git: 4f55bd5321b7 - vendor/openssl - Import OpenSSL 1.1.1j.
Jung-uk Kim
jkim at FreeBSD.org
Tue Feb 16 19:55:47 UTC 2021
The branch vendor/openssl has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=4f55bd5321b72491d4eff396e4928e9ab0706735
commit 4f55bd5321b72491d4eff396e4928e9ab0706735
Author: Jung-uk Kim <jkim at FreeBSD.org>
AuthorDate: 2021-02-16 19:54:02 +0000
Commit: Jung-uk Kim <jkim at FreeBSD.org>
CommitDate: 2021-02-16 19:54:02 +0000
Import OpenSSL 1.1.1j.
---
AUTHORS | 7 +++++
CHANGES | 37 ++++++++++++++++++++++++
CONTRIBUTING | 4 +--
Configure | 29 ++++++++++---------
INSTALL | 15 +++++-----
NEWS | 10 +++++++
README | 2 +-
apps/ca.c | 53 ++++++++++++++---------------------
crypto/aes/asm/aes-armv4.pl | 0
crypto/aes/asm/aes-c64xplus.pl | 0
crypto/aes/asm/aes-mips.pl | 0
crypto/aes/asm/aes-parisc.pl | 0
crypto/aes/asm/aes-ppc.pl | 0
crypto/aes/asm/aes-s390x.pl | 0
crypto/aes/asm/aesfx-sparcv9.pl | 0
crypto/aes/asm/aesni-mb-x86_64.pl | 0
crypto/aes/asm/aesni-sha1-x86_64.pl | 0
crypto/aes/asm/aesni-sha256-x86_64.pl | 0
crypto/aes/asm/aesni-x86.pl | 0
crypto/aes/asm/aesni-x86_64.pl | 0
crypto/aes/asm/aest4-sparcv9.pl | 0
crypto/aes/asm/bsaes-armv7.pl | 0
crypto/aes/asm/vpaes-ppc.pl | 0
crypto/aes/asm/vpaes-x86.pl | 0
crypto/aes/asm/vpaes-x86_64.pl | 0
crypto/armcap.c | 19 ++++++++++++-
crypto/armv4cpuid.pl | 0
crypto/asn1/charmap.h | 2 +-
crypto/bn/asm/armv4-gf2m.pl | 0
crypto/bn/asm/armv4-mont.pl | 0
crypto/bn/asm/c64xplus-gf2m.pl | 0
crypto/bn/asm/ia64-mont.pl | 0
crypto/bn/asm/mips-mont.pl | 0
crypto/bn/asm/mips.pl | 0
crypto/bn/asm/parisc-mont.pl | 0
crypto/bn/asm/ppc-mont.pl | 0
crypto/bn/asm/ppc64-mont.pl | 0
crypto/bn/asm/s390x-gf2m.pl | 0
crypto/bn/asm/s390x-mont.pl | 0
crypto/bn/asm/s390x.S | 0
crypto/bn/asm/sparcv9-gf2m.pl | 0
crypto/bn/asm/sparcv9-mont.pl | 0
crypto/bn/asm/via-mont.pl | 0
crypto/bn/asm/vis3-mont.pl | 0
crypto/bn/asm/x86-gf2m.pl | 0
crypto/bn/asm/x86_64-gf2m.pl | 0
crypto/bn/bn_const.c | 0
crypto/bn/bn_prime.h | 2 +-
crypto/c64xpluscpuid.pl | 0
crypto/camellia/asm/cmll-x86.pl | 0
crypto/camellia/asm/cmll-x86_64.pl | 0
crypto/camellia/asm/cmllt4-sparcv9.pl | 0
crypto/conf/conf_def.c | 16 ++++++++++-
crypto/conf/conf_def.h | 2 +-
crypto/des/asm/dest4-sparcv9.pl | 0
crypto/dh/dh_key.c | 33 ++++++++++++++++++++--
crypto/ec/asm/ecp_nistz256-armv8.pl | 0
crypto/err/openssl.txt | 3 +-
crypto/evp/evp_enc.c | 27 ++++++++++++++++++
crypto/evp/evp_err.c | 4 ++-
crypto/md5/asm/md5-sparcv9.pl | 0
crypto/mem_sec.c | 8 +++++-
crypto/modes/asm/aesni-gcm-x86_64.pl | 0
crypto/modes/asm/ghash-armv4.pl | 0
crypto/modes/asm/ghash-c64xplus.pl | 0
crypto/modes/asm/ghash-parisc.pl | 0
crypto/modes/asm/ghash-s390x.pl | 0
crypto/modes/asm/ghash-sparcv9.pl | 0
crypto/modes/asm/ghash-x86.pl | 0
crypto/modes/asm/ghash-x86_64.pl | 0
crypto/modes/asm/ghashv8-armx.pl | 0
crypto/objects/obj_dat.h | 2 +-
crypto/objects/obj_xref.h | 2 +-
crypto/objects/objxref.pl | 0
crypto/ocsp/ocsp_cl.c | 0
crypto/ocsp/ocsp_ext.c | 0
crypto/ocsp/ocsp_lib.c | 0
crypto/ocsp/ocsp_srv.c | 0
crypto/pariscid.pl | 0
crypto/perlasm/sparcv9_modes.pl | 0
crypto/perlasm/x86gas.pl | 0
crypto/perlasm/x86masm.pl | 0
crypto/poly1305/asm/poly1305-armv4.pl | 13 +++++----
crypto/ppccap.c | 20 ++++++++++++-
crypto/rc4/asm/rc4-c64xplus.pl | 0
crypto/rc4/asm/rc4-md5-x86_64.pl | 0
crypto/rc4/asm/rc4-parisc.pl | 0
crypto/rc4/asm/rc4-s390x.pl | 0
crypto/rsa/rsa_ssl.c | 10 +++++--
crypto/sha/asm/sha1-armv4-large.pl | 0
crypto/sha/asm/sha1-armv8.pl | 0
crypto/sha/asm/sha1-c64xplus.pl | 0
crypto/sha/asm/sha1-mb-x86_64.pl | 0
crypto/sha/asm/sha1-mips.pl | 0
crypto/sha/asm/sha1-parisc.pl | 0
crypto/sha/asm/sha1-s390x.pl | 0
crypto/sha/asm/sha1-sparcv9.pl | 0
crypto/sha/asm/sha1-sparcv9a.pl | 0
crypto/sha/asm/sha1-thumb.pl | 0
crypto/sha/asm/sha256-586.pl | 0
crypto/sha/asm/sha256-armv4.pl | 0
crypto/sha/asm/sha256-c64xplus.pl | 0
crypto/sha/asm/sha256-mb-x86_64.pl | 0
crypto/sha/asm/sha512-586.pl | 0
crypto/sha/asm/sha512-armv4.pl | 0
crypto/sha/asm/sha512-armv8.pl | 0
crypto/sha/asm/sha512-c64xplus.pl | 0
crypto/sha/asm/sha512-mips.pl | 0
crypto/sha/asm/sha512-s390x.pl | 0
crypto/sha/asm/sha512-sparcv9.pl | 0
crypto/srp/srp_lib.c | 13 ++++++---
crypto/vms_rms.h | 0
crypto/whrlpool/asm/wp-mmx.pl | 0
crypto/whrlpool/asm/wp-x86_64.pl | 0
crypto/x509/x509_cmp.c | 24 +++++++++-------
crypto/x509/x509_vfy.c | 15 ++++------
crypto/x509/x_all.c | 4 +--
crypto/x509/x_attrib.c | 5 +++-
crypto/x509v3/v3_purp.c | 14 +++++----
doc/man1/ca.pod | 4 +--
doc/man1/cms.pod | 4 +--
doc/man1/crl2pkcs7.pod | 4 +--
doc/man1/dgst.pod | 4 +--
doc/man1/dsa.pod | 6 ++--
doc/man1/ec.pod | 6 ++--
doc/man1/enc.pod | 4 +--
doc/man1/genpkey.pod | 4 +--
doc/man1/genrsa.pod | 4 +--
doc/man1/pkcs12.pod | 14 ++++-----
doc/man1/pkcs8.pod | 6 ++--
doc/man1/pkey.pod | 6 ++--
doc/man1/pkeyutl.pod | 4 +--
doc/man1/req.pod | 6 ++--
doc/man1/rsa.pod | 6 ++--
doc/man1/s_client.pod | 4 +--
doc/man1/s_server.pod | 4 +--
doc/man1/smime.pod | 4 +--
doc/man1/spkac.pod | 4 +--
doc/man1/storeutl.pod | 4 +--
doc/man1/ts.pod | 4 +--
doc/man1/x509.pod | 4 +--
doc/man3/DH_generate_key.pod | 27 ++++++++++++++----
doc/man3/OCSP_sendreq_new.pod | 28 ++++++++++++++----
doc/man3/OPENSSL_malloc.pod | 2 +-
doc/man3/X509_get_extension_flags.pod | 11 ++++++--
engines/asm/e_padlock-x86.pl | 0
engines/asm/e_padlock-x86_64.pl | 0
include/openssl/evperr.h | 7 ++---
include/openssl/obj_mac.h | 2 +-
include/openssl/opensslv.h | 4 +--
include/openssl/x509v3.h | 7 +++--
ssl/d1_lib.c | 11 ++++----
ssl/record/rec_layer_d1.c | 5 +++-
ssl/ssl_local.h | 3 +-
ssl/statem/extensions.c | 5 ++--
ssl/statem/statem_clnt.c | 3 +-
ssl/statem/statem_lib.c | 15 ++++++++--
157 files changed, 433 insertions(+), 202 deletions(-)
diff --git a/AUTHORS b/AUTHORS
index ac93b2e7b975..dac46f8b7e08 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -13,6 +13,8 @@ Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
+David von Oheimb
+Dmitry Belyavskiy (Дмитрий Белявский)
Emilia Käsper
Eric Young
Geoff Thorpe
@@ -22,14 +24,19 @@ Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
+Nicola Tuveri
Nils Larsch
+Patrick Steuer
Paul Dale
Paul C. Sutton
+Paul Yang
Ralf S. Engelschall
Rich Salz
Richard Levitte
+Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
+Tomáš Mráz
Ulf Möller
Viktor Dukhovni
diff --git a/CHANGES b/CHANGES
index 37dd60b726ee..1ab64b35c9a4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+ create a unique hash value based on the issuer and serial number data
+ contained within an X509 certificate. However it was failing to correctly
+ handle any errors that may occur while parsing the issuer field (which might
+ occur if the issuer field is maliciously constructed). This may subsequently
+ result in a NULL pointer deref and a crash leading to a potential denial of
+ service attack.
+ (CVE-2021-23841)
+ [Matt Caswell]
+
+ *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks. This is considered a
+ bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+ CVE-2021-23839.
+ [Matt Caswell]
+
+ *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+ functions. Previously they could overflow the output length argument in some
+ cases where the input length is close to the maximum permissable length for
+ an integer on the platform. In such cases the return value from the function
+ call would be 1 (indicating success), but the output length value would be
+ negative. This could cause applications to behave incorrectly or crash.
+ (CVE-2021-23840)
+ [Matt Caswell]
+
+ *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+ implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+ could be exploited in a side channel attack to recover the password. Since
+ the attack is local host only this is outside of the current OpenSSL
+ threat model and therefore no CVE is assigned.
+
+ Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+ issue.
+ [Matt Caswell]
+
Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
*) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
diff --git a/CONTRIBUTING b/CONTRIBUTING
index 57be75ce2b8a..83c0dde12819 100644
--- a/CONTRIBUTING
+++ b/CONTRIBUTING
@@ -41,8 +41,8 @@ guidelines:
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
- platforms: try to ensure you only use portable features. Clean builds
- via Travis and AppVeyor are required, and they are started automatically
+ platforms: try to ensure you only use portable features. Clean builds via
+ GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
diff --git a/Configure b/Configure
index 1d73d06e1b3b..b286dd0678bb 100755
--- a/Configure
+++ b/Configure
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1201,6 +1201,10 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
+ disable('static', 'pic', 'threads');
+}
+
# Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@@ -1521,10 +1525,6 @@ if ($strict_warnings)
}
}
-if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
- disable('static', 'pic', 'threads');
-}
-
$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
? @strict_warnings_collection
: ( $_ ) }
@@ -2611,19 +2611,22 @@ _____
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
- print " $what\n" unless $disabled{$what};
+ print " $what\n"
+ unless grep { $_ =~ /^${what}$/ } keys %disabled;
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
- if ($disabled{$what}) {
- print " $what", ' ' x ($longest - length($what) + 1),
- "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
- print $disabled_info{$what}->{macro}
- if $disabled_info{$what}->{macro};
+ my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
+ my $what3 = $what2[0];
+ if ($what3) {
+ print " $what3", ' ' x ($longest - length($what3) + 1),
+ "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
+ print $disabled_info{$what3}->{macro}
+ if $disabled_info{$what3}->{macro};
print ' (skip ',
- join(', ', @{$disabled_info{$what}->{skipped}}),
+ join(', ', @{$disabled_info{$what3}->{skipped}}),
')'
- if $disabled_info{$what}->{skipped};
+ if $disabled_info{$what3}->{skipped};
print "\n";
}
}
diff --git a/INSTALL b/INSTALL
index f5118428b3bc..f3ac727183f0 100644
--- a/INSTALL
+++ b/INSTALL
@@ -106,8 +106,7 @@
This will build and install OpenSSL in the default location, which is:
Unix: normal installation directories under /usr/local
- OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
- OpenSSL version number with underscores instead of periods.
+ OpenVMS: SYS$COMMON:[OPENSSL]
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
The installation directory should be appropriately protected to ensure
@@ -116,7 +115,9 @@
your Operating System it is recommended that you do not overwrite the system
version and instead install to somewhere else.
- If you want to install it anywhere else, run config like this:
+ If you want to install it anywhere else, run config like this (the options
+ --prefix and --openssldir are explained further down, and the values shown
+ here are mere examples):
On Unix:
@@ -198,7 +199,7 @@
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
or C:\Program Files (x86)\OpenSSL
- OpenVMS: SYS$COMMON:[OPENSSL-'version']
+ OpenVMS: SYS$COMMON:[OPENSSL]
--release
Build OpenSSL without debugging symbols. This is the default.
@@ -961,9 +962,9 @@
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
- OpenVMS ('arch' is replaced with the architecture name, "Alpha"
- or "ia64", 'sover' is replaced with the shared library version
- (0101 for 1.1), and 'pz' is replaced with the pointer size
+ OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
+ or "IA64", 'sover' is replaced with the shared library version
+ (0101 for 1.1.x), and 'pz' is replaced with the pointer size
OpenSSL was built with):
[.EXE.'arch'] Contains the openssl binary.
diff --git a/NEWS b/NEWS
index 98f6791a8b79..3cce52506645 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
diff --git a/README b/README
index 6325127b5693..da5629f92c81 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1i 8 Dec 2020
+ OpenSSL 1.1.1j 16 Feb 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/apps/ca.c b/apps/ca.c
old mode 100644
new mode 100755
index 6c9b1e57bc67..390ac37493c8
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db)
static int do_updatedb(CA_DB *db)
{
- ASN1_UTCTIME *a_tm = NULL;
+ ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
+ char **rrow;
- a_tm = ASN1_UTCTIME_new();
+ a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
- /* get actual time and make a string */
+ /* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
- ASN1_UTCTIME_free(a_tm);
+ ASN1_TIME_free(a_tm);
return -1;
}
- a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
+ ASN1_TIME *exp_date = NULL;
- if (db_y2k == a_y2k) {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
- rrow[DB_type][0] = DB_TYPE_EXP;
- rrow[DB_type][1] = '\0';
- cnt++;
+ exp_date = ASN1_TIME_new();
+ if (exp_date == NULL) {
+ ASN1_TIME_free(a_tm);
+ return -1;
+ }
- BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
- }
- } else if (db_y2k < a_y2k) {
+ if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ ASN1_TIME_free(a_tm);
+ ASN1_TIME_free(exp_date);
+ return -1;
+ }
+
+ if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ ASN1_TIME_free(exp_date);
}
}
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
+ ASN1_TIME_free(a_tm);
return cnt;
}
diff --git a/crypto/aes/asm/aes-armv4.pl b/crypto/aes/asm/aes-armv4.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aes-c64xplus.pl b/crypto/aes/asm/aes-c64xplus.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aes-mips.pl b/crypto/aes/asm/aes-mips.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aes-parisc.pl b/crypto/aes/asm/aes-parisc.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aes-ppc.pl b/crypto/aes/asm/aes-ppc.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aes-s390x.pl b/crypto/aes/asm/aes-s390x.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesfx-sparcv9.pl b/crypto/aes/asm/aesfx-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesni-mb-x86_64.pl b/crypto/aes/asm/aesni-mb-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesni-sha1-x86_64.pl b/crypto/aes/asm/aesni-sha1-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesni-sha256-x86_64.pl b/crypto/aes/asm/aesni-sha256-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aesni-x86_64.pl b/crypto/aes/asm/aesni-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/aest4-sparcv9.pl b/crypto/aes/asm/aest4-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/bsaes-armv7.pl b/crypto/aes/asm/bsaes-armv7.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/vpaes-ppc.pl b/crypto/aes/asm/vpaes-ppc.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/vpaes-x86.pl b/crypto/aes/asm/vpaes-x86.pl
old mode 100755
new mode 100644
diff --git a/crypto/aes/asm/vpaes-x86_64.pl b/crypto/aes/asm/vpaes-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/armcap.c b/crypto/armcap.c
index 58e54f0da2e1..8bf96f10214f 100644
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
+# if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
diff --git a/crypto/armv4cpuid.pl b/crypto/armv4cpuid.pl
old mode 100755
new mode 100644
diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h
index cac354c6bf33..e234c9e615d0 100644
--- a/crypto/asn1/charmap.h
+++ b/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/armv4-mont.pl b/crypto/bn/asm/armv4-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/c64xplus-gf2m.pl b/crypto/bn/asm/c64xplus-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/ia64-mont.pl b/crypto/bn/asm/ia64-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/mips-mont.pl b/crypto/bn/asm/mips-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/mips.pl b/crypto/bn/asm/mips.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/parisc-mont.pl b/crypto/bn/asm/parisc-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/ppc-mont.pl b/crypto/bn/asm/ppc-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/ppc64-mont.pl b/crypto/bn/asm/ppc64-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/s390x-gf2m.pl b/crypto/bn/asm/s390x-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/s390x-mont.pl b/crypto/bn/asm/s390x-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/s390x.S b/crypto/bn/asm/s390x.S
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/sparcv9-gf2m.pl b/crypto/bn/asm/sparcv9-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/via-mont.pl b/crypto/bn/asm/via-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/vis3-mont.pl b/crypto/bn/asm/vis3-mont.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/x86-gf2m.pl b/crypto/bn/asm/x86-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/asm/x86_64-gf2m.pl b/crypto/bn/asm/x86_64-gf2m.pl
old mode 100755
new mode 100644
diff --git a/crypto/bn/bn_const.c b/crypto/bn/bn_const.c
old mode 100755
new mode 100644
diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h
index ba48244534b0..1a25c285773a 100644
--- a/crypto/bn/bn_prime.h
+++ b/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/c64xpluscpuid.pl b/crypto/c64xpluscpuid.pl
old mode 100755
new mode 100644
diff --git a/crypto/camellia/asm/cmll-x86.pl b/crypto/camellia/asm/cmll-x86.pl
old mode 100755
new mode 100644
diff --git a/crypto/camellia/asm/cmll-x86_64.pl b/crypto/camellia/asm/cmll-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/camellia/asm/cmllt4-sparcv9.pl b/crypto/camellia/asm/cmllt4-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 3d710f12ae07..31c02cc49e22 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
+ int first_call = 1;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
@@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
+ if (first_call) {
+ /* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+ const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+ if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
+ memmove(p, p + 3, i - 3);
+ p[i - 3] = 0;
+ i -= 3;
+ ii -= 3;
+ }
+ first_call = 0;
+ }
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;
diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h
index 2ced300e40d6..1e4a03e10bbd 100644
--- a/crypto/conf/conf_def.h
+++ b/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/des/asm/dest4-sparcv9.pl b/crypto/des/asm/dest4-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index daffdf74dd37..117f2fa883ff 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- return dh->meth->compute_key(key, pub_key, dh);
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
+ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+
+ /* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
- ret = BN_bn2bin(tmp, key);
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
diff --git a/crypto/ec/asm/ecp_nistz256-armv8.pl b/crypto/ec/asm/ecp_nistz256-armv8.pl
old mode 100755
new mode 100644
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 815460b24f67..7e1776375df7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index b9b6490fe069..0843caf4f0a4 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 05481d827fb4..32ac0125de24 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+ "output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff --git a/crypto/md5/asm/md5-sparcv9.pl b/crypto/md5/asm/md5-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
index b5f959ba15d5..222c786cbaef 100644
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@@ -34,6 +34,12 @@
# include <errno.h>
# endif
# endif
+# if defined(__FreeBSD__)
+# define MADV_DONTDUMP MADV_NOCORE
+# endif
+# if !defined(MAP_CONCEAL)
+# define MAP_CONCEAL 0
+# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize)
if (1) {
#ifdef MAP_ANON
sh.map_result = mmap(NULL, sh.map_size,
- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+ PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
} else {
#endif
int fd;
diff --git a/crypto/modes/asm/aesni-gcm-x86_64.pl b/crypto/modes/asm/aesni-gcm-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-c64xplus.pl b/crypto/modes/asm/ghash-c64xplus.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-parisc.pl b/crypto/modes/asm/ghash-parisc.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-s390x.pl b/crypto/modes/asm/ghash-s390x.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-sparcv9.pl b/crypto/modes/asm/ghash-sparcv9.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-x86.pl b/crypto/modes/asm/ghash-x86.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghash-x86_64.pl b/crypto/modes/asm/ghash-x86_64.pl
old mode 100755
new mode 100644
diff --git a/crypto/modes/asm/ghashv8-armx.pl b/crypto/modes/asm/ghashv8-armx.pl
old mode 100755
new mode 100644
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index d1b1bc7faf91..24b49a2df258 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
index 1ca04bbff19f..5c3561ab7d7e 100644
--- a/crypto/objects/obj_xref.h
+++ b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
*** 1418 LINES SKIPPED ***
More information about the dev-commits-src-all
mailing list