In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.
This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.
All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.

Issue reported by Guido Vranken.

CVE-2016-0797

Reviewed-by: Andy Polyakov <appro@openssl.org>

Change-Id: I8e2028a0bb8db9793edf9def7dac75efa6ab4024
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

1. Correct the available of input buffer length
2. Correct the input buffer length check, otherwise the pointer of
next input byte maybe access a incorrect address

Change-Id: Id5cc4fe596d50978fa669de5f59a28bb91d4a80b
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

There was a small optimization for PowerPCs to pre-increment a
pointer when accessing a word, instead of post-incrementing. This
required prefacing the loop with a decrement of the pointer,
possibly pointing before the object passed. This is not compliant
with the C standard, for which decrementing a pointer before its
allocated memory is undefined. When tested on a modern PowerPC
with a modern compiler, the optimization no longer has any effect.
Due to all that, and per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.

Change-Id: I8c7b57d093640405d61a5588706cb51147738be5
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

inftrees.c was subtracting an offset from a pointer to an array,
in order to provide a pointer that allowed indexing starting at
the offset. This is not compliant with the C standard, for which
the behavior of a pointer decremented before its allocated memory
is undefined. Per the recommendation of a security audit of the
zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this tiny optimization was removed, in order
to avoid the possibility of undefined behavior.

Change-Id: I2fcd56f809dc2e57b660e389e09fdbab82a4afba
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

An old inffast.c optimization turns out to not be optimal anymore
with modern compilers, and furthermore was not compliant with the
C standard, for which decrementing a pointer before its allocated
memory is undefined. Per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.

Change-Id: I14c859d451eb746d9f218face47d41a1ff672a1d
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

If the ASN.1 BIO is presented with a large length field read it in
chunks of increasing size checking for EOF on each read. This prevents
small files allocating excessive amounts of data.

CVE-2016-2109

Thanks to Brian Carpenter for reporting this issue.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

Change-Id: Ifa8d35f71932d318bf430ea0e76960bfd4e9b157
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit a0eed48d37a4b7beea0c966caf09ad46f4a92a44)

Change-Id: I280a99b6410a5508a0da9b0dc399cc52173f5672
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

Presently partition entries are read and validated, and again
read to fill internal partition data.
This change ensure, we don't re-read partition entries instead,
use same buffer to fill that was used for validation.

Change-Id: I5e272a0751fccf0ca145ee3445deaf15c8a4481a
Signed-off-by: Ram Kumar D <quic_ramd@quicinc.com>

In the BN_hex2bn function the number of hex digits is calculated using
an int value |i|. Later |bn_expand| is called with a value of |i * 4|.
For large values of |i| this can result in |bn_expand| not allocating any
memory because |i * 4| is negative. This leaves ret->d as NULL leading
to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this
case memory is allocated to ret->d, but it is insufficiently sized
leading to heap corruption. A similar issue exists in BN_dec2bn.

This could have security consequences if BN_hex2bn/BN_dec2bn is ever
called by user applications with very large untrusted hex/dec data. This is
anticipated to be a rare occurrence.

All OpenSSL internal usage of this function uses data that is not expected
to be untrusted, e.g. config file data or application command line
arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be a rare.

Issue reported by Guido Vranken.

CVE-2016-0797

Reviewed-by: Andy Polyakov <appro@openssl.org>

Change-Id: I3d43b96946c5a3ebb116ec352b23389f68e2905a
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

This patch resolves RT ticket #2608.

Thanks to Robert Dugal for originally spotting this, and to David
Ramos for noticing that the ball had been dropped.

Signed-off-by: Geoff Thorpe <geoff@openssl.org>

Change-Id: I8c30ac4d804b59052befeb92815f1abe2ddf710e
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

An overflow can occur in the EVP_EncryptUpdate function. If a person is
able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate with a partial block then a length check can overflow
resulting in a heap corruption.

Following an analysis of all OpenSSL internal usage of the
EVP_EncryptUpdate function all usage is one of two forms.

The first form is like this:
EVP_EncryptInit()
EVP_EncryptUpdate()

i.e. where the EVP_EncryptUpdate() call is known to be the first called
function after an EVP_EncryptInit(), and therefore that specific call
must be safe.

The second form is where the length passed to EVP_EncryptUpdate() can be
seen from the code to be some small value and therefore there is no
possibility of an overflow.

Since all instances are one of these two forms, I believe that there can
be no overflows in internal code due to this problem.

It should be noted that EVP_DecryptUpdate() can call EVP_EncryptUpdate()
in certain code paths. Also EVP_CipherUpdate() is a synonym for
EVP_EncryptUpdate(). Therefore I have checked all instances of these
calls too, and came to the same conclusion, i.e. there are no instances
in internal usage where an overflow could occur.

This could still represent a security issue for end user code that calls
this function directly.

CVE-2016-2106

Issue reported by Guido Vranken.

Reviewed-by: Tim Hudson <tjh@openssl.org>

Change-Id: Icda362e5477f7f784f860183a62874443876d81b
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

Thanks to Shi Lei for reporting this issue.

CVE-2016-6303

Reviewed-by: Matt Caswell <matt@openssl.org>

Change-Id: I8dd81c1baa745b5a88e1d1af2049c08a6dab1929
Signed-off-by: Saahil Tomar <quic_saahtoma@quicinc.com>

Currently, the lk-bootloader has support only to fixup the fdt nodes
with respect to the 4.4 kernel dts. So, added support to do fixup with
respect to the 5.4 kernel dts as well.

Change-Id: I4e8525d429426d804c7c7c65681007f95312ceee
Signed-off-by: Ram Kumar D <quic_ramd@quicinc.com>

Change-Id: I6a65ff9e567663fe210a2217acdcdfbcb0be597e
Signed-off-by: Linux Build Service Account <lnxbuild@localhost>

Only treat an ASN1_ANY type as an integer if it has the V_ASN1_INTEGER
tag: V_ASN1_NEG_INTEGER is an internal only value which is never used
for on the wire encoding.

Thanks to David Benjamin <davidben@google.com> for reporting this bug.

This was found using libFuzzer.

RT#4364 (part)CVE-2016-2108.

Reviewed-by: Emilia Käsper <emilia@openssl.org>

Signed-off-by: Rajkumar Ayyasamy <arajkuma@codeaurora.org>
Change-Id: I43a3353e121002ff42e7013847071f94500477dd

Fix bug where i2c_ASN1_INTEGER mishandles zero if it is marked as
negative.

Thanks to Huzaifa Sidhpurwala <huzaifas@redhat.com> and
Hanno Böck <hanno@hboeck.de> for reporting this issue.

Reviewed-by: Rich Salz <rsalz@openssl.org>

(cherry-picked from a0eed48d37a4b7beea0c966caf09ad46f4a92a44)

Bug: 28175332
Change-Id: I1e2b580f4a6d4a0fd5d26174a9cb7ed86504e7d4
Signed-off-by: Rajkumar Ayyasamy <arajkuma@codeaurora.org>

Signed-off-by: Rajkumar Ayyasamy <arajkuma@codeaurora.org>
Change-Id: I5649ff5c24cdb6b60f546417555f38691cd1005a

lk does not support crashdump, so patching the kernel
dts with dload_status disabled

When crashdump is disabled, kernel will set the dload_magic
as 0x40. When dload magic is 0x40, lk will clear the
magic and do warm/cold reset.

Signed-off-by: Rajkumar Ayyasamy <arajkuma@codeaurora.org>
Change-Id: Ifad568a5be0cfaf73f0db967a15fe38f49909181

Corrected the check in write_mbr_in_blocks such as to prevent buffer overread.

Signed-off-by: Md Sadre Alam <mdalam@codeaurora.org>
Signed-off-by: Ashish Bhimanpalliwar <abhiman@codeaurora.org>
Change-Id: I7d3252ad98e2460cd9ba2ca74b37abb7a0c6bbab

Corrected the check in write_mbr_in_blocks such as to prevent buffer overread.

(cherry picked from commit 2bf71a8860e9baa87d8abfb11e66b124baa43f71)

Signed-off-by: Karthick Shanmugham <kartshan@codeaurora.org>
Change-Id: I3b7bba147016699d25f8f6f75d1c76eae56ffd68

Prevent the out of bounds read in second_size of boot image header
which could be triggered by maximum image size overflow.

Signed-off-by: Balaji Prakash J <bjagadee@codeaurora.org>
Change-Id: Id42efbf74c3ed0e46105e085afa29c9c69da507f

Prevent the out of bounds read in second_size of boot image header
which could be triggered by maximum image size overflow.

Signed-off-by: Balaji Prakash J <bjagadee@codeaurora.org>
Change-Id: Id42efbf74c3ed0e46105e085afa29c9c69da507f

Prevent the out of bounds read in second_size of boot image header
which could be triggered by maximum image size overflow.

Change-Id: I4a9842b5eb0800e55f658a6c05a7cb6e14110cbc
Signed-off-by: Karthick Jeyaraman <kjeyaram@codeaurora.org>

Fix memory leak in FOTA partition update.

Change-Id: I6ecfc9dd43a90fcc2bf84b33afb153199d211618
Signed-off-by: Karthick Jeyaraman <kjeyaram@codeaurora.org>

Added integer overflow checks in reading the boot image
from flash device.

Change-Id: I7c5af9fe7bc176be786aabd038e828eb211424d2
Signed-off-by: Karthick Jeyaraman <kjeyaram@codeaurora.org>

    - Enabled GZIP header support
    - Added a wrapper for zlib's crc32
      APIs to avoid conflicts with existing
      checksum calculation which LK uses

Change-Id: Iea73cf8c6eeb2fbab2f43d1fd28c4e5c353adcb7
Signed-off-by: Karthick Jeyaraman <kjeyaram@codeaurora.org>

This is a snapshot of zlib deflate lib files from QSDK's U-boot-2016 master branch,
(https://source.codeaurora.org/quic/qsdk/oss/boot/u-boot-2016/tree/lib/zlib

)

Also, renamed the existing directory zlib_inflate to zlib,
as it now supports both inflate and deflate. 

Change-Id: Idf6efe3455dde80995865d6d1ad6890c5fe37be4
Signed-off-by: Karthick Jeyaraman <kjeyaram@codeaurora.org>