Module Name: src
Committed By: christos
Date: Tue Mar 15 20:51:13 UTC 2022
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure NEWS README
src/crypto/external/bsd/openssl/dist/apps: openssl.c s_client.c
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_print.c
src/crypto/external/bsd/openssl/dist/crypto/engine: eng_all.c
src/crypto/external/bsd/openssl/dist/crypto/lhash: lhash.c
src/crypto/external/bsd/openssl/dist/crypto/ui: ui_openssl.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/ssl: s3_lib.c
src/crypto/external/bsd/openssl/dist/test: bntest.c evp_extra_test.c
src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data:
evpkdf.txt
Log Message:
merge OpenSSL-1.1.1m and OpenSSL-1.1.1n
To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.6 -r1.7 src/crypto/external/bsd/openssl/dist/apps/openssl.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssl/dist/apps/s_client.c
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c
cvs rdiff -u -r1.13 -r1.14 \
src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c
cvs rdiff -u -r1.9 -r1.10 \
src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.28 -r1.29 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/external/bsd/openssl/dist/test/bntest.c
cvs rdiff -u -r1.10 -r1.11 \
src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
cvs rdiff -u -r1.2 -r1.3 \
src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.28 src/crypto/external/bsd/openssl/dist/CHANGES:1.29
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.28 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/CHANGES Tue Mar 15 16:51:12 2022
@@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
+
+ *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+ for non-prime moduli.
+
+ Internally this function is used when parsing certificates that contain
+ elliptic curve public keys in compressed form or explicit elliptic curve
+ parameters with a base point encoded in compressed form.
+
+ It is possible to trigger the infinite loop by crafting a certificate that
+ has invalid explicit curve parameters.
+
+ Since certificate parsing happens prior to verification of the certificate
+ signature, any process that parses an externally supplied certificate may
+ thus be subject to a denial of service attack. The infinite loop can also
+ be reached when parsing crafted private keys as they can contain explicit
+ elliptic curve parameters.
+
+ Thus vulnerable situations include:
+
+ - TLS clients consuming server certificates
+ - TLS servers consuming client certificates
+ - Hosting providers taking certificates or private keys from customers
+ - Certificate authorities parsing certification requests from subscribers
+ - Anything else which parses ASN.1 elliptic curve parameters
+
+ Also any other applications that use the BN_mod_sqrt() where the attacker
+ can control the parameter values are vulnerable to this DoS issue.
+ (CVE-2022-0778)
+ [Tomáš Mráz]
+
+ *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+ to the list of ciphersuites providing Perfect Forward Secrecy as
+ required by SECLEVEL >= 3.
+
+ [Dmitry Belyavskiy, Nicola Tuveri]
+
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
*) Avoid loading of a dynamic engine twice.
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.28 src/crypto/external/bsd/openssl/dist/NEWS:1.29
--- src/crypto/external/bsd/openssl/dist/NEWS:1.28 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/NEWS Tue Mar 15 16:51:12 2022
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
+
+ o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+ forever for non-prime moduli ([CVE-2022-0778])
+
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
o None
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.28 src/crypto/external/bsd/openssl/dist/README:1.29
--- src/crypto/external/bsd/openssl/dist/README:1.28 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/README Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1m 14 Dec 2021
+ OpenSSL 1.1.1n 15 Mar 2022
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.29 src/crypto/external/bsd/openssl/dist/Configure:1.30
--- src/crypto/external/bsd/openssl/dist/Configure:1.29 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/Configure Tue Mar 15 16:51:12 2022
@@ -3161,25 +3161,25 @@ sub resolve_config {
}
}
- foreach (sort keys %all_keys) {
- my $previous = $combined_inheritance{$_};
+ foreach my $key (sort keys %all_keys) {
+ my $previous = $combined_inheritance{$key};
# Current target doesn't have a value for the current key?
# Assign it the default combiner, the rest of this loop body
# will handle it just like any other coderef.
- if (!exists $table{$target}->{$_}) {
- $table{$target}->{$_} = $default_combiner;
+ if (!exists $table{$target}->{$key}) {
+ $table{$target}->{$key} = $default_combiner;
}
- $table{$target}->{$_} = process_values($table{$target}->{$_},
- $combined_inheritance{$_},
- $target, $_);
- unless(defined($table{$target}->{$_})) {
- delete $table{$target}->{$_};
+ $table{$target}->{$key} = process_values($table{$target}->{$key},
+ $combined_inheritance{$key},
+ $target, $key);
+ unless(defined($table{$target}->{$key})) {
+ delete $table{$target}->{$key};
}
# if ($extra_checks &&
-# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {
-# warn "$_ got replaced in $target\n";
+# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) {
+# warn "$key got replaced in $target\n";
# }
}
Index: src/crypto/external/bsd/openssl/dist/apps/openssl.c
diff -u src/crypto/external/bsd/openssl/dist/apps/openssl.c:1.6 src/crypto/external/bsd/openssl/dist/apps/openssl.c:1.7
--- src/crypto/external/bsd/openssl/dist/apps/openssl.c:1.6 Sat Mar 21 20:53:02 2020
+++ src/crypto/external/bsd/openssl/dist/apps/openssl.c Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -120,7 +120,6 @@ int main(int argc, char *argv[])
{
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
- char **copied_argv = NULL;
char *p, *pname;
char buf[1024];
const char *prompt;
@@ -137,7 +136,7 @@ int main(int argc, char *argv[])
bio_err = dup_bio_err(FORMAT_TEXT);
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
- copied_argv = argv = copy_argv(&argc, argv);
+ argv = copy_argv(&argc, argv);
#elif defined(_WIN32)
/*
* Replace argv[] with UTF-8 encoded strings.
@@ -258,7 +257,6 @@ int main(int argc, char *argv[])
}
ret = 1;
end:
- OPENSSL_free(copied_argv);
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
Index: src/crypto/external/bsd/openssl/dist/apps/s_client.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.24 src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.25
--- src/crypto/external/bsd/openssl/dist/apps/s_client.c:1.24 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/apps/s_client.c Tue Mar 15 16:51:12 2022
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
struct timeval tv;
#endif
const char *servername = NULL;
+ char *sname_alloc = NULL;
int noservername = 0;
const char *alpn_in = NULL;
tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
"%s: -proxy argument malformed or ambiguous\n", prog);
goto end;
}
+ if (servername == NULL && !noservername) {
+ res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+ if (!res) {
+ BIO_printf(bio_err,
+ "%s: -connect argument malformed or ambiguous\n", prog);
+ goto end;
+ }
+ servername = sname_alloc;
+ }
} else {
int res = 1;
char *tmp_host = host, *tmp_port = port;
@@ -3159,6 +3169,7 @@ int s_client_main(int argc, char **argv)
#ifndef OPENSSL_NO_SRP
OPENSSL_free(srp_arg.srppassin);
#endif
+ OPENSSL_free(sname_alloc);
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
OPENSSL_free(bindhost);
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c:1.3 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c:1.4
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c:1.3 Mon Oct 5 10:34:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_print.c Tue Mar 15 16:51:12 2022
@@ -142,7 +142,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a
continue;
if (i == 0 || i > INT_MAX / 4)
- goto err;
+ return 0;
num = i + neg;
if (bn == NULL)
Index: src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.13 src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.14
--- src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c:1.13 Sat Mar 21 20:53:05 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/engine/eng_all.c Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -12,9 +12,6 @@
void ENGINE_load_builtin_engines(void)
{
- /* Some ENGINEs need this */
- OPENSSL_cpuid_setup();
-
OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
}
Index: src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c:1.9 src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c:1.10
--- src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c:1.9 Sat Mar 21 20:53:06 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/lhash/lhash.c Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -343,7 +343,8 @@ unsigned long OPENSSL_LH_strhash(const c
v = n | (*c);
n += 0x100;
r = (int)((v >> 2) ^ v) & 0x0f;
- ret = (ret << r) | (ret >> (32 - r));
+ /* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+ ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
ret &= 0xFFFFFFFFL;
ret ^= v * v;
c++;
@@ -364,7 +365,8 @@ unsigned long openssl_lh_strcasehash(con
for (n = 0x100; *c != '\0'; n += 0x100) {
v = n | ossl_tolower(*c);
r = (int)((v >> 2) ^ v) & 0x0f;
- ret = (ret << r) | (ret >> (32 - r));
+ /* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+ ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
ret &= 0xFFFFFFFFL;
ret ^= v * v;
c++;
Index: src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.17 src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.18
--- src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c:1.17 Wed Dec 9 19:33:10 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -572,6 +572,8 @@ static int echo_console(UI *ui)
static int close_console(UI *ui)
{
+ int ret = 1;
+
if (tty_in != stdin)
fclose(tty_in);
if (tty_out != stderr)
@@ -584,12 +586,12 @@ static int close_console(UI *ui)
BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
ERR_add_error_data(2, "status=", tmp_num);
- return 0;
+ ret = 0;
}
# endif
CRYPTO_THREAD_unlock(ui->lock);
- return 1;
+ return ret;
}
# if !defined(OPENSSL_SYS_WINCE)
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.24 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.25
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.24 Fri Jan 7 10:50:11 2022
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Tue Mar 15 16:51:12 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2201,6 +2201,12 @@ int X509_STORE_CTX_purpose_inherit(X509_
/* If purpose not set use default */
if (!purpose)
purpose = def_purpose;
+ /*
+ * If purpose is set but we don't have a default then set the default to
+ * the current purpose
+ */
+ else if (def_purpose == 0)
+ def_purpose = purpose;
/* If we have a purpose then check it is valid */
if (purpose) {
X509_PURPOSE *ptmp;
@@ -2213,11 +2219,6 @@ int X509_STORE_CTX_purpose_inherit(X509_
ptmp = X509_PURPOSE_get0(idx);
if (ptmp->trust == X509_TRUST_DEFAULT) {
idx = X509_PURPOSE_get_by_id(def_purpose);
- /*
- * XXX: In the two callers above def_purpose is always 0, which is
- * not a known value, so idx will always be -1. How is the
- * X509_TRUST_DEFAULT case actually supposed to be handled?
- */
if (idx == -1) {
X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
X509_R_UNKNOWN_PURPOSE_ID);
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.28 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.29
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.28 Thu Mar 25 14:51:19 2021
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Tue Mar 15 16:51:13 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA256,
@@ -2187,7 +2187,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA256,
@@ -2203,7 +2203,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA256,
@@ -2235,7 +2235,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA256,
@@ -2251,7 +2251,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA256,
@@ -2267,7 +2267,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA256,
Index: src/crypto/external/bsd/openssl/dist/test/bntest.c
diff -u src/crypto/external/bsd/openssl/dist/test/bntest.c:1.9 src/crypto/external/bsd/openssl/dist/test/bntest.c:1.10
--- src/crypto/external/bsd/openssl/dist/test/bntest.c:1.9 Fri Jan 7 10:50:11 2022
+++ src/crypto/external/bsd/openssl/dist/test/bntest.c Tue Mar 15 16:51:13 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s)
|| !TEST_ptr(ret2 = BN_new()))
goto err;
+ if (BN_is_negative(mod_sqrt)) {
+ /* A negative testcase */
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
+ goto err;
+
+ st = 1;
+ goto err;
+ }
+
/* There are two possible answers. */
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
|| !TEST_true(BN_sub(ret2, p, ret)))
goto err;
@@ -2798,6 +2807,50 @@ static int test_mod_exp_consttime(int i)
return res;
}
+/*
+ * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is
+ * zero.
+ */
+static int test_mod_exp2_mont(void)
+{
+ int res = 0;
+ BIGNUM *exp_result = NULL;
+ BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL,
+ *exp_m = NULL;
+
+ if (!TEST_ptr(exp_result = BN_new())
+ || !TEST_ptr(exp_a1 = BN_new())
+ || !TEST_ptr(exp_p1 = BN_new())
+ || !TEST_ptr(exp_a2 = BN_new())
+ || !TEST_ptr(exp_p2 = BN_new())
+ || !TEST_ptr(exp_m = BN_new()))
+ goto err;
+
+ if (!TEST_true(BN_one(exp_a1))
+ || !TEST_true(BN_one(exp_p1))
+ || !TEST_true(BN_one(exp_a2))
+ || !TEST_true(BN_one(exp_p2)))
+ goto err;
+
+ BN_zero(exp_m);
+
+ /* input of 0 is even, so must fail */
+ if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2,
+ exp_p2, exp_m, ctx, NULL), 0))
+ goto err;
+
+ res = 1;
+
+err:
+ BN_free(exp_result);
+ BN_free(exp_a1);
+ BN_free(exp_p1);
+ BN_free(exp_a2);
+ BN_free(exp_p2);
+ BN_free(exp_m);
+ return res;
+}
+
static int file_test_run(STANZA *s)
{
static const FILETEST filetests[] = {
@@ -2906,6 +2959,7 @@ int setup_tests(void)
ADD_TEST(test_gcd_prime);
ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests));
ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests));
+ ADD_TEST(test_mod_exp2_mont);
} else {
ADD_ALL_TESTS(run_file_tests, n);
}
Index: src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c
diff -u src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.10 src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.11
--- src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c:1.10 Fri Jan 7 10:50:11 2022
+++ src/crypto/external/bsd/openssl/dist/test/evp_extra_test.c Tue Mar 15 16:51:13 2022
@@ -1,5 +1,5 @@
/*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1762,6 +1762,83 @@ static int test_EVP_PKEY_set1_DH(void)
}
#endif /* OPENSSL_NO_DH */
+typedef struct {
+ int data;
+} custom_dgst_ctx;
+
+static int custom_md_init_called = 0;
+static int custom_md_cleanup_called = 0;
+
+static int custom_md_init(EVP_MD_CTX *ctx)
+{
+ custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
+
+ if (p == NULL)
+ return 0;
+
+ custom_md_init_called++;
+ return 1;
+}
+
+static int custom_md_cleanup(EVP_MD_CTX *ctx)
+{
+ custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
+
+ if (p == NULL)
+ /* Nothing to do */
+ return 1;
+
+ custom_md_cleanup_called++;
+ return 1;
+}
+
+static int test_custom_md_meth(void)
+{
+ EVP_MD_CTX *mdctx = NULL;
+ EVP_MD *tmp = NULL;
+ char mess[] = "Test Message\n";
+ unsigned char md_value[EVP_MAX_MD_SIZE];
+ unsigned int md_len;
+ int testresult = 0;
+ int nid;
+
+ custom_md_init_called = custom_md_cleanup_called = 0;
+
+ nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
+ if (!TEST_int_ne(nid, NID_undef))
+ goto err;
+ tmp = EVP_MD_meth_new(nid, NID_undef);
+ if (!TEST_ptr(tmp))
+ goto err;
+
+ if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
+ || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
+ || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
+ sizeof(custom_dgst_ctx))))
+ goto err;
+
+ mdctx = EVP_MD_CTX_new();
+ if (!TEST_ptr(mdctx)
+ /*
+ * Initing our custom md and then initing another md should
+ * result in the init and cleanup functions of the custom md
+ * from being called.
+ */
+ || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
+ || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
+ || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
+ || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
+ || !TEST_int_eq(custom_md_init_called, 1)
+ || !TEST_int_eq(custom_md_cleanup_called, 1))
+ goto err;
+
+ testresult = 1;
+ err:
+ EVP_MD_CTX_free(mdctx);
+ EVP_MD_meth_free(tmp);
+ return testresult;
+}
+
#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
/* Test we can create a signature keys with an associated ENGINE */
static int test_signatures_with_engine(int tst)
@@ -1965,6 +2042,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
+ ADD_TEST(test_custom_md_meth);
#if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
# ifndef OPENSSL_NO_EC
ADD_ALL_TESTS(test_signatures_with_engine, 3);
Index: src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt
diff -u src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt:1.2 src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt:1.3
--- src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt:1.2 Tue Jan 18 15:43:37 2022
+++ src/crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpkdf.txt Tue Mar 15 16:51:13 2022
@@ -1,5 +1,5 @@
#
-# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -294,13 +294,12 @@ Ctrl.r = r:8
Ctrl.p = p:1
Output = 7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
-# Out of memory
+# Out of memory - request > 2 GB of memory
# XXX: skip for now; on small machines we run out of swap
#KDF = scrypt
#Ctrl.pass = pass:pleaseletmein
#Ctrl.salt = salt:SodiumChloride
-#Ctrl.N = N:1048576
+#Ctrl.N = N:2097152
#Ctrl.r = r:8
#Ctrl.p = p:1
-#Result = KDF_MISMATCH
-
+#Result = KDF_DERIVE_ERROR
