* [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) @ 2016-09-23 8:38 Patrick Ohly 2016-09-23 8:39 ` [PATCH 1/1] " Patrick Ohly 2016-09-23 10:27 ` [PATCH 0/1] " Patrick Ohly 0 siblings, 2 replies; 10+ messages in thread From: Patrick Ohly @ 2016-09-23 8:38 UTC (permalink / raw) To: openembedded-core Fixes several CVEs. It compiled for me okay for qemux86, but running the ptests showed a problem in one of the new tests. I'll investigate that further, but in the meantime wanted to send out the patch already in case that someone has any comments, and to let everyone know that something is in the pipeline for these CVEs. The following changes since commit 7e0f95bf359bc3b5bb1578024a993e184de155cd: base.bbclass: Drop unnecessary dirs setting (2016-09-22 11:08:23 +0100) are available in the git repository at: git://github.com/pohly/openembedded-core openssl-102i https://github.com/pohly/openembedded-core/tree/openssl-102i Patrick Ohly (1): openssl: update to 1.0.2i (CVE-2016-6304 and more) .../openssl/openssl/CVE-2016-2177.patch | 286 --------------------- .../openssl/openssl/CVE-2016-2178.patch | 51 ---- .../openssl/Fix-typo-introduced-by-a03f81f4.patch | 29 +++ .../openssl/openssl/debian/ca.patch | 2 +- .../openssl/openssl/parallel.patch | 17 +- .../{openssl_1.0.2h.bb => openssl_1.0.2i.bb} | 7 +- 6 files changed, 47 insertions(+), 345 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch rename meta/recipes-connectivity/openssl/{openssl_1.0.2h.bb => openssl_1.0.2i.bb} (91%) -- 2.1.4 ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH 1/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 8:38 [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) Patrick Ohly @ 2016-09-23 8:39 ` Patrick Ohly 2016-09-23 12:01 ` Alexander Kanavin 2016-09-23 10:27 ` [PATCH 0/1] " Patrick Ohly 1 sibling, 1 reply; 10+ messages in thread From: Patrick Ohly @ 2016-09-23 8:39 UTC (permalink / raw) To: openembedded-core This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> --- .../openssl/openssl/CVE-2016-2177.patch | 286 --------------------- .../openssl/openssl/CVE-2016-2178.patch | 51 ---- .../openssl/Fix-typo-introduced-by-a03f81f4.patch | 29 +++ .../openssl/openssl/debian/ca.patch | 2 +- .../openssl/openssl/parallel.patch | 17 +- .../{openssl_1.0.2h.bb => openssl_1.0.2i.bb} | 7 +- 6 files changed, 47 insertions(+), 345 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch rename meta/recipes-connectivity/openssl/{openssl_1.0.2h.bb => openssl_1.0.2i.bb} (91%) diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch deleted file mode 100644 index df36d5f..0000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch +++ /dev/null @@ -1,286 +0,0 @@ -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Thu, 5 May 2016 11:10:26 +0100 -Subject: [PATCH] Avoid some undefined pointer arithmetic - -A common idiom in the codebase is: - -if (p + len > limit) -{ - return; /* Too long */ -} - -Where "p" points to some malloc'd data of SIZE bytes and -limit == p + SIZE - -"len" here could be from some externally supplied data (e.g. from a TLS -message). - -The rules of C pointer arithmetic are such that "p + len" is only well -defined where len <= SIZE. Therefore the above idiom is actually -undefined behaviour. - -For example this could cause problems if some malloc implementation -provides an address for "p" such that "p + len" actually overflows for -values of len that are too big and therefore p + len < limit! - -Issue reported by Guido Vranken. - -CVE-2016-2177 - -Reviewed-by: Rich Salz <rsalz@openssl.org> - -Upstream-Status: Backport -CVE: CVE-2016-2177 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - - ---- - ssl/s3_srvr.c | 14 +++++++------- - ssl/ssl_sess.c | 2 +- - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++-------------------------- - 3 files changed, 38 insertions(+), 34 deletions(-) - -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c -index ab28702..ab7f690 100644 ---- a/ssl/s3_srvr.c -+++ b/ssl/s3_srvr.c -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s) - - session_length = *(p + SSL3_RANDOM_SIZE); - -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s) - /* get the session-id */ - j = *(p++); - -- if (p + j > d + n) { -+ if ((d + n) - p < j) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s) - - if (SSL_IS_DTLS(s)) { - /* cookie stuff */ -- if (p + 1 > d + n) { -+ if ((d + n) - p < 1) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - cookie_len = *(p++); - -- if (p + cookie_len > d + n) { -+ if ((d + n ) - p < cookie_len) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s) - } - } - -- if (p + 2 > d + n) { -+ if ((d + n ) - p < 2) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s) - } - - /* i bytes of cipher data + 1 byte for compression length later */ -- if ((p + i + 1) > (d + n)) { -+ if ((d + n) - p < i + 1) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s) - - /* compression */ - i = *(p++); -- if ((p + i) > (d + n)) { -+ if ((d + n) - p < i) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index b182998..54ee783 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - int r; - #endif - -- if (session_id + len > limit) { -+ if (limit - session_id < len) { - fatal = 1; - goto err; - } -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index fb64607..cdac011 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - -- if (data >= (limit - 2)) -+ if (limit - data <= 2) - return; - data += 2; - -- if (data > (limit - 4)) -+ if (limit - data < 4) - return; - n2s(data, type); - n2s(data, size); -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - if (type != TLSEXT_TYPE_server_name) - return; - -- if (data + size > limit) -+ if (limit - data < size) - return; - data += size; - -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const size_t len1 = sizeof(kSafariExtensionsBlock); - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - -- if (data + len1 + len2 != limit) -+ if (limit - data != (int)(len1 + len2)) - return; - if (memcmp(data, kSafariExtensionsBlock, len1) != 0) - return; -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - } else { - const size_t len = sizeof(kSafariExtensionsBlock); - -- if (data + len != limit) -+ if (limit - data != (int)(len)) - return; - if (memcmp(data, kSafariExtensionsBlock, len) != 0) - return; -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - if (data == limit) - goto ri_check; - -- if (data > (limit - 2)) -+ if (limit - data < 2) - goto err; - - n2s(data, len); - -- if (data + len != limit) -+ if (limit - data != len) - goto err; - -- while (data <= (limit - 4)) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (limit)) -+ if (limit - data < size) - goto err; - # if 0 - fprintf(stderr, "Received extension type %d size %d\n", type, size); -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, - if (s->hit || s->cert->srv_ext.meths_count == 0) - return 1; - -- if (data >= limit - 2) -+ if (limit - data <= 2) - return 1; - n2s(data, len); - -- if (data > limit - len) -+ if (limit - data < len) - return 1; - -- while (data <= limit - 4) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > limit) -+ if (limit - data < size) - return 1; - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) - return 0; -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, - SSL_TLSEXT_HB_DONT_SEND_REQUESTS); - # endif - -- if (data >= (d + n - 2)) -+ if ((d + n) - data <= 2) - goto ri_check; - - n2s(data, length); -- if (data + length != d + n) { -+ if ((d + n) - data != length) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - -- while (data <= (d + n - 4)) { -+ while ((d + n) - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (d + n)) -+ if ((d + n) - data < size) - goto ri_check; - - if (s->tlsext_debug_cb) -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, - /* Skip past DTLS cookie */ - if (SSL_IS_DTLS(s)) { - i = *(p++); -- p += i; -- if (p >= limit) -+ -+ if (limit - p <= i) - return -1; -+ -+ p += i; - } - /* Skip past cipher list */ - n2s(p, i); -- p += i; -- if (p >= limit) -+ if (limit - p <= i) - return -1; -+ p += i; -+ - /* Skip past compression algorithm list */ - i = *(p++); -- p += i; -- if (p > limit) -+ if (limit - p < i) - return -1; -+ p += i; -+ - /* Now at start of extensions */ -- if ((p + 2) >= limit) -+ if (limit - p <= 2) - return 0; - n2s(p, i); -- while ((p + 4) <= limit) { -+ while (limit - p >= 4) { - unsigned short type, size; - n2s(p, type); - n2s(p, size); -- if (p + size > limit) -+ if (limit - p < size) - return 0; - if (type == TLSEXT_TYPE_session_ticket) { - int r; --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch deleted file mode 100644 index 27ade4e..0000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001 -From: Cesar Pereida <cesar.pereida@aalto.fi> -Date: Mon, 23 May 2016 12:45:25 +0300 -Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME - -Operations in the DSA signing algorithm should run in constant time in -order to avoid side channel attacks. A flaw in the OpenSSL DSA -implementation means that a non-constant time codepath is followed for -certain operations. This has been demonstrated through a cache-timing -attack to be sufficient for an attacker to recover the private DSA key. - -CVE-2016-2178 - -Reviewed-by: Richard Levitte <levitte@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> - -Upstream-Status: Backport -CVE: CVE-2016-2178 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/dsa/dsa_ossl.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C - if (!BN_rand_range(&k, dsa->q)) - goto err; - while (BN_is_zero(&k)) ; -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C - } else { - K = &k; - } -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(K, BN_FLG_CONSTTIME); -+ } -+ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r, r, dsa->q, ctx)) diff --git a/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch b/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch new file mode 100644 index 0000000..0411296 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch @@ -0,0 +1,29 @@ +From 581215a519c66db7255ea360ed25bb00033ccd52 Mon Sep 17 00:00:00 2001 +From: Rich Salz <rsalz@openssl.org> +Date: Thu, 22 Sep 2016 08:47:45 -0400 +Subject: [PATCH] Fix typo introduced by a03f81f4 + +Reviewed-by: Richard Levitte <levitte@openssl.org> + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/581215a519c66db7255ea360ed25bb00033ccd52] +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> +--- + crypto/engine/eng_cryptodev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 65a74df..2a2b95c 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) + if (fstate->mac_len != 0) { + if (fstate->mac_data != NULL) { + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); +- if (dstate->ac_data == NULL) { ++ if (dstate->mac_data == NULL) { + printf("cryptodev_digest_init: malloc failed\n"); + return 0; + } +-- +2.1.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch index aba4d42..fb745e4 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch @@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in @@ -65,6 +65,7 @@ foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch index b6c2c14..f3f4c99 100644 --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch @@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1 Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> +Refreshed for 1.0.2i +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> + --- openssl-1.0.2g/crypto/Makefile +++ openssl-1.0.2g/crypto/Makefile @@ -85,11 +85,11 @@ @@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> fi; \ --- openssl-1.0.2g/test/Makefile +++ openssl-1.0.2g/test/Makefile -@@ -139,7 +139,7 @@ +@@ -144,7 +144,7 @@ tags: ctags $(SRC) @@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -421,130 +421,130 @@ +@@ -438,136 +438,136 @@ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o +- @target=$(BADDTLSTEST) $(BUILD_CMD) ++ +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -557,7 +557,7 @@ +@@ -580,6 +580,6 @@ # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2i.bb similarity index 91% rename from meta/recipes-connectivity/openssl/openssl_1.0.2h.bb rename to meta/recipes-connectivity/openssl/openssl_1.0.2i.bb index c8444d3..c32f472 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2i.bb @@ -39,12 +39,11 @@ SRC_URI += "file://find.pl;subdir=${BP}/util/ \ file://ptest_makefile_deps.patch \ file://configure-musl-target.patch \ file://parallel.patch \ - file://CVE-2016-2177.patch \ - file://CVE-2016-2178.patch \ file://openssl-util-perlpath.pl-cwd.patch \ + file://Fix-typo-introduced-by-a03f81f4.patch \ " -SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" -SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" +SRC_URI[md5sum] = "678374e63f8df456a697d3e5e5a931fb" +SRC_URI[sha256sum] = "9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f" PACKAGES =+ "${PN}-engines" FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" -- 2.1.4 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 1/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 8:39 ` [PATCH 1/1] " Patrick Ohly @ 2016-09-23 12:01 ` Alexander Kanavin 2016-09-23 16:25 ` akuster808 0 siblings, 1 reply; 10+ messages in thread From: Alexander Kanavin @ 2016-09-23 12:01 UTC (permalink / raw) To: openembedded-core On 09/23/2016 11:39 AM, Patrick Ohly wrote: > This update fixes several CVEs: > * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) > * SWEET32 Mitigation (CVE-2016-2183) > * OOB write in MDC2_Update() (CVE-2016-6303) > * Malformed SHA512 ticket DoS (CVE-2016-6302) > * OOB write in BN_bn2dec() (CVE-2016-2182) > * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) > * DTLS buffered message DoS (CVE-2016-2179) > * DTLS replay protection DoS (CVE-2016-2181) > * Certificate message OOB reads (CVE-2016-6306) > > Of these, only CVE-2016-6304 is considered of high > severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were > already fixed via local patches, which can be removed now. This demonstrates that: a) if CVEs are fixed with backported patches, the process must be *thorough* and not shotgun-ish like now. It's pointless to fix some CVEs and ignore the others, just because that's what automated tools like cve-checker reported or someone saw some mail on a mailing list. b) it's okay to not fix low-severity CVEs until the upstream makes a new release. Upstream is much more competent than we are to judge that, and if the issue is high severity, they should make a new release anyway. Please feel free to disagree. Alex ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 12:01 ` Alexander Kanavin @ 2016-09-23 16:25 ` akuster808 2016-09-26 12:36 ` Alexander Kanavin 0 siblings, 1 reply; 10+ messages in thread From: akuster808 @ 2016-09-23 16:25 UTC (permalink / raw) To: Alexander Kanavin, openembedded-core On 09/23/2016 05:01 AM, Alexander Kanavin wrote: > On 09/23/2016 11:39 AM, Patrick Ohly wrote: >> This update fixes several CVEs: >> * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) >> * SWEET32 Mitigation (CVE-2016-2183) >> * OOB write in MDC2_Update() (CVE-2016-6303) >> * Malformed SHA512 ticket DoS (CVE-2016-6302) >> * OOB write in BN_bn2dec() (CVE-2016-2182) >> * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) >> * DTLS buffered message DoS (CVE-2016-2179) >> * DTLS replay protection DoS (CVE-2016-2181) >> * Certificate message OOB reads (CVE-2016-6306) >> >> Of these, only CVE-2016-6304 is considered of high >> severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were >> already fixed via local patches, which can be removed now. > > This demonstrates that: > > a) if CVEs are fixed with backported patches, the process must be > *thorough* and not shotgun-ish like now. It's pointless to fix some > CVEs and ignore the others, just because that's what automated tools > like cve-checker reported or someone saw some mail on a mailing list. > > b) it's okay to not fix low-severity CVEs until the upstream makes a > new release. Upstream is much more competent than we are to judge > that, and if the issue is high severity, they should make a new > release anyway. No this demonstrates that folks do want to help out. They to the best they can with their abilities and situation. The community has made a lot of noise about how important it is to address security issues. Except a few of us who do send patches, the community as a whole does not stepped up to the table to help out. Opensource is not an all or nothing proposition. I for one appreciate contributions folks make in this area. - Armin > > Please feel free to disagree. > > Alex ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 1/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 16:25 ` akuster808 @ 2016-09-26 12:36 ` Alexander Kanavin 0 siblings, 0 replies; 10+ messages in thread From: Alexander Kanavin @ 2016-09-26 12:36 UTC (permalink / raw) To: openembedded-core On 09/23/2016 07:25 PM, akuster808 wrote: > No this demonstrates that folks do want to help out. They to the best > they can with their abilities and situation. The community has made a > lot of noise about how important it is to address security issues. > Except a few of us who do send patches, the community as a whole does > not stepped up to the table to help out. > > Opensource is not an all or nothing proposition. I for one appreciate > contributions folks make in this area. If folks want to help out, they'd better spend their time building automated CI infrastructure that allows us to upgrade openssl to 1.0.2j in stable releases without the paralyzing fear of breaking things. I appreciate the intent to help, but I don't see the actual contribution (of randomly backporting CVEs) as particularly useful in the long run. Alex ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 8:38 [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) Patrick Ohly 2016-09-23 8:39 ` [PATCH 1/1] " Patrick Ohly @ 2016-09-23 10:27 ` Patrick Ohly 2016-09-23 12:11 ` Alexander Kanavin 2016-09-23 13:26 ` [PATCHv2] " Patrick Ohly 1 sibling, 2 replies; 10+ messages in thread From: Patrick Ohly @ 2016-09-23 10:27 UTC (permalink / raw) To: openembedded-core On Fri, 2016-09-23 at 10:38 +0200, Patrick Ohly wrote: > Fixes several CVEs. > > It compiled for me okay for qemux86, but running the ptests showed a > problem in one of the new tests. I'll investigate that further There is one FAIL: ../util/shlib_wrap.sh ./dtlstest ../apps/server.pem ../apps/server.pem Starting Test 0 Failed to load server certificate Unable to create SSL_CTX pair make[2]: Leaving directory '/usr/lib/openssl/ptest/test' FAIL: test_dtls That's because server.pem wasn't installed. I'll fix that. However, ptest-runner returns with 0, i.e. success? Should it do that? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 10:27 ` [PATCH 0/1] " Patrick Ohly @ 2016-09-23 12:11 ` Alexander Kanavin 2016-09-23 13:19 ` Patrick Ohly 2016-09-23 13:26 ` [PATCHv2] " Patrick Ohly 1 sibling, 1 reply; 10+ messages in thread From: Alexander Kanavin @ 2016-09-23 12:11 UTC (permalink / raw) To: openembedded-core On 09/23/2016 01:27 PM, Patrick Ohly wrote: > > There is one FAIL: > > ../util/shlib_wrap.sh ./dtlstest ../apps/server.pem ../apps/server.pem > Starting Test 0 > Failed to load server certificate > Unable to create SSL_CTX pair > make[2]: Leaving directory '/usr/lib/openssl/ptest/test' > FAIL: test_dtls > > That's because server.pem wasn't installed. I'll fix that. > > However, ptest-runner returns with 0, i.e. success? Should it do that? What does the failing test itself return? After checking the ptest-runner source code, it shouldn't return 0 if one of the tests it runs fails with a non-zero exit. Alex ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 12:11 ` Alexander Kanavin @ 2016-09-23 13:19 ` Patrick Ohly 2016-09-23 14:52 ` Alexander Kanavin 0 siblings, 1 reply; 10+ messages in thread From: Patrick Ohly @ 2016-09-23 13:19 UTC (permalink / raw) To: Alexander Kanavin; +Cc: openembedded-core On Fri, 2016-09-23 at 15:11 +0300, Alexander Kanavin wrote: > On 09/23/2016 01:27 PM, Patrick Ohly wrote: > > > > There is one FAIL: > > > > ../util/shlib_wrap.sh ./dtlstest ../apps/server.pem ../apps/server.pem > > Starting Test 0 > > Failed to load server certificate > > Unable to create SSL_CTX pair > > make[2]: Leaving directory '/usr/lib/openssl/ptest/test' > > FAIL: test_dtls > > > > That's because server.pem wasn't installed. I'll fix that. > > > > However, ptest-runner returns with 0, i.e. success? Should it do that? > > What does the failing test itself return? After checking the > ptest-runner source code, it shouldn't return 0 if one of the tests it > runs fails with a non-zero exit. openssl's test/Makefile is the culprit: alltests: @(for i in $(all-tests); do \ ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \ done) If any test fails, it'll print FAIL, but won't cause make to fail and thus the error never results in a non-zero exit code anywhere. Here's a version which reports the problem via the return code: alltests: @(result=0; for i in $(all-tests); do \ if $(MAKE) $$i; then echo "PASS: $$i"; else echo "FAIL: $$i"; result=1; fi; \ done; exit $$result) OpenSSL seems to rely on output checking. Not sure whether a patch changing that would be accepted. How are ptests used in the autobuilders? Does the return code of ptest-runner matter, or is the output checked for ^PASS|SKIP|FAIL? Speaking of the autobuilders and openssl-ptest in general, has no-one noticed before that occasionally tests fail because file time stamps imply that recompilation is needed? I got that a few times now and will send a fix. I'm just wondering why that wasn't a problem earlier. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 13:19 ` Patrick Ohly @ 2016-09-23 14:52 ` Alexander Kanavin 0 siblings, 0 replies; 10+ messages in thread From: Alexander Kanavin @ 2016-09-23 14:52 UTC (permalink / raw) To: Patrick Ohly; +Cc: openembedded-core On 09/23/2016 04:19 PM, Patrick Ohly wrote: > OpenSSL seems to rely on output checking. Not sure whether a patch > changing that would be accepted. > > How are ptests used in the autobuilders? Does the return code of > ptest-runner matter, or is the output checked for ^PASS|SKIP|FAIL? I'm not sure about it, but regardless of the autobuilders, it's best to fail when there is a failure, so the patch to fix that would be accepted here (don't know about upstream). Alex ^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCHv2] openssl: update to 1.0.2i (CVE-2016-6304 and more) 2016-09-23 10:27 ` [PATCH 0/1] " Patrick Ohly 2016-09-23 12:11 ` Alexander Kanavin @ 2016-09-23 13:26 ` Patrick Ohly 1 sibling, 0 replies; 10+ messages in thread From: Patrick Ohly @ 2016-09-23 13:26 UTC (permalink / raw) To: openembedded-core This update fixes several CVEs: * OCSP Status Request extension unbounded memory growth (CVE-2016-6304) * SWEET32 Mitigation (CVE-2016-2183) * OOB write in MDC2_Update() (CVE-2016-6303) * Malformed SHA512 ticket DoS (CVE-2016-6302) * OOB write in BN_bn2dec() (CVE-2016-2182) * OOB read in TS_OBJ_print_bio() (CVE-2016-2180) * DTLS buffered message DoS (CVE-2016-2179) * DTLS replay protection DoS (CVE-2016-2181) * Certificate message OOB reads (CVE-2016-6306) Of these, only CVE-2016-6304 is considered of high severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were already fixed via local patches, which can be removed now. See https://www.openssl.org/news/secadv/20160922.txt for details. Some patches had to be refreshed and one compile error fix from upstream's OpenSSL_1_0_2-stable was required. The server.pem file is needed for test_dtls. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> --- Notes: Changes since v1: * Install server.pem to get all ptests to pass. meta/recipes-connectivity/openssl/openssl.inc | 1 + .../openssl/openssl/CVE-2016-2177.patch | 286 --------------------- .../openssl/openssl/CVE-2016-2178.patch | 51 ---- .../openssl/Fix-typo-introduced-by-a03f81f4.patch | 29 +++ .../openssl/openssl/debian/ca.patch | 2 +- .../openssl/openssl/parallel.patch | 17 +- .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 60 ----- .../recipes-connectivity/openssl/openssl_1.0.2i.bb | 59 +++++ 8 files changed, 104 insertions(+), 401 deletions(-) delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2h.bb create mode 100644 meta/recipes-connectivity/openssl/openssl_1.0.2i.bb diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index a632d8a..f3a2c5a 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -211,6 +211,7 @@ do_install_ptest () { ln -sf ${libdir}/ssl/misc/CA.sh ${D}${PTEST_PATH}/apps ln -sf ${sysconfdir}/ssl/openssl.cnf ${D}${PTEST_PATH}/apps ln -sf ${bindir}/openssl ${D}${PTEST_PATH}/apps + cp apps/server.pem ${D}${PTEST_PATH}/apps cp apps/server2.pem ${D}${PTEST_PATH}/apps mkdir -p ${D}${PTEST_PATH}/util install util/opensslwrap.sh ${D}${PTEST_PATH}/util diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch deleted file mode 100644 index df36d5f..0000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch +++ /dev/null @@ -1,286 +0,0 @@ -From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001 -From: Matt Caswell <matt@openssl.org> -Date: Thu, 5 May 2016 11:10:26 +0100 -Subject: [PATCH] Avoid some undefined pointer arithmetic - -A common idiom in the codebase is: - -if (p + len > limit) -{ - return; /* Too long */ -} - -Where "p" points to some malloc'd data of SIZE bytes and -limit == p + SIZE - -"len" here could be from some externally supplied data (e.g. from a TLS -message). - -The rules of C pointer arithmetic are such that "p + len" is only well -defined where len <= SIZE. Therefore the above idiom is actually -undefined behaviour. - -For example this could cause problems if some malloc implementation -provides an address for "p" such that "p + len" actually overflows for -values of len that are too big and therefore p + len < limit! - -Issue reported by Guido Vranken. - -CVE-2016-2177 - -Reviewed-by: Rich Salz <rsalz@openssl.org> - -Upstream-Status: Backport -CVE: CVE-2016-2177 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - - ---- - ssl/s3_srvr.c | 14 +++++++------- - ssl/ssl_sess.c | 2 +- - ssl/t1_lib.c | 56 ++++++++++++++++++++++++++++++-------------------------- - 3 files changed, 38 insertions(+), 34 deletions(-) - -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c -index ab28702..ab7f690 100644 ---- a/ssl/s3_srvr.c -+++ b/ssl/s3_srvr.c -@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s) - - session_length = *(p + SSL3_RANDOM_SIZE); - -- if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) { -+ if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s) - /* get the session-id */ - j = *(p++); - -- if (p + j > d + n) { -+ if ((d + n) - p < j) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s) - - if (SSL_IS_DTLS(s)) { - /* cookie stuff */ -- if (p + 1 > d + n) { -+ if ((d + n) - p < 1) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; - } - cookie_len = *(p++); - -- if (p + cookie_len > d + n) { -+ if ((d + n ) - p < cookie_len) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s) - } - } - -- if (p + 2 > d + n) { -+ if ((d + n ) - p < 2) { - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT); - goto f_err; -@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s) - } - - /* i bytes of cipher data + 1 byte for compression length later */ -- if ((p + i + 1) > (d + n)) { -+ if ((d + n) - p < i + 1) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s) - - /* compression */ - i = *(p++); -- if ((p + i) > (d + n)) { -+ if ((d + n) - p < i) { - /* not enough data */ - al = SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH); -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index b182998..54ee783 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len, - int r; - #endif - -- if (session_id + len > limit) { -+ if (limit - session_id < len) { - fatal = 1; - goto err; - } -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index fb64607..cdac011 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - -- if (data >= (limit - 2)) -+ if (limit - data <= 2) - return; - data += 2; - -- if (data > (limit - 4)) -+ if (limit - data < 4) - return; - n2s(data, type); - n2s(data, size); -@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - if (type != TLSEXT_TYPE_server_name) - return; - -- if (data + size > limit) -+ if (limit - data < size) - return; - data += size; - -@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - const size_t len1 = sizeof(kSafariExtensionsBlock); - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - -- if (data + len1 + len2 != limit) -+ if (limit - data != (int)(len1 + len2)) - return; - if (memcmp(data, kSafariExtensionsBlock, len1) != 0) - return; -@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data, - } else { - const size_t len = sizeof(kSafariExtensionsBlock); - -- if (data + len != limit) -+ if (limit - data != (int)(len)) - return; - if (memcmp(data, kSafariExtensionsBlock, len) != 0) - return; -@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p, - if (data == limit) - goto ri_check; - -- if (data > (limit - 2)) -+ if (limit - data < 2) - goto err; - - n2s(data, len); - -- if (data + len != limit) -+ if (limit - data != len) - goto err; - -- while (data <= (limit - 4)) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (limit)) -+ if (limit - data < size) - goto err; - # if 0 - fprintf(stderr, "Received extension type %d size %d\n", type, size); -@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s, - if (s->hit || s->cert->srv_ext.meths_count == 0) - return 1; - -- if (data >= limit - 2) -+ if (limit - data <= 2) - return 1; - n2s(data, len); - -- if (data > limit - len) -+ if (limit - data < len) - return 1; - -- while (data <= limit - 4) { -+ while (limit - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > limit) -+ if (limit - data < size) - return 1; - if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0) - return 0; -@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p, - SSL_TLSEXT_HB_DONT_SEND_REQUESTS); - # endif - -- if (data >= (d + n - 2)) -+ if ((d + n) - data <= 2) - goto ri_check; - - n2s(data, length); -- if (data + length != d + n) { -+ if ((d + n) - data != length) { - *al = SSL_AD_DECODE_ERROR; - return 0; - } - -- while (data <= (d + n - 4)) { -+ while ((d + n) - data >= 4) { - n2s(data, type); - n2s(data, size); - -- if (data + size > (d + n)) -+ if ((d + n) - data < size) - goto ri_check; - - if (s->tlsext_debug_cb) -@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len, - /* Skip past DTLS cookie */ - if (SSL_IS_DTLS(s)) { - i = *(p++); -- p += i; -- if (p >= limit) -+ -+ if (limit - p <= i) - return -1; -+ -+ p += i; - } - /* Skip past cipher list */ - n2s(p, i); -- p += i; -- if (p >= limit) -+ if (limit - p <= i) - return -1; -+ p += i; -+ - /* Skip past compression algorithm list */ - i = *(p++); -- p += i; -- if (p > limit) -+ if (limit - p < i) - return -1; -+ p += i; -+ - /* Now at start of extensions */ -- if ((p + 2) >= limit) -+ if (limit - p <= 2) - return 0; - n2s(p, i); -- while ((p + 4) <= limit) { -+ while (limit - p >= 4) { - unsigned short type, size; - n2s(p, type); - n2s(p, size); -- if (p + size > limit) -+ if (limit - p < size) - return 0; - if (type == TLSEXT_TYPE_session_ticket) { - int r; --- -2.3.5 - diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch deleted file mode 100644 index 27ade4e..0000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001 -From: Cesar Pereida <cesar.pereida@aalto.fi> -Date: Mon, 23 May 2016 12:45:25 +0300 -Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME - -Operations in the DSA signing algorithm should run in constant time in -order to avoid side channel attacks. A flaw in the OpenSSL DSA -implementation means that a non-constant time codepath is followed for -certain operations. This has been demonstrated through a cache-timing -attack to be sufficient for an attacker to recover the private DSA key. - -CVE-2016-2178 - -Reviewed-by: Richard Levitte <levitte@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> - -Upstream-Status: Backport -CVE: CVE-2016-2178 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/dsa/dsa_ossl.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C - if (!BN_rand_range(&k, dsa->q)) - goto err; - while (BN_is_zero(&k)) ; -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C - } else { - K = &k; - } -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(K, BN_FLG_CONSTTIME); -+ } -+ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r, r, dsa->q, ctx)) diff --git a/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch b/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch new file mode 100644 index 0000000..0411296 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/Fix-typo-introduced-by-a03f81f4.patch @@ -0,0 +1,29 @@ +From 581215a519c66db7255ea360ed25bb00033ccd52 Mon Sep 17 00:00:00 2001 +From: Rich Salz <rsalz@openssl.org> +Date: Thu, 22 Sep 2016 08:47:45 -0400 +Subject: [PATCH] Fix typo introduced by a03f81f4 + +Reviewed-by: Richard Levitte <levitte@openssl.org> + +Upstream-Status: Backport [https://github.com/openssl/openssl/commit/581215a519c66db7255ea360ed25bb00033ccd52] +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> +--- + crypto/engine/eng_cryptodev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/engine/eng_cryptodev.c b/crypto/engine/eng_cryptodev.c +index 65a74df..2a2b95c 100644 +--- a/crypto/engine/eng_cryptodev.c ++++ b/crypto/engine/eng_cryptodev.c +@@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from) + if (fstate->mac_len != 0) { + if (fstate->mac_data != NULL) { + dstate->mac_data = OPENSSL_malloc(fstate->mac_len); +- if (dstate->ac_data == NULL) { ++ if (dstate->mac_data == NULL) { + printf("cryptodev_digest_init: malloc failed\n"); + return 0; + } +-- +2.1.4 + diff --git a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch index aba4d42..fb745e4 100644 --- a/meta/recipes-connectivity/openssl/openssl/debian/ca.patch +++ b/meta/recipes-connectivity/openssl/openssl/debian/ca.patch @@ -7,7 +7,7 @@ Index: openssl-0.9.8m/apps/CA.pl.in @@ -65,6 +65,7 @@ foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { diff --git a/meta/recipes-connectivity/openssl/openssl/parallel.patch b/meta/recipes-connectivity/openssl/openssl/parallel.patch index b6c2c14..f3f4c99 100644 --- a/meta/recipes-connectivity/openssl/openssl/parallel.patch +++ b/meta/recipes-connectivity/openssl/openssl/parallel.patch @@ -6,6 +6,9 @@ https://gitweb.gentoo.org/repo/gentoo.git/plain/dev-libs/openssl/files/openssl-1 Upstream-Status: Pending Signed-off-by: Ross Burton <ross.burton@intel.com> +Refreshed for 1.0.2i +Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> + --- openssl-1.0.2g/crypto/Makefile +++ openssl-1.0.2g/crypto/Makefile @@ -85,11 +85,11 @@ @@ -133,7 +136,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> fi; \ --- openssl-1.0.2g/test/Makefile +++ openssl-1.0.2g/test/Makefile -@@ -139,7 +139,7 @@ +@@ -144,7 +144,7 @@ tags: ctags $(SRC) @@ -142,7 +145,7 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> apps: @(cd ..; $(MAKE) DIRS=apps all) -@@ -421,130 +421,130 @@ +@@ -438,136 +438,136 @@ link_app.$${shlib_target} $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO) @@ -309,13 +312,21 @@ Signed-off-by: Ross Burton <ross.burton@intel.com> - @target=$(CLIENTHELLOTEST) $(BUILD_CMD) + +@target=$(CLIENTHELLOTEST) $(BUILD_CMD) + $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o +- @target=$(BADDTLSTEST) $(BUILD_CMD) ++ +@target=$(BADDTLSTEST) $(BUILD_CMD) + $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o - @target=$(SSLV2CONFTEST) $(BUILD_CMD) + +@target=$(SSLV2CONFTEST) $(BUILD_CMD) + $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO) +- @target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) ++ +@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD) + #$(AESTEST).o: $(AESTEST).c # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c -@@ -557,7 +557,7 @@ +@@ -580,6 +580,6 @@ # fi dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb deleted file mode 100644 index c8444d3..0000000 --- a/meta/recipes-connectivity/openssl/openssl_1.0.2h.bb +++ /dev/null @@ -1,60 +0,0 @@ -require openssl.inc - -# For target side versions of openssl enable support for OCF Linux driver -# if they are available. -DEPENDS += "cryptodev-linux" - -CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" - -LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" - -export DIRS = "crypto ssl apps engines" -export OE_LDFLAGS="${LDFLAGS}" - -SRC_URI += "file://find.pl;subdir=${BP}/util/ \ - file://run-ptest \ - file://openssl-c_rehash.sh \ - file://configure-targets.patch \ - file://shared-libs.patch \ - file://oe-ldflags.patch \ - file://engines-install-in-libdir-ssl.patch \ - file://debian1.0.2/block_diginotar.patch \ - file://debian1.0.2/block_digicert_malaysia.patch \ - file://debian/ca.patch \ - file://debian/c_rehash-compat.patch \ - file://debian/debian-targets.patch \ - file://debian/man-dir.patch \ - file://debian/man-section.patch \ - file://debian/no-rpath.patch \ - file://debian/no-symbolic.patch \ - file://debian/pic.patch \ - file://debian1.0.2/version-script.patch \ - file://openssl_fix_for_x32.patch \ - file://fix-cipher-des-ede3-cfb1.patch \ - file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ - file://openssl-fix-des.pod-error.patch \ - file://Makefiles-ptest.patch \ - file://ptest-deps.patch \ - file://openssl-1.0.2a-x32-asm.patch \ - file://ptest_makefile_deps.patch \ - file://configure-musl-target.patch \ - file://parallel.patch \ - file://CVE-2016-2177.patch \ - file://CVE-2016-2178.patch \ - file://openssl-util-perlpath.pl-cwd.patch \ - " -SRC_URI[md5sum] = "9392e65072ce4b614c1392eefc1f23d0" -SRC_URI[sha256sum] = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919" - -PACKAGES =+ "${PN}-engines" -FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" - -# The crypto_use_bigint patch means that perl's bignum module needs to be -# installed, but some distributions (for example Fedora 23) don't ship it by -# default. As the resulting error is very misleading check for bignum before -# building. -do_configure_prepend() { - if ! perl -Mbigint -e true; then - bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." - fi -} diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2i.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2i.bb new file mode 100644 index 0000000..c32f472 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl_1.0.2i.bb @@ -0,0 +1,59 @@ +require openssl.inc + +# For target side versions of openssl enable support for OCF Linux driver +# if they are available. +DEPENDS += "cryptodev-linux" + +CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" + +LIC_FILES_CHKSUM = "file://LICENSE;md5=27ffa5d74bb5a337056c14b2ef93fbf6" + +export DIRS = "crypto ssl apps engines" +export OE_LDFLAGS="${LDFLAGS}" + +SRC_URI += "file://find.pl;subdir=${BP}/util/ \ + file://run-ptest \ + file://openssl-c_rehash.sh \ + file://configure-targets.patch \ + file://shared-libs.patch \ + file://oe-ldflags.patch \ + file://engines-install-in-libdir-ssl.patch \ + file://debian1.0.2/block_diginotar.patch \ + file://debian1.0.2/block_digicert_malaysia.patch \ + file://debian/ca.patch \ + file://debian/c_rehash-compat.patch \ + file://debian/debian-targets.patch \ + file://debian/man-dir.patch \ + file://debian/man-section.patch \ + file://debian/no-rpath.patch \ + file://debian/no-symbolic.patch \ + file://debian/pic.patch \ + file://debian1.0.2/version-script.patch \ + file://openssl_fix_for_x32.patch \ + file://fix-cipher-des-ede3-cfb1.patch \ + file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ + file://openssl-fix-des.pod-error.patch \ + file://Makefiles-ptest.patch \ + file://ptest-deps.patch \ + file://openssl-1.0.2a-x32-asm.patch \ + file://ptest_makefile_deps.patch \ + file://configure-musl-target.patch \ + file://parallel.patch \ + file://openssl-util-perlpath.pl-cwd.patch \ + file://Fix-typo-introduced-by-a03f81f4.patch \ + " +SRC_URI[md5sum] = "678374e63f8df456a697d3e5e5a931fb" +SRC_URI[sha256sum] = "9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f" + +PACKAGES =+ "${PN}-engines" +FILES_${PN}-engines = "${libdir}/ssl/engines/*.so ${libdir}/engines" + +# The crypto_use_bigint patch means that perl's bignum module needs to be +# installed, but some distributions (for example Fedora 23) don't ship it by +# default. As the resulting error is very misleading check for bignum before +# building. +do_configure_prepend() { + if ! perl -Mbigint -e true; then + bbfatal "The perl module 'bignum' was not found but this is required to build openssl. Please install this module (often packaged as perl-bignum) and re-run bitbake." + fi +} -- 2.1.4 ^ permalink raw reply related [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-09-26 12:38 UTC | newest] Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2016-09-23 8:38 [PATCH 0/1] openssl: update to 1.0.2i (CVE-2016-6304 and more) Patrick Ohly 2016-09-23 8:39 ` [PATCH 1/1] " Patrick Ohly 2016-09-23 12:01 ` Alexander Kanavin 2016-09-23 16:25 ` akuster808 2016-09-26 12:36 ` Alexander Kanavin 2016-09-23 10:27 ` [PATCH 0/1] " Patrick Ohly 2016-09-23 12:11 ` Alexander Kanavin 2016-09-23 13:19 ` Patrick Ohly 2016-09-23 14:52 ` Alexander Kanavin 2016-09-23 13:26 ` [PATCHv2] " Patrick Ohly
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.