[kirkstone] openssl: fix CVE-2022-3996 double locking leads to denial of service

From: Vivek Kumbhar <vkumbhar@mvista.com>

Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
---
 .../openssl/openssl/CVE-2022-3996.patch       | 43 +++++++++++++++++++
 .../openssl/openssl_3.0.7.bb                  |  1 +
 2 files changed, 44 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch

Can you also send this for langdale and master?

Ross

> On 20 Jan 2023, at 02:56, vkumbhar via lists.openembedded.org <vkumbhar=mvista.com@lists.openembedded.org> wrote:
> 
> From: Vivek Kumbhar <vkumbhar@mvista.com>
> 
> Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> ---
> .../openssl/openssl/CVE-2022-3996.patch       | 43 +++++++++++++++++++
> .../openssl/openssl_3.0.7.bb                  |  1 +
> 2 files changed, 44 insertions(+)
> create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> 
> diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> new file mode 100644
> index 0000000000..6d70b323d1
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> @@ -0,0 +1,43 @@
> +From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> +From: Pauli <pauli@openssl.org>
> +Date: Fri, 11 Nov 2022 09:40:19 +1100
> +Subject: [PATCH] x509: fix double locking problem
> +
> +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the
> +redundant flag setting.
> +
> +Fixes #19643
> +
> +Fixes LOW CVE-2022-3996
> +
> +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
> +Reviewed-by: Tomas Mraz <tomas@openssl.org>
> +(Merged from https://github.com/openssl/openssl/pull/19652)
> +
> +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> +
> +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7]
> +CVE: CVE-2022-3996
> +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> +---
> + crypto/x509/pcy_map.c | 4 ----
> + 1 file changed, 4 deletions(-)
> +
> +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> +index 05406c6493..60dfd1e320 100644
> +--- a/crypto/x509/pcy_map.c
> ++++ b/crypto/x509/pcy_map.c
> +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
> + 
> +     ret = 1;
> +  bad_mapping:
> +-    if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> +-        x->ex_flags |= EXFLAG_INVALID_POLICY;
> +-        CRYPTO_THREAD_unlock(x->lock);
> +-    }
> +     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> +     return ret;
> + 
> +-- 
> +2.30.2
> +
> diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> index 9ed5f11df0..5156586661 100644
> --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> +++ b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> @@ -12,6 +12,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
>            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
>            file://afalg.patch \
>            file://0001-Configure-do-not-tweak-mips-cflags.patch \
> +           file://CVE-2022-3996.patch \
>            "
> 
> SRC_URI:append:class-nativesdk = " \
> -- 
> 2.30.2
> 
> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#176179): https://lists.openembedded.org/g/openembedded-core/message/176179
> Mute This Topic: https://lists.openembedded.org/mt/96393043/6875888
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ross.burton@arm.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Okay, Sure.

Kind Regards,
Vivek

On Mon, Jan 23, 2023 at 5:37 PM Ross Burton <Ross.Burton@arm.com> wrote:

> Can you also send this for langdale and master?
>
> Ross
>
> > On 20 Jan 2023, at 02:56, vkumbhar via lists.openembedded.org <vkumbhar=
> mvista.com@lists.openembedded.org> wrote:
> >
> > From: Vivek Kumbhar <vkumbhar@mvista.com>
> >
> > Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> > ---
> > .../openssl/openssl/CVE-2022-3996.patch       | 43 +++++++++++++++++++
> > .../openssl/openssl_3.0.7.bb                  |  1 +
> > 2 files changed, 44 insertions(+)
> > create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> >
> > diff --git
> a/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> > new file mode 100644
> > index 0000000000..6d70b323d1
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2022-3996.patch
> > @@ -0,0 +1,43 @@
> > +From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001
> > +From: Pauli <pauli@openssl.org>
> > +Date: Fri, 11 Nov 2022 09:40:19 +1100
> > +Subject: [PATCH] x509: fix double locking problem
> > +
> > +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and
> removed the
> > +redundant flag setting.
> > +
> > +Fixes #19643
> > +
> > +Fixes LOW CVE-2022-3996
> > +
> > +Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
> > +Reviewed-by: Tomas Mraz <tomas@openssl.org>
> > +(Merged from https://github.com/openssl/openssl/pull/19652)
> > +
> > +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5)
> > +
> > +Upstream-Status: Backport [
> https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7
> ]
> > +CVE: CVE-2022-3996
> > +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
> > +---
> > + crypto/x509/pcy_map.c | 4 ----
> > + 1 file changed, 4 deletions(-)
> > +
> > +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c
> > +index 05406c6493..60dfd1e320 100644
> > +--- a/crypto/x509/pcy_map.c
> > ++++ b/crypto/x509/pcy_map.c
> > +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x,
> POLICY_MAPPINGS *maps)
> > +
> > +     ret = 1;
> > +  bad_mapping:
> > +-    if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) {
> > +-        x->ex_flags |= EXFLAG_INVALID_POLICY;
> > +-        CRYPTO_THREAD_unlock(x->lock);
> > +-    }
> > +     sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
> > +     return ret;
> > +
> > +--
> > +2.30.2
> > +
> > diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > index 9ed5f11df0..5156586661 100644
> > --- a/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > +++ b/meta/recipes-connectivity/openssl/openssl_3.0.7.bb
> > @@ -12,6 +12,7 @@ SRC_URI = "
> http://www.openssl.org/source/openssl-${PV}.tar.gz \
> >
> file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
> >            file://afalg.patch \
> >            file://0001-Configure-do-not-tweak-mips-cflags.patch \
> > +           file://CVE-2022-3996.patch \
> >            "
> >
> > SRC_URI:append:class-nativesdk = " \
> > --
> > 2.30.2
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#176179):
> https://lists.openembedded.org/g/openembedded-core/message/176179
> > Mute This Topic: https://lists.openembedded.org/mt/96393043/6875888
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ross.burton@arm.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
>