git: 1b7b799f9eba - stable/13 - OpenSSL: Merge OpenSSL 1.1.1o
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 03 May 2022 19:57:42 UTC
The branch stable/13 has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=1b7b799f9ebaa6d558523498005ca0e698051274
commit 1b7b799f9ebaa6d558523498005ca0e698051274
Author: Jung-uk Kim <jkim@FreeBSD.org>
AuthorDate: 2022-05-03 19:07:06 +0000
Commit: Jung-uk Kim <jkim@FreeBSD.org>
CommitDate: 2022-05-03 19:55:01 +0000
OpenSSL: Merge OpenSSL 1.1.1o
(cherry picked from commit 34252e89a96c8d498d7537ade16d20602bf2106a)
---
crypto/openssl/CHANGES | 13 +++++++
crypto/openssl/NEWS | 7 +++-
crypto/openssl/README | 4 +--
crypto/openssl/apps/apps.c | 2 ++
crypto/openssl/apps/x509.c | 6 ++--
crypto/openssl/crypto/bn/bn_div.c | 8 +++--
crypto/openssl/crypto/bn/bn_exp.c | 5 +--
crypto/openssl/crypto/ec/curve448/curve448.c | 3 +-
crypto/openssl/crypto/ec/ecp_nistz256.c | 3 +-
crypto/openssl/crypto/engine/eng_dyn.c | 33 ++++++++++++------
crypto/openssl/crypto/err/err.c | 45 +++++++++++++++++++++----
crypto/openssl/crypto/evp/evp_enc.c | 10 +++---
crypto/openssl/crypto/evp/evp_local.h | 4 +--
crypto/openssl/crypto/init.c | 13 ++-----
crypto/openssl/crypto/s390x_arch.h | 5 ++-
crypto/openssl/crypto/s390xcap.c | 5 ++-
crypto/openssl/doc/fingerprints.txt | 10 ++++++
crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod | 12 ++++++-
crypto/openssl/include/openssl/opensslv.h | 6 ++--
crypto/openssl/ssl/s3_enc.c | 4 ++-
crypto/openssl/ssl/ssl_init.c | 19 ++---------
crypto/openssl/ssl/ssl_lib.c | 4 ++-
crypto/openssl/ssl/ssl_txt.c | 6 ++--
crypto/openssl/ssl/statem/statem_clnt.c | 7 +++-
crypto/openssl/ssl/statem/statem_dtls.c | 8 ++---
crypto/openssl/ssl/statem/statem_srvr.c | 23 +++++++++----
crypto/openssl/ssl/t1_enc.c | 4 ++-
27 files changed, 180 insertions(+), 89 deletions(-)
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index f6e01b982581..98961effc058 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,19 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1n and 1.1.1o [3 May 2022]
+
+ *) Fixed a bug in the c_rehash script which was not properly sanitising shell
+ metacharacters to prevent command injection. This script is distributed by
+ some operating systems in a manner where it is automatically executed. On
+ such operating systems, an attacker could execute arbitrary commands with the
+ privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-1292)
+ [Tomáš Mráz]
+
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index f4ac262888ad..d32cf5bb48dd 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,10 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
+
+ o Fixed a bug in the c_rehash script which was not properly sanitising
+ shell metacharacters to prevent command injection (CVE-2022-1292)
+
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
- forever for non-prime moduli ([CVE-2022-0778])
+ forever for non-prime moduli (CVE-2022-0778)
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 3e100933f388..a56311a4d186 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,7 +1,7 @@
- OpenSSL 1.1.1n 15 Mar 2022
+ OpenSSL 1.1.1o 3 May 2022
- Copyright (c) 1998-2021 The OpenSSL Project
+ Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff --git a/crypto/openssl/apps/apps.c b/crypto/openssl/apps/apps.c
index 1a92271595f1..db5b48e4cf2f 100644
--- a/crypto/openssl/apps/apps.c
+++ b/crypto/openssl/apps/apps.c
@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
if (cb_data != NULL && cb_data->password != NULL
&& *(const char*)cb_data->password != '\0')
pw_min_len = 1;
+ else if (!verify)
+ pw_min_len = 0;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
diff --git a/crypto/openssl/apps/x509.c b/crypto/openssl/apps/x509.c
index 1043eba0c8a0..1f53504209de 100644
--- a/crypto/openssl/apps/x509.c
+++ b/crypto/openssl/apps/x509.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -590,6 +590,8 @@ int x509_main(int argc, char **argv)
xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL)
goto end;
+ if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+ goto end;
}
out = bio_open_default(outfile, 'w', outformat);
@@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
goto end;
}
- if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
- goto end;
if (!X509_set_serialNumber(x, bs))
goto end;
diff --git a/crypto/openssl/crypto/bn/bn_div.c b/crypto/openssl/crypto/bn/bn_div.c
index 0da9f39b31a9..4273618825cc 100644
--- a/crypto/openssl/crypto/bn/bn_div.c
+++ b/crypto/openssl/crypto/bn/bn_div.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
- if (rm != NULL)
- bn_rshift_fixed_top(rm, snum, norm_shift);
+
+ if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
+ goto err;
+
BN_CTX_end(ctx);
return 1;
err:
diff --git a/crypto/openssl/crypto/bn/bn_exp.c b/crypto/openssl/crypto/bn/bn_exp.c
index 9531acfc3c94..8c54ab005ca6 100644
--- a/crypto/openssl/crypto/bn/bn_exp.c
+++ b/crypto/openssl/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return ret;
}
+ BN_RECP_CTX_init(&recp);
+
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
if (val[0] == NULL)
goto err;
- BN_RECP_CTX_init(&recp);
if (m->neg) {
/* ignore sign of 'm' */
if (!BN_copy(aa, m))
diff --git a/crypto/openssl/crypto/ec/curve448/curve448.c b/crypto/openssl/crypto/ec/curve448/curve448.c
index 12d97f06795b..3d4db44564e9 100644
--- a/crypto/openssl/crypto/ec/curve448/curve448.c
+++ b/crypto/openssl/crypto/ec/curve448/curve448.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2016 Cryptography Research, Inc.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -577,6 +577,7 @@ static int recode_wnaf(struct smvt_control *control,
int32_t delta = odd & mask;
assert(position >= 0);
+ assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */
if (odd & (1 << (table_bits + 1)))
delta -= (1 << (table_bits + 1));
current -= delta * (1 << pos);
diff --git a/crypto/openssl/crypto/ec/ecp_nistz256.c b/crypto/openssl/crypto/ec/ecp_nistz256.c
index 5005249b05ea..cfad3e15b0bf 100644
--- a/crypto/openssl/crypto/ec/ecp_nistz256.c
+++ b/crypto/openssl/crypto/ec/ecp_nistz256.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2014, Intel Corporation. All Rights Reserved.
* Copyright (c) 2015, CloudFlare, Inc.
*
@@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
return 0;
}
+ memset(&p, 0, sizeof(p));
BN_CTX_start(ctx);
if (scalar) {
diff --git a/crypto/openssl/crypto/engine/eng_dyn.c b/crypto/openssl/crypto/engine/eng_dyn.c
index 6a0ddc162d00..27d7b893cdad 100644
--- a/crypto/openssl/crypto/engine/eng_dyn.c
+++ b/crypto/openssl/crypto/engine/eng_dyn.c
@@ -393,6 +393,26 @@ static int int_load(dynamic_data_ctx *ctx)
return 0;
}
+/*
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 3.x will cause a fatal
+ * error. Detect such engines, since EVP_PKEY_get_base_id is exported
+ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
+ * in openssl 1.1.x. Therefore we take the presence of that symbol
+ * as an indication that the engine will be incompatible.
+ */
+static int using_libcrypto_3(dynamic_data_ctx *ctx)
+{
+ int ret;
+
+ ERR_set_mark();
+ ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL;
+ ERR_pop_to_mark();
+
+ return ret;
+}
+
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
{
ENGINE cpy;
@@ -442,18 +462,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
/*
* We fail if the version checker veto'd the load *or* if it is
* deferring to us (by returning its version) and we think it is too
- * old.
- * Unfortunately the version checker does not distinguish between
- * engines built for openssl 1.1.x and openssl 3.x, but loading
- * an engine that is built for openssl 3.x will cause a fatal
- * error. Detect such engines, since EVP_PKEY_get_base_id is exported
- * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
- * in openssl 1.1.x. Therefore we take the presence of that symbol
- * as an indication that the engine will be incompatible.
+ * old. Also fail if this is engine for openssl 3.x.
*/
- if (vcheck_res < OSSL_DYNAMIC_OLDEST
- || DSO_bind_func(ctx->dynamic_dso,
- "EVP_PKEY_get_base_id") != NULL) {
+ if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) {
/* Fail */
ctx->bind_engine = NULL;
ctx->v_check = NULL;
diff --git a/crypto/openssl/crypto/err/err.c b/crypto/openssl/crypto/err/err.c
index bd116e249acb..239a3cea9cc2 100644
--- a/crypto/openssl/crypto/err/err.c
+++ b/crypto/openssl/crypto/err/err.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -23,7 +23,9 @@
#include "internal/constant_time.h"
#include "e_os.h"
+#ifndef OPENSSL_NO_ERR
static int err_load_strings(const ERR_STRING_DATA *str);
+#endif
static void ERR_STATE_free(ERR_STATE *s);
#ifndef OPENSSL_NO_ERR
@@ -76,9 +78,9 @@ static ERR_STRING_DATA ERR_str_functs[] = {
{ERR_PACK(0, SYS_F_BIND, 0), "bind"},
{ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
{ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
-# ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
{ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
-# endif
+#endif
{ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
{ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
{ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
@@ -141,21 +143,26 @@ static int set_err_thread_local;
static CRYPTO_THREAD_LOCAL err_thread_local;
static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
-static CRYPTO_RWLOCK *err_string_lock;
+static CRYPTO_RWLOCK *err_string_lock = NULL;
+#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+#endif
/*
* The internal state
*/
+#ifndef OPENSSL_NO_ERR
static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+#endif
static int int_err_library_number = ERR_LIB_USER;
static unsigned long get_error_values(int inc, int top, const char **file,
int *line, const char **data,
int *flags);
+#ifndef OPENSSL_NO_ERR
static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
{
unsigned long ret, l;
@@ -184,7 +191,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
return p;
}
-#ifndef OPENSSL_NO_ERR
/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
# define SPACE_SYS_STR_REASONS 8 * 1024
# define NUM_SYS_STR_REASONS 127
@@ -299,6 +305,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
err_string_lock = CRYPTO_THREAD_lock_new();
if (err_string_lock == NULL)
return 0;
+#ifndef OPENSSL_NO_ERR
int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
err_string_data_cmp);
if (int_error_hash == NULL) {
@@ -306,6 +313,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
err_string_lock = NULL;
return 0;
}
+#endif
return 1;
}
@@ -315,10 +323,13 @@ void err_cleanup(void)
CRYPTO_THREAD_cleanup_local(&err_thread_local);
CRYPTO_THREAD_lock_free(err_string_lock);
err_string_lock = NULL;
+#ifndef OPENSSL_NO_ERR
lh_ERR_STRING_DATA_free(int_error_hash);
int_error_hash = NULL;
+#endif
}
+#ifndef OPENSSL_NO_ERR
/*
* Legacy; pack in the library.
*/
@@ -342,6 +353,7 @@ static int err_load_strings(const ERR_STRING_DATA *str)
CRYPTO_THREAD_unlock(err_string_lock);
return 1;
}
+#endif
int ERR_load_ERR_strings(void)
{
@@ -360,24 +372,31 @@ int ERR_load_ERR_strings(void)
int ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
+#ifndef OPENSSL_NO_ERR
if (ERR_load_ERR_strings() == 0)
return 0;
err_patch(lib, str);
err_load_strings(str);
+#endif
+
return 1;
}
int ERR_load_strings_const(const ERR_STRING_DATA *str)
{
+#ifndef OPENSSL_NO_ERR
if (ERR_load_ERR_strings() == 0)
return 0;
err_load_strings(str);
+#endif
+
return 1;
}
int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
+#ifndef OPENSSL_NO_ERR
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return 0;
@@ -389,14 +408,14 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
for (; str->error; str++)
(void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
CRYPTO_THREAD_unlock(err_string_lock);
+#endif
return 1;
}
void err_free_strings_int(void)
{
- if (!RUN_ONCE(&err_string_init, do_err_strings_init))
- return;
+ /* obsolete */
}
/********************************************************/
@@ -636,6 +655,7 @@ char *ERR_error_string(unsigned long e, char *ret)
const char *ERR_lib_error_string(unsigned long e)
{
+#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p;
unsigned long l;
@@ -647,10 +667,14 @@ const char *ERR_lib_error_string(unsigned long e)
d.error = ERR_PACK(l, 0, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
+#else
+ return NULL;
+#endif
}
const char *ERR_func_error_string(unsigned long e)
{
+#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p;
unsigned long l, f;
@@ -663,10 +687,14 @@ const char *ERR_func_error_string(unsigned long e)
d.error = ERR_PACK(l, f, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
+#else
+ return NULL;
+#endif
}
const char *ERR_reason_error_string(unsigned long e)
{
+#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p = NULL;
unsigned long l, r;
@@ -683,6 +711,9 @@ const char *ERR_reason_error_string(unsigned long e)
p = int_err_get_item(&d);
}
return ((p == NULL) ? NULL : p->string);
+#else
+ return NULL;
+#endif
}
void err_delete_thread_state(void)
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index d835968f253c..e756624b2cdf 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
# define PTRDIFF_T size_t
#endif
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
{
PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
/*
@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int i, j, bl, cmpl = inl;
+ int i, j, bl;
+ size_t cmpl = (size_t)inl;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
- int fix_len, cmpl = inl;
+ int fix_len;
unsigned int b;
+ size_t cmpl = (size_t)inl;
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
diff --git a/crypto/openssl/crypto/evp/evp_local.h b/crypto/openssl/crypto/evp/evp_local.h
index f1589d682894..b59beee49fa8 100644
--- a/crypto/openssl/crypto/evp/evp_local.h
+++ b/crypto/openssl/crypto/evp/evp_local.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st {
typedef struct evp_pbe_st EVP_PBE_CTL;
DEFINE_STACK_OF(EVP_PBE_CTL)
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len);
diff --git a/crypto/openssl/crypto/init.c b/crypto/openssl/crypto/init.c
index 1b0d523beae0..b23af7977cd2 100644
--- a/crypto/openssl/crypto/init.c
+++ b/crypto/openssl/crypto/init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -211,7 +211,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
}
static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
-static int load_crypto_strings_inited = 0;
+
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
{
int ret = 1;
@@ -225,7 +225,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
"err_load_crypto_strings_int()\n");
# endif
ret = err_load_crypto_strings_int();
- load_crypto_strings_inited = 1;
#endif
return ret;
}
@@ -549,14 +548,6 @@ void OPENSSL_cleanup(void)
async_deinit();
}
- if (load_crypto_strings_inited) {
-#ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
- "err_free_strings_int()\n");
-#endif
- err_free_strings_int();
- }
-
key = destructor_key.value;
destructor_key.sane = -1;
CRYPTO_THREAD_cleanup_local(&key);
diff --git a/crypto/openssl/crypto/s390x_arch.h b/crypto/openssl/crypto/s390x_arch.h
index 4d2cc02eb3d3..64e7ebb5662e 100644
--- a/crypto/openssl/crypto/s390x_arch.h
+++ b/crypto/openssl/crypto/s390x_arch.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -47,6 +47,9 @@ struct OPENSSL_s390xcap_st {
unsigned long long kma[2];
};
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
/* convert facility bit number or function code to bit mask */
diff --git a/crypto/openssl/crypto/s390xcap.c b/crypto/openssl/crypto/s390xcap.c
index 5d58b2d807b4..1097c703b4fb 100644
--- a/crypto/openssl/crypto/s390xcap.c
+++ b/crypto/openssl/crypto/s390xcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -26,6 +26,9 @@ void OPENSSL_vx_probe(void);
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
void OPENSSL_cpuid_setup(void)
{
sigset_t oset;
diff --git a/crypto/openssl/doc/fingerprints.txt b/crypto/openssl/doc/fingerprints.txt
index 51e76c8f71b9..3604fbdc658c 100644
--- a/crypto/openssl/doc/fingerprints.txt
+++ b/crypto/openssl/doc/fingerprints.txt
@@ -22,3 +22,13 @@ pub 2048R/0E604491 2013-04-30
Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
uid Matt Caswell <matt@openssl.org>
uid Matt Caswell <frodo@baggins.org>
+
+pub rsa4096 2021-02-14
+ B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45
+uid Paul Dale <pauli@openssl.org>
+
+pub rsa4096 2021-07-16
+ A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C
+uid Tomáš Mráz <tm@t8m.info>
+uid Tomáš Mráz <tomas@arleto.cz>
+uid Tomáš Mráz <tomas@openssl.org>
diff --git a/crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod b/crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod
index c32585e45f92..e76353cfd4b9 100644
--- a/crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod
+++ b/crypto/openssl/doc/man3/SSL_CTX_set_timeout.pod
@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
All currently supported protocols have the same default timeout value
of 300 seconds.
+This timeout value is used as the ticket lifetime hint for stateless session
+tickets. It is also used as the timeout value within the ticket itself.
+
+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
+seconds).
+
+For TLSv1.2, tickets generated during an initial handshake use the value
+as specified. Tickets generated during a resumed handshake have a value
+of 0 for the ticket lifetime hint.
+
=head1 RETURN VALUES
SSL_CTX_set_timeout() returns the previously set timeout value.
@@ -58,7 +68,7 @@ L<SSL_get_default_timeout(3)>
=head1 COPYRIGHT
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h
index cef157da5f64..7acc112982c7 100644
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x101010efL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n-freebsd 15 Mar 2022"
+# define OPENSSL_VERSION_NUMBER 0x101010ffL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o-freebsd 3 May 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/crypto/openssl/ssl/s3_enc.c b/crypto/openssl/ssl/s3_enc.c
index 8a89f512fe60..7b119b452fd7 100644
--- a/crypto/openssl/ssl/s3_enc.c
+++ b/crypto/openssl/ssl/s3_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case SSL_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
diff --git a/crypto/openssl/ssl/ssl_init.c b/crypto/openssl/ssl/ssl_init.c
index d083d9597091..a5d45480c9e0 100644
--- a/crypto/openssl/ssl/ssl_init.c
+++ b/crypto/openssl/ssl/ssl_init.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -116,7 +116,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
}
static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
-static int ssl_strings_inited = 0;
+
DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
{
/*
@@ -129,7 +129,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
"ERR_load_SSL_strings()\n");
# endif
ERR_load_SSL_strings();
- ssl_strings_inited = 1;
#endif
return 1;
}
@@ -157,20 +156,6 @@ static void ssl_library_stop(void)
ssl_comp_free_compression_methods_int();
#endif
}
-
- if (ssl_strings_inited) {
-#ifdef OPENSSL_INIT_DEBUG
- fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
- "err_free_strings_int()\n");
-#endif
- /*
- * If both crypto and ssl error strings are inited we will end up
- * calling err_free_strings_int() twice - but that's ok. The second
- * time will be a no-op. It's easier to do that than to try and track
- * between the two libraries whether they have both been inited.
- */
- err_free_strings_int();
- }
}
/*
diff --git a/crypto/openssl/ssl/ssl_lib.c b/crypto/openssl/ssl/ssl_lib.c
index ff5a9e05660b..1fbad29b233c 100644
--- a/crypto/openssl/ssl/ssl_lib.c
+++ b/crypto/openssl/ssl/ssl_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -2170,6 +2170,7 @@ int SSL_shutdown(SSL *s)
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ memset(&args, 0, sizeof(args));
args.s = s;
args.type = OTHERFUNC;
args.f.func_other = s->method->ssl_shutdown;
@@ -3799,6 +3800,7 @@ int SSL_do_handshake(SSL *s)
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
struct ssl_async_args args;
+ memset(&args, 0, sizeof(args));
args.s = s;
ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
diff --git a/crypto/openssl/ssl/ssl_txt.c b/crypto/openssl/ssl/ssl_txt.c
index 457bc8b3c20a..759e1873e6b1 100644
--- a/crypto/openssl/ssl/ssl_txt.c
+++ b/crypto/openssl/ssl/ssl_txt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -130,11 +130,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
}
#endif
if (x->time != 0L) {
- if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0)
+ if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {
- if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0)
+ if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0)
goto err;
}
if (BIO_puts(bp, "\n") <= 0)
diff --git a/crypto/openssl/ssl/statem/statem_clnt.c b/crypto/openssl/ssl/statem/statem_clnt.c
index d1a39698124b..d19c44e8d984 100644
--- a/crypto/openssl/ssl/statem/statem_clnt.c
+++ b/crypto/openssl/ssl/statem/statem_clnt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -1422,6 +1422,11 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
&& sversion == TLS1_2_VERSION
&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+ if (s->hello_retry_request != SSL_HRR_NONE) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
s->hello_retry_request = SSL_HRR_PENDING;
hrr = 1;
if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
diff --git a/crypto/openssl/ssl/statem/statem_dtls.c b/crypto/openssl/ssl/statem/statem_dtls.c
index 8e3fb686ee27..8fe6cea72359 100644
--- a/crypto/openssl/ssl/statem/statem_dtls.c
+++ b/crypto/openssl/ssl/statem/statem_dtls.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type)
else
len = s->init_num;
- if (len > s->max_send_fragment)
- len = s->max_send_fragment;
+ if (len > ssl_get_max_send_fragment(s))
+ len = ssl_get_max_send_fragment(s);
/*
* XDTLS: this function is too long. split out the CCS part
@@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type)
ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
&written);
- if (ret < 0) {
+ if (ret <= 0) {
/*
* might need to update MTU here, but we don't know which
* previous packet caused the failure -- so can't really
diff --git a/crypto/openssl/ssl/statem/statem_srvr.c b/crypto/openssl/ssl/statem/statem_srvr.c
index d701c46b43b5..43f77a58992f 100644
--- a/crypto/openssl/ssl/statem/statem_srvr.c
+++ b/crypto/openssl/ssl/statem/statem_srvr.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
unsigned char *tick_nonce)
{
+ uint32_t timeout = (uint32_t)s->session->timeout;
+
/*
- * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
- * unspecified for resumed session (for simplicity).
+ * Ticket lifetime hint:
* In TLSv1.3 we reset the "time" field above, and always specify the
- * timeout.
+ * timeout, limited to a 1 week period per RFC8446.
+ * For TLSv1.2 this is advisory only and we leave this unspecified for
+ * resumed session (for simplicity).
*/
- if (!WPACKET_put_bytes_u32(pkt,
- (s->hit && !SSL_IS_TLS13(s))
- ? 0 : s->session->timeout)) {
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+
+ if (SSL_IS_TLS13(s)) {
+ if (s->session->timeout > ONE_WEEK_SEC)
+ timeout = ONE_WEEK_SEC;
+ } else if (s->hit)
+ timeout = 0;
+
+ if (!WPACKET_put_bytes_u32(pkt, timeout)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
ERR_R_INTERNAL_ERROR);
return 0;
diff --git a/crypto/openssl/ssl/t1_enc.c b/crypto/openssl/ssl/t1_enc.c
index 7d2eb381af1a..422dde31262a 100644
--- a/crypto/openssl/ssl/t1_enc.c
+++ b/crypto/openssl/ssl/t1_enc.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -796,6 +796,8 @@ int tls1_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
+ case SSL_AD_MISSING_EXTENSION:
+ return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}