last time is cleared */
+-- 
+2.25.1
+
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
index 04aff04fab..175692436d 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.5.bb
@@ -12,6 +12,7 @@  SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://CVE-2022-3358.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \