From nobody Tue Feb 7 19:03:49 2023 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PBCGR55ZHz3nZY4; Tue, 7 Feb 2023 19:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PBCGR4GBCz4RGV; Tue, 7 Feb 2023 19:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675796639; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CL07KWokszfvrO6Y7y0Dr9B7bhVpI+5kjhDoD4UwFVM=; b=T62xtefgiw0+qgP1NcwXTPpuMADW5MKB3fF7/9VW9354HzPNPi/ylsqW8GW2flSGqX1zWo 17c43eoUtbBItJXamN4ACD5qDa0ObQaEqqcL9NeMVuYRVdPiGG1awkV6PR7AguW3BrxeOO el3sEi8jRi6LIolompM6Pzo4oko7wtIKvNpaUYcpJ7N1YaeNyX9+uLDmqNUn2QbZyP5gRZ a8zvQWVATh98w59rEC5EtaqFsqxa9UKONn26uYwLJHutCVE4LVjnvIX7Z+oxPkGQgaF80Y +vNnvIlaKXwYa1/noy5ZXODME4gjmwlapBc3GW0ixBemyNuoZFNvsnQ8juDQrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675796639; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CL07KWokszfvrO6Y7y0Dr9B7bhVpI+5kjhDoD4UwFVM=; b=GH6J8ZVzT3KyuYudhGA+V7eGb0P8ix8zr95OfD9TqDIknaik2hd/p5lYEevQMxf57I2uvH vYwqVyQitaEzEQp2KgafR71l6VwSi9awT5J9AxXUx1YKvrpC777O3mUCwKUz91b4e6/JEA mmXgqQA0iAc+hBk/WorRxTQ1BfoU6DhPNPqDXH5tH6rnUylaQwg/tLXGQwJQHRLn8PN3Ii NgtWYRz4BhxEFp7mjPW0MtWQqZEAdFoXDaJUQ8rj5Mrv2BXGy/5ELiQ3d8a4/bkARCQqIn A1MSnpL1e+DAfcT1GjBwtP0S9gIjRA15Mi/lq6lsx0yqpswUA739j1uRokBG5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675796639; a=rsa-sha256; cv=none; b=QfBwcYeoV5amhyX7tzqozcYrW4GUshSdS7rl2UaAS9tcjyvSlWY9WdDRxlio+4VbZVahGv pLGU1cBYx1kwPsCTUOUrlW8bdDYYUUW7pZBB567sHhNjk7D2mHkv9Xab1mNUQHMq2zqi7R gIeMqP9ckKdnGA1zWM9Sy4xn7jx7xC657lvM6L5gECjkdovcdfRjaHGsA95jKx8Ase6o76 2flyQgpcnbVnUo1rqTMA62iXwvD74eexORpy8K2QB9T3Ri70Tf1AhaLKNnjcdCRQYmr1M0 cjkItKPyp3suNt1pRUWyDhG8VBPsmK3FMIRodyj3Cx0xLDipnmD6TB09eaOzKg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4PBCGR3GlLzS5m; Tue, 7 Feb 2023 19:03:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 317J3xIx035044; Tue, 7 Feb 2023 19:03:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 317J3npQ035027; Tue, 7 Feb 2023 19:03:49 GMT (envelope-from git) Date: Tue, 7 Feb 2023 19:03:49 GMT Message-Id: <202302071903.317J3npQ035027@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Jung-uk Kim Subject: git: 640242a59157 - main - OpenSSL: Merge OpenSSL 1.1.1t Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088' List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jkim X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 640242a5915761ce63205bdb0542fa3c1473c0ff Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=640242a5915761ce63205bdb0542fa3c1473c0ff commit 640242a5915761ce63205bdb0542fa3c1473c0ff Merge: 146d9da6c2ec 0d51f658515c Author: Jung-uk Kim AuthorDate: 2023-02-07 18:51:38 +0000 Commit: Jung-uk Kim CommitDate: 2023-02-07 18:51:38 +0000 OpenSSL: Merge OpenSSL 1.1.1t Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088' crypto/openssl/CHANGES | 76 ++- crypto/openssl/Configure | 18 +- crypto/openssl/NEWS | 7 + crypto/openssl/README | 2 +- crypto/openssl/crypto/asn1/asn_mime.c | 6 +- crypto/openssl/crypto/asn1/bio_asn1.c | 4 +- crypto/openssl/crypto/asn1/bio_ndef.c | 41 +- crypto/openssl/crypto/bio/b_print.c | 22 +- crypto/openssl/crypto/bn/bn_blind.c | 16 +- crypto/openssl/crypto/bn/bn_err.c | 4 +- crypto/openssl/crypto/bn/bn_exp.c | 36 +- crypto/openssl/crypto/bn/bn_local.h | 36 +- crypto/openssl/crypto/bn/bn_mont.c | 4 +- crypto/openssl/crypto/bn/build.info | 3 +- crypto/openssl/crypto/bn/rsa_sup_mul.c | 614 +++++++++++++++++++++++++ crypto/openssl/crypto/cms/cms_enc.c | 5 + crypto/openssl/crypto/cms/cms_err.c | 2 + crypto/openssl/crypto/err/openssl.txt | 5 +- crypto/openssl/crypto/evp/bio_enc.c | 9 +- crypto/openssl/crypto/pem/pem_lib.c | 8 +- crypto/openssl/crypto/rsa/rsa_ameth.c | 1 + crypto/openssl/crypto/rsa/rsa_ossl.c | 19 +- crypto/openssl/crypto/txt_db/txt_db.c | 4 +- crypto/openssl/crypto/x509/by_dir.c | 18 +- crypto/openssl/crypto/x509/x_name.c | 8 +- crypto/openssl/crypto/x509v3/v3_genn.c | 4 +- crypto/openssl/engines/asm/e_padlock-x86.pl | 4 +- crypto/openssl/engines/asm/e_padlock-x86_64.pl | 4 +- crypto/openssl/include/crypto/bn.h | 7 +- crypto/openssl/include/openssl/bnerr.h | 3 +- crypto/openssl/include/openssl/cmserr.h | 1 + crypto/openssl/include/openssl/opensslv.h | 4 +- crypto/openssl/include/openssl/x509v3.h | 4 +- crypto/openssl/ssl/record/rec_layer_s3.c | 26 +- crypto/openssl/ssl/record/ssl3_buffer.c | 9 +- 35 files changed, 938 insertions(+), 96 deletions(-) diff --cc crypto/openssl/crypto/bn/rsa_sup_mul.c index 000000000000,acafefd5febf..acafefd5febf mode 000000,100644..100644 --- a/crypto/openssl/crypto/bn/rsa_sup_mul.c +++ b/crypto/openssl/crypto/bn/rsa_sup_mul.c diff --cc crypto/openssl/engines/asm/e_padlock-x86.pl index 5b097ce3ef9b,7d5c92d98ce3..7d5c92d98ce3 mode 100755,100644..100755 --- a/crypto/openssl/engines/asm/e_padlock-x86.pl +++ b/crypto/openssl/engines/asm/e_padlock-x86.pl diff --cc crypto/openssl/engines/asm/e_padlock-x86_64.pl index 09b0aaa48dfe,f60bec1e7d5d..f60bec1e7d5d mode 100755,100644..100755 --- a/crypto/openssl/engines/asm/e_padlock-x86_64.pl +++ b/crypto/openssl/engines/asm/e_padlock-x86_64.pl diff --cc crypto/openssl/include/openssl/opensslv.h index abb8e1203861,7b6c212fa097..6d65f72d9b85 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@@ -39,8 -39,8 +39,8 @@@ extern "C" * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ - # define OPENSSL_VERSION_NUMBER 0x1010113fL - # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1s-freebsd 1 Nov 2022" + # define OPENSSL_VERSION_NUMBER 0x1010114fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023" ++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t-freebsd 7 Feb 2023" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --cc crypto/openssl/ssl/record/rec_layer_s3.c index 501f58a2b373,1db1712a0986..2968753a2566 --- a/crypto/openssl/ssl/record/rec_layer_s3.c +++ b/crypto/openssl/ssl/record/rec_layer_s3.c @@@ -1012,18 -984,19 +1013,20 @@@ int do_ssl3_write(SSL *s, int type, con } /* - * Reserve some bytes for any growth that may occur during encryption. - * This will be at most one cipher block or the tag length if using - * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case. - */ + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ - if (!WPACKET_reserve_bytes(thispkt, - SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD - - mac_size, - NULL) + if (!BIO_get_ktls_send(s->wbio)) { + if (!WPACKET_reserve_bytes(thispkt, - SSL_RT_MAX_CIPHER_BLOCK_SIZE, - NULL) - /* - * We also need next the amount of bytes written to this - * sub-packet - */ ++ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD ++ - mac_size, ++ NULL) + /* + * We also need next the amount of bytes written to this + * sub-packet + */ || !WPACKET_get_length(thispkt, &len)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); @@@ -1068,11 -1039,11 +1071,14 @@@ thispkt = &pkt[j]; thiswr = &wr[j]; + if (BIO_get_ktls_send(s->wbio)) + goto mac_done; + /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen