render / rpms / edk2

Forked from rpms/edk2 3 months ago
Clone
Source Code
GIT

Blame openssl-1.1.0-disable-ssl3.patch

c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta edk2-hyperscale
  1.   91c79aab4c6646fc47e668e0e0a4f71f3cdeddb0
  2.   openssl-1.1.0-disable-ssl3.patch
Blob History Raw
Paolo Bonzini 91c79a 
diff -up a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c
Paolo Bonzini 91c79a 
--- a/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c.disable-ssl3	2016-08-25 17:29:22.000000000 +0200
Paolo Bonzini 91c79a 
+++ b/CryptoPkg/Library/OpensslLib/openssl/ssl/ssl_lib.c	2016-09-08 11:08:05.252082263 +0200
Paolo Bonzini 91c79a 
@@ -2470,6 +2470,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
Paolo Bonzini 91c79a 
      * or by using the SSL_CONF library.
Paolo Bonzini 91c79a 
      */
Paolo Bonzini 91c79a 
     ret->options |= SSL_OP_NO_COMPRESSION;
Paolo Bonzini 91c79a 
+    /*
Paolo Bonzini 91c79a 
+     * Disable SSLv3 by default.  Applications can
Paolo Bonzini 91c79a 
+     * re-enable it by configuring
Paolo Bonzini 91c79a 
+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+     * or by using the SSL_CONF library.
Paolo Bonzini 91c79a 
+     */
Paolo Bonzini 91c79a 
+    ret->options |= SSL_OP_NO_SSLv3;
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
     ret->tlsext_status_type = -1;
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
diff -up a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c
Paolo Bonzini 91c79a 
--- a/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c.disable-ssl3	2016-09-08 11:08:05.252082263 +0200
Paolo Bonzini 91c79a 
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssl_test.c	2016-09-08 11:11:44.802005886 +0200
Paolo Bonzini 91c79a 
@@ -258,6 +258,7 @@ static int execute_test(SSL_TEST_FIXTURE
Paolo Bonzini 91c79a 
             SSL_TEST_SERVERNAME_CB_NONE) {
Paolo Bonzini 91c79a 
             server2_ctx = SSL_CTX_new(TLS_server_method());
Paolo Bonzini 91c79a 
             TEST_check(server2_ctx != NULL);
Paolo Bonzini 91c79a 
+            SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
         }
Paolo Bonzini 91c79a 
         client_ctx = SSL_CTX_new(TLS_client_method());
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
@@ -266,11 +267,15 @@ static int execute_test(SSL_TEST_FIXTURE
Paolo Bonzini 91c79a 
             resume_client_ctx = SSL_CTX_new(TLS_client_method());
Paolo Bonzini 91c79a 
             TEST_check(resume_server_ctx != NULL);
Paolo Bonzini 91c79a 
             TEST_check(resume_client_ctx != NULL);
Paolo Bonzini 91c79a 
+            SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+            SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
         }
Paolo Bonzini 91c79a 
     }
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
     TEST_check(server_ctx != NULL);
Paolo Bonzini 91c79a 
     TEST_check(client_ctx != NULL);
Paolo Bonzini 91c79a 
+    SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+    SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
     TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
Paolo Bonzini 91c79a
Paolo Bonzini 91c79a 
diff -up a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c.disable-ssl3 b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c
Paolo Bonzini 91c79a 
--- a/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c.disable-ssl3	2016-08-25 17:29:23.000000000 +0200
Paolo Bonzini 91c79a 
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/ssltest_old.c	2016-09-08 11:08:05.253082286 +0200
Paolo Bonzini 91c79a 
@@ -1456,6 +1456,11 @@ int main(int argc, char *argv[])
Paolo Bonzini 91c79a 
         ERR_print_errors(bio_err);
Paolo Bonzini 91c79a 
         goto end;
Paolo Bonzini 91c79a 
     }
Paolo Bonzini 91c79a 
+
Paolo Bonzini 91c79a 
+    SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+    SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+    SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
Paolo Bonzini 91c79a 
+
Paolo Bonzini 91c79a 
     /*
Paolo Bonzini 91c79a 
      * Since we will use low security ciphersuites and keys for testing set
Paolo Bonzini 91c79a 
      * security level to zero by default. Tests can override this by adding

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation