summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-03-02 07:37:21 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-03-03 11:11:40 (GMT)
commitdbb46510cc7dc5b4050af453276d8c4cb843362a (patch)
treeb204d7977e542357b35e5fd2f6ae921ceb844977
parent7d663e9c473c5e5a4ce6b09f3a0743f623faa956 (diff)
downloadpoky-dbb46510cc7dc5b4050af453276d8c4cb843362a.tar.gz
openssl: Security fix CVE-2016-0800
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) https://www.openssl.org/news/secadv/20160301.txt (From OE-Core rev: 6c06c42594539bec4c360c8cc28ebee8a338e6b4) Signed-off-by: Armin Kuster <akuster@mvista.com> Not required for master, an update to 1.0.2g has been submitted. Backport from jethro. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch198
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch592
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch503
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2d.bb3
4 files changed, 1296 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch
new file mode 100644
index 0000000..e5635fe
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800.patch
@@ -0,0 +1,198 @@
1From 9dfd2be8a1761fffd152a92d8f1b356ad667eea7 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 17 Feb 2016 21:07:48 -0500
4Subject: [PATCH] Disable SSLv2 default build, default negotiation and weak
5 ciphers.
6MIME-Version: 1.0
7Content-Type: text/plain; charset=UTF-8
8Content-Transfer-Encoding: 8bit
9
10SSLv2 is by default disabled at build-time. Builds that are not
11configured with "enable-ssl2" will not support SSLv2. Even if
12"enable-ssl2" is used, users who want to negotiate SSLv2 via the
13version-flexible SSLv23_method() will need to explicitly call either
14of:
15
16 SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
17or
18 SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
19
20as appropriate. Even if either of those is used, or the application
21explicitly uses the version-specific SSLv2_method() or its client
22or server variants, SSLv2 ciphers vulnerable to exhaustive search
23key recovery have been removed. Specifically, the SSLv2 40-bit
24EXPORT ciphers, and SSLv2 56-bit DES are no longer available.
25
26Mitigation for CVE-2016-0800
27
28Reviewed-by: Emilia Käsper <emilia@openssl.org>
29
30Upstream-Status: Backport
31
32https://git.openssl.org/?p=openssl.git;a=commit;h=9dfd2be8a1761fffd152a92d8f1b356ad667eea7
33
34CVE: CVE-2016-0800
35Signed-off-by: Armin Kuster <akuster@mvista.com>
36
37---
38 CHANGES | 17 +++++++++++++++++
39 Configure | 3 ++-
40 NEWS | 2 +-
41 ssl/s2_lib.c | 6 ++++++
42 ssl/ssl_conf.c | 10 +++++++++-
43 ssl/ssl_lib.c | 7 +++++++
44 6 files changed, 42 insertions(+), 3 deletions(-)
45
46Index: openssl-1.0.2d/Configure
47===================================================================
48--- openssl-1.0.2d.orig/Configure
49+++ openssl-1.0.2d/Configure
50@@ -847,9 +847,10 @@ my %disabled = ( # "what" => "co
51 "md2" => "default",
52 "rc5" => "default",
53 "rfc3779" => "default",
54- "sctp" => "default",
55+ "sctp" => "default",
56 "shared" => "default",
57 "ssl-trace" => "default",
58+ "ssl2" => "default",
59 "store" => "experimental",
60 "unit-test" => "default",
61 "zlib" => "default",
62Index: openssl-1.0.2d/ssl/s2_lib.c
63===================================================================
64--- openssl-1.0.2d.orig/ssl/s2_lib.c
65+++ openssl-1.0.2d/ssl/s2_lib.c
66@@ -156,6 +156,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
67 128,
68 },
69
70+# if 0
71 /* RC4_128_EXPORT40_WITH_MD5 */
72 {
73 1,
74@@ -171,6 +172,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
75 40,
76 128,
77 },
78+# endif
79
80 /* RC2_128_CBC_WITH_MD5 */
81 {
82@@ -188,6 +190,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
83 128,
84 },
85
86+# if 0
87 /* RC2_128_CBC_EXPORT40_WITH_MD5 */
88 {
89 1,
90@@ -203,6 +206,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
91 40,
92 128,
93 },
94+# endif
95
96 # ifndef OPENSSL_NO_IDEA
97 /* IDEA_128_CBC_WITH_MD5 */
98@@ -222,6 +226,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
99 },
100 # endif
101
102+# if 0
103 /* DES_64_CBC_WITH_MD5 */
104 {
105 1,
106@@ -237,6 +242,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip
107 56,
108 56,
109 },
110+# endif
111
112 /* DES_192_EDE3_CBC_WITH_MD5 */
113 {
114Index: openssl-1.0.2d/ssl/ssl_conf.c
115===================================================================
116--- openssl-1.0.2d.orig/ssl/ssl_conf.c
117+++ openssl-1.0.2d/ssl/ssl_conf.c
118@@ -330,11 +330,19 @@ static int cmd_Protocol(SSL_CONF_CTX *cc
119 SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
120 SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2)
121 };
122+ int ret;
123+ int sslv2off;
124+
125 if (!(cctx->flags & SSL_CONF_FLAG_FILE))
126 return -2;
127 cctx->tbl = ssl_protocol_list;
128 cctx->ntbl = sizeof(ssl_protocol_list) / sizeof(ssl_flag_tbl);
129- return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
130+
131+ sslv2off = *cctx->poptions & SSL_OP_NO_SSLv2;
132+ ret = CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
133+ /* Never turn on SSLv2 through configuration */
134+ *cctx->poptions |= sslv2off;
135+ return ret;
136 }
137
138 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
139Index: openssl-1.0.2d/ssl/ssl_lib.c
140===================================================================
141--- openssl-1.0.2d.orig/ssl/ssl_lib.c
142+++ openssl-1.0.2d/ssl/ssl_lib.c
143@@ -2052,6 +2052,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
144 */
145 ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
146
147+ /*
148+ * Disable SSLv2 by default, callers that want to enable SSLv2 will have to
149+ * explicitly clear this option via either of SSL_CTX_clear_options() or
150+ * SSL_clear_options().
151+ */
152+ ret->options |= SSL_OP_NO_SSLv2;
153+
154 return (ret);
155 err:
156 SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
157Index: openssl-1.0.2d/CHANGES
158===================================================================
159--- openssl-1.0.2d.orig/CHANGES
160+++ openssl-1.0.2d/CHANGES
161@@ -2,6 +2,25 @@
162 OpenSSL CHANGES
163 _______________
164
165+
166+ * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
167+ is by default disabled at build-time. Builds that are not configured with
168+ "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
169+ users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
170+ will need to explicitly call either of:
171+
172+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
173+ or
174+ SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
175+
176+ as appropriate. Even if either of those is used, or the application
177+ explicitly uses the version-specific SSLv2_method() or its client and
178+ server variants, SSLv2 ciphers vulnerable to exhaustive search key
179+ recovery have been removed. Specifically, the SSLv2 40-bit EXPORT
180+ ciphers, and SSLv2 56-bit DES are no longer available.
181+ [Viktor Dukhovni]
182+
183+
184 Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
185
186 *) Alternate chains certificate forgery
187Index: openssl-1.0.2d/NEWS
188===================================================================
189--- openssl-1.0.2d.orig/NEWS
190+++ openssl-1.0.2d/NEWS
191@@ -1,6 +1,7 @@
192
193 NEWS
194 ====
195+ Disable SSLv2 default build, default negotiation and weak ciphers.
196
197 This file gives a brief overview of the major changes between each OpenSSL
198 release. For more details please read the CHANGES file.
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch
new file mode 100644
index 0000000..de89d08
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_2.patch
@@ -0,0 +1,592 @@
1From 021fb42dd0cf2bf985b0e26ca50418eb42c00d09 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 17 Feb 2016 23:38:55 -0500
4Subject: [PATCH] Bring SSL method documentation up to date
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Reviewed-by: Emilia Käsper <emilia@openssl.org>
10
11Upstream-Status: Backport
12
13https://git.openssl.org/?p=openssl.git;a=commit;h=021fb42dd0cf2bf985b0e26ca50418eb42c00d09
14
15CVE: CVE-2016-0800 #2 patch
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 doc/apps/ciphers.pod | 29 ++++---
20 doc/apps/s_client.pod | 12 +--
21 doc/apps/s_server.pod | 8 +-
22 doc/ssl/SSL_CONF_cmd.pod | 33 ++++----
23 doc/ssl/SSL_CTX_new.pod | 168 ++++++++++++++++++++++++++++------------
24 doc/ssl/SSL_CTX_set_options.pod | 10 +++
25 doc/ssl/ssl.pod | 77 ++++++++++++++----
26 7 files changed, 226 insertions(+), 111 deletions(-)
27
28diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
29index 1c26e3b..8038b05 100644
30--- a/doc/apps/ciphers.pod
31+++ b/doc/apps/ciphers.pod
32@@ -38,25 +38,21 @@ SSL v2 and for SSL v3/TLS v1.
33
34 Like B<-v>, but include cipher suite codes in output (hex format).
35
36-=item B<-ssl3>
37+=item B<-ssl3>, B<-tls1>
38
39-only include SSL v3 ciphers.
40+This lists ciphers compatible with any of SSLv3, TLSv1, TLSv1.1 or TLSv1.2.
41
42 =item B<-ssl2>
43
44-only include SSL v2 ciphers.
45-
46-=item B<-tls1>
47-
48-only include TLS v1 ciphers.
49+Only include SSLv2 ciphers.
50
51 =item B<-h>, B<-?>
52
53-print a brief usage message.
54+Print a brief usage message.
55
56 =item B<cipherlist>
57
58-a cipher list to convert to a cipher preference list. If it is not included
59+A cipher list to convert to a cipher preference list. If it is not included
60 then the default cipher list will be used. The format is described below.
61
62 =back
63@@ -109,9 +105,10 @@ The following is a list of all permitted cipher strings and their meanings.
64
65 =item B<DEFAULT>
66
67-the default cipher list. This is determined at compile time and
68-is normally B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>. This must be the firstcipher string
69-specified.
70+The default cipher list.
71+This is determined at compile time and is normally
72+B<ALL:!EXPORT:!aNULL:!eNULL:!SSLv2>.
73+When used, this must be the first cipherstring specified.
74
75 =item B<COMPLEMENTOFDEFAULT>
76
77@@ -582,11 +579,11 @@ Note: these ciphers can also be used in SSL v3.
78 =head2 Deprecated SSL v2.0 cipher suites.
79
80 SSL_CK_RC4_128_WITH_MD5 RC4-MD5
81- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
82- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
83- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
84+ SSL_CK_RC4_128_EXPORT40_WITH_MD5 Not implemented.
85+ SSL_CK_RC2_128_CBC_WITH_MD5 RC2-CBC-MD5
86+ SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 Not implemented.
87 SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
88- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
89+ SSL_CK_DES_64_CBC_WITH_MD5 Not implemented.
90 SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
91
92 =head1 NOTES
93diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod
94index 84d0527..618df96 100644
95--- a/doc/apps/s_client.pod
96+++ b/doc/apps/s_client.pod
97@@ -201,15 +201,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
98 given as a hexadecimal number without leading 0x, for example -psk
99 1a2b3c4d.
100
101-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
102+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
103
104-these options disable the use of certain SSL or TLS protocols. By default
105-the initial handshake uses a method which should be compatible with all
106-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
107-
108-Unfortunately there are still ancient and broken servers in use which
109-cannot handle this technique and will fail to connect. Some servers only
110-work if TLS is turned off.
111+These options require or disable the use of the specified SSL or TLS protocols.
112+By default the initial handshake uses a I<version-flexible> method which will
113+negotiate the highest mutually supported protocol version.
114
115 =item B<-fallback_scsv>
116
117diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod
118index baca779..6f4acb7 100644
119--- a/doc/apps/s_server.pod
120+++ b/doc/apps/s_server.pod
121@@ -217,11 +217,11 @@ Use the PSK key B<key> when using a PSK cipher suite. The key is
122 given as a hexadecimal number without leading 0x, for example -psk
123 1a2b3c4d.
124
125-=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>
126+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
127
128-these options disable the use of certain SSL or TLS protocols. By default
129-the initial handshake uses a method which should be compatible with all
130-servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.
131+These options require or disable the use of the specified SSL or TLS protocols.
132+By default the initial handshake uses a I<version-flexible> method which will
133+negotiate the highest mutually supported protocol version.
134
135 =item B<-bugs>
136
137diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod
138index 2bf1a60..e81d76a 100644
139--- a/doc/ssl/SSL_CONF_cmd.pod
140+++ b/doc/ssl/SSL_CONF_cmd.pod
141@@ -74,7 +74,7 @@ B<prime256v1>). Curve names are case sensitive.
142
143 =item B<-named_curve>
144
145-This sets the temporary curve used for ephemeral ECDH modes. Only used by
146+This sets the temporary curve used for ephemeral ECDH modes. Only used by
147 servers
148
149 The B<value> argument is a curve name or the special value B<auto> which
150@@ -85,7 +85,7 @@ can be either the B<NIST> name (e.g. B<P-256>) or an OpenSSL OID name
151 =item B<-cipher>
152
153 Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
154-currently not performed unless a B<SSL> or B<SSL_CTX> structure is
155+currently not performed unless a B<SSL> or B<SSL_CTX> structure is
156 associated with B<cctx>.
157
158 =item B<-cert>
159@@ -111,9 +111,9 @@ operations are permitted.
160
161 =item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>
162
163-Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
164-by setting the corresponding options B<SSL_OP_NO_SSL2>, B<SSL_OP_NO_SSL3>,
165-B<SSL_OP_NO_TLS1>, B<SSL_OP_NO_TLS1_1> and B<SSL_OP_NO_TLS1_2> respectively.
166+Disables protocol support for SSLv2, SSLv3, TLSv1.0, TLSv1.1 or TLSv1.2
167+by setting the corresponding options B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>,
168+B<SSL_OP_NO_TLSv1>, B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> respectively.
169
170 =item B<-bugs>
171
172@@ -177,7 +177,7 @@ Note: the command prefix (if set) alters the recognised B<cmd> values.
173 =item B<CipherString>
174
175 Sets the cipher suite list to B<value>. Note: syntax checking of B<value> is
176-currently not performed unless an B<SSL> or B<SSL_CTX> structure is
177+currently not performed unless an B<SSL> or B<SSL_CTX> structure is
178 associated with B<cctx>.
179
180 =item B<Certificate>
181@@ -244,7 +244,7 @@ B<prime256v1>). Curve names are case sensitive.
182
183 =item B<ECDHParameters>
184
185-This sets the temporary curve used for ephemeral ECDH modes. Only used by
186+This sets the temporary curve used for ephemeral ECDH modes. Only used by
187 servers
188
189 The B<value> argument is a curve name or the special value B<Automatic> which
190@@ -258,10 +258,11 @@ The supported versions of the SSL or TLS protocol.
191
192 The B<value> argument is a comma separated list of supported protocols to
193 enable or disable. If an protocol is preceded by B<-> that version is disabled.
194-All versions are enabled by default, though applications may choose to
195-explicitly disable some. Currently supported protocol values are B<SSLv2>,
196-B<SSLv3>, B<TLSv1>, B<TLSv1.1> and B<TLSv1.2>. The special value B<ALL> refers
197-to all supported versions.
198+Currently supported protocol values are B<SSLv2>, B<SSLv3>, B<TLSv1>,
199+B<TLSv1.1> and B<TLSv1.2>.
200+All protocol versions other than B<SSLv2> are enabled by default.
201+To avoid inadvertent enabling of B<SSLv2>, when SSLv2 is disabled, it is not
202+possible to enable it via the B<Protocol> command.
203
204 =item B<Options>
205
206@@ -339,16 +340,16 @@ The value is a directory name.
207 The order of operations is significant. This can be used to set either defaults
208 or values which cannot be overridden. For example if an application calls:
209
210- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2");
211+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
212 SSL_CONF_cmd(ctx, userparam, uservalue);
213
214-it will disable SSLv2 support by default but the user can override it. If
215+it will disable SSLv3 support by default but the user can override it. If
216 however the call sequence is:
217
218 SSL_CONF_cmd(ctx, userparam, uservalue);
219- SSL_CONF_cmd(ctx, "Protocol", "-SSLv2");
220+ SSL_CONF_cmd(ctx, "Protocol", "-SSLv3");
221
222-SSLv2 is B<always> disabled and attempt to override this by the user are
223+then SSLv3 is B<always> disabled and attempt to override this by the user are
224 ignored.
225
226 By checking the return code of SSL_CTX_cmd() it is possible to query if a
227@@ -372,7 +373,7 @@ can be checked instead. If -3 is returned a required argument is missing
228 and an error is indicated. If 0 is returned some other error occurred and
229 this can be reported back to the user.
230
231-The function SSL_CONF_cmd_value_type() can be used by applications to
232+The function SSL_CONF_cmd_value_type() can be used by applications to
233 check for the existence of a command or to perform additional syntax
234 checking or translation of the command value. For example if the return
235 value is B<SSL_CONF_TYPE_FILE> an application could translate a relative
236diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod
237index 491ac8c..b8cc879 100644
238--- a/doc/ssl/SSL_CTX_new.pod
239+++ b/doc/ssl/SSL_CTX_new.pod
240@@ -2,13 +2,55 @@
241
242 =head1 NAME
243
244-SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
245+SSL_CTX_new,
246+SSLv23_method, SSLv23_server_method, SSLv23_client_method,
247+TLSv1_2_method, TLSv1_2_server_method, TLSv1_2_client_method,
248+TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method,
249+TLSv1_method, TLSv1_server_method, TLSv1_client_method,
250+SSLv3_method, SSLv3_server_method, SSLv3_client_method,
251+SSLv2_method, SSLv2_server_method, SSLv2_client_method,
252+DTLS_method, DTLS_server_method, DTLS_client_method,
253+DTLSv1_2_method, DTLSv1_2_server_method, DTLSv1_2_client_method,
254+DTLSv1_method, DTLSv1_server_method, DTLSv1_client_method -
255+create a new SSL_CTX object as framework for TLS/SSL enabled functions
256
257 =head1 SYNOPSIS
258
259 #include <openssl/ssl.h>
260
261 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method);
262+ const SSL_METHOD *SSLv23_method(void);
263+ const SSL_METHOD *SSLv23_server_method(void);
264+ const SSL_METHOD *SSLv23_client_method(void);
265+ const SSL_METHOD *TLSv1_2_method(void);
266+ const SSL_METHOD *TLSv1_2_server_method(void);
267+ const SSL_METHOD *TLSv1_2_client_method(void);
268+ const SSL_METHOD *TLSv1_1_method(void);
269+ const SSL_METHOD *TLSv1_1_server_method(void);
270+ const SSL_METHOD *TLSv1_1_client_method(void);
271+ const SSL_METHOD *TLSv1_method(void);
272+ const SSL_METHOD *TLSv1_server_method(void);
273+ const SSL_METHOD *TLSv1_client_method(void);
274+ #ifndef OPENSSL_NO_SSL3_METHOD
275+ const SSL_METHOD *SSLv3_method(void);
276+ const SSL_METHOD *SSLv3_server_method(void);
277+ const SSL_METHOD *SSLv3_client_method(void);
278+ #endif
279+ #ifndef OPENSSL_NO_SSL2
280+ const SSL_METHOD *SSLv2_method(void);
281+ const SSL_METHOD *SSLv2_server_method(void);
282+ const SSL_METHOD *SSLv2_client_method(void);
283+ #endif
284+
285+ const SSL_METHOD *DTLS_method(void);
286+ const SSL_METHOD *DTLS_server_method(void);
287+ const SSL_METHOD *DTLS_client_method(void);
288+ const SSL_METHOD *DTLSv1_2_method(void);
289+ const SSL_METHOD *DTLSv1_2_server_method(void);
290+ const SSL_METHOD *DTLSv1_2_client_method(void);
291+ const SSL_METHOD *DTLSv1_method(void);
292+ const SSL_METHOD *DTLSv1_server_method(void);
293+ const SSL_METHOD *DTLSv1_client_method(void);
294
295 =head1 DESCRIPTION
296
297@@ -23,65 +65,88 @@ client only type. B<method> can be of the following types:
298
299 =over 4
300
301-=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
302+=item SSLv23_method(), SSLv23_server_method(), SSLv23_client_method()
303+
304+These are the general-purpose I<version-flexible> SSL/TLS methods.
305+The actual protocol version used will be negotiated to the highest version
306+mutually supported by the client and the server.
307+The supported protocols are SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
308+Most applications should use these method, and avoid the version specific
309+methods described below.
310+
311+The list of protocols available can be further limited using the
312+B<SSL_OP_NO_SSLv2>, B<SSL_OP_NO_SSLv3>, B<SSL_OP_NO_TLSv1>,
313+B<SSL_OP_NO_TLSv1_1> and B<SSL_OP_NO_TLSv1_2> options of the
314+L<SSL_CTX_set_options(3)> or L<SSL_set_options(3)> functions.
315+Clients should avoid creating "holes" in the set of protocols they support,
316+when disabling a protocol, make sure that you also disable either all previous
317+or all subsequent protocol versions.
318+In clients, when a protocol version is disabled without disabling I<all>
319+previous protocol versions, the effect is to also disable all subsequent
320+protocol versions.
321+
322+The SSLv2 and SSLv3 protocols are deprecated and should generally not be used.
323+Applications should typically use L<SSL_CTX_set_options(3)> in combination with
324+the B<SSL_OP_NO_SSLv3> flag to disable negotiation of SSLv3 via the above
325+I<version-flexible> SSL/TLS methods.
326+The B<SSL_OP_NO_SSLv2> option is set by default, and would need to be cleared
327+via L<SSL_CTX_clear_options(3)> in order to enable negotiation of SSLv2.
328+
329+=item TLSv1_2_method(), TLSv1_2_server_method(), TLSv1_2_client_method()
330
331-A TLS/SSL connection established with these methods will only understand
332-the SSLv2 protocol. A client will send out SSLv2 client hello messages
333-and will also indicate that it only understand SSLv2. A server will only
334-understand SSLv2 client hello messages.
335+A TLS/SSL connection established with these methods will only understand the
336+TLSv1.2 protocol. A client will send out TLSv1.2 client hello messages and
337+will also indicate that it only understand TLSv1.2. A server will only
338+understand TLSv1.2 client hello messages.
339
340-=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
341+=item TLSv1_1_method(), TLSv1_1_server_method(), TLSv1_1_client_method()
342
343 A TLS/SSL connection established with these methods will only understand the
344-SSLv3 protocol. A client will send out SSLv3 client hello messages
345-and will indicate that it only understands SSLv3. A server will only understand
346-SSLv3 client hello messages. This especially means, that it will
347-not understand SSLv2 client hello messages which are widely used for
348-compatibility reasons, see SSLv23_*_method().
349+TLSv1.1 protocol. A client will send out TLSv1.1 client hello messages and
350+will also indicate that it only understand TLSv1.1. A server will only
351+understand TLSv1.1 client hello messages.
352
353-=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
354+=item TLSv1_method(), TLSv1_server_method(), TLSv1_client_method()
355
356 A TLS/SSL connection established with these methods will only understand the
357-TLSv1 protocol. A client will send out TLSv1 client hello messages
358-and will indicate that it only understands TLSv1. A server will only understand
359-TLSv1 client hello messages. This especially means, that it will
360-not understand SSLv2 client hello messages which are widely used for
361-compatibility reasons, see SSLv23_*_method(). It will also not understand
362-SSLv3 client hello messages.
363-
364-=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
365-
366-A TLS/SSL connection established with these methods may understand the SSLv2,
367-SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.
368-
369-If the cipher list does not contain any SSLv2 ciphersuites (the default
370-cipher list does not) or extensions are required (for example server name)
371-a client will send out TLSv1 client hello messages including extensions and
372-will indicate that it also understands TLSv1.1, TLSv1.2 and permits a
373-fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2
374-protocols. This is the best choice when compatibility is a concern.
375-
376-If any SSLv2 ciphersuites are included in the cipher list and no extensions
377-are required then SSLv2 compatible client hellos will be used by clients and
378-SSLv2 will be accepted by servers. This is B<not> recommended due to the
379-insecurity of SSLv2 and the limited nature of the SSLv2 client hello
380-prohibiting the use of extensions.
381+TLSv1 protocol. A client will send out TLSv1 client hello messages and will
382+indicate that it only understands TLSv1. A server will only understand TLSv1
383+client hello messages.
384
385-=back
386+=item SSLv3_method(), SSLv3_server_method(), SSLv3_client_method()
387+
388+A TLS/SSL connection established with these methods will only understand the
389+SSLv3 protocol. A client will send out SSLv3 client hello messages and will
390+indicate that it only understands SSLv3. A server will only understand SSLv3
391+client hello messages. The SSLv3 protocol is deprecated and should not be
392+used.
393+
394+=item SSLv2_method(), SSLv2_server_method(), SSLv2_client_method()
395+
396+A TLS/SSL connection established with these methods will only understand the
397+SSLv2 protocol. A client will send out SSLv2 client hello messages and will
398+also indicate that it only understand SSLv2. A server will only understand
399+SSLv2 client hello messages. The SSLv2 protocol offers little to no security
400+and should not be used.
401+As of OpenSSL 1.0.2g, EXPORT ciphers and 56-bit DES are no longer available
402+with SSLv2.
403
404-The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
405-SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2
406-options of the SSL_CTX_set_options() or SSL_set_options() functions.
407-Using these options it is possible to choose e.g. SSLv23_server_method() and
408-be able to negotiate with all possible clients, but to only allow newer
409-protocols like TLSv1, TLSv1.1 or TLS v1.2.
410+=item DTLS_method(), DTLS_server_method(), DTLS_client_method()
411
412-Applications which never want to support SSLv2 (even is the cipher string
413-is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.
414+These are the version-flexible DTLS methods.
415+
416+=item DTLSv1_2_method(), DTLSv1_2_server_method(), DTLSv1_2_client_method()
417+
418+These are the version-specific methods for DTLSv1.2.
419+
420+=item DTLSv1_method(), DTLSv1_server_method(), DTLSv1_client_method()
421+
422+These are the version-specific methods for DTLSv1.
423+
424+=back
425
426-SSL_CTX_new() initializes the list of ciphers, the session cache setting,
427-the callbacks, the keys and certificates and the options to its default
428-values.
429+SSL_CTX_new() initializes the list of ciphers, the session cache setting, the
430+callbacks, the keys and certificates and the options to its default values.
431
432 =head1 RETURN VALUES
433
434@@ -91,8 +156,8 @@ The following return values can occur:
435
436 =item NULL
437
438-The creation of a new SSL_CTX object failed. Check the error stack to
439-find out the reason.
440+The creation of a new SSL_CTX object failed. Check the error stack to find out
441+the reason.
442
443 =item Pointer to an SSL_CTX object
444
445@@ -102,6 +167,7 @@ The return value points to an allocated SSL_CTX object.
446
447 =head1 SEE ALSO
448
449+L<SSL_CTX_set_options(3)>, L<SSL_CTX_clear_options(3)>, L<SSL_set_options(3)>,
450 L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
451 L<ssl(3)|ssl(3)>, L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
452
453diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod
454index e80a72c..9a7e98c 100644
455--- a/doc/ssl/SSL_CTX_set_options.pod
456+++ b/doc/ssl/SSL_CTX_set_options.pod
457@@ -189,15 +189,25 @@ browser has a cert, it will crash/hang. Works for 3.x and 4.xbeta
458 =item SSL_OP_NO_SSLv2
459
460 Do not use the SSLv2 protocol.
461+As of OpenSSL 1.0.2g the B<SSL_OP_NO_SSLv2> option is set by default.
462
463 =item SSL_OP_NO_SSLv3
464
465 Do not use the SSLv3 protocol.
466+It is recommended that applications should set this option.
467
468 =item SSL_OP_NO_TLSv1
469
470 Do not use the TLSv1 protocol.
471
472+=item SSL_OP_NO_TLSv1_1
473+
474+Do not use the TLSv1.1 protocol.
475+
476+=item SSL_OP_NO_TLSv1_2
477+
478+Do not use the TLSv1.2 protocol.
479+
480 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
481
482 When performing renegotiation as a server, always start a new session
483diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
484index 242087e..70cca17 100644
485--- a/doc/ssl/ssl.pod
486+++ b/doc/ssl/ssl.pod
487@@ -130,41 +130,86 @@ protocol methods defined in B<SSL_METHOD> structures.
488
489 =over 4
490
491-=item const SSL_METHOD *B<SSLv2_client_method>(void);
492+=item const SSL_METHOD *B<SSLv23_method>(void);
493
494-Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
495+Constructor for the I<version-flexible> SSL_METHOD structure for
496+clients, servers or both.
497+See L<SSL_CTX_new(3)> for details.
498
499-=item const SSL_METHOD *B<SSLv2_server_method>(void);
500+=item const SSL_METHOD *B<SSLv23_client_method>(void);
501
502-Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
503+Constructor for the I<version-flexible> SSL_METHOD structure for
504+clients.
505
506-=item const SSL_METHOD *B<SSLv2_method>(void);
507+=item const SSL_METHOD *B<SSLv23_client_method>(void);
508
509-Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
510+Constructor for the I<version-flexible> SSL_METHOD structure for
511+servers.
512
513-=item const SSL_METHOD *B<SSLv3_client_method>(void);
514+=item const SSL_METHOD *B<TLSv1_2_method>(void);
515
516-Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
517+Constructor for the TLSv1.2 SSL_METHOD structure for clients, servers
518+or both.
519
520-=item const SSL_METHOD *B<SSLv3_server_method>(void);
521+=item const SSL_METHOD *B<TLSv1_2_client_method>(void);
522
523-Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
524+Constructor for the TLSv1.2 SSL_METHOD structure for clients.
525
526-=item const SSL_METHOD *B<SSLv3_method>(void);
527+=item const SSL_METHOD *B<TLSv1_2_server_method>(void);
528+
529+Constructor for the TLSv1.2 SSL_METHOD structure for servers.
530+
531+=item const SSL_METHOD *B<TLSv1_1_method>(void);
532
533-Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
534+Constructor for the TLSv1.1 SSL_METHOD structure for clients, servers
535+or both.
536+
537+=item const SSL_METHOD *B<TLSv1_1_client_method>(void);
538+
539+Constructor for the TLSv1.1 SSL_METHOD structure for clients.
540+
541+=item const SSL_METHOD *B<TLSv1_1_server_method>(void);
542+
543+Constructor for the TLSv1.1 SSL_METHOD structure for servers.
544+
545+=item const SSL_METHOD *B<TLSv1_method>(void);
546+
547+Constructor for the TLSv1 SSL_METHOD structure for clients, servers
548+or both.
549
550 =item const SSL_METHOD *B<TLSv1_client_method>(void);
551
552-Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
553+Constructor for the TLSv1 SSL_METHOD structure for clients.
554
555 =item const SSL_METHOD *B<TLSv1_server_method>(void);
556
557-Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
558+Constructor for the TLSv1 SSL_METHOD structure for servers.
559
560-=item const SSL_METHOD *B<TLSv1_method>(void);
561+=item const SSL_METHOD *B<SSLv3_method>(void);
562+
563+Constructor for the SSLv3 SSL_METHOD structure for clients, servers
564+or both.
565+
566+=item const SSL_METHOD *B<SSLv3_client_method>(void);
567+
568+Constructor for the SSLv3 SSL_METHOD structure for clients.
569+
570+=item const SSL_METHOD *B<SSLv3_server_method>(void);
571+
572+Constructor for the SSLv3 SSL_METHOD structure for servers.
573+
574+=item const SSL_METHOD *B<SSLv2_method>(void);
575+
576+Constructor for the SSLv2 SSL_METHOD structure for clients, servers
577+or both.
578+
579+=item const SSL_METHOD *B<SSLv2_client_method>(void);
580+
581+Constructor for the SSLv2 SSL_METHOD structure for clients.
582+
583+=item const SSL_METHOD *B<SSLv2_server_method>(void);
584
585-Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
586+Constructor for the SSLv2 SSL_METHOD structure for servers.
587
588 =back
589
590--
5912.3.5
592
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch
new file mode 100644
index 0000000..d260244
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch
@@ -0,0 +1,503 @@
1From bc38a7d2d3c6082163c50ddf99464736110f2000 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Fri, 19 Feb 2016 13:05:11 -0500
4Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default
5MIME-Version: 1.0
6Content-Type: text/plain; charset=UTF-8
7Content-Transfer-Encoding: 8bit
8
9Reviewed-by: Emilia Käsper <emilia@openssl.org>
10
11Upstream-Status: Backport
12
13https://git.openssl.org/?p=openssl.git;a=commit;h=bc38a7d2d3c6082163c50ddf99464736110f2000
14
15CVE: CVE-2016-0800 #3 patch
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 CHANGES | 5 +++++
20 Configure | 5 +++++
21 NEWS | 1 +
22 doc/apps/ciphers.pod | 30 ++++++++++++++++++++---------
23 ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++
24 5 files changed, 86 insertions(+), 9 deletions(-)
25
26Index: openssl-1.0.2d/Configure
27===================================================================
28--- openssl-1.0.2d.orig/Configure
29+++ openssl-1.0.2d/Configure
30@@ -58,6 +58,10 @@ my $usage="Usage: Configure [no-<cipher>
31 # library and will be loaded in run-time by the OpenSSL library.
32 # sctp include SCTP support
33 # 386 generate 80386 code
34+# enable-weak-ssl-ciphers
35+# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
36+# default. Note, weak SSLv2 ciphers are unconditionally
37+# disabled.
38 # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
39 # no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
40 # -<xxx> +<xxx> compiler options are passed through
41@@ -853,6 +857,7 @@ my %disabled = ( # "what" => "co
42 "ssl2" => "default",
43 "store" => "experimental",
44 "unit-test" => "default",
45+ "weak-ssl-ciphers" => "default",
46 "zlib" => "default",
47 "zlib-dynamic" => "default"
48 );
49Index: openssl-1.0.2d/doc/apps/ciphers.pod
50===================================================================
51--- openssl-1.0.2d.orig/doc/apps/ciphers.pod
52+++ openssl-1.0.2d/doc/apps/ciphers.pod
53@@ -136,34 +136,46 @@ than 128 bits, and some cipher suites wi
54
55 =item B<LOW>
56
57-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms
58-but excluding export cipher suites.
59+Low strength encryption cipher suites, currently those using 64 or 56 bit
60+encryption algorithms but excluding export cipher suites.
61+As of OpenSSL 1.0.2g, these are disabled in default builds.
62
63 =item B<EXP>, B<EXPORT>
64
65-export encryption algorithms. Including 40 and 56 bits algorithms.
66+Export strength encryption algorithms. Including 40 and 56 bits algorithms.
67+As of OpenSSL 1.0.2g, these are disabled in default builds.
68
69 =item B<EXPORT40>
70
71-40 bit export encryption algorithms
72+40-bit export encryption algorithms
73+As of OpenSSL 1.0.2g, these are disabled in default builds.
74
75 =item B<EXPORT56>
76
77-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
78+56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of
79 56 bit export ciphers is empty unless OpenSSL has been explicitly configured
80 with support for experimental ciphers.
81+As of OpenSSL 1.0.2g, these are disabled in default builds.
82
83 =item B<eNULL>, B<NULL>
84
85-the "NULL" ciphers that is those offering no encryption. Because these offer no
86-encryption at all and are a security risk they are disabled unless explicitly
87-included.
88+The "NULL" ciphers that is those offering no encryption. Because these offer no
89+encryption at all and are a security risk they are not enabled via either the
90+B<DEFAULT> or B<ALL> cipher strings.
91+Be careful when building cipherlists out of lower-level primitives such as
92+B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers.
93+When in doubt, include B<!eNULL> in your cipherlist.
94
95 =item B<aNULL>
96
97-the cipher suites offering no authentication. This is currently the anonymous
98+The cipher suites offering no authentication. This is currently the anonymous
99 DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
100 to a "man in the middle" attack and so their use is normally discouraged.
101+These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
102+ciphers.
103+Be careful when building cipherlists out of lower-level primitives such as
104+B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
105+When in doubt, include B<!aNULL> in your cipherlist.
106
107 =item B<kRSA>, B<RSA>
108
109Index: openssl-1.0.2d/ssl/s3_lib.c
110===================================================================
111--- openssl-1.0.2d.orig/ssl/s3_lib.c
112+++ openssl-1.0.2d/ssl/s3_lib.c
113@@ -198,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
114 },
115
116 /* Cipher 03 */
117+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
118 {
119 1,
120 SSL3_TXT_RSA_RC4_40_MD5,
121@@ -212,6 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
122 40,
123 128,
124 },
125+#endif
126
127 /* Cipher 04 */
128 {
129@@ -246,6 +248,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
130 },
131
132 /* Cipher 06 */
133+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
134 {
135 1,
136 SSL3_TXT_RSA_RC2_40_MD5,
137@@ -260,6 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
138 40,
139 128,
140 },
141+#endif
142
143 /* Cipher 07 */
144 #ifndef OPENSSL_NO_IDEA
145@@ -280,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
146 #endif
147
148 /* Cipher 08 */
149+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
150 {
151 1,
152 SSL3_TXT_RSA_DES_40_CBC_SHA,
153@@ -294,8 +299,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
154 40,
155 56,
156 },
157+#endif
158
159 /* Cipher 09 */
160+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
161 {
162 1,
163 SSL3_TXT_RSA_DES_64_CBC_SHA,
164@@ -310,6 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
165 56,
166 56,
167 },
168+#endif
169
170 /* Cipher 0A */
171 {
172@@ -329,6 +337,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
173
174 /* The DH ciphers */
175 /* Cipher 0B */
176+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
177 {
178 0,
179 SSL3_TXT_DH_DSS_DES_40_CBC_SHA,
180@@ -343,8 +352,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
181 40,
182 56,
183 },
184+#endif
185
186 /* Cipher 0C */
187+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
188 {
189 1,
190 SSL3_TXT_DH_DSS_DES_64_CBC_SHA,
191@@ -359,6 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
192 56,
193 56,
194 },
195+#endif
196
197 /* Cipher 0D */
198 {
199@@ -377,6 +389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
200 },
201
202 /* Cipher 0E */
203+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
204 {
205 0,
206 SSL3_TXT_DH_RSA_DES_40_CBC_SHA,
207@@ -391,8 +404,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
208 40,
209 56,
210 },
211+#endif
212
213 /* Cipher 0F */
214+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
215 {
216 1,
217 SSL3_TXT_DH_RSA_DES_64_CBC_SHA,
218@@ -407,6 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
219 56,
220 56,
221 },
222+#endif
223
224 /* Cipher 10 */
225 {
226@@ -426,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
227
228 /* The Ephemeral DH ciphers */
229 /* Cipher 11 */
230+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
231 {
232 1,
233 SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
234@@ -440,8 +457,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
235 40,
236 56,
237 },
238+#endif
239
240 /* Cipher 12 */
241+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
242 {
243 1,
244 SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
245@@ -456,6 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
246 56,
247 56,
248 },
249+#endif
250
251 /* Cipher 13 */
252 {
253@@ -474,6 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
254 },
255
256 /* Cipher 14 */
257+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
258 {
259 1,
260 SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
261@@ -488,8 +509,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
262 40,
263 56,
264 },
265+#endif
266
267 /* Cipher 15 */
268+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
269 {
270 1,
271 SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
272@@ -504,6 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
273 56,
274 56,
275 },
276+#endif
277
278 /* Cipher 16 */
279 {
280@@ -522,6 +546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
281 },
282
283 /* Cipher 17 */
284+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
285 {
286 1,
287 SSL3_TXT_ADH_RC4_40_MD5,
288@@ -536,6 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
289 40,
290 128,
291 },
292+#endif
293
294 /* Cipher 18 */
295 {
296@@ -554,6 +580,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
297 },
298
299 /* Cipher 19 */
300+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
301 {
302 1,
303 SSL3_TXT_ADH_DES_40_CBC_SHA,
304@@ -568,8 +595,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
305 40,
306 128,
307 },
308+#endif
309
310 /* Cipher 1A */
311+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
312 {
313 1,
314 SSL3_TXT_ADH_DES_64_CBC_SHA,
315@@ -584,6 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
316 56,
317 56,
318 },
319+#endif
320
321 /* Cipher 1B */
322 {
323@@ -655,6 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
324 #ifndef OPENSSL_NO_KRB5
325 /* The Kerberos ciphers*/
326 /* Cipher 1E */
327+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
328 {
329 1,
330 SSL3_TXT_KRB5_DES_64_CBC_SHA,
331@@ -669,6 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
332 56,
333 56,
334 },
335+# endif
336
337 /* Cipher 1F */
338 {
339@@ -719,6 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
340 },
341
342 /* Cipher 22 */
343+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
344 {
345 1,
346 SSL3_TXT_KRB5_DES_64_CBC_MD5,
347@@ -733,6 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
348 56,
349 56,
350 },
351+# endif
352
353 /* Cipher 23 */
354 {
355@@ -783,6 +817,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
356 },
357
358 /* Cipher 26 */
359+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
360 {
361 1,
362 SSL3_TXT_KRB5_DES_40_CBC_SHA,
363@@ -797,8 +832,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
364 40,
365 56,
366 },
367+# endif
368
369 /* Cipher 27 */
370+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
371 {
372 1,
373 SSL3_TXT_KRB5_RC2_40_CBC_SHA,
374@@ -813,8 +850,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
375 40,
376 128,
377 },
378+# endif
379
380 /* Cipher 28 */
381+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
382 {
383 1,
384 SSL3_TXT_KRB5_RC4_40_SHA,
385@@ -829,8 +868,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
386 40,
387 128,
388 },
389+# endif
390
391 /* Cipher 29 */
392+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
393 {
394 1,
395 SSL3_TXT_KRB5_DES_40_CBC_MD5,
396@@ -845,8 +886,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
397 40,
398 56,
399 },
400+# endif
401
402 /* Cipher 2A */
403+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
404 {
405 1,
406 SSL3_TXT_KRB5_RC2_40_CBC_MD5,
407@@ -861,8 +904,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
408 40,
409 128,
410 },
411+# endif
412
413 /* Cipher 2B */
414+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
415 {
416 1,
417 SSL3_TXT_KRB5_RC4_40_MD5,
418@@ -877,6 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
419 40,
420 128,
421 },
422+# endif
423 #endif /* OPENSSL_NO_KRB5 */
424
425 /* New AES ciphersuites */
426@@ -1300,6 +1346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
427 # endif
428
429 /* Cipher 62 */
430+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
431 {
432 1,
433 TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA,
434@@ -1314,8 +1361,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
435 56,
436 56,
437 },
438+# endif
439
440 /* Cipher 63 */
441+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
442 {
443 1,
444 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
445@@ -1330,8 +1379,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
446 56,
447 56,
448 },
449+# endif
450
451 /* Cipher 64 */
452+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
453 {
454 1,
455 TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA,
456@@ -1346,8 +1397,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
457 56,
458 128,
459 },
460+# endif
461
462 /* Cipher 65 */
463+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
464 {
465 1,
466 TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
467@@ -1362,6 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
468 56,
469 128,
470 },
471+# endif
472
473 /* Cipher 66 */
474 {
475Index: openssl-1.0.2d/CHANGES
476===================================================================
477--- openssl-1.0.2d.orig/CHANGES
478+++ openssl-1.0.2d/CHANGES
479@@ -2,7 +2,11 @@
480 OpenSSL CHANGES
481 _______________
482
483-
484+ * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
485+ Builds that are not configured with "enable-weak-ssl-ciphers" will not
486+ provide any "EXPORT" or "LOW" strength ciphers.
487+ [Viktor Dukhovni]
488+
489 * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2
490 is by default disabled at build-time. Builds that are not configured with
491 "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used,
492Index: openssl-1.0.2d/NEWS
493===================================================================
494--- openssl-1.0.2d.orig/NEWS
495+++ openssl-1.0.2d/NEWS
496@@ -1,6 +1,7 @@
497
498 NEWS
499 ====
500+ Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
501 Disable SSLv2 default build, default negotiation and weak ciphers.
502
503 This file gives a brief overview of the major changes between each OpenSSL
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 726896b..6aa50e6 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -42,6 +42,9 @@ SRC_URI += "file://configure-targets.patch \
42 file://CVE-2015-3197.patch \ 42 file://CVE-2015-3197.patch \
43 file://CVE-2016-0701_1.patch \ 43 file://CVE-2016-0701_1.patch \
44 file://CVE-2016-0701_2.patch \ 44 file://CVE-2016-0701_2.patch \
45 file://CVE-2016-0800.patch \
46 file://CVE-2016-0800_2.patch \
47 file://CVE-2016-0800_3.patch \
45 " 48 "
46 49
47SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a" 50SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"