git: c83325e95a98 - stable/12 - OpenSSL: Merge OpenSSL 1.1.1q
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 05 Jul 2022 16:42:07 UTC
The branch stable/12 has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=c83325e95a98991ec46e0c881559d3dbfaf36081
commit c83325e95a98991ec46e0c881559d3dbfaf36081
Author: Jung-uk Kim <jkim@FreeBSD.org>
AuthorDate: 2022-07-05 15:47:01 +0000
Commit: Jung-uk Kim <jkim@FreeBSD.org>
CommitDate: 2022-07-05 16:37:44 +0000
OpenSSL: Merge OpenSSL 1.1.1q
(cherry picked from commit 64cbf7cebc3b80a971e1d15124831d84604b9370)
---
crypto/openssl/CHANGES | 13 +++++++++++++
crypto/openssl/NEWS | 5 +++++
crypto/openssl/README | 2 +-
crypto/openssl/crypto/aes/asm/aesni-x86.pl | 6 +++---
crypto/openssl/crypto/bn/bn_gcd.c | 8 +++++---
crypto/openssl/crypto/ec/ec_asn1.c | 4 ++--
crypto/openssl/crypto/x509v3/v3_addr.c | 16 +++++++++++++---
crypto/openssl/crypto/x509v3/v3_sxnet.c | 2 ++
crypto/openssl/doc/man3/SSL_get_current_cipher.pod | 6 +++---
crypto/openssl/include/openssl/opensslv.h | 4 ++--
10 files changed, 49 insertions(+), 17 deletions(-)
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 18c320f85c84..c18a1f514968 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,19 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
+
+ *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+ implementation would not encrypt the entirety of the data under some
+ circumstances. This could reveal sixteen bytes of data that was
+ preexisting in the memory that wasn't written. In the special case of
+ "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+ Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+ they are both unaffected.
+ (CVE-2022-2097)
+ [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo]
+
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index f5f5759c0ff2..75e9ba062df3 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
+
+ o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ (CVE-2022-2097)
+
Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
o Fixed additional bugs in the c_rehash script which was not properly
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 97a0042b8651..79f9c611a933 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1p 21 Jun 2022
+ OpenSSL 1.1.1q 5 Jul 2022
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/crypto/aes/asm/aesni-x86.pl b/crypto/openssl/crypto/aes/asm/aesni-x86.pl
index fe2b26542ab6..3502940d5233 100755
--- a/crypto/openssl/crypto/aes/asm/aesni-x86.pl
+++ b/crypto/openssl/crypto/aes/asm/aesni-x86.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out);
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c
index 0941f7b97f3f..6190bf1eddb0 100644
--- a/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/crypto/openssl/crypto/bn/bn_gcd.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
@@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
diff --git a/crypto/openssl/crypto/ec/ec_asn1.c b/crypto/openssl/crypto/ec/ec_asn1.c
index 34de7b2aabf7..1acbbde3d37b 100644
--- a/crypto/openssl/crypto/ec/ec_asn1.c
+++ b/crypto/openssl/crypto/ec/ec_asn1.c
@@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
}
/* extract the order */
- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+ if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
@@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+ } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
diff --git a/crypto/openssl/crypto/x509v3/v3_addr.c b/crypto/openssl/crypto/x509v3/v3_addr.c
index 4258dbc40c0f..ccce34ef2e48 100644
--- a/crypto/openssl/crypto/x509v3/v3_addr.c
+++ b/crypto/openssl/crypto/x509v3/v3_addr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,6 +13,8 @@
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
@@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min,
unsigned char mask;
int i, j;
- if (memcmp(min, max, length) <= 0)
- return -1;
+ /*
+ * It is the responsibility of the caller to confirm min <= max. We don't
+ * use ossl_assert() here since we have no way of signalling an error from
+ * this function - so we just use a plain assert instead.
+ */
+ assert(memcmp(min, max, length) <= 0);
+
for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
@@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result,
IPAddressOrRange *aor;
int i, prefixlen;
+ if (memcmp(min, max, length) > 0)
+ return 0;
+
if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
return make_addressPrefix(result, min, prefixlen);
diff --git a/crypto/openssl/crypto/x509v3/v3_sxnet.c b/crypto/openssl/crypto/x509v3/v3_sxnet.c
index 144e8bee84ad..3c5508f9416c 100644
--- a/crypto/openssl/crypto/x509v3/v3_sxnet.c
+++ b/crypto/openssl/crypto/x509v3/v3_sxnet.c
@@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+ if (tmp == NULL)
+ return 0;
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
ASN1_STRING_print(out, id->user);
diff --git a/crypto/openssl/doc/man3/SSL_get_current_cipher.pod b/crypto/openssl/doc/man3/SSL_get_current_cipher.pod
index 64ca819b0e1c..4ed555aa4972 100644
--- a/crypto/openssl/doc/man3/SSL_get_current_cipher.pod
+++ b/crypto/openssl/doc/man3/SSL_get_current_cipher.pod
@@ -10,8 +10,8 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection
#include <openssl/ssl.h>
- SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
- SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+ const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+ const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
const char *SSL_get_cipher_name(const SSL *s);
const char *SSL_get_cipher(const SSL *s);
@@ -61,7 +61,7 @@ L<ssl(7)>, L<SSL_CIPHER_get_name(3)>
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h
index 41f3a095460b..72f33433be1c 100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010110fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p-freebsd 21 Jun 2022"
+# define OPENSSL_VERSION_NUMBER 0x1010111fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q-freebsd 5 Jul 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)