[OE-core] [PATCH] OpenSSL: CVE-2004-2761 replace MD5 hash algorithm

[Radzykewycz, T (Radzy)]

________________________________________
> From: Burton, Ross [ross.burton at intel.com]
> Sent: Tuesday, November 15, 2016 11:59 AM
> To: Radzykewycz, T (Radzy)
> Cc: OE-core
> Subject: Re: [OE-core] [PATCH] OpenSSL: CVE-2004-2761 replace MD5 hash algorithm
> 
> On 15 November 2016 at 19:43, T.O. Radzy Radzykewycz <radzy at windriver.com<mailto:radzy at windriver.com>> wrote:
>  .../recipes-connectivity/openssl/openssl_1.0.2h.bb<http://openssl_1.0.2h.bb> |  1 +
> 
> oe-core master is on openssl 1.0.2j now, so please rebase.
> 
>  2 files changed, 60 insertions(+)
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> 
> diff --git a/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> new file mode 100644
> index 000000000000..766af67e1db9
> --- /dev/null
> +++ b/meta/recipes-connectivity/openssl/openssl/Use-SHA256-not-MD5-as-default-digest.patch
> @@ -0,0 +1,59 @@
> +From d795f5f20a29adecf92c09459a3ee07ffac01a99 Mon Sep 17 00:00:00 2001
> +From: Rich Salz <rsalz at akamai.com<mailto:rsalz at akamai.com>>
> +Date: Sat, 13 Jun 2015 17:03:39 -0400
> +Subject: [PATCH] Use SHA256 not MD5 as default digest.
> +
> +Commit f8547f62c212837dbf44fb7e2755e5774a59a57b upstream.
> +
> +Upstream Status: Backport
> 
> I'm such a pedant but we do have automated tooling around this, so please use "Upstream-Status".  Also adding a CVE tag in the patch (CVE: CVE-2004-2761) would be appreciated for tracking.

Thanks for the great feedback!

I'll send a new patch shortly.

Enjoy!

-- radzy

PS: The instructions at
http://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded
seem to indicate that you should not use master.  Since I seem to have
misunderstood, please forgive my ignorance.

> Ross