aboutsummaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch')
-rw-r--r--meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch63
1 files changed, 0 insertions, 63 deletions
diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
deleted file mode 100644
index dd288c93fb..0000000000
--- a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3197.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d81a1600588b726c2bdccda7efad3cc7a87d6245 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Wed, 30 Dec 2015 22:44:51 -0500
-Subject: [PATCH] Better SSLv2 cipher-suite enforcement
-
-Based on patch by: Nimrod Aviram <nimrod.aviram@gmail.com>
-
-CVE-2015-3197
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-
-Upstream-Status: Backport
-https://github.com/openssl/openssl/commit/d81a1600588b726c2bdccda7efad3cc7a87d6245
-
-CVE: CVE-2015-3197
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ssl/s2_srvr.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-Index: openssl-1.0.2d/ssl/s2_srvr.c
-===================================================================
---- openssl-1.0.2d.orig/ssl/s2_srvr.c
-+++ openssl-1.0.2d/ssl/s2_srvr.c
-@@ -402,7 +402,7 @@ static int get_client_master_key(SSL *s)
- }
-
- cp = ssl2_get_cipher_by_char(p);
-- if (cp == NULL) {
-+ if (cp == NULL || sk_SSL_CIPHER_find(s->session->ciphers, cp) < 0) {
- ssl2_return_error(s, SSL2_PE_NO_CIPHER);
- SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
- return (-1);
-@@ -687,8 +687,12 @@ static int get_client_hello(SSL *s)
- prio = cs;
- allow = cl;
- }
-+
-+ /* Generate list of SSLv2 ciphers shared between client and server */
- for (z = 0; z < sk_SSL_CIPHER_num(prio); z++) {
-- if (sk_SSL_CIPHER_find(allow, sk_SSL_CIPHER_value(prio, z)) < 0) {
-+ const SSL_CIPHER *cp = sk_SSL_CIPHER_value(prio, z);
-+ if ((cp->algorithm_ssl & SSL_SSLV2) == 0 ||
-+ sk_SSL_CIPHER_find(allow, cp) < 0) {
- (void)sk_SSL_CIPHER_delete(prio, z);
- z--;
- }
-@@ -697,6 +701,13 @@ static int get_client_hello(SSL *s)
- sk_SSL_CIPHER_free(s->session->ciphers);
- s->session->ciphers = prio;
- }
-+
-+ /* Make sure we have at least one cipher in common */
-+ if (sk_SSL_CIPHER_num(s->session->ciphers) == 0) {
-+ ssl2_return_error(s, SSL2_PE_NO_CIPHER);
-+ SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_NO_CIPHER_MATCH);
-+ return -1;
-+ }
- /*
- * s->session->ciphers should now have a list of ciphers that are on
- * both the client and server. This list is ordered by the order the