git: 930cec16d9ee - releng/14.0 - OpenSSL: update to 3.0.12
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 26 Oct 2023 17:03:07 UTC
The branch releng/14.0 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=930cec16d9ee11584a10130bef9be002113e31de commit 930cec16d9ee11584a10130bef9be002113e31de Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-10-24 18:55:56 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-10-26 17:02:36 +0000 OpenSSL: update to 3.0.12 OpenSSL 3.0.12 addresses: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit ad991e4c142ebabad7aef488ad97b189ecabb270) (cherry picked from commit 575878a533823aa3e5bab715928d9cdffbc4dcbc) (cherry picked from commit e833378cf9589171562ccad4c6ff59c3713770bd) Approved by: so Approved by: re (gjb) --- crypto/openssl/CHANGES.md | 9 +++ crypto/openssl/INSTALL.md | 4 +- crypto/openssl/NEWS.md | 6 ++ crypto/openssl/VERSION.dat | 4 +- crypto/openssl/apps/dgst.c | 2 + crypto/openssl/apps/dhparam.c | 4 +- crypto/openssl/apps/dsaparam.c | 4 +- crypto/openssl/apps/enc.c | 5 +- crypto/openssl/apps/gendsa.c | 4 +- crypto/openssl/apps/genpkey.c | 4 +- crypto/openssl/apps/genrsa.c | 4 +- crypto/openssl/apps/lib/apps.c | 16 ++++-- crypto/openssl/apps/req.c | 2 + crypto/openssl/apps/speed.c | 3 +- crypto/openssl/crypto/aes/asm/aesv8-armx.pl | 3 + crypto/openssl/crypto/arm_arch.h | 7 +-- crypto/openssl/crypto/bn/bn_gcd.c | 8 +-- crypto/openssl/crypto/build.info | 2 - crypto/openssl/crypto/cms/cms_enc.c | 5 +- crypto/openssl/crypto/cms/cms_err.c | 4 +- crypto/openssl/crypto/cms/cms_sd.c | 14 ++++- crypto/openssl/crypto/dh/dh_check.c | 3 +- crypto/openssl/crypto/dh/dh_key.c | 3 +- crypto/openssl/crypto/dh/dh_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_check.c | 8 ++- crypto/openssl/crypto/dsa/dsa_lib.c | 4 +- crypto/openssl/crypto/dsa/dsa_ossl.c | 1 - crypto/openssl/crypto/engine/eng_pkey.c | 44 ++++++++++++++- crypto/openssl/crypto/engine/eng_table.c | 1 + crypto/openssl/crypto/err/openssl.txt | 1 + crypto/openssl/crypto/evp/evp_enc.c | 45 ++++++++++++++- crypto/openssl/crypto/evp/legacy_sha.c | 8 ++- crypto/openssl/crypto/evp/p_lib.c | 2 +- crypto/openssl/crypto/evp/pmeth_lib.c | 5 +- crypto/openssl/crypto/ex_data.c | 4 +- crypto/openssl/crypto/ffc/ffc_key_validate.c | 16 ++---- crypto/openssl/crypto/lhash/lhash.c | 6 +- crypto/openssl/crypto/mem.c | 12 +++- crypto/openssl/crypto/modes/asm/ghashv8-armx.pl | 5 +- crypto/openssl/crypto/objects/obj_dat.c | 7 ++- crypto/openssl/crypto/param_build_set.c | 13 +++-- .../openssl/crypto/poly1305/asm/poly1305-armv8.pl | 26 ++++----- crypto/openssl/crypto/property/property_parse.c | 34 +++++++++-- crypto/openssl/crypto/rsa/rsa_backend.c | 14 +---- crypto/openssl/crypto/rsa/rsa_lib.c | 32 ++++++++--- crypto/openssl/doc/man3/CMS_add1_signer.pod | 8 ++- crypto/openssl/doc/man3/DH_generate_parameters.pod | 6 +- .../openssl/doc/man3/DSA_generate_parameters.pod | 4 +- crypto/openssl/doc/man3/EVP_aes_128_gcm.pod | 8 +-- crypto/openssl/doc/man3/EVP_aria_128_gcm.pod | 2 +- crypto/openssl/doc/man3/EVP_bf_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_blake2b512.pod | 2 +- crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod | 2 +- crypto/openssl/doc/man3/EVP_cast5_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_chacha20.pod | 2 +- crypto/openssl/doc/man3/EVP_des_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_desx_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_idea_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_md2.pod | 2 +- crypto/openssl/doc/man3/EVP_md4.pod | 2 +- crypto/openssl/doc/man3/EVP_md5.pod | 2 +- crypto/openssl/doc/man3/EVP_mdc2.pod | 2 +- crypto/openssl/doc/man3/EVP_rc2_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_rc4.pod | 2 +- crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_ripemd160.pod | 2 +- crypto/openssl/doc/man3/EVP_seed_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_sha1.pod | 2 +- crypto/openssl/doc/man3/EVP_sha224.pod | 2 +- crypto/openssl/doc/man3/EVP_sha3_224.pod | 2 +- crypto/openssl/doc/man3/EVP_sm3.pod | 2 +- crypto/openssl/doc/man3/EVP_sm4_cbc.pod | 2 +- crypto/openssl/doc/man3/EVP_whirlpool.pod | 2 +- crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod | 5 +- .../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod | 10 +++- .../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++-- .../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod | 4 +- crypto/openssl/doc/man3/d2i_X509.pod | 26 +++++++-- crypto/openssl/include/openssl/cmserr.h | 3 +- crypto/openssl/include/openssl/evp.h | 4 +- crypto/openssl/include/openssl/opensslv.h | 10 ++-- crypto/openssl/include/openssl/pkcs7.h.in | 6 +- crypto/openssl/providers/fips-sources.checksums | 40 ++++++------- crypto/openssl/providers/fips.checksum | 2 +- .../encode_decode/encode_key2text.c | 65 +++++++++------------- .../providers/implementations/keymgmt/dh_kmgmt.c | 2 +- .../providers/implementations/macs/kmac_prov.c | 6 +- secure/lib/libcrypto/Makefile.inc | 4 +- sys/crypto/openssl/aarch64/aesv8-armx.S | 6 +- sys/crypto/openssl/aarch64/arm_arch.h | 7 +-- sys/crypto/openssl/aarch64/ghashv8-armx.S | 26 ++++----- sys/crypto/openssl/aarch64/poly1305-armv8.S | 24 ++++---- 92 files changed, 471 insertions(+), 281 deletions(-) diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md index a26bdbdd0ad0..f464b2320e9c 100644 --- a/crypto/openssl/CHANGES.md +++ b/crypto/openssl/CHANGES.md @@ -28,6 +28,14 @@ breaking changes, and mappings for the large list of deprecated functions. [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] + + * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), + EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters + that alter the key or IV length ([CVE-2023-5363]). + + *Paul Dale* + ### Changes between 3.0.10 and 3.0.11 [19 Sep 2023] * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. @@ -19732,6 +19740,7 @@ ndif <!-- Links --> +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md index ad4a51026d7c..fef408e9d1e3 100644 --- a/crypto/openssl/INSTALL.md +++ b/crypto/openssl/INSTALL.md @@ -2,8 +2,8 @@ Build and Install ================= This document describes installation on all supported operating -systems (the Unix/Linux family, including macOS), OpenVMS, -and Windows). +systems: the Unix/Linux family (including macOS), OpenVMS, +and Windows. Table of Contents ================= diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md index f7ca47baff87..8f0d973e057b 100644 --- a/crypto/openssl/NEWS.md +++ b/crypto/openssl/NEWS.md @@ -18,6 +18,11 @@ OpenSSL Releases OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] + + * Mitigate incorrect resize handling for symmetric cipher keys and IVs. + ([CVE-2023-5363]) + ### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023] * Fix POLY1305 MAC implementation corrupting XMM registers on Windows @@ -1453,6 +1458,7 @@ OpenSSL 0.9.x <!-- Links --> +[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446 diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat index c4157a86274d..9d9448118e6d 100644 --- a/crypto/openssl/VERSION.dat +++ b/crypto/openssl/VERSION.dat @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=11 +PATCH=12 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="19 Sep 2023" +RELEASE_DATE="24 Oct 2023" SHLIB_VERSION=3 diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c index e12389197de4..3f02af0d5738 100644 --- a/crypto/openssl/apps/dgst.c +++ b/crypto/openssl/apps/dgst.c @@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv) sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */); /* Verbose output would make external-tests gost-engine fail */ EVP_PKEY_CTX_free(mac_ctx); + if (sigkey == NULL) + goto end; } if (hmac_key != NULL) { diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c index 43906cea5649..2a54dca9d8b5 100644 --- a/crypto/openssl/apps/dhparam.c +++ b/crypto/openssl/apps/dhparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv) } tmppkey = app_paramgen(ctx, alg); + if (tmppkey == NULL) + goto end; EVP_PKEY_CTX_free(ctx); ctx = NULL; if (dsaparam) { diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c index b5555282be6e..ca91beb5b893 100644 --- a/crypto/openssl/apps/dsaparam.c +++ b/crypto/openssl/apps/dsaparam.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", numbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (outformat == FORMAT_ASN1) i = i2d_PrivateKey_bio(out, pkey); diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c index b3bf4cc2592d..c275046cf57a 100644 --- a/crypto/openssl/apps/enc.c +++ b/crypto/openssl/apps/enc.c @@ -624,7 +624,10 @@ int enc_main(int argc, char **argv) } } if (!BIO_flush(wbio)) { - BIO_printf(bio_err, "bad decrypt\n"); + if (enc) + BIO_printf(bio_err, "bad encrypt\n"); + else + BIO_printf(bio_err, "bad decrypt\n"); goto end; } diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c index 27feb793fed2..8aefca65566c 100644 --- a/crypto/openssl/apps/gendsa.c +++ b/crypto/openssl/apps/gendsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv) goto end; } pkey = app_keygen(ctx, "DSA", nbits, verbose); + if (pkey == NULL) + goto end; assert(private); if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) { diff --git a/crypto/openssl/apps/genpkey.c b/crypto/openssl/apps/genpkey.c index d00754eeaca0..705e5c76b47d 100644 --- a/crypto/openssl/apps/genpkey.c +++ b/crypto/openssl/apps/genpkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv) pkey = do_param ? app_paramgen(ctx, algname) : app_keygen(ctx, algname, 0, 0 /* not verbose */); + if (pkey == NULL) + goto end; if (do_param) { rv = PEM_write_bio_Parameters(out, pkey); diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c index 4436b7fa1745..6a683517a15f 100644 --- a/crypto/openssl/apps/genrsa.c +++ b/crypto/openssl/apps/genrsa.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -203,6 +203,8 @@ opthelp: goto end; } pkey = app_keygen(ctx, "RSA", num, verbose); + if (pkey == NULL) + goto end; if (verbose) { BIGNUM *e = NULL; diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c index 572f6a3f8f28..a632b0cff2bf 100644 --- a/crypto/openssl/apps/lib/apps.c +++ b/crypto/openssl/apps/lib/apps.c @@ -960,10 +960,14 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin, ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata, params, NULL, NULL); } - if (ctx == NULL) + if (ctx == NULL) { + BIO_printf(bio_err, "Could not open file or uri for loading"); goto end; - if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) + } + if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) { + BIO_printf(bio_err, "Internal error trying to load"); goto end; + } failed = NULL; while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) { @@ -3359,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose) BIO_printf(bio_err, "Warning: generating random key material may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_keygen(ctx, &res) <= 0) - app_bail_out("%s: Error generating %s key\n", opt_getprog(), - alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(), + alg != NULL ? alg : "asymmetric"); return res; } @@ -3372,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg) BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n" "if the system has a poor entropy source\n"); if (EVP_PKEY_paramgen(ctx, &res) <= 0) - app_bail_out("%s: Generating %s key parameters failed\n", - opt_getprog(), alg != NULL ? alg : "asymmetric"); + BIO_printf(bio_err, "%s: Generating %s key parameters failed\n", + opt_getprog(), alg != NULL ? alg : "asymmetric"); return res; } diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c index 926f0796bc8f..41191803aef4 100644 --- a/crypto/openssl/apps/req.c +++ b/crypto/openssl/apps/req.c @@ -685,6 +685,8 @@ int req_main(int argc, char **argv) EVP_PKEY_CTX_set_app_data(genctx, bio_err); pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose); + if (pkey == NULL) + goto end; EVP_PKEY_CTX_free(genctx); genctx = NULL; diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c index f30435704d19..1113d775b8ab 100644 --- a/crypto/openssl/apps/speed.c +++ b/crypto/openssl/apps/speed.c @@ -3700,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single, } else { int pad; - RAND_bytes(out, 16); + if (RAND_bytes(inp, 16) <= 0) + app_bail_out("error setting random bytes\n"); len += 16; aad[11] = (unsigned char)(len >> 8); aad[12] = (unsigned char)(len); diff --git a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl index 544dc7e8effe..d0e0be6187bd 100755 --- a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl @@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) { ######## 64-bit code s/\.[ui]?64//o and s/\.16b/\.2d/go; s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o; + # Switch preprocessor checks to aarch64 versions. + s/__ARME([BL])__/__AARCH64E$1__/go; + print $_,"\n"; } } else { ######## 32-bit code diff --git a/crypto/openssl/crypto/arm_arch.h b/crypto/openssl/crypto/arm_arch.h index 45d7e1556475..ec4a087fede2 100644 --- a/crypto/openssl/crypto/arm_arch.h +++ b/crypto/openssl/crypto/arm_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,11 +21,6 @@ # elif defined(__GNUC__) # if defined(__aarch64__) # define __ARM_ARCH__ 8 -# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ -# define __ARMEB__ -# else -# define __ARMEL__ -# endif /* * Why doesn't gcc define __ARM_ARCH__? Instead it defines * bunch of below macros. See all_architectures[] table in diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c index 59d024f674eb..cd0b0151ec7e 100644 --- a/crypto/openssl/crypto/bn/bn_gcd.c +++ b/crypto/openssl/crypto/bn/bn_gcd.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) for (i = 0; i < m; i++) { /* conditionally flip signs if delta is positive and g is odd */ - cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 + cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))); + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))); delta = (-cond & -delta) | ((cond - 1) & delta); r->neg ^= cond; /* swap */ @@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) goto err; BN_consttime_swap(g->d[0] & 1 /* g is odd */ /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */ - & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))), + & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))), g, temp, top); if (!BN_rshift1(g, g)) goto err; diff --git a/crypto/openssl/crypto/build.info b/crypto/openssl/crypto/build.info index b90390ae864c..c04db5591120 100644 --- a/crypto/openssl/crypto/build.info +++ b/crypto/openssl/crypto/build.info @@ -97,8 +97,6 @@ $UTIL_COMMON=\ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ param_build_set.c der_writer.c threads_lib.c params_dup.c -SHARED_SOURCE[../libssl]=sparse_array.c - SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ diff --git a/crypto/openssl/crypto/cms/cms_enc.c b/crypto/openssl/crypto/cms/cms_enc.c index f7007c12319e..ae88df33a7f0 100644 --- a/crypto/openssl/crypto/cms/cms_enc.c +++ b/crypto/openssl/crypto/cms/cms_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,7 @@ #include <openssl/cms.h> #include <openssl/rand.h> #include "crypto/evp.h" +#include "crypto/asn1.h" #include "cms_local.h" /* CMS EncryptedData Utilities */ @@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - if (calg->algorithm == NULL) { + if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) { ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); goto err; } diff --git a/crypto/openssl/crypto/cms/cms_err.c b/crypto/openssl/crypto/cms/cms_err.c index dcbea201c8e5..4bd6a0dc1bf1 100644 --- a/crypto/openssl/crypto/cms/cms_err.c +++ b/crypto/openssl/crypto/cms/cms_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = { "unsupported recipientinfo type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM), + "unsupported signature algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"}, diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c index 53c8e378f318..2093657a2a4a 100644 --- a/crypto/openssl/crypto/cms/cms_sd.c +++ b/crypto/openssl/crypto/cms/cms_sd.c @@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (md == NULL) { int def_nid; - if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) + + if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } md = EVP_get_digestbynid(def_nid); if (md == NULL) { - ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST); + ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST, + "default md nid=%d", def_nid); goto err; } } @@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, } } - if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) + if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) { + ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM, + "pkey nid=%d", EVP_PKEY_get_id(pk)); goto err; + } if (!(flags & CMS_NOATTR)) { /* * Initialize signed attributes structure so other attributes diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c index f4173e21371e..7ba2beae7fd6 100644 --- a/crypto/openssl/crypto/dh/dh_check.c +++ b/crypto/openssl/crypto/dh/dh_check.c @@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) */ int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret) + && *ret == 0; } int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret) diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c index 4e9705beef73..d84ea99241b9 100644 --- a/crypto/openssl/crypto/dh/dh_key.c +++ b/crypto/openssl/crypto/dh/dh_key.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, static int dh_init(DH *dh) { dh->flags |= DH_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dh->params); dh->dirty_cnt++; return 1; } diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c index 29cda5d7bfa8..5577413e1e0c 100644 --- a/crypto/openssl/crypto/dh/dh_lib.c +++ b/crypto/openssl/crypto/dh/dh_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif /* FIPS_MODULE */ + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/openssl/crypto/dsa/dsa_check.c b/crypto/openssl/crypto/dsa/dsa_check.c index 7ee914a477ec..fb0e9129a295 100644 --- a/crypto/openssl/crypto/dsa/dsa_check.c +++ b/crypto/openssl/crypto/dsa/dsa_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) */ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) + && *ret == 0; } /* @@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) */ int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) { - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret); + return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) + && *ret == 0; } int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c index ccc701659217..2ae3f8e36b26 100644 --- a/crypto/openssl/crypto/dsa/dsa_lib.c +++ b/crypto/openssl/crypto/dsa/dsa_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx) goto err; #endif + ossl_ffc_params_init(&ret->params); + if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL); goto err; diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c index 62f7c70149f4..8fd66a950e37 100644 --- a/crypto/openssl/crypto/dsa/dsa_ossl.c +++ b/crypto/openssl/crypto/dsa/dsa_ossl.c @@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, static int dsa_init(DSA *dsa) { dsa->flags |= DSA_FLAG_CACHE_MONT_P; - ossl_ffc_params_init(&dsa->params); dsa->dirty_cnt++; return 1; } diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c index 6e6d6df35b2b..f84fcde46016 100644 --- a/crypto/openssl/crypto/engine/eng_pkey.c +++ b/crypto/openssl/crypto/engine/eng_pkey.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY); return NULL; } + /* We enforce check for legacy key */ + switch (EVP_PKEY_get_id(pkey)) { + case EVP_PKEY_RSA: + { + RSA *rsa = EVP_PKEY_get1_RSA(pkey); + EVP_PKEY_set1_RSA(pkey, rsa); + RSA_free(rsa); + } + break; +# ifndef OPENSSL_NO_EC + case EVP_PKEY_SM2: + case EVP_PKEY_EC: + { + EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey); + EVP_PKEY_set1_EC_KEY(pkey, ec); + EC_KEY_free(ec); + } + break; +# endif +# ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + { + DSA *dsa = EVP_PKEY_get1_DSA(pkey); + EVP_PKEY_set1_DSA(pkey, dsa); + DSA_free(dsa); + } + break; +#endif +# ifndef OPENSSL_NO_DH + case EVP_PKEY_DH: + { + DH *dh = EVP_PKEY_get1_DH(pkey); + EVP_PKEY_set1_DH(pkey, dh); + DH_free(dh); + } + break; +#endif + default: + /*Do nothing */ + break; + } + return pkey; } diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c index 3138a1526002..9dc3144bbfd7 100644 --- a/crypto/openssl/crypto/engine/eng_table.c +++ b/crypto/openssl/crypto/engine/eng_table.c @@ -97,6 +97,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup, if (added && !engine_cleanup_add_first(cleanup)) { lh_ENGINE_PILE_free(&(*table)->piles); *table = NULL; + goto end; } while (num_nids--) { tmplate.nid = *nids; diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index a6f61ca3b02f..e51504b7abd5 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\ CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type +CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm CMS_R_UNSUPPORTED_TYPE:156:unsupported type CMS_R_UNWRAP_ERROR:157:unwrap error CMS_R_UNWRAP_FAILURE:180:unwrap failure diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c index b178d1086473..4e6f83e3d0a9 100644 --- a/crypto/openssl/crypto/evp/evp_enc.c +++ b/crypto/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, #endif } - if (cipher->prov != NULL) { + if (!ossl_assert(cipher->prov != NULL)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); + return 0; + } + + if (cipher != ctx->fetched_cipher) { if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); return 0; @@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx, return 0; } +#ifndef FIPS_MODULE + /* + * Fix for CVE-2023-5363 + * Passing in a size as part of the init call takes effect late + * so, force such to occur before the initialisation. + * + * The FIPS provider's internal library context is used in a manner + * such that this is not an issue. + */ + if (params != NULL) { + OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END, + OSSL_PARAM_END }; + OSSL_PARAM *q = param_lens; + const OSSL_PARAM *p; + + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + /* + * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for + * OSSL_CIPHER_PARAM_IVLEN so both are covered here. + */ + p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN); + if (p != NULL) + memcpy(q++, p, sizeof(*q)); + + if (q != param_lens) { + if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH); + return 0; + } + } + } +#endif + if (enc) { if (ctx->cipher->einit == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); diff --git a/crypto/openssl/crypto/evp/legacy_sha.c b/crypto/openssl/crypto/evp/legacy_sha.c index 3859286eeb20..ca9a3264978a 100644 --- a/crypto/openssl/crypto/evp/legacy_sha.c +++ b/crypto/openssl/crypto/evp/legacy_sha.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2) static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2) { - KECCAK1600_CTX *ctx = evp_ctx->md_data; + KECCAK1600_CTX *ctx; + + if (evp_ctx == NULL) + return 0; + ctx = evp_ctx->md_data; switch (cmd) { case EVP_MD_CTRL_XOF_LEN: diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c index 59a7a867ecbb..04b148a91218 100644 --- a/crypto/openssl/crypto/evp/p_lib.c +++ b/crypto/openssl/crypto/evp/p_lib.c @@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey, int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey, int indent, ASN1_PCTX *pctx) { - return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL, + return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL, (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL), pctx); } diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c index ce6e1a1ccbd5..ba1971ce461d 100644 --- a/crypto/openssl/crypto/evp/pmeth_lib.c +++ b/crypto/openssl/crypto/evp/pmeth_lib.c @@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, */ if (e != NULL) pmeth = ENGINE_get_pkey_meth(e, id); - else if (pkey != NULL && pkey->foreign) + else +# endif /* OPENSSL_NO_ENGINE */ + if (pkey != NULL && pkey->foreign) pmeth = EVP_PKEY_meth_find(id); else -# endif app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id); /* END legacy */ diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c index 40223f06e4ec..13b928899456 100644 --- a/crypto/openssl/crypto/ex_data.c +++ b/crypto/openssl/crypto/ex_data.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, * "app_data" routines use ex_data index zero. See RT 3710. */ if (ip->meth == NULL || !sk_EX_CALLBACK_push(ip->meth, NULL)) { + sk_EX_CALLBACK_free(ip->meth); + ip->meth = NULL; ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); goto err; } diff --git a/crypto/openssl/crypto/ffc/ffc_key_validate.c b/crypto/openssl/crypto/ffc/ffc_key_validate.c index 342789621d6d..a4a2a58e9a7f 100644 --- a/crypto/openssl/crypto/ffc/ffc_key_validate.c +++ b/crypto/openssl/crypto/ffc/ffc_key_validate.c @@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, *ret = 0; if (params == NULL || pub_key == NULL || params->p == NULL) { *ret = FFC_ERROR_PASSED_NULL_PARAM; - return 0; + return 1; } ctx = BN_CTX_new_ex(NULL); @@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, if (tmp == NULL || !BN_set_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) <= 0) { + if (BN_cmp(pub_key, tmp) <= 0) *ret |= FFC_ERROR_PUBKEY_TOO_SMALL; - goto err; - } /* Step(1): Verify pub_key <= p-2 */ if (BN_copy(tmp, params->p) == NULL || !BN_sub_word(tmp, 1)) goto err; - if (BN_cmp(pub_key, tmp) >= 0) { + if (BN_cmp(pub_key, tmp) >= 0) *ret |= FFC_ERROR_PUBKEY_TOO_LARGE; - goto err; - } ok = 1; err: if (ctx != NULL) { @@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret)) return 0; - if (params->q != NULL) { + if (*ret == 0 && params->q != NULL) { ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params, if (tmp == NULL || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx)) goto err; - if (!BN_is_one(tmp)) { + if (!BN_is_one(tmp)) *ret |= FFC_ERROR_PUBKEY_INVALID; - goto err; - } } ok = 1; diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c index 1cd988f01fc7..a01cfa725e38 100644 --- a/crypto/openssl/crypto/lhash/lhash.c +++ b/crypto/openssl/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh) if (n == NULL) { /* fputs("realloc error in lhash",stderr); */ lh->error++; - return; + } else { + lh->b = n; } lh->num_alloc_nodes /= 2; *** 1730 LINES SKIPPED ***