From dbb46510cc7dc5b4050af453276d8c4cb843362a Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Tue, 1 Mar 2016 23:37:21 -0800 Subject: openssl: Security fix CVE-2016-0800 CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) https://www.openssl.org/news/secadv/20160301.txt (From OE-Core rev: 6c06c42594539bec4c360c8cc28ebee8a338e6b4) Signed-off-by: Armin Kuster Not required for master, an update to 1.0.2g has been submitted. Backport from jethro. Signed-off-by: Joshua Lock Signed-off-by: Richard Purdie --- .../openssl/openssl/CVE-2016-0800_3.patch | 503 +++++++++++++++++++++ 1 file changed, 503 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch') diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch new file mode 100644 index 0000000000..d2602447f3 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2016-0800_3.patch @@ -0,0 +1,503 @@ +From bc38a7d2d3c6082163c50ddf99464736110f2000 Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Fri, 19 Feb 2016 13:05:11 -0500 +Subject: [PATCH] Disable EXPORT and LOW SSLv3+ ciphers by default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Reviewed-by: Emilia Käsper + +Upstream-Status: Backport + +https://git.openssl.org/?p=openssl.git;a=commit;h=bc38a7d2d3c6082163c50ddf99464736110f2000 + +CVE: CVE-2016-0800 #3 patch +Signed-off-by: Armin Kuster + +--- + CHANGES | 5 +++++ + Configure | 5 +++++ + NEWS | 1 + + doc/apps/ciphers.pod | 30 ++++++++++++++++++++--------- + ssl/s3_lib.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 5 files changed, 86 insertions(+), 9 deletions(-) + +Index: openssl-1.0.2d/Configure +=================================================================== +--- openssl-1.0.2d.orig/Configure ++++ openssl-1.0.2d/Configure +@@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- + # library and will be loaded in run-time by the OpenSSL library. + # sctp include SCTP support + # 386 generate 80386 code ++# enable-weak-ssl-ciphers ++# Enable EXPORT and LOW SSLv3 ciphers that are disabled by ++# default. Note, weak SSLv2 ciphers are unconditionally ++# disabled. + # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 + # no- build without specified algorithm (rsa, idea, rc5, ...) + # - + compiler options are passed through +@@ -853,6 +857,7 @@ my %disabled = ( # "what" => "co + "ssl2" => "default", + "store" => "experimental", + "unit-test" => "default", ++ "weak-ssl-ciphers" => "default", + "zlib" => "default", + "zlib-dynamic" => "default" + ); +Index: openssl-1.0.2d/doc/apps/ciphers.pod +=================================================================== +--- openssl-1.0.2d.orig/doc/apps/ciphers.pod ++++ openssl-1.0.2d/doc/apps/ciphers.pod +@@ -136,34 +136,46 @@ than 128 bits, and some cipher suites wi + + =item B + +-"low" encryption cipher suites, currently those using 64 or 56 bit encryption algorithms +-but excluding export cipher suites. ++Low strength encryption cipher suites, currently those using 64 or 56 bit ++encryption algorithms but excluding export cipher suites. ++As of OpenSSL 1.0.2g, these are disabled in default builds. + + =item B, B + +-export encryption algorithms. Including 40 and 56 bits algorithms. ++Export strength encryption algorithms. Including 40 and 56 bits algorithms. ++As of OpenSSL 1.0.2g, these are disabled in default builds. + + =item B + +-40 bit export encryption algorithms ++40-bit export encryption algorithms ++As of OpenSSL 1.0.2g, these are disabled in default builds. + + =item B + +-56 bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of ++56-bit export encryption algorithms. In OpenSSL 0.9.8c and later the set of + 56 bit export ciphers is empty unless OpenSSL has been explicitly configured + with support for experimental ciphers. ++As of OpenSSL 1.0.2g, these are disabled in default builds. + + =item B, B + +-the "NULL" ciphers that is those offering no encryption. Because these offer no +-encryption at all and are a security risk they are disabled unless explicitly +-included. ++The "NULL" ciphers that is those offering no encryption. Because these offer no ++encryption at all and are a security risk they are not enabled via either the ++B or B cipher strings. ++Be careful when building cipherlists out of lower-level primitives such as ++B or B as these do overlap with the B ciphers. ++When in doubt, include B in your cipherlist. + + =item B + +-the cipher suites offering no authentication. This is currently the anonymous ++The cipher suites offering no authentication. This is currently the anonymous + DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable + to a "man in the middle" attack and so their use is normally discouraged. ++These are excluded from the B ciphers, but included in the B ++ciphers. ++Be careful when building cipherlists out of lower-level primitives such as ++B or B as these do overlap with the B ciphers. ++When in doubt, include B in your cipherlist. + + =item B, B + +Index: openssl-1.0.2d/ssl/s3_lib.c +=================================================================== +--- openssl-1.0.2d.orig/ssl/s3_lib.c ++++ openssl-1.0.2d/ssl/s3_lib.c +@@ -198,6 +198,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 03 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC4_40_MD5, +@@ -212,6 +213,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++#endif + + /* Cipher 04 */ + { +@@ -246,6 +248,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 06 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_RC2_40_MD5, +@@ -260,6 +263,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++#endif + + /* Cipher 07 */ + #ifndef OPENSSL_NO_IDEA +@@ -280,6 +284,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + #endif + + /* Cipher 08 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_DES_40_CBC_SHA, +@@ -294,8 +299,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++#endif + + /* Cipher 09 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_RSA_DES_64_CBC_SHA, +@@ -310,6 +317,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 0A */ + { +@@ -329,6 +337,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + + /* The DH ciphers */ + /* Cipher 0B */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 0, + SSL3_TXT_DH_DSS_DES_40_CBC_SHA, +@@ -343,8 +352,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++#endif + + /* Cipher 0C */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_DH_DSS_DES_64_CBC_SHA, +@@ -359,6 +370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 0D */ + { +@@ -377,6 +389,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 0E */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 0, + SSL3_TXT_DH_RSA_DES_40_CBC_SHA, +@@ -391,8 +404,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++#endif + + /* Cipher 0F */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_DH_RSA_DES_64_CBC_SHA, +@@ -407,6 +422,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 10 */ + { +@@ -426,6 +442,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + + /* The Ephemeral DH ciphers */ + /* Cipher 11 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, +@@ -440,8 +457,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++#endif + + /* Cipher 12 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, +@@ -456,6 +475,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 13 */ + { +@@ -474,6 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 14 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, +@@ -488,8 +509,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++#endif + + /* Cipher 15 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, +@@ -504,6 +527,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 16 */ + { +@@ -522,6 +546,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 17 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_ADH_RC4_40_MD5, +@@ -536,6 +561,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++#endif + + /* Cipher 18 */ + { +@@ -554,6 +580,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 19 */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_ADH_DES_40_CBC_SHA, +@@ -568,8 +595,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++#endif + + /* Cipher 1A */ ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_ADH_DES_64_CBC_SHA, +@@ -584,6 +613,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++#endif + + /* Cipher 1B */ + { +@@ -655,6 +685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + #ifndef OPENSSL_NO_KRB5 + /* The Kerberos ciphers*/ + /* Cipher 1E */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_DES_64_CBC_SHA, +@@ -669,6 +700,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++# endif + + /* Cipher 1F */ + { +@@ -719,6 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 22 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_DES_64_CBC_MD5, +@@ -733,6 +766,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++# endif + + /* Cipher 23 */ + { +@@ -783,6 +817,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + }, + + /* Cipher 26 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_DES_40_CBC_SHA, +@@ -797,8 +832,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++# endif + + /* Cipher 27 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_RC2_40_CBC_SHA, +@@ -813,8 +850,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++# endif + + /* Cipher 28 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_RC4_40_SHA, +@@ -829,8 +868,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++# endif + + /* Cipher 29 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_DES_40_CBC_MD5, +@@ -845,8 +886,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 56, + }, ++# endif + + /* Cipher 2A */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_RC2_40_CBC_MD5, +@@ -861,8 +904,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++# endif + + /* Cipher 2B */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + SSL3_TXT_KRB5_RC4_40_MD5, +@@ -877,6 +922,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 40, + 128, + }, ++# endif + #endif /* OPENSSL_NO_KRB5 */ + + /* New AES ciphersuites */ +@@ -1300,6 +1346,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + # endif + + /* Cipher 62 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, +@@ -1314,8 +1361,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++# endif + + /* Cipher 63 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, +@@ -1330,8 +1379,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 56, + }, ++# endif + + /* Cipher 64 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, +@@ -1346,8 +1397,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 128, + }, ++# endif + + /* Cipher 65 */ ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS + { + 1, + TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, +@@ -1362,6 +1415,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] + 56, + 128, + }, ++# endif + + /* Cipher 66 */ + { +Index: openssl-1.0.2d/CHANGES +=================================================================== +--- openssl-1.0.2d.orig/CHANGES ++++ openssl-1.0.2d/CHANGES +@@ -2,7 +2,11 @@ + OpenSSL CHANGES + _______________ + +- ++ * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. ++ Builds that are not configured with "enable-weak-ssl-ciphers" will not ++ provide any "EXPORT" or "LOW" strength ciphers. ++ [Viktor Dukhovni] ++ + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, +Index: openssl-1.0.2d/NEWS +=================================================================== +--- openssl-1.0.2d.orig/NEWS ++++ openssl-1.0.2d/NEWS +@@ -1,6 +1,7 @@ + + NEWS + ==== ++ Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Disable SSLv2 default build, default negotiation and weak ciphers. + + This file gives a brief overview of the major changes between each OpenSSL -- cgit v1.2.3-54-g00ecf