diff options
author | Robert Yang <liezhi.yang@windriver.com> | 2016-05-11 00:43:28 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-05-11 18:00:11 +0100 |
commit | 3cea047b6cc9e93308e5aebbacc74183438fae57 (patch) | |
tree | 0075f669416d5adb6da8b1b06f28aeafb6f32b68 /meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch | |
parent | 8463c062909dba7367d56105cc56126ba971984e (diff) | |
download | poky-3cea047b6cc9e93308e5aebbacc74183438fae57.tar.gz |
openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)
* CVEs:
- CVE-2016-0705
- CVE-2016-0798
- CVE-2016-0797
- CVE-2016-0799
- CVE-2016-0702
- CVE-2016-0703
- CVE-2016-0704
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
* The LICENSE's checksum is changed because of date changes (2011 ->
2016), the contents are the same.
* Remove backport patches
- 0001-Add-test-for-CVE-2015-3194.patch
- CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
- CVE-2015-3194-1-Add-PSS-parameter-check.patch
- CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
- CVE-2015-3197.patch
- CVE-2016-0701_1.patch
- CVE-2016-0701_2.patch
- CVE-2016-0800.patch
- CVE-2016-0800_2.patch
- CVE-2016-0800_3.patch
* Update crypto_use_bigint_in_x86-64_perl.patch
* Add version-script.patch and update block_diginotar.patch (From master branch)
* Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
(From Armin)
(From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3)
(From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch')
-rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch | 102 |
1 files changed, 0 insertions, 102 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch deleted file mode 100644 index cf2d9a7b04..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0701_1.patch +++ /dev/null | |||
@@ -1,102 +0,0 @@ | |||
1 | From 878e2c5b13010329c203f309ed0c8f2113f85648 Mon Sep 17 00:00:00 2001 | ||
2 | From: Matt Caswell <matt@openssl.org> | ||
3 | Date: Mon, 18 Jan 2016 11:31:58 +0000 | ||
4 | Subject: [PATCH] Prevent small subgroup attacks on DH/DHE | ||
5 | |||
6 | Historically OpenSSL only ever generated DH parameters based on "safe" | ||
7 | primes. More recently (in version 1.0.2) support was provided for | ||
8 | generating X9.42 style parameter files such as those required for RFC | ||
9 | 5114 support. The primes used in such files may not be "safe". Where an | ||
10 | application is using DH configured with parameters based on primes that | ||
11 | are not "safe" then an attacker could use this fact to find a peer's | ||
12 | private DH exponent. This attack requires that the attacker complete | ||
13 | multiple handshakes in which the peer uses the same DH exponent. | ||
14 | |||
15 | A simple mitigation is to ensure that y^q (mod p) == 1 | ||
16 | |||
17 | CVE-2016-0701 (fix part 1 of 2) | ||
18 | |||
19 | Issue reported by Antonio Sanso. | ||
20 | |||
21 | Reviewed-by: Viktor Dukhovni <viktor@openssl.org> | ||
22 | |||
23 | Upstream-Status: Backport | ||
24 | |||
25 | https://github.com/openssl/openssl/commit/878e2c5b13010329c203f309ed0c8f2113f85648 | ||
26 | |||
27 | CVE: CVE-2016-0701 | ||
28 | Signed-of-by: Armin Kuster <akuster@mvisa.com> | ||
29 | |||
30 | --- | ||
31 | crypto/dh/dh.h | 1 + | ||
32 | crypto/dh/dh_check.c | 35 +++++++++++++++++++++++++---------- | ||
33 | 2 files changed, 26 insertions(+), 10 deletions(-) | ||
34 | |||
35 | diff --git a/crypto/dh/dh.h b/crypto/dh/dh.h | ||
36 | index b177673..5498a9d 100644 | ||
37 | --- a/crypto/dh/dh.h | ||
38 | +++ b/crypto/dh/dh.h | ||
39 | @@ -174,6 +174,7 @@ struct dh_st { | ||
40 | /* DH_check_pub_key error codes */ | ||
41 | # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 | ||
42 | # define DH_CHECK_PUBKEY_TOO_LARGE 0x02 | ||
43 | +# define DH_CHECK_PUBKEY_INVALID 0x03 | ||
44 | |||
45 | /* | ||
46 | * primes p where (p-1)/2 is prime too are called "safe"; we define this for | ||
47 | diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c | ||
48 | index 347467c..5adedc0 100644 | ||
49 | --- a/crypto/dh/dh_check.c | ||
50 | +++ b/crypto/dh/dh_check.c | ||
51 | @@ -151,23 +151,38 @@ int DH_check(const DH *dh, int *ret) | ||
52 | int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) | ||
53 | { | ||
54 | int ok = 0; | ||
55 | - BIGNUM *q = NULL; | ||
56 | + BIGNUM *tmp = NULL; | ||
57 | + BN_CTX *ctx = NULL; | ||
58 | |||
59 | *ret = 0; | ||
60 | - q = BN_new(); | ||
61 | - if (q == NULL) | ||
62 | + ctx = BN_CTX_new(); | ||
63 | + if (ctx == NULL) | ||
64 | goto err; | ||
65 | - BN_set_word(q, 1); | ||
66 | - if (BN_cmp(pub_key, q) <= 0) | ||
67 | + BN_CTX_start(ctx); | ||
68 | + tmp = BN_CTX_get(ctx); | ||
69 | + if (tmp == NULL) | ||
70 | + goto err; | ||
71 | + BN_set_word(tmp, 1); | ||
72 | + if (BN_cmp(pub_key, tmp) <= 0) | ||
73 | *ret |= DH_CHECK_PUBKEY_TOO_SMALL; | ||
74 | - BN_copy(q, dh->p); | ||
75 | - BN_sub_word(q, 1); | ||
76 | - if (BN_cmp(pub_key, q) >= 0) | ||
77 | + BN_copy(tmp, dh->p); | ||
78 | + BN_sub_word(tmp, 1); | ||
79 | + if (BN_cmp(pub_key, tmp) >= 0) | ||
80 | *ret |= DH_CHECK_PUBKEY_TOO_LARGE; | ||
81 | |||
82 | + if (dh->q != NULL) { | ||
83 | + /* Check pub_key^q == 1 mod p */ | ||
84 | + if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx)) | ||
85 | + goto err; | ||
86 | + if (!BN_is_one(tmp)) | ||
87 | + *ret |= DH_CHECK_PUBKEY_INVALID; | ||
88 | + } | ||
89 | + | ||
90 | ok = 1; | ||
91 | err: | ||
92 | - if (q != NULL) | ||
93 | - BN_free(q); | ||
94 | + if (ctx != NULL) { | ||
95 | + BN_CTX_end(ctx); | ||
96 | + BN_CTX_free(ctx); | ||
97 | + } | ||
98 | return (ok); | ||
99 | } | ||
100 | -- | ||
101 | 2.3.5 | ||
102 | |||