summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster808@gmail.com>2016-02-06 23:14:46 (GMT)
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-02-07 17:23:04 (GMT)
commit1098a7bc0cbf034e74df86a2c24c1e5c8b24a900 (patch)
tree610becae336d2566bdd7be89cb039f643e2d16b7
parente6d734904db78af4f3843f22ea4cdc5023eb79ce (diff)
downloadpoky-1098a7bc0cbf034e74df86a2c24c1e5c8b24a900.tar.gz
openssl: Security fix CVE-2015-3197
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers (From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f) (From OE-Core rev: c037cbdac6a0e871a60077703432c08be6d29677) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch63
-rw-r--r--meta/recipes-connectivity/openssl/openssl_1.0.2d.bb1
2 files changed, 64 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
new file mode 100644
index 0000000..dd288c9
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
@@ -0,0 +1,63 @@
1From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
2From: Viktor Dukhovni <openssl-users@dukhovni.org>
3Date: Wed, 30 Dec 2015 22:44:51 -0500
4Subject: [PATCH] Better SSLv2 cipher-suite enforcement
5
6Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
7
8CVE-2015-3197
9
10Reviewed-by: Tim Hudson <tjh@openssl.org>
11Reviewed-by: Richard Levitte <levitte@openssl.org>
12
13Upstream-Status: Backport
14https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245
15
16CVE: CVE-2015-3197
17Signed-off-by: Armin Kuster <akuster@mvista.com>
18
19---
20 ssl/s2_srvr.c | 15 +++++++++++++--
21 1 file changed, 13 insertions(+), 2 deletions(-)
22
23Index: openssl-1.0.2d/ssl/s2_srvr.c
24===================================================================
25--- openssl-1.0.2d.orig/ssl/s2_srvr.c
26+++ openssl-1.0.2d/ssl/s2_srvr.c
27@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
28 }
29
30 cp = ssl2_get_cipher_by_char(p);
31- if (cp == NULL) {
32+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
33 ssl2_return_error(s, SSL2_PE_NO_CIPHER);
34 SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
35 return (-1);
36@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
37 prio = cs;
38 allow = cl;
39 }
40+
41+ /* Generate list of SSLv2 ciphers shared between client and server */
42 for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
43- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
44+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
45+ if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
46+ sk_SSL_CIPHER_find(allow, cp) < 0) {
47 (void)sk_SSL_CIPHER_delete(prio, z);
48 z--;
49 }
50@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
51 sk_SSL_CIPHER_free(s->session->ciphers);
52 s->session->ciphers = prio;
53 }
54+
55+ /* Make sure we have at least one cipher in common */
56+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
57+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
58+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
59+ return -1;
60+ }
61 /*
62 * s->session->ciphers should now have a list of ciphers that are on
63 * both the client and server. This list is ordered by the order the
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index a4e2f67..4a96a44 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -39,6 +39,7 @@ SRC_URI += "file://configure-targets.patch \
39 file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \ 39 file://CVE-2015-3194-1-Add-PSS-parameter-check.patch \
40 file://0001-Add-test-for-CVE-2015-3194.patch \ 40 file://0001-Add-test-for-CVE-2015-3194.patch \
41 file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \ 41 file://CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch \
42 file://CVE-2015-3197.patch \
42 " 43 "
43 44
44SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a" 45SRC_URI[md5sum] = "38dd619b2e77cbac69b99f52a053d25a"