Date: Tue, 7 Feb 2023 19:03:49 GMT From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 640242a59157 - main - OpenSSL: Merge OpenSSL 1.1.1t Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088' Message-ID: <202302071903.317J3npQ035027@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=640242a5915761ce63205bdb0542fa3c1473c0ff commit 640242a5915761ce63205bdb0542fa3c1473c0ff Merge: 146d9da6c2ec 0d51f658515c Author: Jung-uk Kim <jkim@FreeBSD.org> AuthorDate: 2023-02-07 18:51:38 +0000 Commit: Jung-uk Kim <jkim@FreeBSD.org> CommitDate: 2023-02-07 18:51:38 +0000 OpenSSL: Merge OpenSSL 1.1.1t Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088' crypto/openssl/CHANGES | 76 ++- crypto/openssl/Configure | 18 +- crypto/openssl/NEWS | 7 + crypto/openssl/README | 2 +- crypto/openssl/crypto/asn1/asn_mime.c | 6 +- crypto/openssl/crypto/asn1/bio_asn1.c | 4 +- crypto/openssl/crypto/asn1/bio_ndef.c | 41 +- crypto/openssl/crypto/bio/b_print.c | 22 +- crypto/openssl/crypto/bn/bn_blind.c | 16 +- crypto/openssl/crypto/bn/bn_err.c | 4 +- crypto/openssl/crypto/bn/bn_exp.c | 36 +- crypto/openssl/crypto/bn/bn_local.h | 36 +- crypto/openssl/crypto/bn/bn_mont.c | 4 +- crypto/openssl/crypto/bn/build.info | 3 +- crypto/openssl/crypto/bn/rsa_sup_mul.c | 614 +++++++++++++++++++++++++ crypto/openssl/crypto/cms/cms_enc.c | 5 + crypto/openssl/crypto/cms/cms_err.c | 2 + crypto/openssl/crypto/err/openssl.txt | 5 +- crypto/openssl/crypto/evp/bio_enc.c | 9 +- crypto/openssl/crypto/pem/pem_lib.c | 8 +- crypto/openssl/crypto/rsa/rsa_ameth.c | 1 + crypto/openssl/crypto/rsa/rsa_ossl.c | 19 +- crypto/openssl/crypto/txt_db/txt_db.c | 4 +- crypto/openssl/crypto/x509/by_dir.c | 18 +- crypto/openssl/crypto/x509/x_name.c | 8 +- crypto/openssl/crypto/x509v3/v3_genn.c | 4 +- crypto/openssl/engines/asm/e_padlock-x86.pl | 4 +- crypto/openssl/engines/asm/e_padlock-x86_64.pl | 4 +- crypto/openssl/include/crypto/bn.h | 7 +- crypto/openssl/include/openssl/bnerr.h | 3 +- crypto/openssl/include/openssl/cmserr.h | 1 + crypto/openssl/include/openssl/opensslv.h | 4 +- crypto/openssl/include/openssl/x509v3.h | 4 +- crypto/openssl/ssl/record/rec_layer_s3.c | 26 +- crypto/openssl/ssl/record/ssl3_buffer.c | 9 +- 35 files changed, 938 insertions(+), 96 deletions(-) diff --cc crypto/openssl/crypto/bn/rsa_sup_mul.c index 000000000000,acafefd5febf..acafefd5febf mode 000000,100644..100644 --- a/crypto/openssl/crypto/bn/rsa_sup_mul.c +++ b/crypto/openssl/crypto/bn/rsa_sup_mul.c diff --cc crypto/openssl/engines/asm/e_padlock-x86.pl index 5b097ce3ef9b,7d5c92d98ce3..7d5c92d98ce3 mode 100755,100644..100755 --- a/crypto/openssl/engines/asm/e_padlock-x86.pl +++ b/crypto/openssl/engines/asm/e_padlock-x86.pl diff --cc crypto/openssl/engines/asm/e_padlock-x86_64.pl index 09b0aaa48dfe,f60bec1e7d5d..f60bec1e7d5d mode 100755,100644..100755 --- a/crypto/openssl/engines/asm/e_padlock-x86_64.pl +++ b/crypto/openssl/engines/asm/e_padlock-x86_64.pl diff --cc crypto/openssl/include/openssl/opensslv.h index abb8e1203861,7b6c212fa097..6d65f72d9b85 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@@ -39,8 -39,8 +39,8 @@@ extern "C" * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ - # define OPENSSL_VERSION_NUMBER 0x1010113fL - # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1s-freebsd 1 Nov 2022" + # define OPENSSL_VERSION_NUMBER 0x1010114fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t-freebsd 7 Feb 2023" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --cc crypto/openssl/ssl/record/rec_layer_s3.c index 501f58a2b373,1db1712a0986..2968753a2566 --- a/crypto/openssl/ssl/record/rec_layer_s3.c +++ b/crypto/openssl/ssl/record/rec_layer_s3.c @@@ -1012,18 -984,19 +1013,20 @@@ int do_ssl3_write(SSL *s, int type, con } /* - * Reserve some bytes for any growth that may occur during encryption. - * This will be at most one cipher block or the tag length if using - * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case. - */ + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ - if (!WPACKET_reserve_bytes(thispkt, - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size, - NULL) + if (!BIO_get_ktls_send(s->wbio)) { + if (!WPACKET_reserve_bytes(thispkt, - SSL_RT_MAX_CIPHER_BLOCK_SIZE, - NULL) - /* - * We also need next the amount of bytes written to this - * sub-packet - */ ++ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD ++ - mac_size, ++ NULL) + /* + * We also need next the amount of bytes written to this + * sub-packet + */ || !WPACKET_get_length(thispkt, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); @@@ -1068,11 -1039,11 +1071,14 @@@ thispkt = &pkt[j]; thiswr = &wr[j]; + if (BIO_get_ktls_send(s->wbio)) + goto mac_done; + /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202302071903.317J3npQ035027>