Commit graph

54 commits

Author SHA1 Message Date
Jo-Philipp Wich
25b34dd97f openssl: update to 1.0.2g (8 CVEs)
CVE-2016-0704

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites. This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

CVE-2016-0703

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they *displace* encrypted-key
bytes. This leads to an efficient divide-and-conquer key recovery attack: if
an eavesdropper has intercepted an SSLv2 handshake, they can use the server as
an oracle to determine the SSLv2 master-key, using only 16 connections to the
server and negligible computation. More importantly, this leads to a more
efficient version of DROWN that is effective against non-export ciphersuites,
and requires no significant computation.

CVE-2016-0702

A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery of
RSA keys. The ability to exploit this issue is limited as it relies on an
attacker who has control of code in a thread running on the same hyper-
threaded core as the victim thread which is performing decryptions.

CVE-2016-0799

The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings. Additionally
the internal |doapr_outch| function can attempt to write to an OOB memory
location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size
of a buffer to be allocated is greater than INT_MAX. E.g. this could be in
processing a very long "%s" format string. Memory leaks can also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data is
passed to the BIO_*printf functions. If applications use these functions in
this way then they could be vulnerable. OpenSSL itself uses these functions
when printing out human-readable dumps of ASN.1 data. Therefore applications
that print this data could be vulnerable if the data is from untrusted sources.
OpenSSL command line applications could also be vulnerable where they print out
ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is
not considered directly vulnerable. Additionally certificates etc received via
remote connections via libssl are also unlikely to be able to trigger these
issues because of message size limits enforced within libssl.

CVE-2016-0797

In the BN_hex2bn function the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this case
memory is allocated to the internal BIGNUM data field, but it is insufficiently
sized leading to heap corruption. A similar issue exists in BN_dec2bn. This
could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user
applications with very large untrusted hex/dec data. This is anticipated to be
a rare occurrence. All OpenSSL internal usage of these functions use data that
is not expected to be untrusted, e.g. config file data or application command
line arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.

CVE-2016-0798

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. Specifically, SRP servers that configure a secret seed to hide
valid login information are vulnerable to a memory leak: an attacker connecting
with an invalid username can cause a memory leak of around 300 bytes per
connection. Servers that do not configure SRP, or configure SRP but do not
configure a seed are not vulnerable. In Apache, the seed directive is known as
SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note
that OpenSSL makes no strong guarantees about the indistinguishability of valid
and invalid logins. In particular, computations are currently not carried out
in constant time.

CVE-2016-0705

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare.

CVE-2016-0800

A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and non-
vulnerable servers can be decrypted provided another server supporting SSLv2
and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP)
shares the RSA keys of the non-vulnerable server. This vulnerability is known
as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to
perform approximately 2^50 computation, as well as thousands of connections to
the affected server. A more efficient variant of the DROWN attack exists
against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m,
1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can
avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers,
if they've not done so already. Disabling all SSLv2 ciphers is also sufficient,
provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f)
have been deployed. Servers that have not disabled the SSLv2 protocol, and are
not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following
mitigation against DROWN: SSLv2 is now by default disabled at build-time.
Builds that are not configured with "enable-ssl2" will not support SSLv2.
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl,
SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the
application explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery
have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2
56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up
are now disabled in default builds of OpenSSL. Builds that are not configured
with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength
ciphers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48868
2016-03-01 14:31:08 +00:00
Felix Fietkau
2911212962 openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48531
2016-01-28 18:20:06 +00:00
Felix Fietkau
8de052800a openssl: remove the separate configuration menu, use the implicit one (via MENU:=1)
Fixes warning on selecting OPENSSL_ENGINE_CRYPTO if openssl is not selected

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48312
2016-01-18 12:42:08 +00:00
John Crispin
395dd083fc OpenSSL: Added source/old to PKG_SOURCE_URL
OpenSSL moves old versions of the library from
http://www.openssl.org/source/ to
http://www.openssl.org/source/old/$version/ breaking the old links.
That behavior breaks the OpenWRT-build every time OpenSSL releases
a new version.

This patch adds http://www.openssl.org/source/old/$version/ to the
PKG_SOURCE_URL of OpenSSL to avoid breaking the build whenever
OpenSSL releases a new version.

Signed-off-by: Kevin Kirsch <ranlvor@starletp9.de>
Reviewed-by: Alexander Dahl <post@lespocky.de>

SVN-Revision: 47860
2015-12-11 15:07:40 +00:00
Hauke Mehrtens
f1d3b08fc0 openssl: add config option for no_hw support
The hardware support is required by some 3rd party engines (tpm)

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>

SVN-Revision: 47817
2015-12-09 22:26:40 +00:00
Hauke Mehrtens
82c491708b openssl: update to version 1.0.2e
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47726
2015-12-03 21:01:57 +00:00
Luka Perkov
18721fa120 openssl: add one more mirror
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 46517
2015-07-28 21:54:44 +00:00
Jo-Philipp Wich
48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth
6ac38545c9 openssl: disable parallel builds (spurious linking break)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46005
2015-06-16 17:28:11 +00:00
Steven Barth
38e0845bd7 openssl: 1.0.2c (srsly, you guys, srsly)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45950
2015-06-12 20:49:20 +00:00
Steven Barth
085a75aec2 openssl: fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45947
2015-06-11 20:36:46 +00:00
Steven Barth
89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
John Crispin
3d248c4dee openssl: disable arm optimisation until we know why it fails on some socs
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45343
2015-04-10 08:27:55 +00:00
Steven Barth
3006bc6904 openssl: biweekly critical security update
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44900
2015-03-20 08:14:42 +00:00
John Crispin
8573891dfe openssl: enable ARM assembly acceleration
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.

Based on a patch submitted by Daniel Drown:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>

SVN-Revision: 44618
2015-03-06 07:57:10 +00:00
Steven Barth
909af3fa4b openssl: fix upstream regression for non-ec builds
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44364
2015-02-09 15:26:35 +00:00
Steven Barth
2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Steven Barth
3138207f48 openssl: update to 1.0.1l *sigh*
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43976
2015-01-15 17:59:06 +00:00
Steven Barth
dbca1e5662 openssl: bump to 1.0.1j
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43875
2015-01-08 18:29:26 +00:00
Steven Barth
2c4d88c503 openssl: fix CVE-2014-3569
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43858
2015-01-06 09:59:55 +00:00
Steven Barth
2a5ad9cf0b openssl: reenable CMS (broke krb5)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43176
2014-11-04 08:37:06 +00:00
John Crispin
74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin
c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth
bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Steven Barth
6a4a437e04 openssl: optimize build options, disable old SSL versions
Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43123
2014-10-30 13:11:04 +00:00
Felix Fietkau
9ac5cfe1ba openssl: fix target definition for x86_64 (#18182)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43045
2014-10-24 13:23:39 +00:00
John Crispin
b52651a66e openssl: host build fails when ccache is enabled
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43002
2014-10-20 11:19:53 +00:00
Felix Fietkau
82c182f828 Revert "openssl: add host build."
This reverts commit r42988

SVN-Revision: 42997
2014-10-20 09:18:21 +00:00
John Crispin
c8ad508d37 openssl: add host build.
Only support Linux at the moment.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>

SVN-Revision: 42988
2014-10-20 06:29:27 +00:00
Felix Fietkau
0a7bd0c8b9 openssl: add ABI_VERSION to fix package rebuild issues (fixes #18169)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 42963
2014-10-19 16:19:07 +00:00
Jo-Philipp Wich
7949a3d381 openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42929
2014-10-16 08:32:54 +00:00
John Crispin
eb8119d590 openssl: another day another bug fix update
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 42055
2014-08-07 20:54:41 +00:00
Hauke Mehrtens
a56519e1b9 openssl: version bump to 1.0.1h
today appeared another serious vulnerability in openssl. More info is
here http://ccsinjection.lepidum.co.jp. Users are advised to update to
openssl 1.0.1h.

Signed-off-by: Martin Strbacka <martin.strbacka@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 41026
2014-06-05 21:32:36 +00:00
Steven Barth
8333ce1963 OpenSSL: update to 1.0.1g
This fixes the Heartbleed bug (CVE-2014-0160).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

SVN-Revision: 40421
2014-04-08 05:24:36 +00:00
Felix Fietkau
2835152df8 openssl: Fix x86_64 build on some 64bit host systems
On some build hosts openssl fails to install since openssl installs itself into
lib64 while the openwrt Makefile expects the libs to end up in lib.

install -m0644 .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.* .../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-x86_64/libopenssl/usr/lib/
install: cannot stat '.../openwrt/build_dir/target-x86_64_uClibc-0.9.33.2/openssl-1.0.1e/ipkg-install/usr/lib/libcrypto.so.*': No such file or directory
make[2]: *** [/openwrt/bin/x86_64/packages/libopenssl_1.0.1e-2_x86_64.ipk] Error 1
make[2]: Leaving directory `/openwrt/package/libs/openssl'
make[1]: *** [package/libs/openssl/compile] Error 2
make[1]: Leaving directory `/openwrt'

Set LIBDIR accordingly to fix this.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>

SVN-Revision: 39885
2014-03-12 10:00:53 +00:00
Felix Fietkau
c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Felix Fietkau
836e9fad45 openssl: detect configuration changes and clean build tree accordingly (fixes #15067)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39852
2014-03-09 13:19:29 +00:00
Felix Fietkau
46c8633c45 openssl: move make depend call to Build/Configure
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39851
2014-03-09 13:19:25 +00:00
Felix Fietkau
9a97bfcc2b openssl: use termios instead of termio
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 39748
2014-02-24 21:09:03 +00:00
John Crispin
408306633a openssl: fix up PKG_DEPENDS. there are 2 missing CONFIG_ prefixe
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 39607
2014-02-18 13:33:08 +00:00
Felix Fietkau
6cb542d6a4 openssl: Support multi-threaded applications
Allow multi-threaded applications to work properly by
removing the "no-threads" flag that is enabled by default.

Signed-off-by: Sujith Manoharan <c_manoha@qca.qualcomm.com>

SVN-Revision: 39048
2013-12-14 10:19:48 +00:00
Felix Fietkau
1f819564d1 openssl: add support for RIPEMD/160
RIPEMD is needed to update erlang and i'd like to enable RIPEMD160 support in openssh.

Size compared:

openssl without RIPEMD/160 support:
647K 29. Okt 20:00 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

openssl with RIPEMD/160 support:
652K  8. Nov 15:11 bin/ar71xx/packages/libopenssl_1.0.1e-2_ar71xx.ipk

So the file size just grows ~5kb, which shouldn't be a problem.

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 38809
2013-11-14 20:42:15 +00:00
Felix Fietkau
7e6b26a1f3 openssl: add parallel build support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37927
2013-09-10 12:09:13 +00:00
Felix Fietkau
648bc811f0 openssl: to disable mips16, use the new PKG_USE_MIPS16 flag instead of messing with cflags directly
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37771
2013-08-14 13:02:33 +00:00
Felix Fietkau
ca186db09f openssl: enable elliptic curve crypto by default (so that it can be used by things like ipsec as well)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37524
2013-07-24 12:38:06 +00:00
Felix Fietkau
da654a0c42 openssl: add elliptic curve crypto compilation options to openssl
This patch adds EC compilation options to openssl
OPENSSL_WITH_EC is needed for authsae (OPENSSL_WITH_EC2M isn't)
Activating ec (but not ec2m) in openssl take 35Ko more on ar71xx (ipk size)
Activating both take 52Ko.

Signed-off-by: Etienne CHAMPETIER <etienne.champetier@free.fr>

SVN-Revision: 37523
2013-07-24 12:37:55 +00:00
Felix Fietkau
aacbb9ba77 openssl: disable mips16, it makes the code slower
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36602
2013-05-10 00:18:27 +00:00
Felix Fietkau
96bb7c123b build: consistently use 'depends on' instead of 'depends'
make the syntax more compatible with kernel menuconfig

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 36351
2013-04-17 15:36:41 +00:00
Florian Fainelli
f223d0927e openssl: Pass in any TARGET_ASFLAGS
Packages not picking up the regular TARGET_AS need their openwrt
Makefiles tweaked. For a basic build, that's just openssl.

This depends on patch 1/5.

Signed-off-by: Jay Carlson <nop@nop.com>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 36201
2013-04-05 12:36:09 +00:00
Florian Fainelli
16f7554f95 openssl: remove now obsolete cris/etrax patch
The etrax target has been removed in r34768.

Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 35684
2013-02-19 17:22:51 +00:00