From nobody Tue Jun 21 23:14:46 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 967CB878886; Tue, 21 Jun 2022 23:14:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LSMmQ5bxCz3pbK; Tue, 21 Jun 2022 23:14:46 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655853287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vm8eUMAgSoAnp6NMmEwjC23JIGENJu92KcBW1wKUVDw=; b=O8xlY3XLLKNgYiCk7aGJTWwrWdKyxU8GPU4YYOtDOHC0BKQogQ3rnUk1+p+9m8xskkpqY4 SOpq2265UKuRHvLquvbs19WBCJmGPXKTetBZNQcnLz+cuVnCOEs02S12Jnpn2kvDjaKvo7 Ar6IyN7qJI9i325RQPrkDK0oyTJDgoSfWwfvzb29PmkMJPVpzvS+h7dd43G0CxGsPUAD+q KWdgkedxKxlqjIxIXX8813niMLn/3nTj63WOPYvqV3noYL0L7JtnwPyG94PNh2PkqJ4Rah Qwpueym0XR7KRI+Wo9gtAGkotCipQ2X5qLa2HpinKjpkkeuMYsrJEAA20Y5mPw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CC521AEB6; Tue, 21 Jun 2022 23:14:46 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 25LNEkgC006564; Tue, 21 Jun 2022 23:14:46 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 25LNEkXQ006563; Tue, 21 Jun 2022 23:14:46 GMT (envelope-from git) Date: Tue, 21 Jun 2022 23:14:46 GMT Message-Id: <202206212314.25LNEkXQ006563@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jung-uk Kim Subject: git: ff721311ee37 - stable/12 - OpenSSL: Merge OpenSSL 1.1.1p List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jkim X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: ff721311ee372f16adc869e6a7bb586cf9ccb54b Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1655853287; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=vm8eUMAgSoAnp6NMmEwjC23JIGENJu92KcBW1wKUVDw=; b=A+8xwGYugusXAOM6cdHErjD+sBPUoUmbEiQa6YuawsKug4oG/A+3vm9bg941z5wipEqa4z yBV0ncpj7Xx4n8RR4gW75LZPk28k48qcraZFUQkkB+rYcsuEVi9Kv7BIymOQokq46HgKN5 m/a2Q9967jm6nXvhLp6W400cQYuGC6ARDolmwZgbSfrNbE2z+UCVcJAaF6cIqGCIsxlxcr 6Qnq1hTNHJ2bW4MkvlUfhzcChuEI9JWleLROE3+BVmDR54BiDhx4URA7EPFt3ghD4RDpIT WC0VRTkLMWHfsCgjwaIsXQztudxLSmEhkmG6Kqb7GW5arDL7RRl/kJ+mNUrLyw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1655853287; a=rsa-sha256; cv=none; b=jqyEeH6iGA700wNlpLTLpZESmKlPYSZ0nwZTKvsoTwgrdfSHBrFmtNxb/k+AB1YuWqhtM2 dINnhX/+F6rqFOdKvmP3/1TBtWAK7A1x2Gx4OaZS/9kNyRgBqlNpHndhSI/gBBiyHARm0C V1I9zUuRc+EjPhW1ZnamB2QSrLMH4qTmhP3vf3MsERLCsRGmYvJKkU7lDtIODFoCuY3+Wr VcxZmGA0+xnLfoK7/5ocEZbWUPRGt75ssxeSnklEBvGkoqC3gtbU4XBRbGZzo/yTmbRuFS 35jU766g9AmgThgIgWA1VG54zn4dmhuLtxGG6BiDDVvPZa7KdCUu6IJf0oIzog== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=ff721311ee372f16adc869e6a7bb586cf9ccb54b commit ff721311ee372f16adc869e6a7bb586cf9ccb54b Author: Jung-uk Kim AuthorDate: 2022-06-21 17:33:01 +0000 Commit: Jung-uk Kim CommitDate: 2022-06-21 23:03:33 +0000 OpenSSL: Merge OpenSSL 1.1.1p (cherry picked from commit 83eaf7ae0a7b502de1b08850324b447591bd6916) --- crypto/openssl/CHANGES | 44 ++++- crypto/openssl/NEWS | 6 + crypto/openssl/README | 2 +- crypto/openssl/apps/s_server.c | 49 ++++- crypto/openssl/config | 3 +- crypto/openssl/crypto/bn/asm/x86_64-mont5.pl | 198 +-------------------- crypto/openssl/crypto/bn/bn_exp.c | 44 +++-- crypto/openssl/crypto/bn/rsaz_exp.c | 10 +- crypto/openssl/crypto/bn/rsaz_exp.h | 25 ++- crypto/openssl/crypto/ec/ec_asn1.c | 12 +- crypto/openssl/crypto/ec/ec_key.c | 5 +- crypto/openssl/crypto/x509/x509_cmp.c | 6 +- crypto/openssl/crypto/x509/x_crl.c | 14 +- crypto/openssl/crypto/x509v3/v3_asid.c | 33 ++-- crypto/openssl/crypto/x509v3/v3_sxnet.c | 20 ++- crypto/openssl/doc/man3/BIO_f_base64.pod | 5 +- .../doc/man3/SSL_CTX_set1_verify_cert_store.pod | 15 +- crypto/openssl/include/openssl/opensslv.h | 4 +- crypto/openssl/include/openssl/ssl.h | 12 +- crypto/openssl/ssl/record/ssl3_record.c | 16 +- crypto/openssl/ssl/s3_lib.c | 12 ++ crypto/openssl/ssl/ssl_cert.c | 6 + crypto/openssl/ssl/ssl_local.h | 3 +- crypto/openssl/ssl/statem/extensions_clnt.c | 18 +- crypto/openssl/ssl/t1_lib.c | 18 +- 25 files changed, 297 insertions(+), 283 deletions(-) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index a5522e5fa564..18c320f85c84 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,18 +7,44 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1o and 1.1.1p [21 Jun 2022] + + *) In addition to the c_rehash shell command injection identified in + CVE-2022-1292, further bugs where the c_rehash script does not + properly sanitise shell metacharacters to prevent command injection have been + fixed. + + When the CVE-2022-1292 was fixed it was not discovered that there + are other places in the script where the file names of certificates + being hashed were possibly passed to a command executed through the shell. + + This script is distributed by some operating systems in a manner where + it is automatically executed. On such operating systems, an attacker + could execute arbitrary commands with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-2068) + [Daniel Fiala, Tomáš Mráz] + + *) When OpenSSL TLS client is connecting without any supported elliptic + curves and TLS-1.3 protocol is disabled the connection will no longer fail + if a ciphersuite that does not use a key exchange based on elliptic + curves can be negotiated. + [Tomáš Mráz] + Changes between 1.1.1n and 1.1.1o [3 May 2022] *) Fixed a bug in the c_rehash script which was not properly sanitising shell - metacharacters to prevent command injection. This script is distributed by - some operating systems in a manner where it is automatically executed. On - such operating systems, an attacker could execute arbitrary commands with the - privileges of the script. - - Use of the c_rehash script is considered obsolete and should be replaced - by the OpenSSL rehash command line tool. - (CVE-2022-1292) - [Tomáš Mráz] + metacharacters to prevent command injection. This script is distributed + by some operating systems in a manner where it is automatically executed. + On such operating systems, an attacker could execute arbitrary commands + with the privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] Changes between 1.1.1m and 1.1.1n [15 Mar 2022] diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index d32cf5bb48dd..f5f5759c0ff2 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,12 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022] + + o Fixed additional bugs in the c_rehash script which was not properly + sanitising shell metacharacters to prevent command injection + (CVE-2022-2068) + Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022] o Fixed a bug in the c_rehash script which was not properly sanitising diff --git a/crypto/openssl/README b/crypto/openssl/README index a56311a4d186..97a0042b8651 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1o 3 May 2022 + OpenSSL 1.1.1p 21 Jun 2022 Copyright (c) 1998-2022 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/apps/s_server.c b/crypto/openssl/apps/s_server.c index 64d53e68d0ee..1a42bf89c7a0 100644 --- a/crypto/openssl/apps/s_server.c +++ b/crypto/openssl/apps/s_server.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2236,6 +2236,30 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx) SSL_CTX_sess_get_cache_size(ssl_ctx)); } +static long int count_reads_callback(BIO *bio, int cmd, const char *argp, + int argi, long int argl, long int ret) +{ + unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio); + + switch (cmd) { + case BIO_CB_READ: /* No break here */ + case BIO_CB_GETS: + if (p_counter != NULL) + ++*p_counter; + break; + default: + break; + } + + if (s_debug) { + BIO_set_callback_arg(bio, (char *)bio_s_out); + ret = bio_dump_callback(bio, cmd, argp, argi, argl, ret); + BIO_set_callback_arg(bio, (char *)p_counter); + } + + return ret; +} + static int sv_body(int s, int stype, int prot, unsigned char *context) { char *buf = NULL; @@ -2353,10 +2377,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) SSL_set_accept_state(con); /* SSL_set_fd(con,s); */ - if (s_debug) { - BIO_set_callback(SSL_get_rbio(con), bio_dump_callback); - BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out); - } + BIO_set_callback(SSL_get_rbio(con), count_reads_callback); if (s_msg) { #ifndef OPENSSL_NO_SSL_TRACE if (s_msg == 2) @@ -2648,7 +2669,25 @@ static int sv_body(int s, int stype, int prot, unsigned char *context) */ if ((!async || !SSL_waiting_for_async(con)) && !SSL_is_init_finished(con)) { + /* + * Count number of reads during init_ssl_connection. + * It helps us to distinguish configuration errors from errors + * caused by a client. + */ + unsigned int read_counter = 0; + + BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter); i = init_ssl_connection(con); + BIO_set_callback_arg(SSL_get_rbio(con), NULL); + + /* + * If initialization fails without reads, then + * there was a fatal error in configuration. + */ + if (i <= 0 && read_counter == 0) { + ret = -1; + goto err; + } if (i < 0) { ret = 0; diff --git a/crypto/openssl/config b/crypto/openssl/config index 49422981ae84..c7b035a0c57c 100755 --- a/crypto/openssl/config +++ b/crypto/openssl/config @@ -1,5 +1,5 @@ #!/bin/sh -# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -709,6 +709,7 @@ case "$GUESSOS" in ia64-*-*bsd*) OUT="BSD-ia64" ;; x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; + arm64-*-*bsd*) OUT="BSD-aarch64" ;; *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD libc=/usr/lib/libc.so diff --git a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl index 8c37d132e476..33cb769c36d5 100755 --- a/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl +++ b/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -2101,193 +2101,6 @@ __bn_post4x_internal: .size __bn_post4x_internal,.-__bn_post4x_internal ___ } -{ -$code.=<<___; -.globl bn_from_montgomery -.type bn_from_montgomery,\@abi-omnipotent -.align 32 -bn_from_montgomery: -.cfi_startproc - testl \$7,`($win64?"48(%rsp)":"%r9d")` - jz bn_from_mont8x - xor %eax,%eax - ret -.cfi_endproc -.size bn_from_montgomery,.-bn_from_montgomery - -.type bn_from_mont8x,\@function,6 -.align 32 -bn_from_mont8x: -.cfi_startproc - .byte 0x67 - mov %rsp,%rax -.cfi_def_cfa_register %rax - push %rbx -.cfi_push %rbx - push %rbp -.cfi_push %rbp - push %r12 -.cfi_push %r12 - push %r13 -.cfi_push %r13 - push %r14 -.cfi_push %r14 - push %r15 -.cfi_push %r15 -.Lfrom_prologue: - - shl \$3,${num}d # convert $num to bytes - lea ($num,$num,2),%r10 # 3*$num in bytes - neg $num - mov ($n0),$n0 # *n0 - - ############################################################## - # Ensure that stack frame doesn't alias with $rptr+3*$num - # modulo 4096, which covers ret[num], am[num] and n[num] - # (see bn_exp.c). The stack is allocated to aligned with - # bn_power5's frame, and as bn_from_montgomery happens to be - # last operation, we use the opportunity to cleanse it. - # - lea -320(%rsp,$num,2),%r11 - mov %rsp,%rbp - sub $rptr,%r11 - and \$4095,%r11 - cmp %r11,%r10 - jb .Lfrom_sp_alt - sub %r11,%rbp # align with $aptr - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - jmp .Lfrom_sp_done - -.align 32 -.Lfrom_sp_alt: - lea 4096-320(,$num,2),%r10 - lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256) - sub %r10,%r11 - mov \$0,%r10 - cmovc %r10,%r11 - sub %r11,%rbp -.Lfrom_sp_done: - and \$-64,%rbp - mov %rsp,%r11 - sub %rbp,%r11 - and \$-4096,%r11 - lea (%rbp,%r11),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lfrom_page_walk - jmp .Lfrom_page_walk_done - -.Lfrom_page_walk: - lea -4096(%rsp),%rsp - mov (%rsp),%r10 - cmp %rbp,%rsp - ja .Lfrom_page_walk -.Lfrom_page_walk_done: - - mov $num,%r10 - neg $num - - ############################################################## - # Stack layout - # - # +0 saved $num, used in reduction section - # +8 &t[2*$num], used in reduction section - # +32 saved *n0 - # +40 saved %rsp - # +48 t[2*$num] - # - mov $n0, 32(%rsp) - mov %rax, 40(%rsp) # save original %rsp -.cfi_cfa_expression %rsp+40,deref,+8 -.Lfrom_body: - mov $num,%r11 - lea 48(%rsp),%rax - pxor %xmm0,%xmm0 - jmp .Lmul_by_1 - -.align 32 -.Lmul_by_1: - movdqu ($aptr),%xmm1 - movdqu 16($aptr),%xmm2 - movdqu 32($aptr),%xmm3 - movdqa %xmm0,(%rax,$num) - movdqu 48($aptr),%xmm4 - movdqa %xmm0,16(%rax,$num) - .byte 0x48,0x8d,0xb6,0x40,0x00,0x00,0x00 # lea 64($aptr),$aptr - movdqa %xmm1,(%rax) - movdqa %xmm0,32(%rax,$num) - movdqa %xmm2,16(%rax) - movdqa %xmm0,48(%rax,$num) - movdqa %xmm3,32(%rax) - movdqa %xmm4,48(%rax) - lea 64(%rax),%rax - sub \$64,%r11 - jnz .Lmul_by_1 - - movq $rptr,%xmm1 - movq $nptr,%xmm2 - .byte 0x67 - mov $nptr,%rbp - movq %r10, %xmm3 # -num -___ -$code.=<<___ if ($addx); - mov OPENSSL_ia32cap_P+8(%rip),%r11d - and \$0x80108,%r11d - cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1 - jne .Lfrom_mont_nox - - lea (%rax,$num),$rptr - call __bn_sqrx8x_reduction - call __bn_postx4x_internal - - pxor %xmm0,%xmm0 - lea 48(%rsp),%rax - jmp .Lfrom_mont_zero - -.align 32 -.Lfrom_mont_nox: -___ -$code.=<<___; - call __bn_sqr8x_reduction - call __bn_post4x_internal - - pxor %xmm0,%xmm0 - lea 48(%rsp),%rax - jmp .Lfrom_mont_zero - -.align 32 -.Lfrom_mont_zero: - mov 40(%rsp),%rsi # restore %rsp -.cfi_def_cfa %rsi,8 - movdqa %xmm0,16*0(%rax) - movdqa %xmm0,16*1(%rax) - movdqa %xmm0,16*2(%rax) - movdqa %xmm0,16*3(%rax) - lea 16*4(%rax),%rax - sub \$32,$num - jnz .Lfrom_mont_zero - - mov \$1,%rax - mov -48(%rsi),%r15 -.cfi_restore %r15 - mov -40(%rsi),%r14 -.cfi_restore %r14 - mov -32(%rsi),%r13 -.cfi_restore %r13 - mov -24(%rsi),%r12 -.cfi_restore %r12 - mov -16(%rsi),%rbp -.cfi_restore %rbp - mov -8(%rsi),%rbx -.cfi_restore %rbx - lea (%rsi),%rsp -.cfi_def_cfa_register %rsp -.Lfrom_epilogue: - ret -.cfi_endproc -.size bn_from_mont8x,.-bn_from_mont8x -___ -} }}} if ($addx) {{{ @@ -3894,10 +3707,6 @@ mul_handler: .rva .LSEH_begin_bn_power5 .rva .LSEH_end_bn_power5 .rva .LSEH_info_bn_power5 - - .rva .LSEH_begin_bn_from_mont8x - .rva .LSEH_end_bn_from_mont8x - .rva .LSEH_info_bn_from_mont8x ___ $code.=<<___ if ($addx); .rva .LSEH_begin_bn_mulx4x_mont_gather5 @@ -3929,11 +3738,6 @@ $code.=<<___; .byte 9,0,0,0 .rva mul_handler .rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[] -.align 8 -.LSEH_info_bn_from_mont8x: - .byte 9,0,0,0 - .rva mul_handler - .rva .Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue # HandlerData[] ___ $code.=<<___ if ($addx); .align 8 diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c index 8c54ab005ca6..e21dcff027c5 100644 --- a/crypto/openssl/crypto/bn/bn_exp.c +++ b/crypto/openssl/crypto/bn/bn_exp.c @@ -900,14 +900,21 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, #if defined(OPENSSL_BN_ASM_MONT5) if (window == 5 && top > 1) { /* - * This optimization uses ideas from http://eprint.iacr.org/2011/239, - * specifically optimization of cache-timing attack countermeasures - * and pre-computation optimization. - */ - - /* - * Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as - * 512-bit RSA is hardly relevant, we omit it to spare size... + * This optimization uses ideas from https://eprint.iacr.org/2011/239, + * specifically optimization of cache-timing attack countermeasures, + * pre-computation optimization, and Almost Montgomery Multiplication. + * + * The paper discusses a 4-bit window to optimize 512-bit modular + * exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer + * important. + * + * |bn_mul_mont_gather5| and |bn_power5| implement the "almost" + * reduction variant, so the values here may not be fully reduced. + * They are bounded by R (i.e. they fit in |top| words), not |m|. + * Additionally, we pass these "almost" reduced inputs into + * |bn_mul_mont|, which implements the normal reduction variant. + * Given those inputs, |bn_mul_mont| may not give reduced + * output, but it will still produce "almost" reduced output. */ void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap, const void *table, const BN_ULONG *np, @@ -919,9 +926,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const void *table, const BN_ULONG *np, const BN_ULONG *n0, int num, int power); int bn_get_bits5(const BN_ULONG *ap, int off); - int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap, - const BN_ULONG *not_used, const BN_ULONG *np, - const BN_ULONG *n0, int num); BN_ULONG *n0 = mont->n0, *np; @@ -1010,14 +1014,18 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, } } - ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top); tmp.top = top; - bn_correct_top(&tmp); - if (ret) { - if (!BN_copy(rr, &tmp)) - ret = 0; - goto err; /* non-zero ret means it's not error */ - } + /* + * The result is now in |tmp| in Montgomery form, but it may not be + * fully reduced. This is within bounds for |BN_from_montgomery| + * (tmp < R <= m*R) so it will, when converting from Montgomery form, + * produce a fully reduced result. + * + * This differs from Figure 2 of the paper, which uses AMM(h, 1) to + * convert from Montgomery form with unreduced output, followed by an + * extra reduction step. In the paper's terminology, we replace + * steps 9 and 10 with MM(h, 1). + */ } else #endif { diff --git a/crypto/openssl/crypto/bn/rsaz_exp.c b/crypto/openssl/crypto/bn/rsaz_exp.c index 22455b8a6374..a2ab58bbeb4c 100644 --- a/crypto/openssl/crypto/bn/rsaz_exp.c +++ b/crypto/openssl/crypto/bn/rsaz_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -66,6 +66,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], unsigned char *R2 = table_s; /* borrow */ int index; int wvalue; + BN_ULONG tmp[16]; if ((((size_t)p_str & 4095) + 320) >> 12) { result = p_str; @@ -237,7 +238,10 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16], rsaz_1024_red2norm_avx2(result_norm, result); + bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16); + OPENSSL_cleanse(storage, sizeof(storage)); + OPENSSL_cleanse(tmp, sizeof(tmp)); } /* @@ -266,6 +270,7 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], unsigned char *p_str = (unsigned char *)exponent; int index; unsigned int wvalue; + BN_ULONG tmp[8]; /* table[0] = 1_inv */ temp[0] = 0 - m[0]; @@ -309,7 +314,10 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], /* from Montgomery */ rsaz_512_mul_by_one(result, temp, m, k0); + bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8); + OPENSSL_cleanse(storage, sizeof(storage)); + OPENSSL_cleanse(tmp, sizeof(tmp)); } #endif diff --git a/crypto/openssl/crypto/bn/rsaz_exp.h b/crypto/openssl/crypto/bn/rsaz_exp.h index 88f65a4bae46..1532a7e07179 100644 --- a/crypto/openssl/crypto/bn/rsaz_exp.h +++ b/crypto/openssl/crypto/bn/rsaz_exp.h @@ -1,5 +1,5 @@ /* - * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2012, Intel Corporation. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -22,6 +22,8 @@ # define RSAZ_ENABLED # include +# include "internal/constant_time.h" +# include "bn_local.h" void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16], const BN_ULONG base_norm[16], @@ -35,6 +37,27 @@ void RSAZ_512_mod_exp(BN_ULONG result[8], const BN_ULONG m_norm[8], BN_ULONG k0, const BN_ULONG RR[8]); +static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask, + const BN_ULONG *a, + const BN_ULONG *b, size_t num) +{ + size_t i; + + for (i = 0; i < num; i++) { + r[i] = constant_time_select_64(mask, a[i], b[i]); + } +} + +static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r, + BN_ULONG carry, + const BN_ULONG *m, + BN_ULONG *tmp, size_t num) +{ + carry -= bn_sub_words(tmp, r, m, num); + bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num); + return carry; +} + # endif #endif diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c index 4335b3da1a54..34de7b2aabf7 100644 --- a/crypto/openssl/crypto/ec/ec_asn1.c +++ b/crypto/openssl/crypto/ec/ec_asn1.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) /* extract seed (optional) */ if (params->curve->seed != NULL) { + /* + * This happens for instance with + * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a + * and causes the OPENSSL_malloc below to choke on the + * zero length allocation request. + */ + if (params->curve->seed->length == 0) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); + goto err; + } OPENSSL_free(ret->seed); if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE); diff --git a/crypto/openssl/crypto/ec/ec_key.c b/crypto/openssl/crypto/ec/ec_key.c index 23efbd015ca4..3017f0936c0d 100644 --- a/crypto/openssl/crypto/ec/ec_key.c +++ b/crypto/openssl/crypto/ec/ec_key.c @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -657,8 +657,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE); return 0; } - eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); - if (eckey->priv_key == NULL) { + if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) { ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); return 0; } diff --git a/crypto/openssl/crypto/x509/x509_cmp.c b/crypto/openssl/crypto/x509/x509_cmp.c index 1d8d2d7b28e9..3724a118f343 100644 --- a/crypto/openssl/crypto/x509/x509_cmp.c +++ b/crypto/openssl/crypto/x509/x509_cmp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) unsigned long ret = 0; EVP_MD_CTX *ctx = EVP_MD_CTX_new(); unsigned char md[16]; - char *f; + char *f = NULL; if (ctx == NULL) goto err; @@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) goto err; if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f))) goto err; - OPENSSL_free(f); if (!EVP_DigestUpdate (ctx, (unsigned char *)a->cert_info.serialNumber.data, (unsigned long)a->cert_info.serialNumber.length)) @@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a) ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L) ) & 0xffffffffL; err: + OPENSSL_free(f); EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/openssl/crypto/x509/x_crl.c b/crypto/openssl/crypto/x509/x_crl.c index c9762f9e2394..df0041c0108c 100644 --- a/crypto/openssl/crypto/x509/x_crl.c +++ b/crypto/openssl/crypto/x509/x_crl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -103,13 +103,17 @@ static int crl_set_issuers(X509_CRL *crl) if (gtmp) { gens = gtmp; - if (!crl->issuers) { + if (crl->issuers == NULL) { crl->issuers = sk_GENERAL_NAMES_new_null(); - if (!crl->issuers) + if (crl->issuers == NULL) { + GENERAL_NAMES_free(gtmp); return 0; + } } - if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) + if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) { + GENERAL_NAMES_free(gtmp); return 0; + } } rev->issuer = gens; @@ -255,7 +259,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, break; case ASN1_OP_FREE_POST: - if (crl->meth->crl_free) { + if (crl->meth != NULL && crl->meth->crl_free != NULL) { if (!crl->meth->crl_free(crl)) return 0; } diff --git a/crypto/openssl/crypto/x509v3/v3_asid.c b/crypto/openssl/crypto/x509v3/v3_asid.c index ac6857267291..8e9e919804d0 100644 --- a/crypto/openssl/crypto/x509v3/v3_asid.c +++ b/crypto/openssl/crypto/x509v3/v3_asid.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) */ int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) { - return (a == NULL || - a == b || - (b != NULL && - !X509v3_asid_inherits(a) && - !X509v3_asid_inherits(b) && - asid_contains(b->asnum->u.asIdsOrRanges, - a->asnum->u.asIdsOrRanges) && - asid_contains(b->rdi->u.asIdsOrRanges, - a->rdi->u.asIdsOrRanges))); + int subset; + + if (a == NULL || a == b) + return 1; + + if (b == NULL) + return 0; + + if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b)) + return 0; + + subset = a->asnum == NULL + || (b->asnum != NULL + && asid_contains(b->asnum->u.asIdsOrRanges, + a->asnum->u.asIdsOrRanges)); + if (!subset) + return 0; + + return a->rdi == NULL + || (b->rdi != NULL + && asid_contains(b->rdi->u.asIdsOrRanges, + a->rdi->u.asIdsOrRanges)); } /* diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c index 89cda01be2a5..144e8bee84ad 100644 --- a/crypto/openssl/crypto/x509v3/v3_sxnet.c +++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET) static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent) { - long v; + int64_t v; char *tmp; SXNETID *id; int i; - v = ASN1_INTEGER_get(sx->version); - BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v); + + /* + * Since we add 1 to the version number to display it, we don't support + * LONG_MAX since that would cause on overflow. + */ + if (!ASN1_INTEGER_get_int64(&v, sx->version) + || v >= LONG_MAX + || v < LONG_MIN) { + BIO_printf(out, "%*sVersion: ", indent, ""); + } else { + long vl = (long)v; + + BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl); + } for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { id = sk_SXNETID_value(sx->ids, i); tmp = i2s_ASN1_INTEGER(NULL, id->zone); diff --git a/crypto/openssl/doc/man3/BIO_f_base64.pod b/crypto/openssl/doc/man3/BIO_f_base64.pod index c2c5309a6017..55ca5d4de30f 100644 --- a/crypto/openssl/doc/man3/BIO_f_base64.pod +++ b/crypto/openssl/doc/man3/BIO_f_base64.pod @@ -38,9 +38,8 @@ to flush the final block through the BIO. The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). For writing, it causes all data to be written on one line without newline at the end. -For reading, it forces the decoder to process the data regardless -of newlines. All newlines are ignored and the input does not need -to contain any newline at all. +For reading, it expects the data to be all on one line (with or +without a trailing newline). =head1 NOTES diff --git a/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod b/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod index b42f2a499f13..a7f2a53a80af 100644 --- a/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod +++ b/crypto/openssl/doc/man3/SSL_CTX_set1_verify_cert_store.pod @@ -5,7 +5,9 @@ SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, -SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate +SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, +SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, +SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate verification or chain store =head1 SYNOPSIS @@ -16,11 +18,15 @@ verification or chain store int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); + int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); + int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); + int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); + int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); =head1 DESCRIPTION @@ -34,6 +40,11 @@ SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar except they apply to SSL structure B. +SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), +SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the +objects previously set via the above calls. A pointer to the object (or NULL if +no such object has been set) is written to B<*st>. + All these functions are implemented as macros. Those containing a B<1> increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a B<0> do @@ -90,7 +101,7 @@ These functions were added in OpenSSL 1.0.2. =head1 COPYRIGHT -Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index 744ded818e75..41f3a095460b 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010ffL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o-freebsd 3 May 2022" +# define OPENSSL_VERSION_NUMBER 0x1010110fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p-freebsd 21 Jun 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/crypto/openssl/include/openssl/ssl.h b/crypto/openssl/include/openssl/ssl.h index fd0c5a99967f..9af0c8995ecc 100644 --- a/crypto/openssl/include/openssl/ssl.h +++ b/crypto/openssl/include/openssl/ssl.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1305,6 +1305,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) # define SSL_CTRL_GET_MAX_PROTO_VERSION 131 # define SSL_CTRL_GET_SIGNATURE_NID 132 # define SSL_CTRL_GET_TMP_KEY 133 +# define SSL_CTRL_GET_VERIFY_CERT_STORE 137 +# define SSL_CTRL_GET_CHAIN_CERT_STORE 138 # define SSL_CERT_SET_FIRST 1 # define SSL_CERT_SET_NEXT 2 # define SSL_CERT_SET_SERVER 3 @@ -1360,10 +1362,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_verify_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_verify_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set0_chain_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_CTX_set1_chain_cert_store(ctx,st) \ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +# define SSL_CTX_get0_chain_cert_store(ctx,st) \ + SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set0_chain(s,sk) \ SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk)) # define SSL_set1_chain(s,sk) \ @@ -1386,10 +1392,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION) SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set1_verify_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st)) +#define SSL_get0_verify_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st)) # define SSL_set0_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_set1_chain_cert_store(s,st) \ SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st)) +#define SSL_get0_chain_cert_store(s,st) \ + SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st)) # define SSL_get1_groups(s, glist) \ SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist)) # define SSL_CTX_set1_groups(ctx, glist, glistlen) \ diff --git a/crypto/openssl/ssl/record/ssl3_record.c b/crypto/openssl/ssl/record/ssl3_record.c index f158544789bb..47c7369ed549 100644 --- a/crypto/openssl/ssl/record/ssl3_record.c +++ b/crypto/openssl/ssl/record/ssl3_record.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1532,6 +1532,7 @@ int ssl3_cbc_copy_mac(unsigned char *out, #if defined(CBC_MAC_ROTATE_IN_PLACE) unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; unsigned char *rotated_mac; + char aux1, aux2, aux3, mask; #else unsigned char rotated_mac[EVP_MAX_MD_SIZE]; #endif *** 176 LINES SKIPPED ***