From nobody Tue Sep 30 15:24:55 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cbhgq5XQrz69F2q; Tue, 30 Sep 2025 15:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cbhgq1W63z3Q8q; Tue, 30 Sep 2025 15:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hEzWBqBUGU/QZthHu0F+rIzI6vPyNaJox0Guy66XXc4=; b=hkH0qQHKBPQLS1Zh1uC44VpT4Hg7goSc2LCSvyIqcVPBRulXsWPqlVfq+CoteZ8MGA3EmC W7R/5S3MxmUH8ECU+6a/R6DzL6L5ko7S4bVKB4L11via0JdOEaSrhjHHWty2Bh94Binrjm FaYDuPvt+HNonpvxz2QxXN/hDZnXqX/ljZDu0QTTXl8M5hJg3S0bmhfOGp04BFeh5OPt/R cDVsMuPO0rsQCYkBlUdl+Tf26MSJDbbuT/C4JXpVyL1k04lGPTkPdn0ytDlWl51Evrxk+L AnvnqbkH25sZw2o8Xzg0RsrER5wVBCtZ1U4WK2VNz0ikIpuapEjtkj/9WWxH+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1759245895; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hEzWBqBUGU/QZthHu0F+rIzI6vPyNaJox0Guy66XXc4=; b=yVLoWn8mK5g5hXTqGIm1NNc93HIiAyp9VfC9HnudwSYVvk7eFesJG84ot44JN23Mp90/Zh CFCBlNy0NGcD1tPX3L+yVpc3+5agadUoILIQ4H4Z5itn/FeJvBBCcj0ehggxQfZ6eDPbdt SfF0XWPGPPIq2NMzm2vZ3IfRMJGD7GwxjT2cLeZrv3CW/JB1PQneEiZg2ry1ZTcCCdNttD 36FrTA9/WB/rQ3vIKbAESs0kW2ld9q4xpJjrWGuE5HFaoeN1WDV58rzoVrYTI75lsZqlSG Xe1e4jqRm6QJiC0yGvCBIPyREXBKo/qXO7Zs2YG6cOpl/KvRqxUx1LK9odpDDg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1759245895; a=rsa-sha256; cv=none; b=X8QJzgusoP0Lc3GN4QQrNQFM4Kzj4ZBI4HlhfJTZho00qeTAgYvqRJG+Csi5kjJfmly/SD N8tpWTianSLHrdhLQ3cVR4KvYHOf+sAqLAsaviqaUbWs6Js/AW5W0nKbXu4PLiWmeoLJ2o +NAtpxM2jOZ+yz2rWeLjAkapAjD9R/PRjfBm/RQUSBWv37J345pOTB3wTIDtB/xuSOvZAF y8b7pSoLDQ1A16TKz9s/4MkJ+scRdvCeo6CP/Zj6CPkyHlZ2lOwCheYzKd4gO/Oz14m/Qp eoGt5FONt5PPaeich2vtxdqtKMesilDo3VPzRlwKfqPik+6H5bF1HvWkzC1RVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cbhgq0jBdzj0B; Tue, 30 Sep 2025 15:24:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58UFOtoe046661; Tue, 30 Sep 2025 15:24:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58UFOtRQ046658; Tue, 30 Sep 2025 15:24:55 GMT (envelope-from git) Date: Tue, 30 Sep 2025 15:24:55 GMT Message-Id: <202509301524.58UFOtRQ046658@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gordon Tetlow Subject: git: aa1afb69dced - main - Fix multiple security issues in OpenSSL. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: gordon X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: aa1afb69dcedfc68859815987c46997500f834c3 Auto-Submitted: auto-generated The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/src/commit/?id=aa1afb69dcedfc68859815987c46997500f834c3 commit aa1afb69dcedfc68859815987c46997500f834c3 Author: Gordon Tetlow AuthorDate: 2025-09-30 15:23:01 +0000 Commit: Gordon Tetlow CommitDate: 2025-09-30 15:23:01 +0000 Fix multiple security issues in OpenSSL. Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231) Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232) Obtained from: OpenSSL Approved by: so Security: FreeBSD-SA-25:08.openssl Security: CVE-2025-9230 Security: CVE-2025-9231 Security: CVE-2025-9232 --- crypto/openssl/crypto/cms/cms_pwri.c | 2 +- crypto/openssl/crypto/ec/ecp_sm2p256.c | 101 +-------------------------------- crypto/openssl/crypto/http/http_lib.c | 1 + 3 files changed, 5 insertions(+), 99 deletions(-) diff --git a/crypto/openssl/crypto/cms/cms_pwri.c b/crypto/openssl/crypto/cms/cms_pwri.c index a7d609f83791..ee1b8aa6ed61 100644 --- a/crypto/openssl/crypto/cms/cms_pwri.c +++ b/crypto/openssl/crypto/cms/cms_pwri.c @@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, /* Check byte failure */ goto err; } - if (inlen < (size_t)(tmp[0] - 4)) { + if (inlen < 4 + (size_t)tmp[0]) { /* Invalid length value */ goto err; } diff --git a/crypto/openssl/crypto/ec/ecp_sm2p256.c b/crypto/openssl/crypto/ec/ecp_sm2p256.c index 7668b61378b6..ffb58399dfd0 100644 --- a/crypto/openssl/crypto/ec/ecp_sm2p256.c +++ b/crypto/openssl/crypto/ec/ecp_sm2p256.c @@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = { 0xffffffffffffffff, 0xffffffff00000000, 0xffffffffffffffff, 0xfffffffeffffffff }; -ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = { - 0x53bbf40939d54123, 0x7203df6b21c6052b, - 0xffffffffffffffff, 0xfffffffeffffffff -}; ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0}; @@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out, BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p); } -/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */ -static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out, - const BN_ULONG* in) { - BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord, - def_ord); -} - /* Point double: R <- P + P */ static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P) { @@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator) } #endif -/* - * Convert Jacobian coordinate point into affine coordinate (x,y) - */ -static int ecp_sm2p256_get_affine(const EC_GROUP *group, - const EC_POINT *point, - BIGNUM *x, BIGNUM *y, BN_CTX *ctx) -{ - ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0}; - - if (EC_POINT_is_at_infinity(group, point)) { - ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY); - return 0; - } - - if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0 - || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0 - || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - return 0; - } - - ecp_sm2p256_mod_inverse(z_inv3, point_z); - ecp_sm2p256_sqr(z_inv2, z_inv3); - - if (x != NULL) { - ecp_sm2p256_mul(x_aff, point_x, z_inv2); - if (!bn_set_words(x, x_aff, P256_LIMBS)) - return 0; - } - - if (y != NULL) { - ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2); - ecp_sm2p256_mul(y_aff, point_y, z_inv3); - if (!bn_set_words(y, y_aff, P256_LIMBS)) - return 0; - } - - return 1; -} - /* r = sum(scalar[i]*point[i]) */ static int ecp_sm2p256_windowed_mul(const EC_GROUP *group, P256_POINT *r, @@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r, return 1; } -static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r, - const BIGNUM *x, BN_CTX *ctx) -{ - int ret = 0; - ALIGN32 BN_ULONG t[P256_LIMBS] = {0}; - ALIGN32 BN_ULONG out[P256_LIMBS] = {0}; - - if (bn_wexpand(r, P256_LIMBS) == NULL) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - - if ((BN_num_bits(x) > 256) || BN_is_negative(x)) { - BIGNUM *tmp; - - if ((tmp = BN_CTX_get(ctx)) == NULL - || !BN_nnmod(tmp, x, group->order, ctx)) { - ECerr(ERR_LIB_EC, ERR_R_BN_LIB); - goto err; - } - x = tmp; - } - - if (!ecp_sm2p256_bignum_field_elem(t, x)) { - ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE); - goto err; - } - - ecp_sm2p256_mod_ord_inverse(out, t); - - if (!bn_set_words(r, out, P256_LIMBS)) - goto err; - - ret = 1; -err: - return ret; -} - const EC_METHOD *EC_GFp_sm2p256_method(void) { static const EC_METHOD ret = { @@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ossl_ec_GFp_simple_point_copy, ossl_ec_GFp_simple_point_set_to_infinity, ossl_ec_GFp_simple_point_set_affine_coordinates, - ecp_sm2p256_get_affine, + ossl_ec_GFp_simple_point_get_affine_coordinates, 0, 0, 0, ossl_ec_GFp_simple_add, ossl_ec_GFp_simple_dbl, @@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ecp_sm2p256_field_mul, ecp_sm2p256_field_sqr, 0 /* field_div */, - 0 /* field_inv */, + ossl_ec_GFp_simple_field_inv, 0 /* field_encode */, 0 /* field_decode */, 0 /* field_set_to_one */, @@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void) ossl_ecdsa_simple_sign_setup, ossl_ecdsa_simple_sign_sig, ossl_ecdsa_simple_verify_sig, - ecp_sm2p256_inv_mod_ord, + 0, /* use constant‑time fallback for inverse mod order */ 0, /* blind_coordinates */ 0, /* ladder_pre */ 0, /* ladder_step */ diff --git a/crypto/openssl/crypto/http/http_lib.c b/crypto/openssl/crypto/http/http_lib.c index fcf8a69e07a8..022b8c194cbe 100644 --- a/crypto/openssl/crypto/http/http_lib.c +++ b/crypto/openssl/crypto/http/http_lib.c @@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server) /* strip leading '[' and trailing ']' from escaped IPv6 address */ sl -= 2; strncpy(host, server + 1, sl); + host[sl] = '\0'; server = host; }