Date: Tue, 16 Feb 2021 19:55:47 GMT From: Jung-uk Kim <jkim@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org Subject: git: 4f55bd5321b7 - vendor/openssl - Import OpenSSL 1.1.1j. Message-ID: <202102161955.11GJtlmo012350@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch vendor/openssl has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=4f55bd5321b72491d4eff396e4928e9ab0706735 commit 4f55bd5321b72491d4eff396e4928e9ab0706735 Author: Jung-uk Kim <jkim@FreeBSD.org> AuthorDate: 2021-02-16 19:54:02 +0000 Commit: Jung-uk Kim <jkim@FreeBSD.org> CommitDate: 2021-02-16 19:54:02 +0000 Import OpenSSL 1.1.1j. --- AUTHORS | 7 +++++ CHANGES | 37 ++++++++++++++++++++++++ CONTRIBUTING | 4 +-- Configure | 29 ++++++++++--------- INSTALL | 15 +++++----- NEWS | 10 +++++++ README | 2 +- apps/ca.c | 53 ++++++++++++++--------------------- crypto/aes/asm/aes-armv4.pl | 0 crypto/aes/asm/aes-c64xplus.pl | 0 crypto/aes/asm/aes-mips.pl | 0 crypto/aes/asm/aes-parisc.pl | 0 crypto/aes/asm/aes-ppc.pl | 0 crypto/aes/asm/aes-s390x.pl | 0 crypto/aes/asm/aesfx-sparcv9.pl | 0 crypto/aes/asm/aesni-mb-x86_64.pl | 0 crypto/aes/asm/aesni-sha1-x86_64.pl | 0 crypto/aes/asm/aesni-sha256-x86_64.pl | 0 crypto/aes/asm/aesni-x86.pl | 0 crypto/aes/asm/aesni-x86_64.pl | 0 crypto/aes/asm/aest4-sparcv9.pl | 0 crypto/aes/asm/bsaes-armv7.pl | 0 crypto/aes/asm/vpaes-ppc.pl | 0 crypto/aes/asm/vpaes-x86.pl | 0 crypto/aes/asm/vpaes-x86_64.pl | 0 crypto/armcap.c | 19 ++++++++++++- crypto/armv4cpuid.pl | 0 crypto/asn1/charmap.h | 2 +- crypto/bn/asm/armv4-gf2m.pl | 0 crypto/bn/asm/armv4-mont.pl | 0 crypto/bn/asm/c64xplus-gf2m.pl | 0 crypto/bn/asm/ia64-mont.pl | 0 crypto/bn/asm/mips-mont.pl | 0 crypto/bn/asm/mips.pl | 0 crypto/bn/asm/parisc-mont.pl | 0 crypto/bn/asm/ppc-mont.pl | 0 crypto/bn/asm/ppc64-mont.pl | 0 crypto/bn/asm/s390x-gf2m.pl | 0 crypto/bn/asm/s390x-mont.pl | 0 crypto/bn/asm/s390x.S | 0 crypto/bn/asm/sparcv9-gf2m.pl | 0 crypto/bn/asm/sparcv9-mont.pl | 0 crypto/bn/asm/via-mont.pl | 0 crypto/bn/asm/vis3-mont.pl | 0 crypto/bn/asm/x86-gf2m.pl | 0 crypto/bn/asm/x86_64-gf2m.pl | 0 crypto/bn/bn_const.c | 0 crypto/bn/bn_prime.h | 2 +- crypto/c64xpluscpuid.pl | 0 crypto/camellia/asm/cmll-x86.pl | 0 crypto/camellia/asm/cmll-x86_64.pl | 0 crypto/camellia/asm/cmllt4-sparcv9.pl | 0 crypto/conf/conf_def.c | 16 ++++++++++- crypto/conf/conf_def.h | 2 +- crypto/des/asm/dest4-sparcv9.pl | 0 crypto/dh/dh_key.c | 33 ++++++++++++++++++++-- crypto/ec/asm/ecp_nistz256-armv8.pl | 0 crypto/err/openssl.txt | 3 +- crypto/evp/evp_enc.c | 27 ++++++++++++++++++ crypto/evp/evp_err.c | 4 ++- crypto/md5/asm/md5-sparcv9.pl | 0 crypto/mem_sec.c | 8 +++++- crypto/modes/asm/aesni-gcm-x86_64.pl | 0 crypto/modes/asm/ghash-armv4.pl | 0 crypto/modes/asm/ghash-c64xplus.pl | 0 crypto/modes/asm/ghash-parisc.pl | 0 crypto/modes/asm/ghash-s390x.pl | 0 crypto/modes/asm/ghash-sparcv9.pl | 0 crypto/modes/asm/ghash-x86.pl | 0 crypto/modes/asm/ghash-x86_64.pl | 0 crypto/modes/asm/ghashv8-armx.pl | 0 crypto/objects/obj_dat.h | 2 +- crypto/objects/obj_xref.h | 2 +- crypto/objects/objxref.pl | 0 crypto/ocsp/ocsp_cl.c | 0 crypto/ocsp/ocsp_ext.c | 0 crypto/ocsp/ocsp_lib.c | 0 crypto/ocsp/ocsp_srv.c | 0 crypto/pariscid.pl | 0 crypto/perlasm/sparcv9_modes.pl | 0 crypto/perlasm/x86gas.pl | 0 crypto/perlasm/x86masm.pl | 0 crypto/poly1305/asm/poly1305-armv4.pl | 13 +++++---- crypto/ppccap.c | 20 ++++++++++++- crypto/rc4/asm/rc4-c64xplus.pl | 0 crypto/rc4/asm/rc4-md5-x86_64.pl | 0 crypto/rc4/asm/rc4-parisc.pl | 0 crypto/rc4/asm/rc4-s390x.pl | 0 crypto/rsa/rsa_ssl.c | 10 +++++-- crypto/sha/asm/sha1-armv4-large.pl | 0 crypto/sha/asm/sha1-armv8.pl | 0 crypto/sha/asm/sha1-c64xplus.pl | 0 crypto/sha/asm/sha1-mb-x86_64.pl | 0 crypto/sha/asm/sha1-mips.pl | 0 crypto/sha/asm/sha1-parisc.pl | 0 crypto/sha/asm/sha1-s390x.pl | 0 crypto/sha/asm/sha1-sparcv9.pl | 0 crypto/sha/asm/sha1-sparcv9a.pl | 0 crypto/sha/asm/sha1-thumb.pl | 0 crypto/sha/asm/sha256-586.pl | 0 crypto/sha/asm/sha256-armv4.pl | 0 crypto/sha/asm/sha256-c64xplus.pl | 0 crypto/sha/asm/sha256-mb-x86_64.pl | 0 crypto/sha/asm/sha512-586.pl | 0 crypto/sha/asm/sha512-armv4.pl | 0 crypto/sha/asm/sha512-armv8.pl | 0 crypto/sha/asm/sha512-c64xplus.pl | 0 crypto/sha/asm/sha512-mips.pl | 0 crypto/sha/asm/sha512-s390x.pl | 0 crypto/sha/asm/sha512-sparcv9.pl | 0 crypto/srp/srp_lib.c | 13 ++++++--- crypto/vms_rms.h | 0 crypto/whrlpool/asm/wp-mmx.pl | 0 crypto/whrlpool/asm/wp-x86_64.pl | 0 crypto/x509/x509_cmp.c | 24 +++++++++------- crypto/x509/x509_vfy.c | 15 ++++------ crypto/x509/x_all.c | 4 +-- crypto/x509/x_attrib.c | 5 +++- crypto/x509v3/v3_purp.c | 14 +++++---- doc/man1/ca.pod | 4 +-- doc/man1/cms.pod | 4 +-- doc/man1/crl2pkcs7.pod | 4 +-- doc/man1/dgst.pod | 4 +-- doc/man1/dsa.pod | 6 ++-- doc/man1/ec.pod | 6 ++-- doc/man1/enc.pod | 4 +-- doc/man1/genpkey.pod | 4 +-- doc/man1/genrsa.pod | 4 +-- doc/man1/pkcs12.pod | 14 ++++----- doc/man1/pkcs8.pod | 6 ++-- doc/man1/pkey.pod | 6 ++-- doc/man1/pkeyutl.pod | 4 +-- doc/man1/req.pod | 6 ++-- doc/man1/rsa.pod | 6 ++-- doc/man1/s_client.pod | 4 +-- doc/man1/s_server.pod | 4 +-- doc/man1/smime.pod | 4 +-- doc/man1/spkac.pod | 4 +-- doc/man1/storeutl.pod | 4 +-- doc/man1/ts.pod | 4 +-- doc/man1/x509.pod | 4 +-- doc/man3/DH_generate_key.pod | 27 ++++++++++++++---- doc/man3/OCSP_sendreq_new.pod | 28 ++++++++++++++---- doc/man3/OPENSSL_malloc.pod | 2 +- doc/man3/X509_get_extension_flags.pod | 11 ++++++-- engines/asm/e_padlock-x86.pl | 0 engines/asm/e_padlock-x86_64.pl | 0 include/openssl/evperr.h | 7 ++--- include/openssl/obj_mac.h | 2 +- include/openssl/opensslv.h | 4 +-- include/openssl/x509v3.h | 7 +++-- ssl/d1_lib.c | 11 ++++---- ssl/record/rec_layer_d1.c | 5 +++- ssl/ssl_local.h | 3 +- ssl/statem/extensions.c | 5 ++-- ssl/statem/statem_clnt.c | 3 +- ssl/statem/statem_lib.c | 15 ++++++++-- 157 files changed, 433 insertions(+), 202 deletions(-) diff --git a/AUTHORS b/AUTHORS index ac93b2e7b975..dac46f8b7e08 100644 --- a/AUTHORS +++ b/AUTHORS @@ -13,6 +13,8 @@ Ben Kaduk Bernd Edlinger Bodo Möller David Benjamin +David von Oheimb +Dmitry Belyavskiy (Дмитрий Белявский) Emilia Käsper Eric Young Geoff Thorpe @@ -22,14 +24,19 @@ Lutz Jänicke Mark J. Cox Matt Caswell Matthias St. Pierre +Nicola Tuveri Nils Larsch +Patrick Steuer Paul Dale Paul C. Sutton +Paul Yang Ralf S. Engelschall Rich Salz Richard Levitte +Shane Lontis Stephen Henson Steve Marquess Tim Hudson +Tomáš Mráz Ulf Möller Viktor Dukhovni diff --git a/CHANGES b/CHANGES index 37dd60b726ee..1ab64b35c9a4 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,43 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1i and 1.1.1j [16 Feb 2021] + + *) Fixed the X509_issuer_and_serial_hash() function. It attempts to + create a unique hash value based on the issuer and serial number data + contained within an X509 certificate. However it was failing to correctly + handle any errors that may occur while parsing the issuer field (which might + occur if the issuer field is maliciously constructed). This may subsequently + result in a NULL pointer deref and a crash leading to a potential denial of + service attack. + (CVE-2021-23841) + [Matt Caswell] + + *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks. This is considered a + bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is + CVE-2021-23839. + [Matt Caswell] + + *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate + functions. Previously they could overflow the output length argument in some + cases where the input length is close to the maximum permissable length for + an integer on the platform. In such cases the return value from the function + call would be 1 (indicating success), but the output length value would be + negative. This could cause applications to behave incorrectly or crash. + (CVE-2021-23840) + [Matt Caswell] + + *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous + implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This + could be exploited in a side channel attack to recover the password. Since + the attack is local host only this is outside of the current OpenSSL + threat model and therefore no CVE is assigned. + + Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this + issue. + [Matt Caswell] + Changes between 1.1.1h and 1.1.1i [8 Dec 2020] *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function diff --git a/CONTRIBUTING b/CONTRIBUTING index 57be75ce2b8a..83c0dde12819 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -41,8 +41,8 @@ guidelines: https://www.openssl.org/policies/codingstyle.html) and compile without warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds - via Travis and AppVeyor are required, and they are started automatically + platforms: try to ensure you only use portable features. Clean builds via + GitHub Actions and AppVeyor are required, and they are started automatically whenever a PR is created or updated. 5. When at all possible, patches should include tests. These can diff --git a/Configure b/Configure index 1d73d06e1b3b..b286dd0678bb 100755 --- a/Configure +++ b/Configure @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1201,6 +1201,10 @@ foreach (keys %useradd) { # At this point, we can forget everything about %user and %useradd, # because it's now all been merged into the corresponding $config entry +if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { + disable('static', 'pic', 'threads'); +} + # Allow overriding the build file name $config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile"; @@ -1521,10 +1525,6 @@ if ($strict_warnings) } } -if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) { - disable('static', 'pic', 'threads'); -} - $config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings' ? @strict_warnings_collection : ( $_ ) } @@ -2611,19 +2611,22 @@ _____ } print "\nEnabled features:\n\n"; foreach my $what (@disablables) { - print " $what\n" unless $disabled{$what}; + print " $what\n" + unless grep { $_ =~ /^${what}$/ } keys %disabled; } print "\nDisabled features:\n\n"; foreach my $what (@disablables) { - if ($disabled{$what}) { - print " $what", ' ' x ($longest - length($what) + 1), - "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1); - print $disabled_info{$what}->{macro} - if $disabled_info{$what}->{macro}; + my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled; + my $what3 = $what2[0]; + if ($what3) { + print " $what3", ' ' x ($longest - length($what3) + 1), + "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1); + print $disabled_info{$what3}->{macro} + if $disabled_info{$what3}->{macro}; print ' (skip ', - join(', ', @{$disabled_info{$what}->{skipped}}), + join(', ', @{$disabled_info{$what3}->{skipped}}), ')' - if $disabled_info{$what}->{skipped}; + if $disabled_info{$what3}->{skipped}; print "\n"; } } diff --git a/INSTALL b/INSTALL index f5118428b3bc..f3ac727183f0 100644 --- a/INSTALL +++ b/INSTALL @@ -106,8 +106,7 @@ This will build and install OpenSSL in the default location, which is: Unix: normal installation directories under /usr/local - OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the - OpenSSL version number with underscores instead of periods. + OpenVMS: SYS$COMMON:[OPENSSL] Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL The installation directory should be appropriately protected to ensure @@ -116,7 +115,9 @@ your Operating System it is recommended that you do not overwrite the system version and instead install to somewhere else. - If you want to install it anywhere else, run config like this: + If you want to install it anywhere else, run config like this (the options + --prefix and --openssldir are explained further down, and the values shown + here are mere examples): On Unix: @@ -198,7 +199,7 @@ Unix: /usr/local Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL - OpenVMS: SYS$COMMON:[OPENSSL-'version'] + OpenVMS: SYS$COMMON:[OPENSSL] --release Build OpenSSL without debugging symbols. This is the default. @@ -961,9 +962,9 @@ share/doc/openssl/html/man7 Contains the HTML rendition of the man-pages. - OpenVMS ('arch' is replaced with the architecture name, "Alpha" - or "ia64", 'sover' is replaced with the shared library version - (0101 for 1.1), and 'pz' is replaced with the pointer size + OpenVMS ('arch' is replaced with the architecture name, "ALPHA" + or "IA64", 'sover' is replaced with the shared library version + (0101 for 1.1.x), and 'pz' is replaced with the pointer size OpenSSL was built with): [.EXE.'arch'] Contains the openssl binary. diff --git a/NEWS b/NEWS index 98f6791a8b79..3cce52506645 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,16 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021] + + o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash() + function (CVE-2021-23841) + o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING + padding mode to correctly check for rollback attacks + o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and + EVP_DecryptUpdate functions (CVE-2021-23840) + o Fixed SRP_Calc_client_key so that it runs in constant time + Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020] o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971) diff --git a/README b/README index 6325127b5693..da5629f92c81 100644 --- a/README +++ b/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1i 8 Dec 2020 + OpenSSL 1.1.1j 16 Feb 2021 Copyright (c) 1998-2020 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/ca.c b/apps/ca.c old mode 100644 new mode 100755 index 6c9b1e57bc67..390ac37493c8 --- a/apps/ca.c +++ b/apps/ca.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db) static int do_updatedb(CA_DB *db) { - ASN1_UTCTIME *a_tm = NULL; + ASN1_TIME *a_tm = NULL; int i, cnt = 0; - int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */ - char **rrow, *a_tm_s; + char **rrow; - a_tm = ASN1_UTCTIME_new(); + a_tm = ASN1_TIME_new(); if (a_tm == NULL) return -1; - /* get actual time and make a string */ + /* get actual time */ if (X509_gmtime_adj(a_tm, 0) == NULL) { - ASN1_UTCTIME_free(a_tm); + ASN1_TIME_free(a_tm); return -1; } - a_tm_s = app_malloc(a_tm->length + 1, "time string"); - - memcpy(a_tm_s, a_tm->data, a_tm->length); - a_tm_s[a_tm->length] = '\0'; - - if (strncmp(a_tm_s, "49", 2) <= 0) - a_y2k = 1; - else - a_y2k = 0; for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) { rrow = sk_OPENSSL_PSTRING_value(db->db->data, i); if (rrow[DB_type][0] == DB_TYPE_VAL) { /* ignore entries that are not valid */ - if (strncmp(rrow[DB_exp_date], "49", 2) <= 0) - db_y2k = 1; - else - db_y2k = 0; + ASN1_TIME *exp_date = NULL; - if (db_y2k == a_y2k) { - /* all on the same y2k side */ - if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) { - rrow[DB_type][0] = DB_TYPE_EXP; - rrow[DB_type][1] = '\0'; - cnt++; + exp_date = ASN1_TIME_new(); + if (exp_date == NULL) { + ASN1_TIME_free(a_tm); + return -1; + } - BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); - } - } else if (db_y2k < a_y2k) { + if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) { + ASN1_TIME_free(a_tm); + ASN1_TIME_free(exp_date); + return -1; + } + + if (ASN1_TIME_compare(exp_date, a_tm) <= 0) { rrow[DB_type][0] = DB_TYPE_EXP; rrow[DB_type][1] = '\0'; cnt++; BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]); } - + ASN1_TIME_free(exp_date); } } - ASN1_UTCTIME_free(a_tm); - OPENSSL_free(a_tm_s); + ASN1_TIME_free(a_tm); return cnt; } diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/armcap.c b/crypto/armcap.c index 58e54f0da2e1..8bf96f10214f 100644 --- a/crypto/armcap.c +++ b/crypto/armcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor)); # define OSSL_IMPLEMENT_GETAUXVAL # endif # endif +# if defined(__FreeBSD__) +# include <sys/param.h> +# if __FreeBSD_version >= 1200000 +# include <sys/auxv.h> +# define OSSL_IMPLEMENT_GETAUXVAL + +static unsigned long getauxval(unsigned long key) +{ + unsigned long val = 0ul; + + if (elf_aux_info((int)key, &val, sizeof(val)) != 0) + return 0ul; + + return val; +} +# endif +# endif /* * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index cac354c6bf33..e234c9e615d0 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c old mode 100755 new mode 100644 diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index ba48244534b0..1a25c285773a 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 3d710f12ae07..31c02cc49e22 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BUF_MEM *buff = NULL; char *s, *p, *end; int again; + int first_call = 1; long eline = 0; char btmp[DECIMAL_SIZE(eline) + 1]; CONF_VALUE *v = NULL, *tv; @@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) BIO_gets(in, p, CONFBUFSIZE - 1); p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); + if (first_call) { + /* Other BOMs imply unsupported multibyte encoding, + * so don't strip them and let the error raise */ + const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF}; + + if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) { + memmove(p, p + 3, i - 3); + p[i - 3] = 0; + i -= 3; + ii -= 3; + } + first_call = 0; + } if (i == 0 && !again) { /* the currently processed BIO is at EOF */ BIO *parent; diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 2ced300e40d6..1e4a03e10bbd 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index daffdf74dd37..117f2fa883ff 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,18 +25,45 @@ int DH_generate_key(DH *dh) return dh->meth->generate_key(dh); } +/*- + * NB: This function is inherently not constant time due to the + * RFC 5246 (8.1.2) padding style that strips leading zero bytes. + */ int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) { - return dh->meth->compute_key(key, pub_key, dh); + int ret = 0, i; + volatile size_t npad = 0, mask = 1; + + /* compute the key; ret is constant unless compute_key is external */ + if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0) + return ret; + + /* count leading zero bytes, yet still touch all bytes */ + for (i = 0; i < ret; i++) { + mask &= !key[i]; + npad += mask; + } + + /* unpad key */ + ret -= npad; + /* key-dependent memory access, potentially leaking npad / ret */ + memmove(key, key + npad, ret); + /* key-dependent memory access, potentially leaking npad / ret */ + memset(key + ret, 0, npad); + + return ret; } int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh) { int rv, pad; + + /* rv is constant unless compute_key is external */ rv = dh->meth->compute_key(key, pub_key, dh); if (rv <= 0) return rv; pad = BN_num_bytes(dh->p) - rv; + /* pad is constant (zero) unless compute_key is external */ if (pad > 0) { memmove(key + pad, key, rv); memset(key, 0, pad); @@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) goto err; } - ret = BN_bn2bin(tmp, key); + ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p)); err: BN_CTX_end(ctx); BN_CTX_free(ctx); diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl old mode 100755 new mode 100644 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 815460b24f67..7e1776375df7 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized +EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b9b6490fe069..0843caf4f0a4 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -8,6 +8,7 @@ */ #include <stdio.h> +#include <limits.h> #include <assert.h> #include "internal/cryptlib.h" #include <openssl/evp.h> @@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(&(ctx->buf[i]), in, j); inl -= j; in += j; @@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING); return 0; } + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 05481d827fb4..32ac0125de24 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "operation not supported for this keytype"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW), + "output would overflow"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c index b5f959ba15d5..222c786cbaef 100644 --- a/crypto/mem_sec.c +++ b/crypto/mem_sec.c @@ -34,6 +34,12 @@ # include <errno.h> # endif # endif +# if defined(__FreeBSD__) +# define MADV_DONTDUMP MADV_NOCORE +# endif +# if !defined(MAP_CONCEAL) +# define MAP_CONCEAL 0 +# endif # include <sys/param.h> # include <sys/stat.h> # include <fcntl.h> @@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize) if (1) { #ifdef MAP_ANON sh.map_result = mmap(NULL, sh.map_size, - PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0); + PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0); } else { #endif int fd; diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl old mode 100755 new mode 100644 diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl old mode 100755 new mode 100644 diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index d1b1bc7faf91..24b49a2df258 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 1ca04bbff19f..5c3561ab7d7e 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * *** 1418 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202102161955.11GJtlmo012350>