From nobody Tue Jul 5 16:42:07 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4255C1D11AD1; Tue, 5 Jul 2022 16:42:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LcpNw1QdNz4hHK; Tue, 5 Jul 2022 16:42:08 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657039328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NziQmWv1XTzLO/GHGEhE74a7cs/LsPLy26UMQrR280E=; b=VbGphfeAUZOsrtmi61EpN2iM7oD7LAaz6MUYd6G/vCyYwIIYdGY2PwWUld1LmJJR7BIPU1 FK1qJFy9tfnwVRnoxytUMLZdPPgqusw7kbfKN2imixTgizMa2PvXVALXhIzuEhAwH512Nv o7gKl0Ddg7uoN9npCpIxUX1mEwuU6c/Y3u74bYXr4xWj+JBRxtxrdXE3lD7WkQZqiE8xgX hk3cp97DeGiA2o98NWuysK3J2C9XaqN/NhsQTpsMtWpgysPhV4eP5ZDUS57aEgXD9c9WE3 MAAdLu8THog6rmes7WdsZKAFvTBjy/alaOKbIn5/IcIrgSnJes8TXPhNZI3yzw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 0E509CEF; Tue, 5 Jul 2022 16:42:08 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 265Gg7ZO004591; Tue, 5 Jul 2022 16:42:07 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 265Gg7JB004590; Tue, 5 Jul 2022 16:42:07 GMT (envelope-from git) Date: Tue, 5 Jul 2022 16:42:07 GMT Message-Id: <202207051642.265Gg7JB004590@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jung-uk Kim Subject: git: c83325e95a98 - stable/12 - OpenSSL: Merge OpenSSL 1.1.1q List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jkim X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: c83325e95a98991ec46e0c881559d3dbfaf36081 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1657039328; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=NziQmWv1XTzLO/GHGEhE74a7cs/LsPLy26UMQrR280E=; b=Brc2PCNGlI13GEx/lDigLPLOwDSwy16IB8C+okB4f4YwpaJbEOy710/jMhn2U5Qs+keanJ hBErU28ZO3PEBv3LXAvezt3+KB0LVnzhXz87jw8XMP9rWTkCaPrNo50O9mJdMGvyx+nZAI aPdE1Q4cM+/4iZtFcDBAYMuWJ21ypRdeymMXYnSeH6CFO7hVOkpLCMo9Qha19ZCbEM6GEp EgxAH3HWU0k1gS+P/xwvl8Fx5SL7fhzCz0YPE6mg2RBoOGU9mp2QlLkJR9rM59SCfe9pcQ 2veKgZpRm8wGRXCCb7Dn7WI8ZCqTYrJSmjU8cm/2a9JiY2zYtJFhMocIiKVZdg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1657039328; a=rsa-sha256; cv=none; b=AKyyRyrnx3wijNMV6kWtiM+mgK0zD2M1GNg6pwioGjcbFyREhUvV0Ln1sseXZ/jzkVSll2 I/PUBd1L5ZnCxvD1PEpNOOfClC7+WBgxYMqgl79akuMygQ2To4ZRn4NQ+ICGlgyHDbQxK/ w+1gtyiXE8sxiolAV44RY4eRQz4iKan7h8vMt9FQxFRY193mizmv2uyVHeOegNRapXOmyx bCZ8CIue5d1VsoTOkx9a4dJ3j1CemPE77Pfm+7IhAKoVbIaQ2NniAfgHju4jCuMIJN2JX8 nKUBPbKhHsEgI6HNZE+d2ULDT9gZ6LAo8MMIPIxoumhxH6XCozgARC10QiV/YA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=c83325e95a98991ec46e0c881559d3dbfaf36081 commit c83325e95a98991ec46e0c881559d3dbfaf36081 Author: Jung-uk Kim AuthorDate: 2022-07-05 15:47:01 +0000 Commit: Jung-uk Kim CommitDate: 2022-07-05 16:37:44 +0000 OpenSSL: Merge OpenSSL 1.1.1q (cherry picked from commit 64cbf7cebc3b80a971e1d15124831d84604b9370) --- crypto/openssl/CHANGES | 13 +++++++++++++ crypto/openssl/NEWS | 5 +++++ crypto/openssl/README | 2 +- crypto/openssl/crypto/aes/asm/aesni-x86.pl | 6 +++--- crypto/openssl/crypto/bn/bn_gcd.c | 8 +++++--- crypto/openssl/crypto/ec/ec_asn1.c | 4 ++-- crypto/openssl/crypto/x509v3/v3_addr.c | 16 +++++++++++++--- crypto/openssl/crypto/x509v3/v3_sxnet.c | 2 ++ crypto/openssl/doc/man3/SSL_get_current_cipher.pod | 6 +++--- crypto/openssl/include/openssl/opensslv.h | 4 ++-- 10 files changed, 49 insertions(+), 17 deletions(-) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 18c320f85c84..c18a1f514968 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,19 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1p and 1.1.1q [5 Jul 2022] + + *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised + implementation would not encrypt the entirety of the data under some + circumstances. This could reveal sixteen bytes of data that was + preexisting in the memory that wasn't written. In the special case of + "in place" encryption, sixteen bytes of the plaintext would be revealed. + + Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, + they are both unaffected. + (CVE-2022-2097) + [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo] + Changes between 1.1.1o and 1.1.1p [21 Jun 2022] *) In addition to the c_rehash shell command injection identified in diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index f5f5759c0ff2..75e9ba062df3 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022] + + o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms + (CVE-2022-2097) + Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022] o Fixed additional bugs in the c_rehash script which was not properly diff --git a/crypto/openssl/README b/crypto/openssl/README index 97a0042b8651..79f9c611a933 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1p 21 Jun 2022 + OpenSSL 1.1.1q 5 Jul 2022 Copyright (c) 1998-2022 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86.pl b/crypto/openssl/crypto/aes/asm/aesni-x86.pl index fe2b26542ab6..3502940d5233 100755 --- a/crypto/openssl/crypto/aes/asm/aesni-x86.pl +++ b/crypto/openssl/crypto/aes/asm/aesni-x86.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); &movdqu (&QWP(-16*2,$out,$inp),$inout4); &movdqu (&QWP(-16*1,$out,$inp),$inout5); &cmp ($inp,$len); # done yet? - &jb (&label("grandloop")); + &jbe (&label("grandloop")); &set_label("short"); &add ($len,16*6); @@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); &pxor ($rndkey1,$inout5); &movdqu (&QWP(-16*1,$out,$inp),$inout5); &cmp ($inp,$len); # done yet? - &jb (&label("grandloop")); + &jbe (&label("grandloop")); &set_label("short"); &add ($len,16*6); diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c index 0941f7b97f3f..6190bf1eddb0 100644 --- a/crypto/openssl/crypto/bn/bn_gcd.c +++ b/crypto/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, if (R == NULL) goto err; - BN_one(X); + if (!BN_one(X)) + goto err; BN_zero(Y); if (BN_copy(B, a) == NULL) goto err; diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index 34de7b2aabf7..1acbbde3d37b 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) } /* extract the order */ - if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { + if (ASN1_INTEGER_to_BN(params->order, a) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } @@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) if (params->cofactor == NULL) { BN_free(b); b = NULL; - } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { + } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); goto err; } diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c index 4258dbc40c0f..ccce34ef2e48 100644 --- a/crypto/openssl/crypto/x509v3/v3_addr.c +++ b/crypto/openssl/crypto/x509v3/v3_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,8 @@ #include #include +#include +#include #include "internal/cryptlib.h" #include @@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min, unsigned char mask; int i, j; - if (memcmp(min, max, length) <= 0) - return -1; + /* + * It is the responsibility of the caller to confirm min <= max. We don't + * use ossl_assert() here since we have no way of signalling an error from + * this function - so we just use a plain assert instead. + */ + assert(memcmp(min, max, length) <= 0); + for (i = 0; i < length && min[i] == max[i]; i++) ; for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; if (i < j) @@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result, IPAddressOrRange *aor; int i, prefixlen; + if (memcmp(min, max, length) > 0) + return 0; + if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) return make_addressPrefix(result, min, prefixlen); diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c index 144e8bee84ad..3c5508f9416c 100644 --- a/crypto/openssl/crypto/x509v3/v3_sxnet.c +++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c @@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); + if (tmp == NULL) + return 0; BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); OPENSSL_free(tmp); ASN1_STRING_print(out, id->user); diff --git a/crypto/openssl/doc/man3/SSL_get_current_cipher.pod b/crypto/openssl/doc/man3/SSL_get_current_cipher.pod index 64ca819b0e1c..4ed555aa4972 100644 --- a/crypto/openssl/doc/man3/SSL_get_current_cipher.pod +++ b/crypto/openssl/doc/man3/SSL_get_current_cipher.pod @@ -10,8 +10,8 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection #include - SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); - SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); + const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl); + const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl); const char *SSL_get_cipher_name(const SSL *s); const char *SSL_get_cipher(const SSL *s); @@ -61,7 +61,7 @@ L, L =head1 COPYRIGHT -Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index 41f3a095460b..72f33433be1c 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010110fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p-freebsd 21 Jun 2022" +# define OPENSSL_VERSION_NUMBER 0x1010111fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q-freebsd 5 Jul 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...)