openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)

* CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Robert Yang <liezhi.yang@windriver.com> 2016-05-11 00:43:28 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-11 18:00:11 +0100
commit: 3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree: 0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
parent: 8463c062909dba7367d56105cc56126ba971984e (diff)
download: poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz
1 files changed, 0 insertions, 102 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
deleted file mode 100644
index cf2d9a7b04..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 18 Jan 2016 11:31:58 +0000
-Subject: [PATCH] Prevent small subgroup attacks on DH/DHE
-Historically OpenSSL only ever generated DH parameters based on "safe"
-primes. More recently (in version 1.0.2) support was provided for
-generating X9.42 style parameter files such as those required for RFC
-5114 support. The primes used in such files may not be "safe". Where an
-application is using DH configured with parameters based on primes that
-are not "safe" then an attacker could use this fact to find a peer's
-private DH exponent. This attack requires that the attacker complete
-multiple handshakes in which the peer uses the same DH exponent.
-A simple mitigation is to ensure that y^q (mod p) == 1
-CVE-2016-0701 (fix part 1 of 2)
-Issue reported by Antonio Sanso.
-Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
-Upstream-Status: Backport
-https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648
-CVE: CVE-2016-0701
-Signed-of-by: Armin Kuster <akuster@mvisa.com>
---
- crypto/dh/dh.h       |  1 +
- crypto/dh/dh_check.c | 35 +++++++++++++++++++++++++----------
- 2 files changed, 26 insertions(+), 10 deletions(-)
-diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
-index b177673..5498a9d 100644
--- a/crypto/dh/dh.h
-+++ b/crypto/dh/dh.h
-@@ -174,6 +174,7 @@ struct dh_st {
- /* DH_check_pub_key error codes */
- # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
- # define DH_CHECK_PUBKEY_TOO_LARGE       0x02
-+# define DH_CHECK_PUBKEY_INVALID         0x03
- 
- /*
-  * primes p where (p-1)/2 is prime too are called "safe"; we define this for
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 347467c..5adedc0 100644
--- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret)
- int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
- {
-     int ok = 0;
-    BIGNUM *q = NULL;
-+    BIGNUM *tmp = NULL;
-+    BN_CTX *ctx = NULL;
- 
-     *ret = 0;
-    q = BN_new();
-    if (q == NULL)
-+    ctx = BN_CTX_new();
-+    if (ctx == NULL)
-         goto err;
-    BN_set_word(q, 1);
-    if (BN_cmp(pub_key, q) <= 0)
-+    BN_CTX_start(ctx);
-+    tmp = BN_CTX_get(ctx);
-+    if (tmp == NULL)
-+        goto err;
-+    BN_set_word(tmp, 1);
-+    if (BN_cmp(pub_key, tmp) <= 0)
-         *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
-    BN_copy(q, dh->p);
-    BN_sub_word(q, 1);
-    if (BN_cmp(pub_key, q) >= 0)
-+    BN_copy(tmp, dh->p);
-+    BN_sub_word(tmp, 1);
-+    if (BN_cmp(pub_key, tmp) >= 0)
-         *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
- 
-+    if (dh->q != NULL) {
-+        /* Check pub_key^q == 1 mod p */
-+        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
-+            goto err;
-+        if (!BN_is_one(tmp))
-+            *ret |= DH_CHECK_PUBKEY_INVALID;
-+    }
-+
-     ok = 1;
-  err:
-    if (q != NULL)
-        BN_free(q);
-+    if (ctx != NULL) {
-+        BN_CTX_end(ctx);
-+        BN_CTX_free(ctx);
-+    }
-     return (ok);
- }
-- 
-2.3.5
author	Robert Yang <liezhi.yang@windriver.com>	2016-05-11 00:43:28 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-05-11 18:00:11 +0100
commit	3cea047b6cc9e93308e5aebbacc74183438fae57 (patch)
tree	0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch
parent	8463c062909dba7367d56105cc56126ba971984e (diff)
download	poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch deleted file mode 100644 index cf2d9a7b04..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch +++ /dev/null
@@ -1,102 +0,0 @@
1	From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001
2	From: Matt Caswell <matt@openssl.org>
3	Date: Mon, 18 Jan 2016 11:31:58 +0000
4	Subject: [PATCH] Prevent small subgroup attacks on DH/DHE
5
6	Historically OpenSSL only ever generated DH parameters based on "safe"
7	primes. More recently (in version 1.0.2) support was provided for
8	generating X9.42 style parameter files such as those required for RFC
9	5114 support. The primes used in such files may not be "safe". Where an
10	application is using DH configured with parameters based on primes that
11	are not "safe" then an attacker could use this fact to find a peer's
12	private DH exponent. This attack requires that the attacker complete
13	multiple handshakes in which the peer uses the same DH exponent.
14
15	A simple mitigation is to ensure that y^q (mod p) == 1
16
17	CVE-2016-0701 (fix part 1 of 2)
18
19	Issue reported by Antonio Sanso.
20
21	Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
22
23	Upstream-Status: Backport
24
25	https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648
26
27	CVE: CVE-2016-0701
28	Signed-of-by: Armin Kuster <akuster@mvisa.com>
29
30	---
31	crypto/dh/dh.h \| 1 +
32	crypto/dh/dh_check.c \| 35 +++++++++++++++++++++++++----------
33	2 files changed, 26 insertions(+), 10 deletions(-)
34
35	diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h
36	index b177673..5498a9d 100644
37	--- a/crypto/dh/dh.h
38	+++ b/crypto/dh/dh.h
39	@@ -174,6 +174,7 @@ struct dh_st {
40	/* DH_check_pub_key error codes */
41	# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
42	# define DH_CHECK_PUBKEY_TOO_LARGE 0x02
43	+# define DH_CHECK_PUBKEY_INVALID 0x03
44
45	/*
46	* primes p where (p-1)/2 is prime too are called "safe"; we define this for
47	diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
48	index 347467c..5adedc0 100644
49	--- a/crypto/dh/dh_check.c
50	+++ b/crypto/dh/dh_check.c
51	@@ -151,23 +151,38 @@ int DH_check(const DH dh, int ret)
52	int DH_check_pub_key(const DH dh, const BIGNUM pub_key, int *ret)
53	{
54	int ok = 0;
55	- BIGNUM *q = NULL;
56	+ BIGNUM *tmp = NULL;
57	+ BN_CTX *ctx = NULL;
58
59	*ret = 0;
60	- q = BN_new();
61	- if (q == NULL)
62	+ ctx = BN_CTX_new();
63	+ if (ctx == NULL)
64	goto err;
65	- BN_set_word(q, 1);
66	- if (BN_cmp(pub_key, q) <= 0)
67	+ BN_CTX_start(ctx);
68	+ tmp = BN_CTX_get(ctx);
69	+ if (tmp == NULL)
70	+ goto err;
71	+ BN_set_word(tmp, 1);
72	+ if (BN_cmp(pub_key, tmp) <= 0)
73	*ret \|= DH_CHECK_PUBKEY_TOO_SMALL;
74	- BN_copy(q, dh->p);
75	- BN_sub_word(q, 1);
76	- if (BN_cmp(pub_key, q) >= 0)
77	+ BN_copy(tmp, dh->p);
78	+ BN_sub_word(tmp, 1);
79	+ if (BN_cmp(pub_key, tmp) >= 0)
80	*ret \|= DH_CHECK_PUBKEY_TOO_LARGE;
81
82	+ if (dh->q != NULL) {
83	+ /* Check pub_key^q == 1 mod p */
84	+ if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
85	+ goto err;
86	+ if (!BN_is_one(tmp))
87	+ *ret \|= DH_CHECK_PUBKEY_INVALID;
88	+ }
89	+
90	ok = 1;
91	err:
92	- if (q != NULL)
93	- BN_free(q);
94	+ if (ctx != NULL) {
95	+ BN_CTX_end(ctx);
96	+ BN_CTX_free(ctx);
97	+ }
98	return (ok);
99	}
100	--
101	2.3.5
102