[Pkg-openssl-devel] Bug#589706: SSLv2 should be disabled

Kees Cook kees at debian.org
Tue Jul 20 07:19:31 UTC 2010 

Package: openssl
Version: 0.9.8o-1
Severity: normal
Tags: patch, security
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu maverick ubuntu-patch

Since SSLv2 is considered dangerous, it should be removed from OpenSSL. It
hasn't be available in NSS or GnuTLS for a very long time.

This patch implements a form for disabling SSLv2 -- all contexts have
NO_SSL2 set, and the ssl2 method is rejected in SSL_CTX_new (similar to how
FIPS mode works).

Thanks,

-Kees

-- 
Kees Cook                                            @debian.org
-------------- next part --------------
diff -Nru openssl-0.9.8o/debian/patches/no-sslv2.patch openssl-0.9.8o/debian/patches/no-sslv2.patch
--- openssl-0.9.8o/debian/patches/no-sslv2.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-0.9.8o/debian/patches/no-sslv2.patch	2010-07-19 22:40:36.000000000 +0200
@@ -0,0 +1,125 @@
+Description: disallow SSLv2 initialization, force it disabled for other methods.
+Author: Kees Cook <kees at ubuntu.com>
+
+Index: openssl-0.9.8o/ssl/ssl_lib.c
+===================================================================
+--- openssl-0.9.8o.orig/ssl/ssl_lib.c	2010-02-17 20:43:08.000000000 +0100
++++ openssl-0.9.8o/ssl/ssl_lib.c	2010-07-19 22:10:51.885282388 +0200
+@@ -986,8 +986,10 @@
+ 		return 1;
+ 
+ 	case SSL_CTRL_OPTIONS:
++		larg|=SSL_OP_NO_SSLv2;
+ 		return(s->options|=larg);
+ 	case SSL_CTRL_CLEAR_OPTIONS:
++		larg&=~SSL_OP_NO_SSLv2;
+ 		return(s->options&=~larg);
+ 	case SSL_CTRL_MODE:
+ 		return(s->mode|=larg);
+@@ -1096,8 +1098,10 @@
+ 	case SSL_CTRL_SESS_CACHE_FULL:
+ 		return(ctx->stats.sess_cache_full);
+ 	case SSL_CTRL_OPTIONS:
++		larg|=SSL_OP_NO_SSLv2;
+ 		return(ctx->options|=larg);
+ 	case SSL_CTRL_CLEAR_OPTIONS:
++		larg&=~SSL_OP_NO_SSLv2;
+ 		return(ctx->options&=~larg);
+ 	case SSL_CTRL_MODE:
+ 		return(ctx->mode|=larg);
+@@ -1444,7 +1448,7 @@
+ 	{
+ 	SSL_CTX *ret=NULL;
+ 	
+-	if (meth == NULL)
++	if (meth == NULL || meth->version <= SSL2_VERSION)
+ 		{
+ 		SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED);
+ 		return(NULL);
+@@ -1603,6 +1607,9 @@
+ 	 */
+ 	ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+ 
++	/* Force no SSLv2 for all methods */
++	ret->options |= SSL_OP_NO_SSLv2;
++
+ 	return(ret);
+ err:
+ 	SSLerr(SSL_F_SSL_CTX_NEW,ERR_R_MALLOC_FAILURE);
+Index: openssl-0.9.8o/test/testssl
+===================================================================
+--- openssl-0.9.8o.orig/test/testssl	2005-02-02 00:48:36.000000000 +0100
++++ openssl-0.9.8o/test/testssl	2010-07-19 22:10:51.885282388 +0200
+@@ -33,17 +33,17 @@
+ #############################################################################
+ 
+ echo test sslv2
+-$ssltest -ssl2 $extra || exit 1
++$ssltest -ssl2 $extra && exit 1
+ 
+ echo test sslv2 with server authentication
+-$ssltest -ssl2 -server_auth $CA $extra || exit 1
++$ssltest -ssl2 -server_auth $CA $extra && exit 1
+ 
+ if [ $dsa_cert = NO ]; then
+   echo test sslv2 with client authentication
+-  $ssltest -ssl2 -client_auth $CA $extra || exit 1
++  $ssltest -ssl2 -client_auth $CA $extra && exit 1
+ 
+   echo test sslv2 with both client and server authentication
+-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
++  $ssltest -ssl2 -server_auth -client_auth $CA $extra && exit 1
+ fi
+ 
+ echo test sslv3
+@@ -71,17 +71,17 @@
+ $ssltest -server_auth -client_auth $CA $extra || exit 1
+ 
+ echo test sslv2 via BIO pair
+-$ssltest -bio_pair -ssl2 $extra || exit 1
++$ssltest -bio_pair -ssl2 $extra && exit 1
+ 
+ echo test sslv2 with server authentication via BIO pair
+-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
++$ssltest -bio_pair -ssl2 -server_auth $CA $extra && exit 1
+ 
+ if [ $dsa_cert = NO ]; then
+   echo test sslv2 with client authentication via BIO pair
+-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
++  $ssltest -bio_pair -ssl2 -client_auth $CA $extra && exit 1
+ 
+   echo test sslv2 with both client and server authentication via BIO pair
+-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
++  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra && exit 1
+ fi
+ 
+ echo test sslv3 via BIO pair
+Index: openssl-0.9.8o/doc/ssl/SSL_CTX_new.pod
+===================================================================
+--- openssl-0.9.8o.orig/doc/ssl/SSL_CTX_new.pod	2010-07-19 22:35:59.305282967 +0200
++++ openssl-0.9.8o/doc/ssl/SSL_CTX_new.pod	2010-07-19 22:39:09.324088083 +0200
+@@ -30,6 +30,9 @@
+ and will also indicate that it only understand SSLv2. A server will only
+ understand SSLv2 client hello messages.
+ 
++Note: these methods are disabled. The SSLv2 protocol is considered unsafe,
++and all attempts to use it will result in the error "null ssl method passed".
++
+ =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
+ 
+ A TLS/SSL connection established with these methods will only understand the
+Index: openssl-0.9.8o/doc/ssl/SSL_CTX_set_options.pod
+===================================================================
+--- openssl-0.9.8o.orig/doc/ssl/SSL_CTX_set_options.pod	2010-07-19 22:39:31.044042368 +0200
++++ openssl-0.9.8o/doc/ssl/SSL_CTX_set_options.pod	2010-07-19 22:40:34.534120783 +0200
+@@ -202,6 +202,9 @@
+ 
+ Do not use the SSLv2 protocol.
+ 
++Note: this option is always set and cannot be disabled. SSLv2 is never
++available.
++
+ =item SSL_OP_NO_SSLv3
+ 
+ Do not use the SSLv3 protocol.
diff -Nru openssl-0.9.8o/debian/patches/series openssl-0.9.8o/debian/patches/series
--- openssl-0.9.8o/debian/patches/series	2010-06-14 17:04:09.000000000 +0200
+++ openssl-0.9.8o/debian/patches/series	2010-07-19 22:10:48.000000000 +0200
@@ -21,3 +21,4 @@
 aesni.patch
 perlpath-quilt.patch
 Bsymbolic-functions.patch
+no-sslv2.patch
diff -Nru openssl-0.9.8o/debian/rules openssl-0.9.8o/debian/rules
--- openssl-0.9.8o/debian/rules	2010-07-19 16:44:00.000000000 +0200
+++ openssl-0.9.8o/debian/rules	2010-07-19 22:44:41.000000000 +0200
@@ -71,9 +71,11 @@
 clean:
 	dh_testdir
 	dh_testroot
+	dh_clean
 	-rm -f build
 	-./Configure $(CONFARGS) debian-$(DEB_HOST_ARCH)
 	[ ! -f Makefile ] || make -f Makefile  clean clean-shared
+	[ ! -f test/Makefile ] || make -C test clean
 	#-make -f Makefile  dclean
 #	perl util/ssldir.pl /usr/local/ssl
 	-rm -f test/.rnd test/testkey.pem test/testreq.pem test/certCA.srl
@@ -88,7 +90,6 @@
 	-rm -f libcrypto.* libssl.*
 	-cd test && rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bntest ectest  ecdsatest ecdhtest ideatest md2test  md4test md5test hmactest rc2test rc4test rc5test destest shatest sha1test sha256t sha512t mdc2test rmdtest randtest dhtest enginetest bftest casttest ssltest exptest dsatest rsa_test evp_test *.ss *.srl log dummytest newkey.pem igetest
 	-rm Makefile apps/CA.pl tools/c_rehash crypto/opensslconf.h crypto/x86_64cpuid.S
-	dh_clean
 
 binary-indep:	build
 	dh_testdir

More information about the Pkg-openssl-devel mailing list