From 13e4abbce92f9b7630563a0b7f9d8be6db3919c9 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Fri, 6 Mar 2015 07:26:43 +0100 Subject: openssl: multiple CVEs fixes This patch addresses following CVEs: CVE-2014-3569 CVE-2015-0204 CVE-2015-0205 CVE-2014-8275 CVE-2014-3571 CVE-2014-3570 Additional two patches (0004 & 0005) which were needed for CVE-2014-8275 have been backported from 1.0.1 stable (OpenSSL_1_0_1-stable) branch. Reference https://www.openssl.org/news/secadv_20150108.txt Signed-off-by: Sona Sarmadi --- .../openssl/openssl/0003-CVE-2015-0205.patch | 42 ++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch (limited to 'meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch b/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch new file mode 100644 index 0000000000..c4326d8c02 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/0003-CVE-2015-0205.patch @@ -0,0 +1,42 @@ +From 98a0f9660d374f58f79ee0efcc8c1672a805e8e8 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Thu, 23 Oct 2014 20:36:17 +0100 +Subject: [PATCH] Unauthenticated DH client certificate fix. + +Fix to prevent use of DH client certificates without sending +certificate verify message. + +If we've used a client certificate to generate the premaster secret +ssl3_get_client_key_exchange returns 2 and ssl3_get_cert_verify is +never called. + +We can only skip the certificate verify message in +ssl3_get_cert_verify if the client didn't send a certificate. + +Thanks to Karthikeyan Bhargavan for reporting this issue. +CVE-2015-0205 +Reviewed-by: Matt Caswell + +Upstream-Status: Backport + +Signed-off-by: Sona Sarmadi +--- + ssl/s3_srvr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c +index d883f86..fadca74 100644 +--- a/ssl/s3_srvr.c ++++ b/ssl/s3_srvr.c +@@ -3014,7 +3014,7 @@ int ssl3_get_cert_verify(SSL *s) + if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY) + { + s->s3->tmp.reuse_message=1; +- if ((peer != NULL) && (type & EVP_PKT_SIGN)) ++ if (peer != NULL) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE); +-- +1.9.1 + -- cgit v1.2.3-54-g00ecf