diff options
| author |   Patrick Ohly <patrick.ohly@intel.com> | 2016-09-23 15:26:05 +0200 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2016-09-23 18:06:10 +0100 |
| commit | d6b69279b5d1370d9c4982d5b1842a471cfd2b0e (patch) | |
| tree | 996e51823dcd4afc80200fe2afd1107c4a846f43 /meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch | |
| parent | 4c10376bdfd54af75de840bd4a31386e6e89477e (diff) | |
| download | openembedded-core-contrib-d6b69279b5d1370d9c4982d5b1842a471cfd2b0e.tar.gz | |
openssl: update to 1.0.2i (CVE-2016-6304 and more)
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch')
| -rw-r--r-- | meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch deleted file mode 100644 index 27ade4e7d2..0000000000 --- a/meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 399944622df7bd81af62e67ea967c470534090e2 Mon Sep 17 00:00:00 2001 -From: Cesar Pereida <cesar.pereida@aalto.fi> -Date: Mon, 23 May 2016 12:45:25 +0300 -Subject: [PATCH] Fix DSA, preserve BN_FLG_CONSTTIME - -Operations in the DSA signing algorithm should run in constant time in -order to avoid side channel attacks. A flaw in the OpenSSL DSA -implementation means that a non-constant time codepath is followed for -certain operations. This has been demonstrated through a cache-timing -attack to be sufficient for an attacker to recover the private DSA key. - -CVE-2016-2178 - -Reviewed-by: Richard Levitte <levitte@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> - -Upstream-Status: Backport -CVE: CVE-2016-2178 - -Signed-off-by: Armin Kuster <akuster@mvista.com> - ---- - crypto/dsa/dsa_ossl.c | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -Index: openssl-1.0.2h/crypto/dsa/dsa_ossl.c -=================================================================== ---- openssl-1.0.2h.orig/crypto/dsa/dsa_ossl.c -+++ openssl-1.0.2h/crypto/dsa/dsa_ossl.c -@@ -248,9 +248,6 @@ static int dsa_sign_setup(DSA *dsa, BN_C - if (!BN_rand_range(&k, dsa->q)) - goto err; - while (BN_is_zero(&k)) ; -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -282,6 +279,11 @@ static int dsa_sign_setup(DSA *dsa, BN_C - } else { - K = &k; - } -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(K, BN_FLG_CONSTTIME); -+ } -+ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r, r, dsa->q, ctx)) |