openssl: Revert 9 CVE fixes merged upstreamkrogoth

Revert "openssl: Security fix CVE-2016-6306" This reverts commit f73e0eb5d77764c00d6ae8db10528522fc8516bc. Revert "openssl: Security fix CVE-2016-6304" This reverts commit 35f3007f0e0c56bc2f96ab5893686191d099949f. Revert "openssl: Security fix CVE-2016-6303" This reverts commit 744b01090f6cf4984c11bb682693647a62103644. Revert "openssl: Security fix CVE-2016-6302" This reverts commit 8ac9ad185c0889af0bfb2fcd90a6987cb972eb0a. Revert "openssl: Security fix CVE-2016-2182" This reverts commit c95a5d22dedc5701d18e91e40a0c54802915187d. Revert "openssl: Security fix CVE-2016-2181" This reverts commit f0e2e3d84763477138d902f7d48ac2658266aa2b. Revert "openssl: Security fix CVE-2016-2180" This reverts commit 5493231d1ff5e9b259cd074245e909b5e39d926e. Revert "openssl: Security fix CVE-2016-2179" This reverts commit 331ca6f05824e5b005cbf504233b3c72275181d5. Revert "openssl: Security fix CVE-2016-2178" This reverts commit ac47871dfb962355c3c8971cd2fde2e4d03c9790. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
author: Adrian Dudau <adrian.dudau@enea.com> 2016-09-27 16:38:51 +0200
committer: Martin Borg <martin.borg@enea.com> 2016-09-29 13:37:39 +0200
commit: 96cf162f9d9e83121ec43a8baf940d4ebc75b811 (patch)
tree: b9f2df27caa54035f33f4aba79bcc060804c0dd4 /recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
parent: f73e0eb5d77764c00d6ae8db10528522fc8516bc (diff)
download: meta-el-common-krogoth.tar.gz
1 files changed, 0 insertions, 91 deletions
diff --git a/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch b/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
deleted file mode 100644
index 9149dbe..0000000
--- a/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 20744f6b40b5ded059a848f66d6ba922f2a62eb3 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Tue, 5 Jul 2016 11:46:26 +0100
-Subject: [PATCH] Fix DTLS unprocessed records bug
-During a DTLS handshake we may get records destined for the next epoch
-arrive before we have processed the CCS. In that case we can't decrypt or
-verify the record yet, so we buffer it for later use. When we do receive
-the CCS we work through the queue of unprocessed records and process them.
-Unfortunately the act of processing wipes out any existing packet data
-that we were still working through. This includes any records from the new
-epoch that were in the same packet as the CCS. We should only process the
-buffered records if we've not got any data left.
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-Upstream-Status: Backport
-CVE: CVE-2016-2180 patch 1
-Signed-off-by: Armin Kuster <akuster@mvista.com>
---
- ssl/d1_pkt.c | 23 +++++++++++++++++++++--
- 1 file changed, 21 insertions(+), 2 deletions(-)
-diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
-index fe30ec7..1fb119d 100644
--- a/ssl/d1_pkt.c
-+++ b/ssl/d1_pkt.c
-@@ -319,6 +319,7 @@ static int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
- static int dtls1_process_buffered_records(SSL *s)
- {
-     pitem *item;
-+    SSL3_BUFFER *rb;
- 
-     item = pqueue_peek(s->d1->unprocessed_rcds.q);
-     if (item) {
-@@ -326,6 +327,19 @@ static int dtls1_process_buffered_records(SSL *s)
-         if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
-             return (1);         /* Nothing to do. */
- 
-+        rb = &s->s3->rbuf;
-+
-+        if (rb->left > 0) {
-+            /*
-+             * We've still got data from the current packet to read. There could
-+             * be a record from the new epoch in it - so don't overwrite it
-+             * with the unprocessed records yet (we'll do it when we've
-+             * finished reading the current packet).
-+             */
-+            return 1;
-+        }
-+
-+
-         /* Process all the records. */
-         while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
-             dtls1_get_unprocessed_record(s);
-@@ -581,6 +595,7 @@ int dtls1_get_record(SSL *s)
- 
-     rr = &(s->s3->rrec);
- 
-+ again:
-     /*
-      * The epoch may have changed.  If so, process all the pending records.
-      * This is a non-blocking operation.
-@@ -593,7 +608,6 @@ int dtls1_get_record(SSL *s)
-         return 1;
- 
-     /* get something from the wire */
- again:
-     /* check if we have the header */
-     if ((s->rstate != SSL_ST_READ_BODY) ||
-         (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-@@ -1830,8 +1844,13 @@ static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
-     if (rr->epoch == s->d1->r_epoch)
-         return &s->d1->bitmap;
- 
-    /* Only HM and ALERT messages can be from the next epoch */
-+    /*
-+     * Only HM and ALERT messages can be from the next epoch and only if we
-+     * have already processed all of the unprocessed records from the last
-+     * epoch
-+     */
-     else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
-+             s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
-              (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
-         *is_next_epoch = 1;
-         return &s->d1->next_bitmap;
-- 
-2.7.4
author	Adrian Dudau <adrian.dudau@enea.com>	2016-09-27 16:38:51 +0200
committer	Martin Borg <martin.borg@enea.com>	2016-09-29 13:37:39 +0200
commit	96cf162f9d9e83121ec43a8baf940d4ebc75b811 (patch)
tree	b9f2df27caa54035f33f4aba79bcc060804c0dd4 /recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
parent	f73e0eb5d77764c00d6ae8db10528522fc8516bc (diff)
download	meta-el-common-krogoth.tar.gz

diff --git a/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch b/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch deleted file mode 100644 index 9149dbe..0000000 --- a/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch +++ /dev/null
@@ -1,91 +0,0 @@
1	From 20744f6b40b5ded059a848f66d6ba922f2a62eb3 Mon Sep 17 00:00:00 2001
2	From: Matt Caswell <matt@openssl.org>
3	Date: Tue, 5 Jul 2016 11:46:26 +0100
4	Subject: [PATCH] Fix DTLS unprocessed records bug
5
6	During a DTLS handshake we may get records destined for the next epoch
7	arrive before we have processed the CCS. In that case we can't decrypt or
8	verify the record yet, so we buffer it for later use. When we do receive
9	the CCS we work through the queue of unprocessed records and process them.
10
11	Unfortunately the act of processing wipes out any existing packet data
12	that we were still working through. This includes any records from the new
13	epoch that were in the same packet as the CCS. We should only process the
14	buffered records if we've not got any data left.
15
16	Reviewed-by: Richard Levitte <levitte@openssl.org>
17
18	Upstream-Status: Backport
19	CVE: CVE-2016-2180 patch 1
20	Signed-off-by: Armin Kuster <akuster@mvista.com>
21
22	---
23	ssl/d1_pkt.c \| 23 +++++++++++++++++++++--
24	1 file changed, 21 insertions(+), 2 deletions(-)
25
26	diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
27	index fe30ec7..1fb119d 100644
28	--- a/ssl/d1_pkt.c
29	+++ b/ssl/d1_pkt.c
30	@@ -319,6 +319,7 @@ static int dtls1_retrieve_buffered_record(SSL s, record_pqueue queue)
31	static int dtls1_process_buffered_records(SSL *s)
32	{
33	pitem *item;
34	+ SSL3_BUFFER *rb;
35
36	item = pqueue_peek(s->d1->unprocessed_rcds.q);
37	if (item) {
38	@@ -326,6 +327,19 @@ static int dtls1_process_buffered_records(SSL *s)
39	if (s->d1->unprocessed_rcds.epoch != s->d1->r_epoch)
40	return (1); /* Nothing to do. */
41
42	+ rb = &s->s3->rbuf;
43	+
44	+ if (rb->left > 0) {
45	+ /*
46	+ * We've still got data from the current packet to read. There could
47	+ * be a record from the new epoch in it - so don't overwrite it
48	+ * with the unprocessed records yet (we'll do it when we've
49	+ * finished reading the current packet).
50	+ */
51	+ return 1;
52	+ }
53	+
54	+
55	/* Process all the records. */
56	while (pqueue_peek(s->d1->unprocessed_rcds.q)) {
57	dtls1_get_unprocessed_record(s);
58	@@ -581,6 +595,7 @@ int dtls1_get_record(SSL *s)
59
60	rr = &(s->s3->rrec);
61
62	+ again:
63	/*
64	* The epoch may have changed. If so, process all the pending records.
65	* This is a non-blocking operation.
66	@@ -593,7 +608,6 @@ int dtls1_get_record(SSL *s)
67	return 1;
68
69	/* get something from the wire */
70	- again:
71	/* check if we have the header */
72	if ((s->rstate != SSL_ST_READ_BODY) \|\|
73	(s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
74	@@ -1830,8 +1844,13 @@ static DTLS1_BITMAP dtls1_get_bitmap(SSL s, SSL3_RECORD *rr,
75	if (rr->epoch == s->d1->r_epoch)
76	return &s->d1->bitmap;
77
78	- /* Only HM and ALERT messages can be from the next epoch */
79	+ /*
80	+ * Only HM and ALERT messages can be from the next epoch and only if we
81	+ * have already processed all of the unprocessed records from the last
82	+ * epoch
83	+ */
84	else if (rr->epoch == (unsigned long)(s->d1->r_epoch + 1) &&
85	+ s->d1->unprocessed_rcds.epoch != s->d1->r_epoch &&
86	(rr->type == SSL3_RT_HANDSHAKE \|\| rr->type == SSL3_RT_ALERT)) {
87	*is_next_epoch = 1;
88	return &s->d1->next_bitmap;
89	--
90	2.7.4
91