Module Name: src
Committed By: christos
Date: Tue Feb 7 22:25:31 UTC 2023
Modified Files:
src/crypto/external/bsd/openssl/dist: CHANGES Configure NEWS README
src/crypto/external/bsd/openssl/dist/apps: ca.c ocsp.c s_server.c
src/crypto/external/bsd/openssl/dist/crypto/asn1: asn_mime.c
src/crypto/external/bsd/openssl/dist/crypto/bn: bn_exp.c bn_mont.c
bn_nist.c
src/crypto/external/bsd/openssl/dist/crypto/ec: ec_asn1.c ec_key.c
src/crypto/external/bsd/openssl/dist/crypto/evp: evp_enc.c
src/crypto/external/bsd/openssl/dist/crypto/x509: x509_vfy.c
src/crypto/external/bsd/openssl/dist/crypto/x509v3: v3_addr.c
src/crypto/external/bsd/openssl/dist/ssl: s3_enc.c s3_lib.c ssl_ciph.c
ssl_lib.c t1_enc.c t1_lib.c
src/crypto/external/bsd/openssl/dist/test: exptest.c
src/crypto/external/bsd/openssl/dist/test/testutil: driver.c
Removed Files:
src/crypto/external/bsd/openssl/dist/test/ssl-tests: 16-certstatus.conf
Log Message:
merge changes between openssl 1.1.1n and 1.1.1t
To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssl/dist/CHANGES \
src/crypto/external/bsd/openssl/dist/NEWS \
src/crypto/external/bsd/openssl/dist/README
cvs rdiff -u -r1.30 -r1.31 src/crypto/external/bsd/openssl/dist/Configure
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssl/dist/apps/ca.c
cvs rdiff -u -r1.22 -r1.23 src/crypto/external/bsd/openssl/dist/apps/ocsp.c
cvs rdiff -u -r1.24 -r1.25 \
src/crypto/external/bsd/openssl/dist/apps/s_server.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c
cvs rdiff -u -r1.20 -r1.21 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c
cvs rdiff -u -r1.12 -r1.13 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c
cvs rdiff -u -r1.6 -r1.7 \
src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c
cvs rdiff -u -r1.14 -r1.15 \
src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
cvs rdiff -u -r1.25 -r1.26 \
src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
cvs rdiff -u -r1.16 -r1.17 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
cvs rdiff -u -r1.29 -r1.30 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
cvs rdiff -u -r1.22 -r1.23 \
src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
cvs rdiff -u -r1.21 -r1.22 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c \
src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
cvs rdiff -u -r1.34 -r1.35 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
cvs rdiff -u -r1.4 -r1.5 src/crypto/external/bsd/openssl/dist/test/exptest.c
cvs rdiff -u -r1.1.1.1 -r0 \
src/crypto/external/bsd/openssl/dist/test/ssl-tests/16-certstatus.conf
cvs rdiff -u -r1.3 -r1.4 \
src/crypto/external/bsd/openssl/dist/test/testutil/driver.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/openssl/dist/CHANGES
diff -u src/crypto/external/bsd/openssl/dist/CHANGES:1.29 src/crypto/external/bsd/openssl/dist/CHANGES:1.30
--- src/crypto/external/bsd/openssl/dist/CHANGES:1.29 Tue Mar 15 16:51:12 2022
+++ src/crypto/external/bsd/openssl/dist/CHANGES Tue Feb 7 17:25:29 2023
@@ -7,6 +7,178 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
+ *) Fixed X.400 address type confusion in X.509 GeneralName.
+
+ There is a type confusion vulnerability relating to X.400 address processing
+ inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+ but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+ vulnerability may allow an attacker who can provide a certificate chain and
+ CRL (neither of which need have a valid signature) to pass arbitrary
+ pointers to a memcmp call, creating a possible read primitive, subject to
+ some constraints. Refer to the advisory for more information. Thanks to
+ David Benjamin for discovering this issue. (CVE-2023-0286)
+
+ This issue has been fixed by changing the public header file definition of
+ GENERAL_NAME so that x400Address reflects the implementation. It was not
+ possible for any existing application to successfully use the existing
+ definition; however, if any application references the x400Address field
+ (e.g. in dead code), note that the type of this field has changed. There is
+ no ABI change.
+ [Hugo Landau]
+
+ *) Fixed Use-after-free following BIO_new_NDEF.
+
+ The public API function BIO_new_NDEF is a helper function used for
+ streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
+ to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
+ be called directly by end user applications.
+
+ The function receives a BIO from the caller, prepends a new BIO_f_asn1
+ filter BIO onto the front of it to form a BIO chain, and then returns
+ the new head of the BIO chain to the caller. Under certain conditions,
+ for example if a CMS recipient public key is invalid, the new filter BIO
+ is freed and the function returns a NULL result indicating a failure.
+ However, in this case, the BIO chain is not properly cleaned up and the
+ BIO passed by the caller still retains internal pointers to the previously
+ freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
+ then a use-after-free will occur. This will most likely result in a crash.
+ (CVE-2023-0215)
+ [Viktor Dukhovni, Matt Caswell]
+
+ *) Fixed Double free after calling PEM_read_bio_ex.
+
+ The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+ decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
+ data. If the function succeeds then the "name_out", "header" and "data"
+ arguments are populated with pointers to buffers containing the relevant
+ decoded data. The caller is responsible for freeing those buffers. It is
+ possible to construct a PEM file that results in 0 bytes of payload data.
+ In this case PEM_read_bio_ex() will return a failure code but will populate
+ the header argument with a pointer to a buffer that has already been freed.
+ If the caller also frees this buffer then a double free will occur. This
+ will most likely lead to a crash.
+
+ The functions PEM_read_bio() and PEM_read() are simple wrappers around
+ PEM_read_bio_ex() and therefore these functions are also directly affected.
+
+ These functions are also called indirectly by a number of other OpenSSL
+ functions including PEM_X509_INFO_read_bio_ex() and
+ SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
+ internal uses of these functions are not vulnerable because the caller does
+ not free the header argument if PEM_read_bio_ex() returns a failure code.
+ (CVE-2022-4450)
+ [Kurt Roeckx, Matt Caswell]
+
+ *) Fixed Timing Oracle in RSA Decryption.
+
+ A timing based side channel exists in the OpenSSL RSA Decryption
+ implementation which could be sufficient to recover a plaintext across
+ a network in a Bleichenbacher style attack. To achieve a successful
+ decryption an attacker would have to be able to send a very large number
+ of trial messages for decryption. The vulnerability affects all RSA padding
+ modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+ (CVE-2022-4304)
+ [Dmitry Belyavsky, Hubert Kario]
+
+ Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
+
+ *) Fixed a regression introduced in 1.1.1r version not refreshing the
+ certificate data to be signed before signing the certificate.
+ [Gibeom Gwon]
+
+ Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
+
+ *) Fixed the linux-mips64 Configure target which was missing the
+ SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+ platform.
+ [Adam Joseph]
+
+ *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
+ causing incorrect results in some cases as a result.
+ [Paul Dale]
+
+ *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+ report correct results in some cases
+ [Matt Caswell]
+
+ *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
+ different key sizes
+ [Todd Short]
+
+ *) Added the loongarch64 target
+ [Shi Pujin]
+
+ *) Fixed a DRBG seed propagation thread safety issue
+ [Bernd Edlinger]
+
+ *) Fixed a memory leak in tls13_generate_secret
+ [Bernd Edlinger]
+
+ *) Fixed reported performance degradation on aarch64. Restored the
+ implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+ 32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+ reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+ The new algorithm is still used for 32 bit targets.
+ [Bernd Edlinger]
+
+ *) Added a missing header for memcmp that caused compilation failure on some
+ platforms
+ [Gregor Jasny]
+
+ Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
+
+ *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+ implementation would not encrypt the entirety of the data under some
+ circumstances. This could reveal sixteen bytes of data that was
+ preexisting in the memory that wasn't written. In the special case of
+ "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+ Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+ they are both unaffected.
+ (CVE-2022-2097)
+ [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
+
+ Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
+
+ *) In addition to the c_rehash shell command injection identified in
+ CVE-2022-1292, further bugs where the c_rehash script does not
+ properly sanitise shell metacharacters to prevent command injection have been
+ fixed.
+
+ When the CVE-2022-1292 was fixed it was not discovered that there
+ are other places in the script where the file names of certificates
+ being hashed were possibly passed to a command executed through the shell.
+
+ This script is distributed by some operating systems in a manner where
+ it is automatically executed. On such operating systems, an attacker
+ could execute arbitrary commands with the privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-2068)
+ [Daniel Fiala, Tomáš Mráz]
+
+ *) When OpenSSL TLS client is connecting without any supported elliptic
+ curves and TLS-1.3 protocol is disabled the connection will no longer fail
+ if a ciphersuite that does not use a key exchange based on elliptic
+ curves can be negotiated.
+ [Tomáš Mráz]
+
+ Changes between 1.1.1n and 1.1.1o [3 May 2022]
+
+ *) Fixed a bug in the c_rehash script which was not properly sanitising shell
+ metacharacters to prevent command injection. This script is distributed
+ by some operating systems in a manner where it is automatically executed.
+ On such operating systems, an attacker could execute arbitrary commands
+ with the privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-1292)
+ [Tomáš Mráz]
+
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
Index: src/crypto/external/bsd/openssl/dist/NEWS
diff -u src/crypto/external/bsd/openssl/dist/NEWS:1.29 src/crypto/external/bsd/openssl/dist/NEWS:1.30
--- src/crypto/external/bsd/openssl/dist/NEWS:1.29 Tue Mar 15 16:51:12 2022
+++ src/crypto/external/bsd/openssl/dist/NEWS Tue Feb 7 17:25:29 2023
@@ -5,10 +5,43 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
+ o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+ o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+ o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
+ o Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
+
+ Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
+
+ o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
+ certificate data to be signed before signing the certificate.
+
+ Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
+
+ o Added a missing header for memcmp that caused compilation failure on
+ some platforms
+
+ Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
+
+ o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ (CVE-2022-2097)
+
+ Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
+
+ o Fixed additional bugs in the c_rehash script which was not properly
+ sanitising shell metacharacters to prevent command injection
+ (CVE-2022-2068)
+
+ Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
+
+ o Fixed a bug in the c_rehash script which was not properly sanitising
+ shell metacharacters to prevent command injection (CVE-2022-1292)
+
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
- forever for non-prime moduli ([CVE-2022-0778])
+ forever for non-prime moduli (CVE-2022-0778)
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
Index: src/crypto/external/bsd/openssl/dist/README
diff -u src/crypto/external/bsd/openssl/dist/README:1.29 src/crypto/external/bsd/openssl/dist/README:1.30
--- src/crypto/external/bsd/openssl/dist/README:1.29 Tue Mar 15 16:51:12 2022
+++ src/crypto/external/bsd/openssl/dist/README Tue Feb 7 17:25:29 2023
@@ -1,7 +1,7 @@
- OpenSSL 1.1.1n 15 Mar 2022
+ OpenSSL 1.1.1t 7 Feb 2023
- Copyright (c) 1998-2021 The OpenSSL Project
+ Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
Index: src/crypto/external/bsd/openssl/dist/Configure
diff -u src/crypto/external/bsd/openssl/dist/Configure:1.30 src/crypto/external/bsd/openssl/dist/Configure:1.31
--- src/crypto/external/bsd/openssl/dist/Configure:1.30 Tue Mar 15 16:51:12 2022
+++ src/crypto/external/bsd/openssl/dist/Configure Tue Feb 7 17:25:29 2023
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1215,7 +1215,7 @@ $target{build_scheme} = [ $target{build_
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
@@ -1712,8 +1712,8 @@ if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
- ( $builder_platform."-".$target{build_file}.".tmpl",
- $target{build_file}.".tmpl" );
+ ( $builder_platform."-".$config{build_file}.".tmpl",
+ $config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
@@ -1937,8 +1937,8 @@ if ($builder eq "unified") {
}
next if @skip && $skip[$#skip] <= 0;
push @rawlines, $_
- if ($target_kind eq $target{build_file}
- || $target_kind eq $target{build_file}."(".$builder_platform.")");
+ if ($target_kind eq $config{build_file}
+ || $target_kind eq $config{build_file}."(".$builder_platform.")");
}
},
qr/^\s*(?:#.*)?$/ => sub { },
@@ -2813,8 +2813,8 @@ if ($builder_platform eq 'unix') {
my %builders = (
unified => sub {
- print 'Creating ',$target{build_file},"\n";
- run_dofile(catfile($blddir, $target{build_file}),
+ print 'Creating ',$config{build_file},"\n";
+ run_dofile(catfile($blddir, $config{build_file}),
@{$config{build_file_templates}});
},
);
@@ -2868,7 +2868,7 @@ exit(0);
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
- my $build_file = $target{build_file} // "build file";
+ my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
Index: src/crypto/external/bsd/openssl/dist/apps/ca.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ca.c:1.21 src/crypto/external/bsd/openssl/dist/apps/ca.c:1.22
--- src/crypto/external/bsd/openssl/dist/apps/ca.c:1.21 Fri Feb 19 22:22:13 2021
+++ src/crypto/external/bsd/openssl/dist/apps/ca.c Tue Feb 7 17:25:29 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -842,7 +842,8 @@ end_of_options:
goto end;
}
} else {
- if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) {
+ serial = load_serial(serialfile, NULL, create_ser, NULL);
+ if (serial == NULL) {
BIO_printf(bio_err, "error while loading serial number\n");
goto end;
}
@@ -1078,7 +1079,8 @@ end_of_options:
if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
!= NULL)
- if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) {
+ if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
+ == NULL) {
BIO_printf(bio_err, "error while loading CRL number\n");
goto end;
}
Index: src/crypto/external/bsd/openssl/dist/apps/ocsp.c
diff -u src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.22 src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.23
--- src/crypto/external/bsd/openssl/dist/apps/ocsp.c:1.22 Fri Apr 24 15:37:09 2020
+++ src/crypto/external/bsd/openssl/dist/apps/ocsp.c Tue Feb 7 17:25:29 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -176,7 +176,7 @@ const OPTIONS ocsp_options[] = {
{"no_intern", OPT_NO_INTERN, '-',
"Don't search certificates contained in response for signer"},
{"badsig", OPT_BADSIG, '-',
- "Corrupt last byte of loaded OSCP response signature (for test)"},
+ "Corrupt last byte of loaded OCSP response signature (for test)"},
{"text", OPT_TEXT, '-', "Print text form of request and response"},
{"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
{"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
Index: src/crypto/external/bsd/openssl/dist/apps/s_server.c
diff -u src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.24 src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.25
--- src/crypto/external/bsd/openssl/dist/apps/s_server.c:1.24 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/apps/s_server.c Tue Feb 7 17:25:29 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -2236,6 +2236,30 @@ static void print_stats(BIO *bio, SSL_CT
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
+static long int count_reads_callback(BIO *bio, int cmd, const char *argp,
+ int argi, long int argl, long int ret)
+{
+ unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio);
+
+ switch (cmd) {
+ case BIO_CB_READ: /* No break here */
+ case BIO_CB_GETS:
+ if (p_counter != NULL)
+ ++*p_counter;
+ break;
+ default:
+ break;
+ }
+
+ if (s_debug) {
+ BIO_set_callback_arg(bio, (char *)bio_s_out);
+ ret = bio_dump_callback(bio, cmd, argp, argi, argl, ret);
+ BIO_set_callback_arg(bio, (char *)p_counter);
+ }
+
+ return ret;
+}
+
static int sv_body(int s, int stype, int prot, unsigned char *context)
{
char *buf = NULL;
@@ -2353,10 +2377,7 @@ static int sv_body(int s, int stype, int
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
- if (s_debug) {
- BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
- BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
- }
+ BIO_set_callback(SSL_get_rbio(con), count_reads_callback);
if (s_msg) {
#ifndef OPENSSL_NO_SSL_TRACE
if (s_msg == 2)
@@ -2653,7 +2674,25 @@ static int sv_body(int s, int stype, int
*/
if ((!async || !SSL_waiting_for_async(con))
&& !SSL_is_init_finished(con)) {
+ /*
+ * Count number of reads during init_ssl_connection.
+ * It helps us to distinguish configuration errors from errors
+ * caused by a client.
+ */
+ unsigned int read_counter = 0;
+
+ BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter);
i = init_ssl_connection(con);
+ BIO_set_callback_arg(SSL_get_rbio(con), NULL);
+
+ /*
+ * If initialization fails without reads, then
+ * there was a fatal error in configuration.
+ */
+ if (i <= 0 && read_counter == 0) {
+ ret = -1;
+ goto err;
+ }
if (i < 0) {
ret = 0;
Index: src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c:1.12 Sat Mar 21 20:53:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c Tue Feb 7 17:25:29 2023
@@ -489,6 +489,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, i
char eol;
int len;
char linebuf[MAX_SMLEN];
+ int ret;
/*
* Buffer output so we don't write one line at a time. This is useful
* when streaming as we don't end up with one OCTET STRING per line.
@@ -523,9 +524,12 @@ int SMIME_crlf_copy(BIO *in, BIO *out, i
BIO_write(out, "\r\n", 2);
}
}
- (void)BIO_flush(out);
+ ret = BIO_flush(out);
BIO_pop(out);
BIO_free(bf);
+ if (ret <= 0)
+ return 0;
+
return 1;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.20 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.21
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c:1.20 Sat Mar 21 20:53:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,6 +41,15 @@ extern unsigned int OPENSSL_sparcv9cap_P
/* maximum precomputation table size for *variable* sliding windows */
#define TABLE_SIZE 32
+/*
+ * Beyond this limit the constant time code is disabled due to
+ * the possible overflow in the computation of powerbufLen in
+ * BN_mod_exp_mont_consttime.
+ * When this limit is exceeded, the computation will be done using
+ * non-constant time code, but it will take very long.
+ */
+#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
+
/* this one works - simple but works */
int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
{
@@ -192,13 +201,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
return ret;
}
+ BN_RECP_CTX_init(&recp);
+
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
if (val[0] == NULL)
goto err;
- BN_RECP_CTX_init(&recp);
if (m->neg) {
/* ignore sign of 'm' */
if (!BN_copy(aa, m))
@@ -308,12 +318,6 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
BIGNUM *val[TABLE_SIZE];
BN_MONT_CTX *mont = NULL;
- if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
- || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
- return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
- }
-
bn_check_top(a);
bn_check_top(p);
bn_check_top(m);
@@ -322,6 +326,14 @@ int BN_mod_exp_mont(BIGNUM *rr, const BI
BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
+
+ if (m->top <= BN_CONSTTIME_SIZE_LIMIT
+ && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+ || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
+ return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+ }
+
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@@ -621,6 +633,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
top = m->top;
+ if (top > BN_CONSTTIME_SIZE_LIMIT) {
+ /* Prevent overflowing the powerbufLen computation below */
+ return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont);
+ }
+
/*
* Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
* whether the top bits are zero.
@@ -700,7 +717,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
else
#endif
#if defined(OPENSSL_BN_ASM_MONT5)
- if (window >= 5) {
+ if (window >= 5 && top <= BN_SOFT_LIMIT) {
window = 5; /* ~5% improvement for RSA2048 sign, and even
* for RSA4096 */
/* reserve space for mont->N.d[] copy */
@@ -761,6 +778,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
goto err;
+ if (top > BN_SOFT_LIMIT)
+ goto fallback;
+
#if defined(SPARC_T4_MONT)
if (t4) {
typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
@@ -903,14 +923,21 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
#if defined(OPENSSL_BN_ASM_MONT5)
if (window == 5 && top > 1) {
/*
- * This optimization uses ideas from http://eprint.iacr.org/2011/239,
- * specifically optimization of cache-timing attack countermeasures
- * and pre-computation optimization.
- */
-
- /*
- * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
- * 512-bit RSA is hardly relevant, we omit it to spare size...
+ * This optimization uses ideas from https://eprint.iacr.org/2011/239,
+ * specifically optimization of cache-timing attack countermeasures,
+ * pre-computation optimization, and Almost Montgomery Multiplication.
+ *
+ * The paper discusses a 4-bit window to optimize 512-bit modular
+ * exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
+ * important.
+ *
+ * |bn_mul_mont_gather5| and |bn_power5| implement the "almost"
+ * reduction variant, so the values here may not be fully reduced.
+ * They are bounded by R (i.e. they fit in |top| words), not |m|.
+ * Additionally, we pass these "almost" reduced inputs into
+ * |bn_mul_mont|, which implements the normal reduction variant.
+ * Given those inputs, |bn_mul_mont| may not give reduced
+ * output, but it will still produce "almost" reduced output.
*/
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
@@ -922,9 +949,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
- int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
- const BN_ULONG *not_used, const BN_ULONG *np,
- const BN_ULONG *n0, int num);
BN_ULONG *n0 = mont->n0, *np;
@@ -1013,17 +1037,22 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
}
}
- ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
tmp.top = top;
- bn_correct_top(&tmp);
- if (ret) {
- if (!BN_copy(rr, &tmp))
- ret = 0;
- goto err; /* non-zero ret means it's not error */
- }
+ /*
+ * The result is now in |tmp| in Montgomery form, but it may not be
+ * fully reduced. This is within bounds for |BN_from_montgomery|
+ * (tmp < R <= m*R) so it will, when converting from Montgomery form,
+ * produce a fully reduced result.
+ *
+ * This differs from Figure 2 of the paper, which uses AMM(h, 1) to
+ * convert from Montgomery form with unreduced output, followed by an
+ * extra reduction step. In the paper's terminology, we replace
+ * steps 9 and 10 with MM(h, 1).
+ */
} else
#endif
{
+ fallback:
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
goto err;
if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c:1.12 Sat Mar 21 20:53:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -42,7 +42,7 @@ int bn_mul_mont_fixed_top(BIGNUM *r, con
int num = mont->N.top;
#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
- if (num > 1 && a->top == num && b->top == num) {
+ if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
if (bn_wexpand(r, num) == NULL)
return 0;
if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
Index: src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c:1.6 Sat Mar 21 20:53:03 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -249,17 +249,28 @@ const BIGNUM *BN_get0_nist_prime_521(voi
return &_bignum_nist_p_521;
}
-static void nist_cp_bn_0(BN_ULONG *dst, const BN_ULONG *src, int top, int max)
-{
- int i;
-
-#ifdef BN_DEBUG
- (void)ossl_assert(top <= max);
-#endif
- for (i = 0; i < top; i++)
- dst[i] = src[i];
- for (; i < max; i++)
- dst[i] = 0;
+/*
+ * To avoid more recent compilers (specifically clang-14) from treating this
+ * code as a violation of the strict aliasing conditions and omiting it, this
+ * cannot be declared as a function. Moreover, the dst parameter cannot be
+ * cached in a local since this no longer references the union and again falls
+ * foul of the strict aliasing criteria. Refer to #18225 for the initial
+ * diagnostics and llvm/llvm-project#55255 for the later discussions with the
+ * LLVM developers. The problem boils down to if an array in the union is
+ * converted to a pointer or if it is used directly.
+ *
+ * This function was inlined regardless, so there is no space cost to be
+ * paid for making it a macro.
+ */
+#define nist_cp_bn_0(dst, src_in, top, max) \
+{ \
+ int ii; \
+ const BN_ULONG *src = src_in; \
+ \
+ for (ii = 0; ii < top; ii++) \
+ (dst)[ii] = src[ii]; \
+ for (; ii < max; ii++) \
+ (dst)[ii] = 0; \
}
static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.12 src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.13
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c:1.12 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters
/* extract seed (optional) */
if (params->curve->seed != NULL) {
+ /*
+ * This happens for instance with
+ * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
+ * and causes the OPENSSL_malloc below to choke on the
+ * zero length allocation request.
+ */
+ if (params->curve->seed->length == 0) {
+ ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+ goto err;
+ }
OPENSSL_free(ret->seed);
if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
@@ -784,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters
}
/* extract the order */
- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+ if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
@@ -801,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+ } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c:1.6 src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c:1.7
--- src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c:1.6 Wed Dec 9 19:33:09 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -444,6 +444,16 @@ int EC_KEY_set_private_key(EC_KEY *key,
return 0;
/*
+ * Return `0` to comply with legacy behavior for this function, see
+ * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696
+ */
+ if (priv_key == NULL) {
+ BN_clear_free(key->priv_key);
+ key->priv_key = NULL;
+ return 0; /* intentional for legacy compatibility */
+ }
+
+ /*
* We should never leak the bit length of the secret scalar in the key,
* so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
* holding the secret scalar.
@@ -657,8 +667,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
return 0;
}
- eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
- if (eckey->priv_key == NULL) {
+ if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) {
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
return 0;
}
Index: src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.14 src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.15
--- src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c:1.14 Fri Jan 7 10:50:10 2022
+++ src/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *c
# define PTRDIFF_T size_t
#endif
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
{
PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
/*
@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int i, j, bl, cmpl = inl;
+ int i, j, bl;
+ size_t cmpl = (size_t)inl;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int fix_len, cmpl = inl;
+ int fix_len;
unsigned int b;
+ size_t cmpl = (size_t)inl;
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
Index: src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.25 src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.26
--- src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c:1.25 Tue Mar 15 16:51:12 2022
+++ src/crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c Tue Feb 7 17:25:30 2023
@@ -973,14 +973,14 @@ static int check_crl_time(X509_STORE_CTX
time_t *ptime;
int i;
- if (notify)
- ctx->current_crl = crl;
if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
ptime = &ctx->param->check_time;
else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
return 1;
else
ptime = NULL;
+ if (notify)
+ ctx->current_crl = crl;
i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
if (i == 0) {
Index: src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c
diff -u src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.8 src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.9
--- src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c:1.8 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,8 @@
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
@@ -342,8 +344,13 @@ static int range_should_be_prefix(const
unsigned char mask;
int i, j;
- if (memcmp(min, max, length) <= 0)
- return -1;
+ /*
+ * It is the responsibility of the caller to confirm min <= max. We don't
+ * use ossl_assert() here since we have no way of signalling an error from
+ * this function - so we just use a plain assert instead.
+ */
+ assert(memcmp(min, max, length) <= 0);
+
for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
@@ -385,12 +392,14 @@ static int range_should_be_prefix(const
/*
* Construct a prefix.
*/
-static int make_addressPrefix(IPAddressOrRange **result,
- unsigned char *addr, const int prefixlen)
+static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr,
+ const int prefixlen, const int afilen)
{
int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
IPAddressOrRange *aor = IPAddressOrRange_new();
+ if (prefixlen < 0 || prefixlen > (afilen * 8))
+ return 0;
if (aor == NULL)
return 0;
aor->type = IPAddressOrRange_addressPrefix;
@@ -426,8 +435,11 @@ static int make_addressRange(IPAddressOr
IPAddressOrRange *aor;
int i, prefixlen;
+ if (memcmp(min, max, length) > 0)
+ return 0;
+
if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
- return make_addressPrefix(result, min, prefixlen);
+ return make_addressPrefix(result, min, prefixlen, length);
if ((aor = IPAddressOrRange_new()) == NULL)
return 0;
@@ -589,7 +601,9 @@ int X509v3_addr_add_prefix(IPAddrBlocks
{
IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
IPAddressOrRange *aor;
- if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+
+ if (aors == NULL
+ || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi)))
return 0;
if (sk_IPAddressOrRange_push(aors, aor))
return 1;
@@ -986,7 +1000,10 @@ static void *v2i_IPAddrBlocks(const stru
switch (delim) {
case '/':
prefixlen = (int)strtoul(s + i2, &t, 10);
- if (t == s + i2 || *t != '\0') {
+ if (t == s + i2
+ || *t != '\0'
+ || prefixlen > (length * 8)
+ || prefixlen < 0) {
X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
X509V3_R_EXTENSION_VALUE_ERROR);
X509V3_conf_err(val);
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.16 src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.17
--- src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c:1.16 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_enc.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case SSL_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.29 src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.30
--- src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c:1.29 Tue Mar 15 16:51:13 2022
+++ src/crypto/external/bsd/openssl/dist/ssl/s3_lib.c Tue Feb 7 17:25:30 2023
@@ -3676,6 +3676,12 @@ long ssl3_ctrl(SSL *s, int cmd, long lar
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
+ case SSL_CTRL_GET_VERIFY_CERT_STORE:
+ return ssl_cert_get_cert_store(s->cert, parg, 0);
+
+ case SSL_CTRL_GET_CHAIN_CERT_STORE:
+ return ssl_cert_get_cert_store(s->cert, parg, 1);
+
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (s->s3->tmp.peer_sigalg == NULL)
return 0;
@@ -3949,6 +3955,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
+ case SSL_CTRL_GET_VERIFY_CERT_STORE:
+ return ssl_cert_get_cert_store(ctx->cert, parg, 0);
+
+ case SSL_CTRL_GET_CHAIN_CERT_STORE:
+ return ssl_cert_get_cert_store(ctx->cert, parg, 1);
+
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.22 src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.23
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c:1.22 Thu Oct 27 12:20:23 2022
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1026,7 +1026,7 @@ static int ssl_cipher_process_rulestr(co
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
- return 0;
+ return 0;
}
if (rule == CIPHER_SPECIAL) {
Index: src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.21 src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.22
--- src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c:1.21 Fri Jan 7 10:50:11 2022
+++ src/crypto/external/bsd/openssl/dist/ssl/ssl_lib.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1510,12 +1510,26 @@ int SSL_has_pending(const SSL *s)
{
/*
* Similar to SSL_pending() but returns a 1 to indicate that we have
- * unprocessed data available or 0 otherwise (as opposed to the number of
- * bytes available). Unlike SSL_pending() this will take into account
- * read_ahead data. A 1 return simply indicates that we have unprocessed
- * data. That data may not result in any application data, or we may fail
- * to parse the records for some reason.
- */
+ * processed or unprocessed data available or 0 otherwise (as opposed to the
+ * number of bytes available). Unlike SSL_pending() this will take into
+ * account read_ahead data. A 1 return simply indicates that we have data.
+ * That data may not result in any application data, or we may fail to parse
+ * the records for some reason.
+ */
+
+ /* Check buffered app data if any first */
+ if (SSL_IS_DTLS(s)) {
+ DTLS1_RECORD_DATA *rdata;
+ pitem *item, *iter;
+
+ iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
+ while ((item = pqueue_next(&iter)) != NULL) {
+ rdata = item->data;
+ if (rdata->rrec.length > 0)
+ return 1;
+ }
+ }
+
if (RECORD_LAYER_processed_read_pending(&s->rlayer))
return 1;
@@ -2084,6 +2098,7 @@ int SSL_shutdown(SSL *s)
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ memset(&args, 0, sizeof(args));
args.s = s;
args.type = OTHERFUNC;
args.f.func_other = s->method->ssl_shutdown;
@@ -3709,6 +3724,7 @@ int SSL_do_handshake(SSL *s)
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ memset(&args, 0, sizeof(args));
args.s = s;
ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.21 src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.22
--- src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c:1.21 Sat Mar 21 20:53:10 2020
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_enc.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -672,6 +672,8 @@ int tls1_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case SSL_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
Index: src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c
diff -u src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.34 src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.35
--- src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c:1.34 Fri Jan 7 10:50:11 2022
+++ src/crypto/external/bsd/openssl/dist/ssl/t1_lib.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EV
ca_dn = s->s3->tmp.peer_ca_names;
- if (!sk_X509_NAME_num(ca_dn))
+ if (ca_dn == NULL
+ || sk_X509_NAME_num(ca_dn) == 0
+ || ssl_check_ca_name(ca_dn, x))
rv |= CERT_PKEY_ISSUER_NAME;
-
- if (!(rv & CERT_PKEY_ISSUER_NAME)) {
- if (ssl_check_ca_name(ca_dn, x))
- rv |= CERT_PKEY_ISSUER_NAME;
- }
- if (!(rv & CERT_PKEY_ISSUER_NAME)) {
+ else
for (i = 0; i < sk_X509_num(chain); i++) {
X509 *xtmp = sk_X509_value(chain, i);
+
if (ssl_check_ca_name(ca_dn, xtmp)) {
rv |= CERT_PKEY_ISSUER_NAME;
break;
}
}
- }
+
if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
goto end;
} else
@@ -2555,6 +2553,8 @@ int ssl_security_cert_chain(SSL *s, STAC
int rv, start_idx, i;
if (x == NULL) {
x = sk_X509_value(sk, 0);
+ if (x == NULL)
+ return ERR_R_INTERNAL_ERROR;
start_idx = 1;
} else
start_idx = 0;
Index: src/crypto/external/bsd/openssl/dist/test/exptest.c
diff -u src/crypto/external/bsd/openssl/dist/test/exptest.c:1.4 src/crypto/external/bsd/openssl/dist/test/exptest.c:1.5
--- src/crypto/external/bsd/openssl/dist/test/exptest.c:1.4 Sun Sep 23 09:33:03 2018
+++ src/crypto/external/bsd/openssl/dist/test/exptest.c Tue Feb 7 17:25:30 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -49,7 +49,8 @@ static int test_mod_exp_zero(void)
BIGNUM *r = NULL;
BN_ULONG one_word = 1;
BN_CTX *ctx = BN_CTX_new();
- int ret = 1, failed = 0;
+ int ret = 0, failed = 0;
+ BN_MONT_CTX *mont = NULL;
if (!TEST_ptr(m = BN_new())
|| !TEST_ptr(a = BN_new())
@@ -94,6 +95,33 @@ static int test_mod_exp_zero(void)
if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
failed = 1;
+ if (!TEST_ptr(mont = BN_MONT_CTX_new()))
+ goto err;
+
+ ERR_set_mark();
+ /* mont is not set but passed in */
+ if (!TEST_false(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
+ goto err;
+ if (!TEST_false(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
+ goto err;
+ ERR_pop_to_mark();
+
+ if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx)))
+ goto err;
+
+ /* we compute 0 ** a mod 1 here, to execute code that uses mont */
+ if (!TEST_true(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont)))
+ goto err;
+
+ if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a)))
+ failed = 1;
+
+ if (!TEST_true(BN_mod_exp_mont(r, p, a, m, ctx, mont)))
+ goto err;
+
+ if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a)))
+ failed = 1;
+
/*
* A different codepath exists for single word multiplication
* in non-constant-time only.
@@ -114,6 +142,7 @@ static int test_mod_exp_zero(void)
BN_free(a);
BN_free(p);
BN_free(m);
+ BN_MONT_CTX_free(mont);
BN_CTX_free(ctx);
return ret;
Index: src/crypto/external/bsd/openssl/dist/test/testutil/driver.c
diff -u src/crypto/external/bsd/openssl/dist/test/testutil/driver.c:1.3 src/crypto/external/bsd/openssl/dist/test/testutil/driver.c:1.4
--- src/crypto/external/bsd/openssl/dist/test/testutil/driver.c:1.3 Wed Jan 22 21:54:56 2020
+++ src/crypto/external/bsd/openssl/dist/test/testutil/driver.c Tue Feb 7 17:25:31 2023
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
