fa61203f41
- OpenSSL Security Advisory [3rd May 2016]
- update to 1.0.2h (boo#977584, boo#977663)
* Prevent padding oracle in AES-NI CBC MAC check
A MITM attacker can use a padding oracle attack to decrypt traffic
when the connection uses an AES CBC cipher and the server support
AES-NI.
(CVE-2016-2107, boo#977616)
* Fix EVP_EncodeUpdate overflow
An overflow can occur in the EVP_EncodeUpdate() function which is used for
Base64 encoding of binary data. If an attacker is able to supply very large
amounts of input data then a length check can overflow resulting in a heap
corruption.
(CVE-2016-2105, boo#977614)
* Fix EVP_EncryptUpdate overflow
An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
is able to supply very large amounts of input data after a previous call to
EVP_EncryptUpdate() with a partial block then a length check can overflow
resulting in a heap corruption.
(CVE-2016-2106, boo#977615)
* Prevent ASN.1 BIO excessive memory allocation
When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
a short invalid encoding can casuse allocation of large amounts of memory
potentially consuming excessive resources or exhausting memory.
(CVE-2016-2109, boo#976942)
* EBCDIC overread
ASN1 Strings that are over 1024 bytes can cause an overread in applications
using the X509_NAME_oneline() function on EBCDIC systems. This could result
in arbitrary stack data being returned in the buffer.
(CVE-2016-2176, boo#978224)
* Modify behavior of ALPN to invoke callback after SNI/servername (forwarded request 393446 from vitezslav_cizek)
OBS-URL: https://build.opensuse.org/request/show/393456
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=132
38 lines
2.1 KiB
Diff
38 lines
2.1 KiB
Diff
Index: openssl-1.0.2h/ssl/ssl_ciph.c
|
|
===================================================================
|
|
--- openssl-1.0.2h.orig/ssl/ssl_ciph.c 2016-05-03 16:36:50.482900040 +0200
|
|
+++ openssl-1.0.2h/ssl/ssl_ciph.c 2016-05-03 16:36:51.951922883 +0200
|
|
@@ -1608,7 +1608,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
|
|
*/
|
|
ok = 1;
|
|
rule_p = rule_str;
|
|
- if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
|
+ if (strncmp(rule_str,"DEFAULT_SUSE", 12) == 0) {
|
|
+ ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
|
|
+ &head, &tail, ca_list);
|
|
+ rule_p += 12;
|
|
+ if (*rule_p == ':')
|
|
+ rule_p++;
|
|
+ }
|
|
+ else if (strncmp(rule_str, "DEFAULT", 7) == 0) {
|
|
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
|
|
&head, &tail, ca_list);
|
|
rule_p += 7;
|
|
Index: openssl-1.0.2h/ssl/ssl.h
|
|
===================================================================
|
|
--- openssl-1.0.2h.orig/ssl/ssl.h 2016-05-03 16:36:51.951922883 +0200
|
|
+++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 16:41:00.024781841 +0200
|
|
@@ -338,7 +338,11 @@ extern "C" {
|
|
* The following cipher list is used by default. It also is substituted when
|
|
* an application-defined cipher list string starts with 'DEFAULT'.
|
|
*/
|
|
-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
|
|
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
|
|
+
|
|
+# define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
|
|
+ "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
|
|
+ "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
|
|
/*
|
|
* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
|
|
* starts with a reasonable order, and all we have to do for DEFAULT is
|