openssl: Fix for CVE-2014-3568

Fix for no-ssl3 configuration option This patch is a backport from OpenSSL_1.0.1j. (From OE-Core rev: 97e7b7a96178cf32411309f3e9e3e3b138d2050b) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2014-11-06 07:14:33 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-11-06 11:42:31 +0000
commit: faaf75d24faa9862407cd478317101d155bb3129 (patch)
tree: 97d0c5a85937eda2ac9393e4e760429292e0ea6c /meta
parent: 10b5ec0ec8df33ec3d48e0a650e596ec39250081 (diff)
download: poky-faaf75d24faa9862407cd478317101d155bb3129.tar.gz
2 files changed, 100 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch
new file mode 100644
index 0000000000..7313f9b2c3
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch
@@ -0,0 +1,99 @@
+From 26a59d9b46574e457870197dffa802871b4c8fc7 Mon Sep 17 00:00:00 2001
+From: Geoff Thorpe <geoff@openssl.org>
+Date: Wed, 15 Oct 2014 03:25:50 -0400
+Subject: [PATCH] Fix no-ssl3 configuration option
+CVE-2014-3568
+Reviewed-by: Emilia Kasper <emilia@openssl.org>
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
+---
+ ssl/s23_clnt.c |    9 +++++++--
+ ssl/s23_srvr.c |   18 +++++++++---------
+ 2 files changed, 16 insertions(+), 11 deletions(-)
+diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
+index d4e43c3..86ab3de 100644
+--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
+@@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
+        if (ver == SSL2_VERSION)
+                return(SSLv2_client_method());
+ #endif
+#ifndef OPENSSL_NO_SSL3
+        if (ver == SSL3_VERSION)
+                return(SSLv3_client_method());
+-       else if (ver == TLS1_VERSION)
+#endif
+       if (ver == TLS1_VERSION)
+                return(TLSv1_client_method());
+        else if (ver == TLS1_1_VERSION)
+                return(TLSv1_1_client_method());
+@@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s)
+                {
+                /* we have sslv3 or tls1 (server hello or alert) */
+ 
+#ifndef OPENSSL_NO_SSL3
+                if ((p[2] == SSL3_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_SSLv3))
+                        {
+@@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s)
+                        s->version=SSL3_VERSION;
+                        s->method=SSLv3_client_method();
+                        }
+-               else if ((p[2] == TLS1_VERSION_MINOR) &&
+               else
+#endif
+               if ((p[2] == TLS1_VERSION_MINOR) &&
+                        !(s->options & SSL_OP_NO_TLSv1))
+                        {
+                        s->version=TLS1_VERSION;
+diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
+index 567a6b1..93ca7d5 100644
+--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
+@@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
+        if (ver == SSL2_VERSION)
+                return(SSLv2_server_method());
+ #endif
+#ifndef OPENSSL_NO_SSL3
+        if (ver == SSL3_VERSION)
+                return(SSLv3_server_method());
+-       else if (ver == TLS1_VERSION)
+#endif
+       if (ver == TLS1_VERSION)
+                return(TLSv1_server_method());
+        else if (ver == TLS1_1_VERSION)
+                return(TLSv1_1_server_method());
+@@ -600,6 +602,12 @@ int ssl23_get_client_hello(SSL *s)
+        if ((type == 2) || (type == 3))
+                {
+                /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
+                s->method = ssl23_get_server_method(s->version);
+               if (s->method == NULL)
+                       {
+                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
+                       goto err;
+                       }
+ 
+                if (!ssl_init_wbio_buffer(s,1)) goto err;
+ 
+@@ -627,14 +635,6 @@ int ssl23_get_client_hello(SSL *s)
+                        s->s3->rbuf.left=0;
+                        s->s3->rbuf.offset=0;
+                        }
+-               if (s->version == TLS1_2_VERSION)
+-                       s->method = TLSv1_2_server_method();
+-               else if (s->version == TLS1_1_VERSION)
+-                       s->method = TLSv1_1_server_method();
+-               else if (s->version == TLS1_VERSION)
+-                       s->method = TLSv1_server_method();
+-               else
+-                       s->method = SSLv3_server_method();
+ #if 0 /* ssl3_get_client_hello does this */
+                s->client_version=(v[0]<<8)|v[1];
+ #endif
+-- 
+1.7.9.5
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index 6af4ee9503..b4d59ae2b0 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -47,6 +47,7 @@ SRC_URI += "file://configure-targets.patch \
            file://openssl-fix-CVE-2014-3566.patch \
            file://openssl-fix-CVE-2014-3513.patch \
            file://openssl-fix-CVE-2014-3567.patch \
+            file://openssl-fix-CVE-2014-3568.patch \
           "
 SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
author	Sona Sarmadi <sona.sarmadi@enea.com>	2014-11-06 07:14:33 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-11-06 11:42:31 +0000
commit	faaf75d24faa9862407cd478317101d155bb3129 (patch)
tree	97d0c5a85937eda2ac9393e4e760429292e0ea6c /meta
parent	10b5ec0ec8df33ec3d48e0a650e596ec39250081 (diff)
download	poky-faaf75d24faa9862407cd478317101d155bb3129.tar.gz

diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch new file mode 100644 index 0000000000..7313f9b2c3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-fix-CVE-2014-3568.patch
@@ -0,0 +1,99 @@
		1	From 26a59d9b46574e457870197dffa802871b4c8fc7 Mon Sep 17 00:00:00 2001
		2	From: Geoff Thorpe <geoff@openssl.org>
		3	Date: Wed, 15 Oct 2014 03:25:50 -0400
		4	Subject: [PATCH] Fix no-ssl3 configuration option
		5
		6	CVE-2014-3568
		7
		8	Reviewed-by: Emilia Kasper <emilia@openssl.org>
		9	Reviewed-by: Rich Salz <rsalz@openssl.org>
		10	Signed-off-by: Catalin Popeanga <catalin.popeanga@enea.com>
		11	---
		12	ssl/s23_clnt.c \| 9 +++++++--
		13	ssl/s23_srvr.c \| 18 +++++++++---------
		14	2 files changed, 16 insertions(+), 11 deletions(-)
		15
		16	diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
		17	index d4e43c3..86ab3de 100644
		18	--- a/ssl/s23_clnt.c
		19	+++ b/ssl/s23_clnt.c
		20	@@ -125,9 +125,11 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
		21	if (ver == SSL2_VERSION)
		22	return(SSLv2_client_method());
		23	#endif
		24	+#ifndef OPENSSL_NO_SSL3
		25	if (ver == SSL3_VERSION)
		26	return(SSLv3_client_method());
		27	- else if (ver == TLS1_VERSION)
		28	+#endif
		29	+ if (ver == TLS1_VERSION)
		30	return(TLSv1_client_method());
		31	else if (ver == TLS1_1_VERSION)
		32	return(TLSv1_1_client_method());
		33	@@ -698,6 +700,7 @@ static int ssl23_get_server_hello(SSL *s)
		34	{
		35	/* we have sslv3 or tls1 (server hello or alert) */
		36
		37	+#ifndef OPENSSL_NO_SSL3
		38	if ((p[2] == SSL3_VERSION_MINOR) &&
		39	!(s->options & SSL_OP_NO_SSLv3))
		40	{
		41	@@ -712,7 +715,9 @@ static int ssl23_get_server_hello(SSL *s)
		42	s->version=SSL3_VERSION;
		43	s->method=SSLv3_client_method();
		44	}
		45	- else if ((p[2] == TLS1_VERSION_MINOR) &&
		46	+ else
		47	+#endif
		48	+ if ((p[2] == TLS1_VERSION_MINOR) &&
		49	!(s->options & SSL_OP_NO_TLSv1))
		50	{
		51	s->version=TLS1_VERSION;
		52	diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
		53	index 567a6b1..93ca7d5 100644
		54	--- a/ssl/s23_srvr.c
		55	+++ b/ssl/s23_srvr.c
		56	@@ -127,9 +127,11 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
		57	if (ver == SSL2_VERSION)
		58	return(SSLv2_server_method());
		59	#endif
		60	+#ifndef OPENSSL_NO_SSL3
		61	if (ver == SSL3_VERSION)
		62	return(SSLv3_server_method());
		63	- else if (ver == TLS1_VERSION)
		64	+#endif
		65	+ if (ver == TLS1_VERSION)
		66	return(TLSv1_server_method());
		67	else if (ver == TLS1_1_VERSION)
		68	return(TLSv1_1_server_method());
		69	@@ -600,6 +602,12 @@ int ssl23_get_client_hello(SSL *s)
		70	if ((type == 2) \|\| (type == 3))
		71	{
		72	/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
		73	+ s->method = ssl23_get_server_method(s->version);
		74	+ if (s->method == NULL)
		75	+ {
		76	+ SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
		77	+ goto err;
		78	+ }
		79
		80	if (!ssl_init_wbio_buffer(s,1)) goto err;
		81
		82	@@ -627,14 +635,6 @@ int ssl23_get_client_hello(SSL *s)
		83	s->s3->rbuf.left=0;
		84	s->s3->rbuf.offset=0;
		85	}
		86	- if (s->version == TLS1_2_VERSION)
		87	- s->method = TLSv1_2_server_method();
		88	- else if (s->version == TLS1_1_VERSION)
		89	- s->method = TLSv1_1_server_method();
		90	- else if (s->version == TLS1_VERSION)
		91	- s->method = TLSv1_server_method();
		92	- else
		93	- s->method = SSLv3_server_method();
		94	#if 0 /* ssl3_get_client_hello does this */
		95	s->client_version=(v[0]<<8)\|v[1];
		96	#endif
		97	--
		98	1.7.9.5
		99


diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 6af4ee9503..b4d59ae2b0 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -47,6 +47,7 @@ SRC_URI += "file://configure-targets.patch \
47	file://openssl-fix-CVE-2014-3566.patch \	47	file://openssl-fix-CVE-2014-3566.patch \
48	file://openssl-fix-CVE-2014-3513.patch \	48	file://openssl-fix-CVE-2014-3513.patch \
49	file://openssl-fix-CVE-2014-3567.patch \	49	file://openssl-fix-CVE-2014-3567.patch \
		50	file://openssl-fix-CVE-2014-3568.patch \
50	"	51	"
51		52
52	SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"	53	SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"