Commit Graph

77 Commits (42f3c1fe1ca051dec2ef828b4a412ed73e29acae)

Author SHA1 Message Date
Hauke Mehrtens f5ab082243 openssl: update to version 1.0.2k
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-01-28 13:33:22 +01:00
Felix Fietkau 720b99215d treewide: clean up download hashes
Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-16 22:39:22 +01:00
Magnus Kroken b1f39d3d7e openssl: update to 1.0.2j
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.

Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch

Security advisory: https://www.openssl.org/news/secadv/20160926.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev c0b15b3072 openssl: Make DTLS configurable.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Rosen Penev aaa067ab0b openssl: Remove J-PAKE. Nothing uses it.
Signed-off by: Rosen Penev <rosenp@gmail.com>
2016-09-27 17:50:22 +02:00
Hauke Mehrtens ea288126db openssl: backport build fix when hardware support is used
This fix added to the openssl 1.0.2 branch.
In addition add the header for the existing backport.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 19:53:00 +02:00
Magnus Kroken 6926325829 openssl: update to 1.0.2i
Drop 302-fix_no_cmac_build.patch, it has been applied upstream.

Security fixes:
* (Severity: High) OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* (Severity: Moderate) SSL_peek() hang on empty record (CVE-2016-6305)
* 10 Low severity issues

Security advisory: https://www.openssl.org/news/secadv/20160922.txt
Changelog: https://www.openssl.org/news/cl102.txt

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2016-09-24 13:28:59 +02:00
Felix Fietkau 00a1056c3f openssl: re-enable ARM assembly
The original reason for disabling it seems to have been fixed
Related discussion: https://github.com/lede-project/source/pull/307

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-31 13:57:05 +02:00
Felix Fietkau 7ee9222770 openssl: re-enable CMAC support
Needed by a few packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-09 07:18:03 +02:00
Felix Fietkau cd91f384ac openssl: re-enable NPN by default
Several packages rely on it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-24 14:43:44 +02:00
Felix Fietkau cb8f322d93 openssl: add back the CAST cipher by default
At least netatalk and some ipsec packages use it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-24 14:42:18 +02:00
Felix Fietkau 600fd467d8 openssl: revert the no-ripemd change, openssh needs that cipher
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-07-23 19:03:47 +02:00
Dirk Feytons 3ad8bc4366 openssl: add option to disable SRP support
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 12:10:41 +02:00
Dirk Feytons 057b116e09 openssl: add --gc-sections
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 12:10:08 +02:00
Dirk Feytons 41da31ac2c openssl: remove some unneeded functionality and algorithms
The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
2016-07-23 12:09:51 +02:00
Dirk Feytons f16fc21675 openssl: add option to disable PSK support
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 11:59:31 +02:00
Dirk Feytons 0099748fd6 openssl: add option for NPN support
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 11:59:31 +02:00
Dirk Feytons eb4fc91a81 openssl: add option to disable compression support
By default it's disabled. After the CRIME attack it seems the use of
compression is discouraged.

Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 11:59:31 +02:00
Dirk Feytons db11695aa6 openssl: add option to omit deprecated APIs
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
2016-07-23 11:59:30 +02:00
Felix Fietkau 3d6d5ccf59 openssl: replace ocf-crypto-headers with a header file from cryptodev-linux
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-05-12 19:35:32 +02:00
Michal Hrusecky f6adbdf3cd openssl: Update to version 1.0.2h
Bump to the latest version, fixes several security issues:
 * CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html

Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
2016-05-04 13:00:31 +01:00
Jo-Philipp Wich abc828b085 openssl: fix wrong build target strings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2016-04-15 07:40:31 +02:00
John Crispin fa69553900 branding: add LEDE branding
Signed-off-by: John Crispin <blogic@openwrt.org>
2016-03-24 22:40:13 +01:00
Jo-Philipp Wich 25b34dd97f openssl: update to 1.0.2g (8 CVEs)
CVE-2016-0704

s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites. This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.

CVE-2016-0703

s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they *displace* encrypted-key
bytes. This leads to an efficient divide-and-conquer key recovery attack: if
an eavesdropper has intercepted an SSLv2 handshake, they can use the server as
an oracle to determine the SSLv2 master-key, using only 16 connections to the
server and negligible computation. More importantly, this leads to a more
efficient version of DROWN that is effective against non-export ciphersuites,
and requires no significant computation.

CVE-2016-0702

A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery of
RSA keys. The ability to exploit this issue is limited as it relies on an
attacker who has control of code in a thread running on the same hyper-
threaded core as the victim thread which is performing decryptions.

CVE-2016-0799

The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings. Additionally
the internal |doapr_outch| function can attempt to write to an OOB memory
location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size
of a buffer to be allocated is greater than INT_MAX. E.g. this could be in
processing a very long "%s" format string. Memory leaks can also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data is
passed to the BIO_*printf functions. If applications use these functions in
this way then they could be vulnerable. OpenSSL itself uses these functions
when printing out human-readable dumps of ASN.1 data. Therefore applications
that print this data could be vulnerable if the data is from untrusted sources.
OpenSSL command line applications could also be vulnerable where they print out
ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is
not considered directly vulnerable. Additionally certificates etc received via
remote connections via libssl are also unlikely to be able to trigger these
issues because of message size limits enforced within libssl.

CVE-2016-0797

In the BN_hex2bn function the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this case
memory is allocated to the internal BIGNUM data field, but it is insufficiently
sized leading to heap corruption. A similar issue exists in BN_dec2bn. This
could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user
applications with very large untrusted hex/dec data. This is anticipated to be
a rare occurrence. All OpenSSL internal usage of these functions use data that
is not expected to be untrusted, e.g. config file data or application command
line arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.

CVE-2016-0798

The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. Specifically, SRP servers that configure a secret seed to hide
valid login information are vulnerable to a memory leak: an attacker connecting
with an invalid username can cause a memory leak of around 300 bytes per
connection. Servers that do not configure SRP, or configure SRP but do not
configure a seed are not vulnerable. In Apache, the seed directive is known as
SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note
that OpenSSL makes no strong guarantees about the indistinguishability of valid
and invalid logins. In particular, computations are currently not carried out
in constant time.

CVE-2016-0705

A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare.

CVE-2016-0800

A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and non-
vulnerable servers can be decrypted provided another server supporting SSLv2
and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP)
shares the RSA keys of the non-vulnerable server. This vulnerability is known
as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to
perform approximately 2^50 computation, as well as thousands of connections to
the affected server. A more efficient variant of the DROWN attack exists
against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m,
1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can
avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers,
if they've not done so already. Disabling all SSLv2 ciphers is also sufficient,
provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f)
have been deployed. Servers that have not disabled the SSLv2 protocol, and are
not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following
mitigation against DROWN: SSLv2 is now by default disabled at build-time.
Builds that are not configured with "enable-ssl2" will not support SSLv2.
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl,
SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the
application explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery
have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2
56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up
are now disabled in default builds of OpenSSL. Builds that are not configured
with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength
ciphers.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48868
2016-03-01 14:31:08 +00:00
Felix Fietkau 2911212962 openssl: update to 1.0.2f (fixes CVE-2016-0701, CVE-2015-3197)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48531
2016-01-28 18:20:06 +00:00
Felix Fietkau 8de052800a openssl: remove the separate configuration menu, use the implicit one (via MENU:=1)
Fixes warning on selecting OPENSSL_ENGINE_CRYPTO if openssl is not selected

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48312
2016-01-18 12:42:08 +00:00
John Crispin 395dd083fc OpenSSL: Added source/old to PKG_SOURCE_URL
OpenSSL moves old versions of the library from
http://www.openssl.org/source/ to
http://www.openssl.org/source/old/$version/ breaking the old links.
That behavior breaks the OpenWRT-build every time OpenSSL releases
a new version.

This patch adds http://www.openssl.org/source/old/$version/ to the
PKG_SOURCE_URL of OpenSSL to avoid breaking the build whenever
OpenSSL releases a new version.

Signed-off-by: Kevin Kirsch <ranlvor@starletp9.de>
Reviewed-by: Alexander Dahl <post@lespocky.de>

SVN-Revision: 47860
2015-12-11 15:07:40 +00:00
Hauke Mehrtens f1d3b08fc0 openssl: add config option for no_hw support
The hardware support is required by some 3rd party engines (tpm)

Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>

SVN-Revision: 47817
2015-12-09 22:26:40 +00:00
Hauke Mehrtens 82c491708b openssl: update to version 1.0.2e
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47726
2015-12-03 21:01:57 +00:00
Luka Perkov 18721fa120 openssl: add one more mirror
Signed-off-by: Luka Perkov <luka@openwrt.org>

SVN-Revision: 46517
2015-07-28 21:54:44 +00:00
Jo-Philipp Wich 48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth 6ac38545c9 openssl: disable parallel builds (spurious linking break)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46005
2015-06-16 17:28:11 +00:00
Steven Barth 38e0845bd7 openssl: 1.0.2c (srsly, you guys, srsly)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45950
2015-06-12 20:49:20 +00:00
Steven Barth 085a75aec2 openssl: fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45947
2015-06-11 20:36:46 +00:00
Steven Barth 89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
John Crispin 3d248c4dee openssl: disable arm optimisation until we know why it fails on some socs
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 45343
2015-04-10 08:27:55 +00:00
Steven Barth 3006bc6904 openssl: biweekly critical security update
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44900
2015-03-20 08:14:42 +00:00
John Crispin 8573891dfe openssl: enable ARM assembly acceleration
Tested myself on ixp4xx and mvebu, and (originally)
by Daniel on i.MX6. Also tested on a MIPS target,
to make sure the change to ASFLAGS does not break things.

Based on a patch submitted by Daniel Drown:

https://lists.openwrt.org/pipermail/openwrt-devel/2014-July/026639.html

Signed-off-by: Claudio Leite <leitec@staticky.com>
Signed-off-by: Daniel Drown <dan-openwrt@drown.org>

SVN-Revision: 44618
2015-03-06 07:57:10 +00:00
Steven Barth 909af3fa4b openssl: fix upstream regression for non-ec builds
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44364
2015-02-09 15:26:35 +00:00
Steven Barth 2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Steven Barth 3138207f48 openssl: update to 1.0.1l *sigh*
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43976
2015-01-15 17:59:06 +00:00
Steven Barth dbca1e5662 openssl: bump to 1.0.1j
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43875
2015-01-08 18:29:26 +00:00
Steven Barth 2c4d88c503 openssl: fix CVE-2014-3569
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43858
2015-01-06 09:59:55 +00:00
Steven Barth 2a5ad9cf0b openssl: reenable CMS (broke krb5)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43176
2014-11-04 08:37:06 +00:00
John Crispin 74a3a77bcd license info - revert r43155
turns out that r43155 adds duplicate info.

Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43167
2014-11-03 09:56:44 +00:00
John Crispin c10d97484a Add more license tags with SPDX identifiers
Note, that licensing stuff is a nightmare: many packages does not clearly
state their licenses, and often multiple source files are simply copied
together - each with different licensing information in the file headers.

I tried hard to ensure, that the license information extracted into the OpenWRT's
makefiles fit the "spirit" of the packages, e.g. such small packages which
come without a dedicated source archive "inherites" the OpenWRT's own license
in my opinion.

However, I can not garantee that I always picked the correct information
and/or did not miss license information.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>

SVN-Revision: 43155
2014-11-03 08:01:08 +00:00
Steven Barth bec9d38fa4 Add a few SPDX tags
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43151
2014-11-02 12:20:54 +00:00
Steven Barth 6a4a437e04 openssl: optimize build options, disable old SSL versions
Based on a patchset by Etienne CHAMPETIER <champetier.etienne@gmail.com>
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43123
2014-10-30 13:11:04 +00:00
Felix Fietkau 9ac5cfe1ba openssl: fix target definition for x86_64 (#18182)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 43045
2014-10-24 13:23:39 +00:00
John Crispin b52651a66e openssl: host build fails when ccache is enabled
Signed-off-by: John Crispin <blogic@openwrt.org>

SVN-Revision: 43002
2014-10-20 11:19:53 +00:00