new file mode 100644
@@ -0,0 +1,122 @@
+From 9e209944b35cf82368071f160a744b6178f9b098 Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 12 May 2023 10:00:13 +0200
+Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
+ translate
+
+OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+numeric text form. For gigantic sub-identifiers, this would take a very
+long time, the time complexity being O(n^2) where n is the size of that
+sub-identifier.
+
+To mitigate this, a restriction on the size that OBJ_obj2txt() will
+translate to canonical numeric text form is added, based on RFC 2578
+(STD 58), which says this:
+
+> 3.5. OBJECT IDENTIFIER values
+>
+> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
+> For the SMIv2, each number in the list is referred to as a sub-identifier,
+> there are at most 128 sub-identifiers in a value, and each sub-identifier
+> has a maximum value of 2^32-1 (4294967295 decimal).
+
+Fixes otc/security#96
+Fixes CVE-2023-2650
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098]
+CVE: CVE-2023-2650
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ CHANGES | 28 +++++++++++++++++++++++++++-
+ NEWS | 2 ++
+ crypto/objects/obj_dat.c | 19 +++++++++++++++++++
+ 3 files changed, 48 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGES b/CHANGES
+index 1eaaf4e..f2cf38f 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -7,7 +7,33 @@
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+- Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
++ Changes between 1.1.1t and 1.1.1u [xx XXX xxxx]
++
++ *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
++ OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
++
++ OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
++ numeric text form. For gigantic sub-identifiers, this would take a very
++ long time, the time complexity being O(n^2) where n is the size of that
++ sub-identifier. (CVE-2023-2650)
++
++ To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
++ IDENTIFIER to canonical numeric text form if the size of that OBJECT
++ IDENTIFIER is 586 bytes or less, and fail otherwise.
++
++ The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
++ IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
++ most 128 sub-identifiers, and that the maximum value that each sub-
++ identifier may have is 2^32-1 (4294967295 decimal).
++
++ For each byte of every sub-identifier, only the 7 lower bits are part of
++ the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
++ these restrictions may occupy is 32 * 128 / 7, which is approximately 586
++ bytes.
++
++ Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
++
++Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
+ *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
+ that it does not enable policy checking. Thanks to
+diff --git a/NEWS b/NEWS
+index a86220a..41922c4 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,8 @@
+
+ Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
++ o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
++ OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
+ o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
+ o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+ o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
+index 7e8de72..d699915 100644
+--- a/crypto/objects/obj_dat.c
++++ b/crypto/objects/obj_dat.c
+@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+ first = 1;
+ bl = NULL;
+
++ /*
++ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
++ *
++ * > 3.5. OBJECT IDENTIFIER values
++ * >
++ * > An OBJECT IDENTIFIER value is an ordered list of non-negative
++ * > numbers. For the SMIv2, each number in the list is referred to as a
++ * > sub-identifier, there are at most 128 sub-identifiers in a value,
++ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
++ * > decimal).
++ *
++ * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
++ * i.e. 586 bytes long.
++ *
++ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
++ */
++ if (len > 586)
++ goto err;
++
+ while (len > 0) {
+ l = 0;
+ use_bn = 0;
+--
+2.25.1
+
@@ -21,6 +21,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://CVE-2023-0464.patch \
file://CVE-2023-0465.patch \
file://CVE-2023-0466.patch \
+ file://CVE-2023-2650.patch \
"
SRC_URI_append_class-nativesdk = " \
Upstream-Status: Backport from https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../openssl/openssl/CVE-2023-2650.patch | 122 ++++++++++++++++++ .../openssl/openssl_1.1.1t.bb | 1 + 2 files changed, 123 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-2650.patch