summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRobert Yang <liezhi.yang@windriver.com>2016-05-11 07:43:28 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-11 17:00:11 (GMT)
commit3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree0075f669416d5adb6da8b1b06f28aeafb6f32b68
parent8463c062909dba7367d56105cc56126ba971984e (diff)
downloadpoky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz
openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)
* CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch66
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch101
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch45
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch66
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch63
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch102
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch156
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch198
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch592
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch503
-rw-r--r--meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch14
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch17
-rw-r--r--meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch (renamed from meta/recipes-connectivity/openssl/openssl/debian/version-script.patch)35
-rw-r--r--meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch14
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2h.bb (renamed from meta/recipes-connectivity/openssl/openssl_1.0.2d.bb)18
15 files changed, 40 insertions, 1950 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch b/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
deleted file mode 100644
index 39a2e5a..0000000
--- a/meta/recipes-connectivity/openssl/openssl/0001-Add-test-for-CVE-2015-3194.patch
+++ /dev/null
@@ -1,66 +0,0 @@
1From 00456fded43eadd4bb94bf675ae4ea5d158a764f Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Wed, 4 Nov 2015 13:30:03 +0000
4Subject: [PATCH] Add test for CVE-2015-3194
5
6Reviewed-by: Richard Levitte <levitte@openssl.org>
7
8Upstream-Status: Backport
9
10This patch was imported from
11https://git.openssl.org/?p=openssl.git;a=commit;h=00456fded43eadd4bb94bf675ae4ea5d158a764f
12Signed-off-by: Armin Kuster <akuster@mvista.com>
13
14---
15 test/certs/pss1.pem | 21 +++++++++++++++++++++
16 test/tx509 | 7 +++++++
17 2 files changed, 28 insertions(+)
18 create mode 100644 test/certs/pss1.pem
19
20diff --git a/test/certs/pss1.pem b/test/certs/pss1.pem
21new file mode 100644
22index 0000000..29da71d
23--- /dev/null
24+++ b/test/certs/pss1.pem
25@@ -0,0 +1,21 @@
26+-----BEGIN CERTIFICATE-----
27+MIIDdjCCAjqgAwIBAgIJANcwZLyfEv7DMD4GCSqGSIb3DQEBCjAxoA0wCwYJYIZI
28+AWUDBAIBoRowGAYJKoZIhvcNAQEIMAsGCWCGSAFlAwQCAaIEAgIA3jAnMSUwIwYD
29+VQQDDBxUZXN0IEludmFsaWQgUFNTIGNlcnRpZmljYXRlMB4XDTE1MTEwNDE2MDIz
30+NVoXDTE1MTIwNDE2MDIzNVowJzElMCMGA1UEAwwcVGVzdCBJbnZhbGlkIFBTUyBj
31+ZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMTaM7WH
32+qVCAGAIA+zL1KWvvASTrhlq+1ePdO7wsrWX2KiYoTYrJYTnxhLnn0wrHqApt79nL
33+IBG7cfShyZqFHOY/IzlYPMVt+gPo293gw96Fds5JBsjhjkyGnOyr9OUntFqvxDbT
34+IIFU7o9IdxD4edaqjRv+fegVE+B79pDk4s0ujsk6dULtCg9Rst0ucGFo19mr+b7k
35+dbfn8pZ72ZNDJPueVdrUAWw9oll61UcYfk75XdrLk6JlL41GrYHc8KlfXf43gGQq
36+QfrpHkg4Ih2cI6Wt2nhFGAzrlcorzLliQIUJRIhM8h4IgDfpBpaPdVQLqS2pFbXa
37+5eQjqiyJwak2vJ8CAwEAAaNQME4wHQYDVR0OBBYEFCt180N4oGUt5LbzBwQ4Ia+2
38+4V97MB8GA1UdIwQYMBaAFCt180N4oGUt5LbzBwQ4Ia+24V97MAwGA1UdEwQFMAMB
39+Af8wMQYJKoZIhvcNAQEKMCSgDTALBglghkgBZQMEAgGhDTALBgkqhkiG9w0BAQii
40+BAICAN4DggEBAAjBtm90lGxgddjc4Xu/nbXXFHVs2zVcHv/mqOZoQkGB9r/BVgLb
41+xhHrFZ2pHGElbUYPfifdS9ztB73e1d4J+P29o0yBqfd4/wGAc/JA8qgn6AAEO/Xn
42+plhFeTRJQtLZVl75CkHXgUGUd3h+ADvKtcBuW9dSUncaUrgNKR8u/h/2sMG38RWY
43+DzBddC/66YTa3r7KkVUfW7yqRQfELiGKdcm+bjlTEMsvS+EhHup9CzbpoCx2Fx9p
44+NPtFY3yEObQhmL1JyoCRWqBE75GzFPbRaiux5UpEkns+i3trkGssZzsOuVqHNTNZ
45+lC9+9hPHIoc9UMmAQNo1vGIW3NWVoeGbaJ8=
46+-----END CERTIFICATE-----
47diff --git a/test/tx509 b/test/tx509
48index 0ce3b52..77f5cac 100644
49--- a/test/tx509
50+++ b/test/tx509
51@@ -74,5 +74,12 @@ if [ $? != 0 ]; then exit 1; fi
52 cmp x509-f.p x509-ff.p3
53 if [ $? != 0 ]; then exit 1; fi
54
55+echo "Parsing test certificates"
56+
57+$cmd -in certs/pss1.pem -text -noout >/dev/null
58+if [ $? != 0 ]; then exit 1; fi
59+
60+echo OK
61+
62 /bin/rm -f x509-f.* x509-ff.* x509-fff.*
63 exit 0
64--
652.3.5
66
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
deleted file mode 100644
index 125016a..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
+++ /dev/null
@@ -1,101 +0,0 @@
1From d73cc256c8e256c32ed959456101b73ba9842f72 Mon Sep 17 00:00:00 2001
2From: Andy Polyakov <appro@openssl.org>
3Date: Tue, 1 Dec 2015 09:00:32 +0100
4Subject: [PATCH] bn/asm/x86_64-mont5.pl: fix carry propagating bug
5 (CVE-2015-3193).
6
7Reviewed-by: Richard Levitte <levitte@openssl.org>
8(cherry picked from commit e7c078db57908cbf16074c68034977565ffaf107)
9
10Upstream-Status: Backport
11
12This patch was imported from
13https://git.openssl.org/?p=openssl.git;a=commit;h=d73cc256c8e256c32ed959456101b73ba9842f72
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 crypto/bn/asm/x86_64-mont5.pl | 22 +++++++++++++++++++---
19 crypto/bn/bntest.c | 18 ++++++++++++++++++
20 2 files changed, 37 insertions(+), 3 deletions(-)
21
22Index: openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
23===================================================================
24--- openssl-1.0.2d.orig/crypto/bn/asm/x86_64-mont5.pl
25+++ openssl-1.0.2d/crypto/bn/asm/x86_64-mont5.pl
26@@ -1779,6 +1779,15 @@ sqr8x_reduction:
27 .align 32
28 .L8x_tail_done:
29 add (%rdx),%r8 # can this overflow?
30+ adc \$0,%r9
31+ adc \$0,%r10
32+ adc \$0,%r11
33+ adc \$0,%r12
34+ adc \$0,%r13
35+ adc \$0,%r14
36+ adc \$0,%r15 # can't overflow, because we
37+ # started with "overhung" part
38+ # of multiplication
39 xor %rax,%rax
40
41 neg $carry
42@@ -3125,6 +3134,15 @@ sqrx8x_reduction:
43 .align 32
44 .Lsqrx8x_tail_done:
45 add 24+8(%rsp),%r8 # can this overflow?
46+ adc \$0,%r9
47+ adc \$0,%r10
48+ adc \$0,%r11
49+ adc \$0,%r12
50+ adc \$0,%r13
51+ adc \$0,%r14
52+ adc \$0,%r15 # can't overflow, because we
53+ # started with "overhung" part
54+ # of multiplication
55 mov $carry,%rax # xor %rax,%rax
56
57 sub 16+8(%rsp),$carry # mov 16(%rsp),%cf
58@@ -3168,13 +3186,11 @@ my ($rptr,$nptr)=("%rdx","%rbp");
59 my @ri=map("%r$_",(10..13));
60 my @ni=map("%r$_",(14..15));
61 $code.=<<___;
62- xor %rbx,%rbx
63+ xor %ebx,%ebx
64 sub %r15,%rsi # compare top-most words
65 adc %rbx,%rbx
66 mov %rcx,%r10 # -$num
67- .byte 0x67
68 or %rbx,%rax
69- .byte 0x67
70 mov %rcx,%r9 # -$num
71 xor \$1,%rax
72 sar \$3+2,%rcx # cf=0
73Index: openssl-1.0.2d/crypto/bn/bntest.c
74===================================================================
75--- openssl-1.0.2d.orig/crypto/bn/bntest.c
76+++ openssl-1.0.2d/crypto/bn/bntest.c
77@@ -1027,6 +1027,24 @@ int test_mod_exp_mont_consttime(BIO *bp,
78 return 0;
79 }
80 }
81+
82+ /* Regression test for carry propagation bug in sqr8x_reduction */
83+ BN_hex2bn(&a, "050505050505");
84+ BN_hex2bn(&b, "02");
85+ BN_hex2bn(&c,
86+ "4141414141414141414141274141414141414141414141414141414141414141"
87+ "4141414141414141414141414141414141414141414141414141414141414141"
88+ "4141414141414141414141800000000000000000000000000000000000000000"
89+ "0000000000000000000000000000000000000000000000000000000000000000"
90+ "0000000000000000000000000000000000000000000000000000000000000000"
91+ "0000000000000000000000000000000000000000000000000000000001");
92+ BN_mod_exp(d, a, b, c, ctx);
93+ BN_mul(e, a, a, ctx);
94+ if (BN_cmp(d, e)) {
95+ fprintf(stderr, "BN_mod_exp and BN_mul produce different results!\n");
96+ return 0;
97+ }
98+
99 BN_free(a);
100 BN_free(b);
101 BN_free(c);
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
deleted file mode 100644
index 13d4891..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-1-Add-PSS-parameter-check.patch
+++ /dev/null
@@ -1,45 +0,0 @@
1From c394a488942387246653833359a5c94b5832674e Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Fri, 2 Oct 2015 12:35:19 +0100
4Subject: [PATCH] Add PSS parameter check.
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Avoid seg fault by checking mgf1 parameter is not NULL. This can be
10triggered during certificate verification so could be a DoS attack
11against a client or a server enabling client authentication.
12
13Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
14
15CVE-2015-3194
16
17Reviewed-by: Richard Levitte <levitte@openssl.org>
18
19Upstream-Status: Backport
20
21This patch was imported from
22https://git.openssl.org/?p=openssl.git;a=commit;h=c394a488942387246653833359a5c94b5832674e
23
24Signed-off-by: Armin Kuster <akuster@mvista.com>
25
26---
27 crypto/rsa/rsa_ameth.c | 2 +-
28 1 file changed, 1 insertion(+), 1 deletion(-)
29
30diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
31index ca3922e..4e06218 100644
32--- a/crypto/rsa/rsa_ameth.c
33+++ b/crypto/rsa/rsa_ameth.c
34@@ -268,7 +268,7 @@ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
35 {
36 const unsigned char *p;
37 int plen;
38- if (alg == NULL)
39+ if (alg == NULL || alg->parameter == NULL)
40 return NULL;
41 if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
42 return NULL;
43--
442.3.5
45
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
deleted file mode 100644
index 6fc4d0e..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
+++ /dev/null
@@ -1,66 +0,0 @@
1From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
2From: "Dr. Stephen Henson" <steve@openssl.org>
3Date: Tue, 10 Nov 2015 19:03:07 +0000
4Subject: [PATCH] Fix leak with ASN.1 combine.
5
6When parsing a combined structure pass a flag to the decode routine
7so on error a pointer to the parent structure is not zeroed as
8this will leak any additional components in the parent.
9
10This can leak memory in any application parsing PKCS#7 or CMS structures.
11
12CVE-2015-3195.
13
14Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
15libFuzzer.
16
17PR#4131
18
19Reviewed-by: Richard Levitte <levitte@openssl.org>
20
21Upstream-Status: Backport
22
23This patch was imported from
24https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
25
26Signed-off-by: Armin Kuster <akuster@mvista.com>
27
28---
29 crypto/asn1/tasn_dec.c | 7 +++++--
30 1 file changed, 5 insertions(+), 2 deletions(-)
31
32diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
33index febf605..9256049 100644
34--- a/crypto/asn1/tasn_dec.c
35+++ b/crypto/asn1/tasn_dec.c
36@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
37 int otag;
38 int ret = 0;
39 ASN1_VALUE **pchptr, *ptmpval;
40+ int combine = aclass & ASN1_TFLG_COMBINE;
41+ aclass &= ~ASN1_TFLG_COMBINE;
42 if (!pval)
43 return 0;
44 if (aux && aux->asn1_cb)
45@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
46 auxerr:
47 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
48 err:
49- ASN1_item_ex_free(pval, it);
50+ if (combine == 0)
51+ ASN1_item_ex_free(pval, it);
52 if (errtt)
53 ERR_add_error_data(4, "Field=", errtt->field_name,
54 ", Type=", it->sname);
55@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
56 } else {
57 /* Nothing special */
58 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
59- -1, 0, opt, ctx);
60+ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
61 if (!ret) {
62 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
63 goto err;
64--
652.3.5
66
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
deleted file mode 100644
index dd288c9..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
+++ /dev/null
@@ -1,63 +0,0 @@
1From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 30 Dec 2015 22:44:51 -0500
4Subject: [PATCH] Better SSLv2 cipher-suite enforcement
5
6Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
7
8CVE-2015-3197
9
10Reviewed-by: Tim Hudson <tjh@openssl.org>
11Reviewed-by: Richard Levitte <levitte@openssl.org>
12
13Upstream-Status: Backport
14https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245
15
16CVE: CVE-2015-3197
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 ssl/s2_srvr.c | 15 +++++++++++++--
21 1 file changed, 13 insertions(+), 2 deletions(-)
22
23Index: openssl-1.0.2d/ssl/s2_srvr.c
24===================================================================
25--- openssl-1.0.2d.orig/ssl/s2_srvr.c
26+++ openssl-1.0.2d/ssl/s2_srvr.c
27@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
28 }
29
30 cp = ssl2_get_cipher_by_char(p);
31- if (cp == NULL) {
32+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
33 ssl2_return_error(s, SSL2_PE_NO_CIPHER);
34 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
35 return (-1);
36@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
37 prio = cs;
38 allow = cl;
39 }
40+
41+ /* Generate list of SSLv2 ciphers shared between client and server */
42 for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
43- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
44+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
45+ if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
46+ sk_SSL_CIPHER_find(allow, cp) < 0) {
47 (void)sk_SSL_CIPHER_delete(prio, z);
48 z--;
49 }
50@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
51 sk_SSL_CIPHER_free(s->session->ciphers);
52 s->session->ciphers = prio;
53 }
54+
55+ /* Make sure we have at least one cipher in common */
56+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
57+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
58+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
59+ return -1;
60+ }
61 /*
62 * s->session->ciphers should now have a list of ciphers that are on
63 * both the client and server. This list is ordered by the order the
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
deleted file mode 100644
index cf2d9a7..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
+++ /dev/null
@@ -1,102 +0,0 @@
1From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001
2From: Matt Caswell <matt@openssl.org>
3Date: Mon, 18 Jan 2016 11:31:58 +0000
4Subject: [PATCH] Prevent small subgroup attacks on DH/DHE
5
6Historically OpenSSL only ever generated DH parameters based on "safe"
7primes. More recently (in version 1.0.2) support was provided for
8generating X9.42 style parameter files such as those required for RFC
95114 support. The primes used in such files may not be "safe". Where an
10application is using DH configured with parameters based on primes that
11are not "safe" then an attacker could use this fact to find a peer's
12private DH exponent. This attack requires that the attacker complete
13multiple handshakes in which the peer uses the same DH exponent.
14
15A simple mitigation is to ensure that y^q (mod p) == 1
16
17CVE-2016-0701 (fix part 1 of 2)
18
19Issue reported by Antonio Sanso.
20
21Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
22
23Upstream-Status: Backport
24
25https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648
26
27CVE: CVE-2016-0701
28Signed-of-by: Armin Kuster <akuster@mvisa.com>
29
30---
31 crypto/dh/dh.h | 1 +
32 crypto/dh/dh_check.c | 35 +++++++++++++++++++++++++----------
33 2 files changed, 26 insertions(+), 10 deletions(-)
34
35diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
36index b177673..5498a9d 100644
37--- a/crypto/dh/dh.h
38+++ b/crypto/dh/dh.h
39@@ -174,6 +174,7 @@ struct dh_st {
40 /* DH_check_pub_key error codes */
41 # define DH_CHECK_PUBKEY_TOO_SMALL 0x01
42 # define DH_CHECK_PUBKEY_TOO_LARGE 0x02
43+# define DH_CHECK_PUBKEY_INVALID 0x03
44
45 /*
46 * primes p where (p-1)/2 is prime too are called "safe"; we define this for
47diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
48index 347467c..5adedc0 100644
49--- a/crypto/dh/dh_check.c
50+++ b/crypto/dh/dh_check.c
51@@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
52 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
53 {
54 int ok = 0;
55- BIGNUM *q = NULL;
56+ BIGNUM *tmp = NULL;
57+ BN_CTX *ctx = NULL;
58
59 *ret = 0;
60- q = BN_new();
61- if (q == NULL)
62+ ctx = BN_CTX_new();
63+ if (ctx == NULL)
64 goto err;
65- BN_set_word(q, 1);
66- if (BN_cmp(pub_key, q) <= 0)
67+ BN_CTX_start(ctx);
68+ tmp = BN_CTX_get(ctx);
69+ if (tmp == NULL)
70+ goto err;
71+ BN_set_word(tmp, 1);
72+ if (BN_cmp(pub_key, tmp) <= 0)
73 *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
74- BN_copy(q, dh->p);
75- BN_sub_word(q, 1);
76- if (BN_cmp(pub_key, q) >= 0)
77+ BN_copy(tmp, dh->p);
78+ BN_sub_word(tmp, 1);
79+ if (BN_cmp(pub_key, tmp) >= 0)
80 *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
81
82+ if (dh->q != NULL) {
83+ /* Check pub_key^q == 1 mod p */
84+ if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
85+ goto err;
86+ if (!BN_is_one(tmp))
87+ *ret |= DH_CHECK_PUBKEY_INVALID;
88+ }
89+
90 ok = 1;
91 err:
92- if (q != NULL)
93- BN_free(q);
94+ if (ctx != NULL) {
95+ BN_CTX_end(ctx);
96+ BN_CTX_free(ctx);
97+ }
98 return (ok);
99 }
100--
1012.3.5
102
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch
deleted file mode 100644
index 05caf0a..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_2.patch
+++ /dev/null
@@ -1,156 +0,0 @@
1From c5b831f21d0d29d1e517d139d9d101763f60c9a2 Mon Sep 17 00:00:00 2001
2From: Matt Caswell <matt@openssl.org>
3Date: Thu, 17 Dec 2015 02:57:20 +0000
4Subject: [PATCH] Always generate DH keys for ephemeral DH cipher suites
5
6Modified version of the commit ffaef3f15 in the master branch by Stephen
7Henson. This makes the SSL_OP_SINGLE_DH_USE option a no-op and always
8generates a new DH key for every handshake regardless.
9
10CVE-2016-0701 (fix part 2 or 2)
11
12Issue reported by Antonio Sanso
13
14Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
15
16Upstream-Status: Backport
17
18https://github.com/openssl/openssl/commit/c5b831f21d0d29d1e517d139d9d101763f60c9a2
19
20CVE: CVE-2016-0701 #2
21Signed-of-by: Armin Kuster <akuster@mvisa.com>
22
23---
24 doc/ssl/SSL_CTX_set_tmp_dh_callback.pod | 29 +++++------------------------
25 ssl/s3_lib.c | 14 --------------
26 ssl/s3_srvr.c | 17 +++--------------
27 ssl/ssl.h | 2 +-
28 4 files changed, 9 insertions(+), 53 deletions(-)
29
30Index: openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
31===================================================================
32--- openssl-1.0.2d.orig/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
33+++ openssl-1.0.2d/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
34@@ -48,25 +48,8 @@ even if he gets hold of the normal (cert
35 only used for signing.
36
37 In order to perform a DH key exchange the server must use a DH group
38-(DH parameters) and generate a DH key.
39-The server will always generate a new DH key during the negotiation
40-if either the DH parameters are supplied via callback or the
41-SSL_OP_SINGLE_DH_USE option of SSL_CTX_set_options(3) is set (or both).
42-It will immediately create a DH key if DH parameters are supplied via
43-SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set.
44-In this case,
45-it may happen that a key is generated on initialization without later
46-being needed, while on the other hand the computer time during the
47-negotiation is being saved.
48-
49-If "strong" primes were used to generate the DH parameters, it is not strictly
50-necessary to generate a new key for each handshake but it does improve forward
51-secrecy. If it is not assured that "strong" primes were used,
52-SSL_OP_SINGLE_DH_USE must be used in order to prevent small subgroup
53-attacks. Always using SSL_OP_SINGLE_DH_USE has an impact on the
54-computer time needed during negotiation, but it is not very large, so
55-application authors/users should consider always enabling this option.
56-The option is required to implement perfect forward secrecy (PFS).
57+(DH parameters) and generate a DH key. The server will always generate
58+a new DH key during the negotiation.
59
60 As generating DH parameters is extremely time consuming, an application
61 should not generate the parameters on the fly but supply the parameters.
62@@ -93,10 +76,9 @@ can supply the DH parameters via a callb
63 Previous versions of the callback used B<is_export> and B<keylength>
64 parameters to control parameter generation for export and non-export
65 cipher suites. Modern servers that do not support export ciphersuites
66-are advised to either use SSL_CTX_set_tmp_dh() in combination with
67-SSL_OP_SINGLE_DH_USE, or alternatively, use the callback but ignore
68-B<keylength> and B<is_export> and simply supply at least 2048-bit
69-parameters in the callback.
70+are advised to either use SSL_CTX_set_tmp_dh() or alternatively, use
71+the callback but ignore B<keylength> and B<is_export> and simply
72+supply at least 2048-bit parameters in the callback.
73
74 =head1 EXAMPLES
75
76@@ -128,7 +110,6 @@ partly left out.)
77 if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
78 /* Error. */
79 }
80- SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
81 ...
82
83 =head1 RETURN VALUES
84Index: openssl-1.0.2d/ssl/s3_lib.c
85===================================================================
86--- openssl-1.0.2d.orig/ssl/s3_lib.c
87+++ openssl-1.0.2d/ssl/s3_lib.c
88@@ -3206,13 +3206,6 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
89 SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
90 return (ret);
91 }
92- if (!(s->options & SSL_OP_SINGLE_DH_USE)) {
93- if (!DH_generate_key(dh)) {
94- DH_free(dh);
95- SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB);
96- return (ret);
97- }
98- }
99 if (s->cert->dh_tmp != NULL)
100 DH_free(s->cert->dh_tmp);
101 s->cert->dh_tmp = dh;
102@@ -3710,13 +3703,6 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
103 SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
104 return 0;
105 }
106- if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) {
107- if (!DH_generate_key(new)) {
108- SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_DH_LIB);
109- DH_free(new);
110- return 0;
111- }
112- }
113 if (cert->dh_tmp != NULL)
114 DH_free(cert->dh_tmp);
115 cert->dh_tmp = new;
116Index: openssl-1.0.2d/ssl/s3_srvr.c
117===================================================================
118--- openssl-1.0.2d.orig/ssl/s3_srvr.c
119+++ openssl-1.0.2d/ssl/s3_srvr.c
120@@ -1684,20 +1684,9 @@ int ssl3_send_server_key_exchange(SSL *s
121 }
122
123 s->s3->tmp.dh = dh;
124- if ((dhp->pub_key == NULL ||
125- dhp->priv_key == NULL ||
126- (s->options & SSL_OP_SINGLE_DH_USE))) {
127- if (!DH_generate_key(dh)) {
128- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
129- goto err;
130- }
131- } else {
132- dh->pub_key = BN_dup(dhp->pub_key);
133- dh->priv_key = BN_dup(dhp->priv_key);
134- if ((dh->pub_key == NULL) || (dh->priv_key == NULL)) {
135- SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
136- goto err;
137- }
138+ if (!DH_generate_key(dh)) {
139+ SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_DH_LIB);
140+ goto err;
141 }
142 r[0] = dh->p;
143 r[1] = dh->g;
144Index: openssl-1.0.2d/ssl/ssl.h
145===================================================================
146--- openssl-1.0.2d.orig/ssl/ssl.h
147+++ openssl-1.0.2d/ssl/ssl.h
148@@ -625,7 +625,7 @@ struct ssl_session_st {
149 # define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x00040000L
150 /* If set, always create a new key when using tmp_ecdh parameters */
151 # define SSL_OP_SINGLE_ECDH_USE 0x00080000L
152-/* If set, always create a new key when using tmp_dh parameters */
153+/* Does nothing: retained for compatibility */
154 # define SSL_OP_SINGLE_DH_USE 0x00100000L
155 /* Does nothing: retained for compatibiity */
156 # define SSL_OP_EPHEMERAL_RSA 0x0
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch
deleted file mode 100644
index e5635fe..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch
+++ /dev/null
@@ -1,198 +0,0 @@
1From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 17 Feb 2016 21:07:48 -0500
4Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak
5 ciphers.
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10SSLv2 is by default disabled at build-time. Builds that are not
11configured with "enable-ssl2" will not support SSLv2. Even if
12"enable-ssl2" is used, users who want to negotiate SSLv2 via the
13version-flexible SSLv23_method() will need to explicitly call either
14of:
15
16 SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
17or
18 SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
19
20as appropriate. Even if either of those is used, or the application
21explicitly uses the version-specific SSLv2_method() or its client
22or server variants, SSLv2 ciphers vulnerable to exhaustive search
23key recovery have been removed. Specifically, the SSLv2 40-bit
24EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
25
26Mitigation for CVE-2016-0800
27
28Reviewed-by: Emilia Käsper <emilia@openssl.org>
29
30Upstream-Status: Backport
31
32https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7
33
34CVE: CVE-2016-0800
35Signed-off-by: Armin Kuster <akuster@mvista.com>
36
37---
38 CHANGES | 17 +++++++++++++++++
39 Configure | 3 ++-
40 NEWS | 2 +-
41 ssl/s2_lib.c | 6 ++++++
42 ssl/ssl_conf.c | 10 +++++++++-
43 ssl/ssl_lib.c | 7 +++++++
44 6 files changed, 42 insertions(+), 3 deletions(-)
45
46Index: openssl-1.0.2d/Configure
47===================================================================
48--- openssl-1.0.2d.orig/Configure
49+++ openssl-1.0.2d/Configure
50@@ -847,9 +847,10 @@ my %disabled = ( # "what" => "co
51 "md2" => "default",
52 "rc5" => "default",
53 "rfc3779" => "default",
54- "sctp" => "default",
55+ "sctp" => "default",
56 "shared" => "default",
57 "ssl-trace" => "default",
58+ "ssl2" => "default",
59 "store" => "experimental",
60 "unit-test" => "default",
61 "zlib" => "default",
62Index: openssl-1.0.2d/ssl/s2_lib.c
63===================================================================
64--- openssl-1.0.2d.orig/ssl/s2_lib.c
65+++ openssl-1.0.2d/ssl/s2_lib.c
66@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
67 128,
68 },
69
70+# if 0
71 /* RC4_128_EXPORT40_WITH_MD5 */
72 {
73 1,
74@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
75 40,
76 128,
77 },
78+# endif
79
80 /* RC2_128_CBC_WITH_MD5 */
81 {
82@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
83 128,
84 },
85
86+# if 0
87 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
88 {
89 1,
90@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
91 40,
92 128,
93 },
94+# endif
95
96 # ifndef OPENSSL_NO_IDEA
97 /* IDEA_128_CBC_WITH_MD5 */
98@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
99 },
100 # endif
101
102+# if 0
103 /* DES_64_CBC_WITH_MD5 */
104 {
105 1,
106@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
107 56,
108 56,
109 },
110+# endif
111
112 /* DES_192_EDE3_CBC_WITH_MD5 */
113 {
114Index: openssl-1.0.2d/ssl/ssl_conf.c
115===================================================================
116--- openssl-1.0.2d.orig/ssl/ssl_conf.c
117+++ openssl-1.0.2d/ssl/ssl_conf.c
118@@ -330,11 +330,19 @@ static int cmd_Protocol(SSL_CONF_CTX *cc
119 SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
120 SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2)
121 };
122+ int ret;
123+ int sslv2off;
124+
125 if (!(cctx->flags & SSL_CONF_FLAG_FILE))
126 return -2;
127 cctx->tbl = ssl_protocol_list;
128 cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl);
129- return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
130+
131+ sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2;
132+ ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
133+ /* Never turn on SSLv2 through configuration */
134+ *cctx->poptions |= sslv2off;
135+ return ret;
136 }
137
138 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
139Index: openssl-1.0.2d/ssl/ssl_lib.c
140===================================================================
141--- openssl-1.0.2d.orig/ssl/ssl_lib.c
142+++ openssl-1.0.2d/ssl/ssl_lib.c
143@@ -2052,6 +2052,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
144 */
145 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
146
147+ /*
148+ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
149+ * explicitly clear this option via either of SSL_CTX_clear_options() or
150+ * SSL_clear_options().
151+ */
152+ ret->options |= SSL_OP_NO_SSLv2;
153+
154 return (ret);
155 err:
156 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
157Index: openssl-1.0.2d/CHANGES
158===================================================================
159--- openssl-1.0.2d.orig/CHANGES
160+++ openssl-1.0.2d/CHANGES
161@@ -2,6 +2,25 @@
162 OpenSSL CHANGES
163 _______________
164
165+
166+ * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
167+ is by default disabled at build-time. Builds that are not configured with
168+ "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
169+ users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
170+ will need to explicitly call either of:
171+
172+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
173+ or
174+ SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
175+
176+ as appropriate. Even if either of those is used, or the application
177+ explicitly uses the version-specific SSLv2_method() or its client and
178+ server variants, SSLv2 ciphers vulnerable to exhaustive search key
179+ recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
180+ ciphers, and SSLv2 56-bit DES are no longer available.
181+ [Viktor Dukhovni]
182+
183+
184 Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
185
186 *) Alternate chains certificate forgery
187Index: openssl-1.0.2d/NEWS
188===================================================================
189--- openssl-1.0.2d.orig/NEWS
190+++ openssl-1.0.2d/NEWS
191@@ -1,6 +1,7 @@
192
193 NEWS
194 ====
195+ Disable SSLv2 default build, default negotiation and weak ciphers.
196
197 This file gives a brief overview of the major changes between each OpenSSL
198 release. For more details please read the CHANGES file.
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch
deleted file mode 100644
index de89d08..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch
+++ /dev/null
@@ -1,592 +0,0 @@
1From 021fb42dd0cf2bf985b0e26ca50418eb42c00d09 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 17 Feb 2016 23:38:55 -0500
4Subject: [PATCH] Bring SSL method documentation up to date
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Reviewed-by: Emilia Käsper <emilia@openssl.org>
10
11Upstream-Status: Backport
12
13https://git.openssl.org/?p=openssl.git;a=commit;h=021fb42dd0cf2bf985b0e26ca50418eb42c00d09
14
15CVE: CVE-2016-0800 #2 patch
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 doc/apps/ciphers.pod | 29 ++++---
20 doc/apps/s_client.pod | 12 +--
21 doc/apps/s_server.pod | 8 +-
22 doc/ssl/SSL_CONF_cmd.pod | 33 ++++----
23 doc/ssl/SSL_CTX_new.pod | 168 ++++++++++++++++++++++++++++------------
24 doc/ssl/SSL_CTX_set_options.pod | 10 +++
25 doc/ssl/ssl.pod | 77 ++++++++++++++----
26 7 files changed, 226 insertions(+), 111 deletions(-)
27
28diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
29index 1c26e3b..8038b05 100644
30--- a/doc/apps/ciphers.pod
31+++ b/doc/apps/ciphers.pod
32@@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1.
33
34 Like B<-v>, but include cipher suite codes in output (hex format).
35
36-=item B<-ssl3>
37+=item B<-ssl3>, B<-tls1>
38
39-only include SSL v3 ciphers.
40+This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
41
42 =item B<-ssl2>
43
44-only include SSL v2 ciphers.
45-
46-=item B<-tls1>
47-
48-only include TLS v1 ciphers.
49+Only include SSLv2 ciphers.
50
51 =item B<-h>, B<-?>
52
53-print a brief usage message.
54+Print a brief usage message.
55
56 =item B<cipherlist>
57
58-a cipher list to convert to a cipher preference list. If it is not included
59+A cipher list to convert to a cipher preference list. If it is not included
60 then the default cipher list will be used. The format is described below.
61
62 =back
63@@ -109,9 +105,10 @@ The following is a list of all permitted cipher strings and their meanings.
64
65 =item B<DEFAULT>
66
67-the default cipher list. This is determined at compile time and
68-is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
69-specified.
70+The default cipher list.
71+This is determined at compile time and is normally
72+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
73+When used, this must be the first cipherstring specified.
74
75 =item B<COMPLEMENTOFDEFAULT>
76
77@@ -582,11 +579,11 @@ Note: these ciphers can also be used in SSL v3.
78 =head2 Deprecated SSL v2.0 cipher suites.
79
80 SSL_CK_RC4_128_WITH_MD5 RC4-MD5
81- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
82- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
83- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
84+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented.
85+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5
86+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented.
87 SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
88- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
89+ SSL_CK_DES_64_CBC_WITH_MD5 Not implemented.
90 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
91
92 =head1 NOTES
93diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
94index 84d0527..618df96 100644
95--- a/doc/apps/s_client.pod
96+++ b/doc/apps/s_client.pod
97@@ -201,15 +201,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
98 given as a hexadecimal number without leading 0x, for example -psk
99 1a2b3c4d.
100
101-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
102+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
103
104-these options disable the use of certain SSL or TLS protocols. By default
105-the initial handshake uses a method which should be compatible with all
106-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
107-
108-Unfortunately there are still ancient and broken servers in use which
109-cannot handle this technique and will fail to connect. Some servers only
110-work if TLS is turned off.
111+These options require or disable the use of the specified SSL or TLS protocols.
112+By default the initial handshake uses a I<version-flexible> method which will
113+negotiate the highest mutually supported protocol version.
114
115 =item B<-fallback_scsv>
116
117diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
118index baca779..6f4acb7 100644
119--- a/doc/apps/s_server.pod
120+++ b/doc/apps/s_server.pod
121@@ -217,11 +217,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
122 given as a hexadecimal number without leading 0x, for example -psk
123 1a2b3c4d.
124
125-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
126+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
127
128-these options disable the use of certain SSL or TLS protocols. By default
129-the initial handshake uses a method which should be compatible with all
130-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
131+These options require or disable the use of the specified SSL or TLS protocols.
132+By default the initial handshake uses a I<version-flexible> method which will
133+negotiate the highest mutually supported protocol version.
134
135 =item B<-bugs>
136
137diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
138index 2bf1a60..e81d76a 100644
139--- a/doc/ssl/SSL_CONF_cmd.pod
140+++ b/doc/ssl/SSL_CONF_cmd.pod
141@@ -74,7 +74,7 @@ B<prime256v1>). Curve names are case sensitive.
142
143 =item B<-named_curve>
144
145-This sets the temporary curve used for ephemeral ECDH modes. Only used by
146+This sets the temporary curve used for ephemeral ECDH modes. Only used by
147 servers
148
149 The B<value> argument is a curve name or the special value B<auto> which
150@@ -85,7 +85,7 @@ can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
151 =item B<-cipher>
152
153 Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
154-currently not performed unless a B<SSL> or B<SSL_CTX> structure is
155+currently not performed unless a B<SSL> or B<SSL_CTX> structure is
156 associated with B<cctx>.
157
158 =item B<-cert>
159@@ -111,9 +111,9 @@ operations are permitted.
160
161 =item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
162
163-Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
164-by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>,
165-B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively.
166+Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2
167+by setting the corresponding options B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>,
168+B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> respectively.
169
170 =item B<-bugs>
171
172@@ -177,7 +177,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values.
173 =item B<CipherString>
174
175 Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
176-currently not performed unless an B<SSL> or B<SSL_CTX> structure is
177+currently not performed unless an B<SSL> or B<SSL_CTX> structure is
178 associated with B<cctx>.
179
180 =item B<Certificate>
181@@ -244,7 +244,7 @@ B<prime256v1>). Curve names are case sensitive.
182
183 =item B<ECDHParameters>
184
185-This sets the temporary curve used for ephemeral ECDH modes. Only used by
186+This sets the temporary curve used for ephemeral ECDH modes. Only used by
187 servers
188
189 The B<value> argument is a curve name or the special value B<Automatic> which
190@@ -258,10 +258,11 @@ The supported versions of the SSL or TLS protocol.
191
192 The B<value> argument is a comma separated list of supported protocols to
193 enable or disable. If an protocol is preceded by B<-> that version is disabled.
194-All versions are enabled by default, though applications may choose to
195-explicitly disable some. Currently supported protocol values are B<SSLv2>,
196-B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers
197-to all supported versions.
198+Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>,
199+B<TLSv1.1> and B<TLSv1.2>.
200+All protocol versions other than B<SSLv2> are enabled by default.
201+To avoid inadvertent enabling of B<SSLv2>, when SSLv2 is disabled, it is not
202+possible to enable it via the B<Protocol> command.
203
204 =item B<Options>
205
206@@ -339,16 +340,16 @@ The value is a directory name.
207 The order of operations is significant. This can be used to set either defaults
208 or values which cannot be overridden. For example if an application calls:
209
210- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2");
211+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
212 SSL_CONF_cmd(ctx, userparam, uservalue);
213
214-it will disable SSLv2 support by default but the user can override it. If
215+it will disable SSLv3 support by default but the user can override it. If
216 however the call sequence is:
217
218 SSL_CONF_cmd(ctx, userparam, uservalue);
219- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2");
220+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
221
222-SSLv2 is B<always> disabled and attempt to override this by the user are
223+then SSLv3 is B<always> disabled and attempt to override this by the user are
224 ignored.
225
226 By checking the return code of SSL_CTX_cmd() it is possible to query if a
227@@ -372,7 +373,7 @@ can be checked instead. If -3 is returned a required argument is missing
228 and an error is indicated. If 0 is returned some other error occurred and
229 this can be reported back to the user.
230
231-The function SSL_CONF_cmd_value_type() can be used by applications to
232+The function SSL_CONF_cmd_value_type() can be used by applications to
233 check for the existence of a command or to perform additional syntax
234 checking or translation of the command value. For example if the return
235 value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
236diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
237index 491ac8c..b8cc879 100644
238--- a/doc/ssl/SSL_CTX_new.pod
239+++ b/doc/ssl/SSL_CTX_new.pod
240@@ -2,13 +2,55 @@
241
242 =head1 NAME
243
244-SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
245+SSL_CTX_new,
246+SSLv23_method, SSLv23_server_method, SSLv23_client_method,
247+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
248+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method,
249+TLSv1_method, TLSv1_server_method, TLSv1_client_method,
250+SSLv3_method, SSLv3_server_method, SSLv3_client_method,
251+SSLv2_method, SSLv2_server_method, SSLv2_client_method,
252+DTLS_method, DTLS_server_method, DTLS_client_method,
253+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method,
254+DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method -
255+create a new SSL_CTX object as framework for TLS/SSL enabled functions
256
257 =head1 SYNOPSIS
258
259 #include <openssl/ssl.h>
260
261 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
262+ const SSL_METHOD *SSLv23_method(void);
263+ const SSL_METHOD *SSLv23_server_method(void);
264+ const SSL_METHOD *SSLv23_client_method(void);
265+ const SSL_METHOD *TLSv1_2_method(void);
266+ const SSL_METHOD *TLSv1_2_server_method(void);
267+ const SSL_METHOD *TLSv1_2_client_method(void);
268+ const SSL_METHOD *TLSv1_1_method(void);
269+ const SSL_METHOD *TLSv1_1_server_method(void);
270+ const SSL_METHOD *TLSv1_1_client_method(void);
271+ const SSL_METHOD *TLSv1_method(void);
272+ const SSL_METHOD *TLSv1_server_method(void);
273+ const SSL_METHOD *TLSv1_client_method(void);
274+ #ifndef OPENSSL_NO_SSL3_METHOD
275+ const SSL_METHOD *SSLv3_method(void);
276+ const SSL_METHOD *SSLv3_server_method(void);
277+ const SSL_METHOD *SSLv3_client_method(void);
278+ #endif
279+ #ifndef OPENSSL_NO_SSL2
280+ const SSL_METHOD *SSLv2_method(void);
281+ const SSL_METHOD *SSLv2_server_method(void);
282+ const SSL_METHOD *SSLv2_client_method(void);
283+ #endif
284+
285+ const SSL_METHOD *DTLS_method(void);
286+ const SSL_METHOD *DTLS_server_method(void);
287+ const SSL_METHOD *DTLS_client_method(void);
288+ const SSL_METHOD *DTLSv1_2_method(void);
289+ const SSL_METHOD *DTLSv1_2_server_method(void);
290+ const SSL_METHOD *DTLSv1_2_client_method(void);
291+ const SSL_METHOD *DTLSv1_method(void);
292+ const SSL_METHOD *DTLSv1_server_method(void);
293+ const SSL_METHOD *DTLSv1_client_method(void);
294
295 =head1 DESCRIPTION
296
297@@ -23,65 +65,88 @@ client only type. B<method> can be of the following types:
298
299 =over 4
300
301-=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
302+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
303+
304+These are the general-purpose I<version-flexible> SSL/TLS methods.
305+The actual protocol version used will be negotiated to the highest version
306+mutually supported by the client and the server.
307+The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
308+Most applications should use these method, and avoid the version specific
309+methods described below.
310+
311+The list of protocols available can be further limited using the
312+B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
313+B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the
314+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions.
315+Clients should avoid creating "holes" in the set of protocols they support,
316+when disabling a protocol, make sure that you also disable either all previous
317+or all subsequent protocol versions.
318+In clients, when a protocol version is disabled without disabling I<all>
319+previous protocol versions, the effect is to also disable all subsequent
320+protocol versions.
321+
322+The SSLv2 and SSLv3 protocols are deprecated and should generally not be used.
323+Applications should typically use L<SSL_CTX_set_options(3)> in combination with
324+the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above
325+I<version-flexible> SSL/TLS methods.
326+The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared
327+via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2.
328+
329+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
330
331-A TLS/SSL connection established with these methods will only understand
332-the SSLv2 protocol. A client will send out SSLv2 client hello messages
333-and will also indicate that it only understand SSLv2. A server will only
334-understand SSLv2 client hello messages.
335+A TLS/SSL connection established with these methods will only understand the
336+TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and
337+will also indicate that it only understand TLSv1.2. A server will only
338+understand TLSv1.2 client hello messages.
339
340-=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
341+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
342
343 A TLS/SSL connection established with these methods will only understand the
344-SSLv3 protocol. A client will send out SSLv3 client hello messages
345-and will indicate that it only understands SSLv3. A server will only understand
346-SSLv3 client hello messages. This especially means, that it will
347-not understand SSLv2 client hello messages which are widely used for
348-compatibility reasons, see SSLv23_*_method().
349+TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and
350+will also indicate that it only understand TLSv1.1. A server will only
351+understand TLSv1.1 client hello messages.
352
353-=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
354+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
355
356 A TLS/SSL connection established with these methods will only understand the
357-TLSv1 protocol. A client will send out TLSv1 client hello messages
358-and will indicate that it only understands TLSv1. A server will only understand
359-TLSv1 client hello messages. This especially means, that it will
360-not understand SSLv2 client hello messages which are widely used for
361-compatibility reasons, see SSLv23_*_method(). It will also not understand
362-SSLv3 client hello messages.
363-
364-=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
365-
366-A TLS/SSL connection established with these methods may understand the SSLv2,
367-SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
368-
369-If the cipher list does not contain any SSLv2 ciphersuites (the default
370-cipher list does not) or extensions are required (for example server name)
371-a client will send out TLSv1 client hello messages including extensions and
372-will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
373-fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
374-protocols. This is the best choice when compatibility is a concern.
375-
376-If any SSLv2 ciphersuites are included in the cipher list and no extensions
377-are required then SSLv2 compatible client hellos will be used by clients and
378-SSLv2 will be accepted by servers. This is B<not> recommended due to the
379-insecurity of SSLv2 and the limited nature of the SSLv2 client hello
380-prohibiting the use of extensions.
381+TLSv1 protocol. A client will send out TLSv1 client hello messages and will
382+indicate that it only understands TLSv1. A server will only understand TLSv1
383+client hello messages.
384
385-=back
386+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
387+
388+A TLS/SSL connection established with these methods will only understand the
389+SSLv3 protocol. A client will send out SSLv3 client hello messages and will
390+indicate that it only understands SSLv3. A server will only understand SSLv3
391+client hello messages. The SSLv3 protocol is deprecated and should not be
392+used.
393+
394+=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
395+
396+A TLS/SSL connection established with these methods will only understand the
397+SSLv2 protocol. A client will send out SSLv2 client hello messages and will
398+also indicate that it only understand SSLv2. A server will only understand
399+SSLv2 client hello messages. The SSLv2 protocol offers little to no security
400+and should not be used.
401+As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available
402+with SSLv2.
403
404-The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
405-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
406-options of the SSL_CTX_set_options() or SSL_set_options() functions.
407-Using these options it is possible to choose e.g. SSLv23_server_method() and
408-be able to negotiate with all possible clients, but to only allow newer
409-protocols like TLSv1, TLSv1.1 or TLS v1.2.
410+=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
411
412-Applications which never want to support SSLv2 (even is the cipher string
413-is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.
414+These are the version-flexible DTLS methods.
415+
416+=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
417+
418+These are the version-specific methods for DTLSv1.2.
419+
420+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
421+
422+These are the version-specific methods for DTLSv1.
423+
424+=back
425
426-SSL_CTX_new() initializes the list of ciphers, the session cache setting,
427-the callbacks, the keys and certificates and the options to its default
428-values.
429+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the
430+callbacks, the keys and certificates and the options to its default values.
431
432 =head1 RETURN VALUES
433
434@@ -91,8 +156,8 @@ The following return values can occur:
435
436 =item NULL
437
438-The creation of a new SSL_CTX object failed. Check the error stack to
439-find out the reason.
440+The creation of a new SSL_CTX object failed. Check the error stack to find out
441+the reason.
442
443 =item Pointer to an SSL_CTX object
444
445@@ -102,6 +167,7 @@ The return value points to an allocated SSL_CTX object.
446
447 =head1 SEE ALSO
448
449+L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>,
450 L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
451 L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
452
453diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
454index e80a72c..9a7e98c 100644
455--- a/doc/ssl/SSL_CTX_set_options.pod
456+++ b/doc/ssl/SSL_CTX_set_options.pod
457@@ -189,15 +189,25 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
458 =item SSL_OP_NO_SSLv2
459
460 Do not use the SSLv2 protocol.
461+As of OpenSSL 1.0.2g the B<SSL_OP_NO_SSLv2> option is set by default.
462
463 =item SSL_OP_NO_SSLv3
464
465 Do not use the SSLv3 protocol.
466+It is recommended that applications should set this option.
467
468 =item SSL_OP_NO_TLSv1
469
470 Do not use the TLSv1 protocol.
471
472+=item SSL_OP_NO_TLSv1_1
473+
474+Do not use the TLSv1.1 protocol.
475+
476+=item SSL_OP_NO_TLSv1_2
477+
478+Do not use the TLSv1.2 protocol.
479+
480 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
481
482 When performing renegotiation as a server, always start a new session
483diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
484index 242087e..70cca17 100644
485--- a/doc/ssl/ssl.pod
486+++ b/doc/ssl/ssl.pod
487@@ -130,41 +130,86 @@ protocol methods defined in B<SSL_METHOD> structures.
488
489 =over 4
490
491-=item const SSL_METHOD *B<SSLv2_client_method>(void);
492+=item const SSL_METHOD *B<SSLv23_method>(void);
493
494-Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
495+Constructor for the I<version-flexible> SSL_METHOD structure for
496+clients, servers or both.
497+See L<SSL_CTX_new(3)> for details.
498
499-=item const SSL_METHOD *B<SSLv2_server_method>(void);
500+=item const SSL_METHOD *B<SSLv23_client_method>(void);
501
502-Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
503+Constructor for the I<version-flexible> SSL_METHOD structure for
504+clients.
505
506-=item const SSL_METHOD *B<SSLv2_method>(void);
507+=item const SSL_METHOD *B<SSLv23_client_method>(void);
508
509-Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
510+Constructor for the I<version-flexible> SSL_METHOD structure for
511+servers.
512
513-=item const SSL_METHOD *B<SSLv3_client_method>(void);
514+=item const SSL_METHOD *B<TLSv1_2_method>(void);
515
516-Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
517+Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers
518+or both.
519
520-=item const SSL_METHOD *B<SSLv3_server_method>(void);
521+=item const SSL_METHOD *B<TLSv1_2_client_method>(void);
522
523-Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
524+Constructor for the TLSv1.2 SSL_METHOD structure for clients.
525
526-=item const SSL_METHOD *B<SSLv3_method>(void);
527+=item const SSL_METHOD *B<TLSv1_2_server_method>(void);
528+
529+Constructor for the TLSv1.2 SSL_METHOD structure for servers.
530+
531+=item const SSL_METHOD *B<TLSv1_1_method>(void);
532
533-Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
534+Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers
535+or both.
536+
537+=item const SSL_METHOD *B<TLSv1_1_client_method>(void);
538+
539+Constructor for the TLSv1.1 SSL_METHOD structure for clients.
540+
541+=item const SSL_METHOD *B<TLSv1_1_server_method>(void);
542+
543+Constructor for the TLSv1.1 SSL_METHOD structure for servers.
544+
545+=item const SSL_METHOD *B<TLSv1_method>(void);
546+
547+Constructor for the TLSv1 SSL_METHOD structure for clients, servers
548+or both.
549
550 =item const SSL_METHOD *B<TLSv1_client_method>(void);
551
552-Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
553+Constructor for the TLSv1 SSL_METHOD structure for clients.
554
555 =item const SSL_METHOD *B<TLSv1_server_method>(void);
556
557-Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
558+Constructor for the TLSv1 SSL_METHOD structure for servers.
559
560-=item const SSL_METHOD *B<TLSv1_method>(void);
561+=item const SSL_METHOD *B<SSLv3_method>(void);
562+
563+Constructor for the SSLv3 SSL_METHOD structure for clients, servers
564+or both.
565+
566+=item const SSL_METHOD *B<SSLv3_client_method>(void);
567+
568+Constructor for the SSLv3 SSL_METHOD structure for clients.
569+
570+=item const SSL_METHOD *B<SSLv3_server_method>(void);
571+
572+Constructor for the SSLv3 SSL_METHOD structure for servers.
573+
574+=item const SSL_METHOD *B<SSLv2_method>(void);
575+
576+Constructor for the SSLv2 SSL_METHOD structure for clients, servers
577+or both.
578+
579+=item const SSL_METHOD *B<SSLv2_client_method>(void);
580+
581+Constructor for the SSLv2 SSL_METHOD structure for clients.
582+
583+=item const SSL_METHOD *B<SSLv2_server_method>(void);
584
585-Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
586+Constructor for the SSLv2 SSL_METHOD structure for servers.
587
588 =back
589
590--
5912.3.5
592
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch
deleted file mode 100644
index d260244..0000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch
+++ /dev/null
@@ -1,503 +0,0 @@
1From bc38a7d2d3c6082163c50ddf99464736110f2000 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Fri, 19 Feb 2016 13:05:11 -0500
4Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Reviewed-by: Emilia Käsper <emilia@openssl.org>
10
11Upstream-Status: Backport
12
13https://git.openssl.org/?p=openssl.git;a=commit;h=bc38a7d2d3c6082163c50ddf99464736110f2000
14
15CVE: CVE-2016-0800 #3 patch
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 CHANGES | 5 +++++
20 Configure | 5 +++++
21 NEWS | 1 +
22 doc/apps/ciphers.pod | 30 ++++++++++++++++++++---------
23 ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
24 5 files changed, 86 insertions(+), 9 deletions(-)
25
26Index: openssl-1.0.2d/Configure
27===================================================================
28--- openssl-1.0.2d.orig/Configure
29+++ openssl-1.0.2d/Configure
30@@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher>
31 # library and will be loaded in run-time by the OpenSSL library.
32 # sctp include SCTP support
33 # 386 generate 80386 code
34+# enable-weak-ssl-ciphers
35+# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
36+# default. Note, weak SSLv2 ciphers are unconditionally
37+# disabled.
38 # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
39 # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
40 # -<xxx> +<xxx> compiler options are passed through
41@@ -853,6 +857,7 @@ my %disabled = ( # "what" => "co
42 "ssl2" => "default",
43 "store" => "experimental",
44 "unit-test" => "default",
45+ "weak-ssl-ciphers" => "default",
46 "zlib" => "default",
47 "zlib-dynamic" => "default"
48 );
49Index: openssl-1.0.2d/doc/apps/ciphers.pod
50===================================================================
51--- openssl-1.0.2d.orig/doc/apps/ciphers.pod
52+++ openssl-1.0.2d/doc/apps/ciphers.pod
53@@ -136,34 +136,46 @@ than 128 bits, and some cipher suites wi
54
55 =item B<LOW>
56
57-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
58-but excluding export cipher suites.
59+Low strength encryption cipher suites, currently those using 64 or 56 bit
60+encryption algorithms but excluding export cipher suites.
61+As of OpenSSL 1.0.2g, these are disabled in default builds.
62
63 =item B<EXP>, B<EXPORT>
64
65-export encryption algorithms. Including 40 and 56 bits algorithms.
66+Export strength encryption algorithms. Including 40 and 56 bits algorithms.
67+As of OpenSSL 1.0.2g, these are disabled in default builds.
68
69 =item B<EXPORT40>
70
71-40 bit export encryption algorithms
72+40-bit export encryption algorithms
73+As of OpenSSL 1.0.2g, these are disabled in default builds.
74
75 =item B<EXPORT56>
76
77-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
78+56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
79 56 bit export ciphers is empty unless OpenSSL has been explicitly configured
80 with support for experimental ciphers.
81+As of OpenSSL 1.0.2g, these are disabled in default builds.
82
83 =item B<eNULL>, B<NULL>
84
85-the "NULL" ciphers that is those offering no encryption. Because these offer no
86-encryption at all and are a security risk they are disabled unless explicitly
87-included.
88+The "NULL" ciphers that is those offering no encryption. Because these offer no
89+encryption at all and are a security risk they are not enabled via either the
90+B<DEFAULT> or B<ALL> cipher strings.
91+Be careful when building cipherlists out of lower-level primitives such as
92+B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.
93+When in doubt, include B<!eNULL> in your cipherlist.
94
95 =item B<aNULL>
96
97-the cipher suites offering no authentication. This is currently the anonymous
98+The cipher suites offering no authentication. This is currently the anonymous
99 DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
100 to a "man in the middle" attack and so their use is normally discouraged.
101+These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
102+ciphers.
103+Be careful when building cipherlists out of lower-level primitives such as
104+B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
105+When in doubt, include B<!aNULL> in your cipherlist.
106
107 =item B<kRSA>, B<RSA>
108
109Index: openssl-1.0.2d/ssl/s3_lib.c
110===================================================================
111--- openssl-1.0.2d.orig/ssl/s3_lib.c
112+++ openssl-1.0.2d/ssl/s3_lib.c
113@@ -198,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
114 },
115
116 /* Cipher 03 */
117+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
118 {
119 1,
120 SSL3_TXT_RSA_RC4_40_MD5,
121@@ -212,6 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
122 40,
123 128,
124 },
125+#endif
126
127 /* Cipher 04 */
128 {
129@@ -246,6 +248,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
130 },
131
132 /* Cipher 06 */
133+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
134 {
135 1,
136 SSL3_TXT_RSA_RC2_40_MD5,
137@@ -260,6 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
138 40,
139 128,
140 },
141+#endif
142
143 /* Cipher 07 */
144 #ifndef OPENSSL_NO_IDEA
145@@ -280,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
146 #endif
147
148 /* Cipher 08 */
149+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
150 {
151 1,
152 SSL3_TXT_RSA_DES_40_CBC_SHA,
153@@ -294,8 +299,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
154 40,
155 56,
156 },
157+#endif
158
159 /* Cipher 09 */
160+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
161 {
162 1,
163 SSL3_TXT_RSA_DES_64_CBC_SHA,
164@@ -310,6 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
165 56,
166 56,
167 },
168+#endif
169
170 /* Cipher 0A */
171 {
172@@ -329,6 +337,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
173
174 /* The DH ciphers */
175 /* Cipher 0B */
176+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
177 {
178 0,
179 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
180@@ -343,8 +352,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
181 40,
182 56,
183 },
184+#endif
185
186 /* Cipher 0C */
187+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
188 {
189 1,
190 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
191@@ -359,6 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
192 56,
193 56,
194 },
195+#endif
196
197 /* Cipher 0D */
198 {
199@@ -377,6 +389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
200 },
201
202 /* Cipher 0E */
203+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
204 {
205 0,
206 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
207@@ -391,8 +404,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
208 40,
209 56,
210 },
211+#endif
212
213 /* Cipher 0F */
214+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
215 {
216 1,
217 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
218@@ -407,6 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
219 56,
220 56,
221 },
222+#endif
223
224 /* Cipher 10 */
225 {
226@@ -426,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
227
228 /* The Ephemeral DH ciphers */
229 /* Cipher 11 */
230+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
231 {
232 1,
233 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
234@@ -440,8 +457,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
235 40,
236 56,
237 },
238+#endif
239
240 /* Cipher 12 */
241+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
242 {
243 1,
244 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
245@@ -456,6 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
246 56,
247 56,
248 },
249+#endif
250
251 /* Cipher 13 */
252 {
253@@ -474,6 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
254 },
255
256 /* Cipher 14 */
257+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
258 {
259 1,
260 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
261@@ -488,8 +509,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
262 40,
263 56,
264 },
265+#endif
266
267 /* Cipher 15 */
268+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
269 {
270 1,
271 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
272@@ -504,6 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
273 56,
274 56,
275 },
276+#endif
277
278 /* Cipher 16 */
279 {
280@@ -522,6 +546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
281 },
282
283 /* Cipher 17 */
284+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
285 {
286 1,
287 SSL3_TXT_ADH_RC4_40_MD5,
288@@ -536,6 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
289 40,
290 128,
291 },
292+#endif
293
294 /* Cipher 18 */
295 {
296@@ -554,6 +580,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
297 },
298
299 /* Cipher 19 */
300+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
301 {
302 1,
303 SSL3_TXT_ADH_DES_40_CBC_SHA,
304@@ -568,8 +595,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
305 40,
306 128,
307 },
308+#endif
309
310 /* Cipher 1A */
311+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
312 {
313 1,
314 SSL3_TXT_ADH_DES_64_CBC_SHA,
315@@ -584,6 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
316 56,
317 56,
318 },
319+#endif
320
321 /* Cipher 1B */
322 {
323@@ -655,6 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
324 #ifndef OPENSSL_NO_KRB5
325 /* The Kerberos ciphers*/
326 /* Cipher 1E */
327+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
328 {
329 1,
330 SSL3_TXT_KRB5_DES_64_CBC_SHA,
331@@ -669,6 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
332 56,
333 56,
334 },
335+# endif
336
337 /* Cipher 1F */
338 {
339@@ -719,6 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
340 },
341
342 /* Cipher 22 */
343+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
344 {
345 1,
346 SSL3_TXT_KRB5_DES_64_CBC_MD5,
347@@ -733,6 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
348 56,
349 56,
350 },
351+# endif
352
353 /* Cipher 23 */
354 {
355@@ -783,6 +817,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
356 },
357
358 /* Cipher 26 */
359+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
360 {
361 1,
362 SSL3_TXT_KRB5_DES_40_CBC_SHA,
363@@ -797,8 +832,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
364 40,
365 56,
366 },
367+# endif
368
369 /* Cipher 27 */
370+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
371 {
372 1,
373 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
374@@ -813,8 +850,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
375 40,
376 128,
377 },
378+# endif
379
380 /* Cipher 28 */
381+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
382 {
383 1,
384 SSL3_TXT_KRB5_RC4_40_SHA,
385@@ -829,8 +868,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
386 40,
387 128,
388 },
389+# endif
390
391 /* Cipher 29 */
392+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
393 {
394 1,
395 SSL3_TXT_KRB5_DES_40_CBC_MD5,
396@@ -845,8 +886,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
397 40,
398 56,
399 },
400+# endif
401
402 /* Cipher 2A */
403+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
404 {
405 1,
406 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
407@@ -861,8 +904,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
408 40,
409 128,
410 },
411+# endif
412
413 /* Cipher 2B */
414+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
415 {
416 1,
417 SSL3_TXT_KRB5_RC4_40_MD5,
418@@ -877,6 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
419 40,
420 128,
421 },
422+# endif
423 #endif /* OPENSSL_NO_KRB5 */
424
425 /* New AES ciphersuites */
426@@ -1300,6 +1346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
427 # endif
428
429 /* Cipher 62 */
430+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
431 {
432 1,
433 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
434@@ -1314,8 +1361,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
435 56,
436 56,
437 },
438+# endif
439
440 /* Cipher 63 */
441+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
442 {
443 1,
444 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
445@@ -1330,8 +1379,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
446 56,
447 56,
448 },
449+# endif
450
451 /* Cipher 64 */
452+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
453 {
454 1,
455 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
456@@ -1346,8 +1397,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
457 56,
458 128,
459 },
460+# endif
461
462 /* Cipher 65 */
463+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
464 {
465 1,
466 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
467@@ -1362,6 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
468 56,
469 128,
470 },
471+# endif
472
473 /* Cipher 66 */
474 {
475Index: openssl-1.0.2d/CHANGES
476===================================================================
477--- openssl-1.0.2d.orig/CHANGES
478+++ openssl-1.0.2d/CHANGES
479@@ -2,7 +2,11 @@
480 OpenSSL CHANGES
481 _______________
482
483-
484+ * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
485+ Builds that are not configured with "enable-weak-ssl-ciphers" will not
486+ provide any "EXPORT" or "LOW" strength ciphers.
487+ [Viktor Dukhovni]
488+
489 * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
490 is by default disabled at build-time. Builds that are not configured with
491 "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
492Index: openssl-1.0.2d/NEWS
493===================================================================
494--- openssl-1.0.2d.orig/NEWS
495+++ openssl-1.0.2d/NEWS
496@@ -1,6 +1,7 @@
497
498 NEWS
499 ====
500+ Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
501 Disable SSLv2 default build, default negotiation and weak ciphers.
502
503 This file gives a brief overview of the major changes between each OpenSSL
diff --git a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
index c397af2..7ba9eab 100644
--- a/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
+++ b/meta/recipes-connectivity/openssl/openssl/crypto_use_bigint_in_x86-64_perl.patch
@@ -17,15 +17,13 @@ URL: https://bugs.gentoo.org/542618
17 17
18Signed-off-By: Armin Kuster <akuster@mvista.com> 18Signed-off-By: Armin Kuster <akuster@mvista.com>
19 19
20Index: openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl 20diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
21=================================================================== 21--- a/crypto/perlasm/x86_64-xlate.pl
22--- openssl-1.0.2a.orig/crypto/perlasm/x86_64-xlate.pl 22+++ b/crypto/perlasm/x86_64-xlate.pl
23+++ openssl-1.0.2a/crypto/perlasm/x86_64-xlate.pl 23@@ -196,6 +196,10 @@ my %globals;
24@@ -194,7 +194,10 @@ my %globals;
25 }
26 sub out {
27 my $self = shift; 24 my $self = shift;
28- 25
26 $self->{value} =~ s/\b(0b[0-1]+)/oct($1)/eig;
29+ # When building on x32 ABIs, the expanded hex value might be too 27+ # When building on x32 ABIs, the expanded hex value might be too
30+ # big to fit into 32bits. Enable transparent 64bit support here 28+ # big to fit into 32bits. Enable transparent 64bit support here
31+ # so we can safely print it out. 29+ # so we can safely print it out.
diff --git a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
index 0c1a0b6..d81e22c 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
@@ -9,14 +9,15 @@ Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
9Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> 9Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
10 10
11This is not meant as final patch. 11This is not meant as final patch.
12 12
13Upstream-Status: Backport [debian] 13Upstream-Status: Backport [debian]
14 14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
15 16
16Index: openssl-1.0.2/crypto/x509/x509_vfy.c 17Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
17=================================================================== 18===================================================================
18--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c 19--- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
19+++ openssl-1.0.2/crypto/x509/x509_vfy.c 20+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
20@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c 21@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
21 static int check_revocation(X509_STORE_CTX *ctx); 22 static int check_revocation(X509_STORE_CTX *ctx);
22 static int check_cert(X509_STORE_CTX *ctx); 23 static int check_cert(X509_STORE_CTX *ctx);
@@ -25,17 +26,17 @@ Index: openssl-1.0.2/crypto/x509/x509_vfy.c
25 26
26 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, 27 static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
27 unsigned int *preasons, X509_CRL *crl, X509 *x); 28 unsigned int *preasons, X509_CRL *crl, X509 *x);
28@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx 29@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
29 if (!ok) 30 if (!ok)
30 goto end; 31 goto err;
31 32
32+ ok = check_ca_blacklist(ctx); 33+ ok = check_ca_blacklist(ctx);
33+ if(!ok) goto end; 34+ if(!ok) goto err;
34+ 35+
35 #ifndef OPENSSL_NO_RFC3779 36 #ifndef OPENSSL_NO_RFC3779
36 /* RFC 3779 path validation, now that CRL check has been done */ 37 /* RFC 3779 path validation, now that CRL check has been done */
37 ok = v3_asid_validate_path(ctx); 38 ok = v3_asid_validate_path(ctx);
38@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX 39@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
39 return 1; 40 return 1;
40 } 41 }
41 42
diff --git a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
index a249180..29f11a2 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/version-script.patch
@@ -15,8 +15,8 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
15=================================================================== 15===================================================================
16--- /dev/null 1970-01-01 00:00:00.000000000 +0000 16--- /dev/null 1970-01-01 00:00:00.000000000 +0000
17+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 17+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100
18@@ -0,0 +1,4615 @@ 18@@ -0,0 +1,4608 @@
19+OPENSSL_1.0.0 { 19+OPENSSL_1.0.2d {
20+ global: 20+ global:
21+ BIO_f_ssl; 21+ BIO_f_ssl;
22+ BIO_new_buffer_ssl_connect; 22+ BIO_new_buffer_ssl_connect;
@@ -4314,14 +4314,6 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
4314+ CRYPTO_cbc128_decrypt; 4314+ CRYPTO_cbc128_decrypt;
4315+ CRYPTO_cfb128_encrypt; 4315+ CRYPTO_cfb128_encrypt;
4316+ CRYPTO_cfb128_8_encrypt; 4316+ CRYPTO_cfb128_8_encrypt;
4317+
4318+ local:
4319+ *;
4320+};
4321+
4322+
4323+OPENSSL_1.0.1 {
4324+ global:
4325+ SSL_renegotiate_abbreviated; 4317+ SSL_renegotiate_abbreviated;
4326+ TLSv1_1_method; 4318+ TLSv1_1_method;
4327+ TLSv1_1_client_method; 4319+ TLSv1_1_client_method;
@@ -4483,15 +4475,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
4483+ BIO_s_datagram_sctp; 4475+ BIO_s_datagram_sctp;
4484+ BIO_dgram_is_sctp; 4476+ BIO_dgram_is_sctp;
4485+ BIO_dgram_sctp_notification_cb; 4477+ BIO_dgram_sctp_notification_cb;
4486+} OPENSSL_1.0.0;
4487+
4488+OPENSSL_1.0.1d {
4489+ global:
4490+ CRYPTO_memcmp; 4478+ CRYPTO_memcmp;
4491+} OPENSSL_1.0.1;
4492+
4493+OPENSSL_1.0.2 {
4494+ global:
4495+ SSL_CTX_set_alpn_protos; 4479+ SSL_CTX_set_alpn_protos;
4496+ SSL_set_alpn_protos; 4480+ SSL_set_alpn_protos;
4497+ SSL_CTX_set_alpn_select_cb; 4481+ SSL_CTX_set_alpn_select_cb;
@@ -4629,14 +4613,23 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
4629+ BUF_strnlen; 4613+ BUF_strnlen;
4630+ sk_deep_copy; 4614+ sk_deep_copy;
4631+ SSL_test_functions; 4615+ SSL_test_functions;
4632+} OPENSSL_1.0.1d; 4616+
4617+ local:
4618+ *;
4619+};
4620+
4621+OPENSSL_1.0.2g {
4622+ global:
4623+ SRP_VBASE_get1_by_user;
4624+ SRP_user_pwd_free;
4625+} OPENSSL_1.0.2d;
4633+ 4626+
4634Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 4627Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
4635=================================================================== 4628===================================================================
4636--- /dev/null 1970-01-01 00:00:00.000000000 +0000 4629--- /dev/null 1970-01-01 00:00:00.000000000 +0000
4637+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 4630+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100
4638@@ -0,0 +1,10 @@ 4631@@ -0,0 +1,10 @@
4639+OPENSSL_1.0.0 { 4632+OPENSSL_1.0.2 {
4640+ global: 4633+ global:
4641+ bind_engine; 4634+ bind_engine;
4642+ v_check; 4635+ v_check;
@@ -4651,7 +4644,7 @@ Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
4651--- /dev/null 1970-01-01 00:00:00.000000000 +0000 4644--- /dev/null 1970-01-01 00:00:00.000000000 +0000
4652+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 4645+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100
4653@@ -0,0 +1,10 @@ 4646@@ -0,0 +1,10 @@
4654+OPENSSL_1.0.0 { 4647+OPENSSL_1.0.2 {
4655+ global: 4648+ global:
4656+ bind_engine; 4649+ bind_engine;
4657+ v_check; 4650+ v_check;
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index cebc8cf..f736e5c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,16 +8,16 @@ http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html
8 8
9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com> 9Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
10--- 10---
11Index: openssl-1.0.2/crypto/evp/digest.c 11Index: openssl-1.0.2h/crypto/evp/digest.c
12=================================================================== 12===================================================================
13--- openssl-1.0.2.orig/crypto/evp/digest.c 13--- openssl-1.0.2h.orig/crypto/evp/digest.c
14+++ openssl-1.0.2/crypto/evp/digest.c 14+++ openssl-1.0.2h/crypto/evp/digest.c
15@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c 15@@ -211,7 +211,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
16 return 0; 16 type = ctx->digest;
17 } 17 }
18 #endif 18 #endif
19- if (ctx->digest != type) { 19- if (ctx->digest != type) {
20+ if (type && (ctx->digest != type)) { 20+ if (type && (ctx->digest != type)) {
21 if (ctx->digest && ctx->digest->ctx_size) 21 if (ctx->digest && ctx->digest->ctx_size) {
22 OPENSSL_free(ctx->md_data); 22 OPENSSL_free(ctx->md_data);
23 ctx->digest = type; 23 ctx->md_data = NULL;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
index 6aa50e6..9c35099 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb
@@ -6,7 +6,7 @@ DEPENDS += "cryptodev-linux"
6 6
7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" 7CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS"
8 8
9LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" 9LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6"
10 10
11export DIRS = "crypto ssl apps engines" 11export DIRS = "crypto ssl apps engines"
12export OE_LDFLAGS="${LDFLAGS}" 12export OE_LDFLAGS="${LDFLAGS}"
@@ -25,7 +25,7 @@ SRC_URI += "file://configure-targets.patch \
25 file://debian/no-rpath.patch \ 25 file://debian/no-rpath.patch \
26 file://debian/no-symbolic.patch \ 26 file://debian/no-symbolic.patch \
27 file://debian/pic.patch \ 27 file://debian/pic.patch \
28 file://debian/version-script.patch \ 28 file://debian1.0.2/version-script.patch \
29 file://openssl_fix_for_x32.patch \ 29 file://openssl_fix_for_x32.patch \
30 file://fix-cipher-des-ede3-cfb1.patch \ 30 file://fix-cipher-des-ede3-cfb1.patch \
31 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ 31 file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
@@ -35,20 +35,10 @@ SRC_URI += "file://configure-targets.patch \
35 file://ptest-deps.patch \ 35 file://ptest-deps.patch \
36 file://run-ptest \ 36 file://run-ptest \
37 file://crypto_use_bigint_in_x86-64_perl.patch \ 37 file://crypto_use_bigint_in_x86-64_perl.patch \
38 file://CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch \
39 file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \
40 file://0001-Add-test-for-CVE-2015-3194.patch \
41 file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \
42 file://CVE-2015-3197.patch \
43 file://CVE-2016-0701_1.patch \
44 file://CVE-2016-0701_2.patch \
45 file://CVE-2016-0800.patch \
46 file://CVE-2016-0800_2.patch \
47 file://CVE-2016-0800_3.patch \
48 " 38 "
49 39
50SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a" 40SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0"
51SRC_URI[sha256sum] = "671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8" 41SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"
52 42
53PACKAGES =+ " \ 43PACKAGES =+ " \
54 ${PN}-engines \ 44 ${PN}-engines \