git: a4f76f79ffe8 - stable/13 - OpenSSL: Merge OpenSSL 1.1.1j
Jung-uk Kim
jkim at FreeBSD.org
Wed Feb 17 02:56:50 UTC 2021
The branch stable/13 has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=a4f76f79ffe88cb51ebc7b65b065a333fd64a75b
commit a4f76f79ffe88cb51ebc7b65b065a333fd64a75b
Author: Jung-uk Kim <jkim at FreeBSD.org>
AuthorDate: 2021-02-16 22:00:27 +0000
Commit: Jung-uk Kim <jkim at FreeBSD.org>
CommitDate: 2021-02-17 02:54:50 +0000
OpenSSL: Merge OpenSSL 1.1.1j
(cherry picked from commit 88e852c0b5c872b1a3234515623104ae61b60773)
---
crypto/openssl/AUTHORS | 7 +++
crypto/openssl/CHANGES | 37 +++++++++++++++
crypto/openssl/CONTRIBUTING | 4 +-
crypto/openssl/Configure | 29 ++++++------
crypto/openssl/INSTALL | 15 +++---
crypto/openssl/NEWS | 10 ++++
crypto/openssl/README | 2 +-
crypto/openssl/apps/ca.c | 53 +++++++++-------------
crypto/openssl/apps/progs.pl | 0
crypto/openssl/crypto/armcap.c | 19 +++++++-
crypto/openssl/crypto/asn1/charmap.h | 2 +-
crypto/openssl/crypto/asn1/charmap.pl | 0
crypto/openssl/crypto/bf/asm/bf-586.pl | 0
crypto/openssl/crypto/bn/asm/bn-586.pl | 0
crypto/openssl/crypto/bn/asm/co-586.pl | 0
crypto/openssl/crypto/bn/asm/ppc.pl | 0
crypto/openssl/crypto/bn/bn_prime.h | 2 +-
crypto/openssl/crypto/bn/bn_prime.pl | 0
crypto/openssl/crypto/cast/asm/cast-586.pl | 0
crypto/openssl/crypto/conf/conf_def.c | 16 ++++++-
crypto/openssl/crypto/conf/conf_def.h | 2 +-
crypto/openssl/crypto/conf/keysets.pl | 0
crypto/openssl/crypto/des/asm/crypt586.pl | 0
crypto/openssl/crypto/des/asm/des-586.pl | 0
crypto/openssl/crypto/des/asm/desboth.pl | 0
crypto/openssl/crypto/dh/dh_key.c | 33 ++++++++++++--
crypto/openssl/crypto/err/openssl.txt | 3 +-
crypto/openssl/crypto/evp/evp_enc.c | 27 +++++++++++
crypto/openssl/crypto/evp/evp_err.c | 4 +-
crypto/openssl/crypto/md5/asm/md5-586.pl | 0
crypto/openssl/crypto/mem_sec.c | 8 +++-
crypto/openssl/crypto/objects/obj_dat.h | 2 +-
crypto/openssl/crypto/objects/obj_dat.pl | 0
crypto/openssl/crypto/objects/obj_xref.h | 2 +-
crypto/openssl/crypto/objects/objects.pl | 0
crypto/openssl/crypto/perlasm/cbc.pl | 0
crypto/openssl/crypto/perlasm/x86asm.pl | 0
crypto/openssl/crypto/perlasm/x86nasm.pl | 0
.../openssl/crypto/poly1305/asm/poly1305-armv4.pl | 13 ++++--
crypto/openssl/crypto/ppccap.c | 20 +++++++-
crypto/openssl/crypto/rc4/asm/rc4-586.pl | 0
crypto/openssl/crypto/rc5/asm/rc5-586.pl | 0
crypto/openssl/crypto/ripemd/asm/rmd-586.pl | 0
crypto/openssl/crypto/rsa/rsa_ssl.c | 10 +++-
crypto/openssl/crypto/sha/asm/sha1-586.pl | 0
crypto/openssl/crypto/sha/asm/sha1-ia64.pl | 0
crypto/openssl/crypto/srp/srp_lib.c | 13 ++++--
crypto/openssl/crypto/x509/x509_cmp.c | 24 ++++++----
crypto/openssl/crypto/x509/x509_vfy.c | 15 +++---
crypto/openssl/crypto/x509/x_all.c | 4 +-
crypto/openssl/crypto/x509/x_attrib.c | 5 +-
crypto/openssl/crypto/x509v3/v3_purp.c | 14 ++++--
crypto/openssl/crypto/x86_64cpuid.pl | 0
crypto/openssl/crypto/x86cpuid.pl | 0
crypto/openssl/doc/man1/ca.pod | 4 +-
crypto/openssl/doc/man1/cms.pod | 4 +-
crypto/openssl/doc/man1/crl2pkcs7.pod | 4 +-
crypto/openssl/doc/man1/dgst.pod | 4 +-
crypto/openssl/doc/man1/dsa.pod | 6 +--
crypto/openssl/doc/man1/ec.pod | 6 +--
crypto/openssl/doc/man1/enc.pod | 4 +-
crypto/openssl/doc/man1/genpkey.pod | 4 +-
crypto/openssl/doc/man1/genrsa.pod | 4 +-
crypto/openssl/doc/man1/pkcs12.pod | 14 ++----
crypto/openssl/doc/man1/pkcs8.pod | 6 +--
crypto/openssl/doc/man1/pkey.pod | 6 +--
crypto/openssl/doc/man1/pkeyutl.pod | 4 +-
crypto/openssl/doc/man1/req.pod | 6 +--
crypto/openssl/doc/man1/rsa.pod | 6 +--
crypto/openssl/doc/man1/s_client.pod | 4 +-
crypto/openssl/doc/man1/s_server.pod | 4 +-
crypto/openssl/doc/man1/smime.pod | 4 +-
crypto/openssl/doc/man1/spkac.pod | 4 +-
crypto/openssl/doc/man1/storeutl.pod | 4 +-
crypto/openssl/doc/man1/ts.pod | 4 +-
crypto/openssl/doc/man1/x509.pod | 4 +-
crypto/openssl/doc/man3/DH_generate_key.pod | 27 +++++++++--
crypto/openssl/doc/man3/OCSP_sendreq_new.pod | 28 ++++++++++--
crypto/openssl/doc/man3/OPENSSL_malloc.pod | 2 +-
.../openssl/doc/man3/X509_get_extension_flags.pod | 11 +++--
crypto/openssl/include/openssl/evperr.h | 7 ++-
crypto/openssl/include/openssl/obj_mac.h | 2 +-
crypto/openssl/include/openssl/opensslv.h | 4 +-
crypto/openssl/include/openssl/x509v3.h | 7 +--
crypto/openssl/ssl/d1_lib.c | 11 +++--
crypto/openssl/ssl/record/rec_layer_d1.c | 5 +-
crypto/openssl/ssl/ssl_local.h | 3 +-
crypto/openssl/ssl/statem/extensions.c | 5 +-
crypto/openssl/ssl/statem/statem_clnt.c | 3 +-
crypto/openssl/ssl/statem/statem_lib.c | 15 +++++-
90 files changed, 433 insertions(+), 202 deletions(-)
diff --git a/crypto/openssl/AUTHORS b/crypto/openssl/AUTHORS
index ac93b2e7b975..dac46f8b7e08 100644
--- a/crypto/openssl/AUTHORS
+++ b/crypto/openssl/AUTHORS
@@ -13,6 +13,8 @@ Ben Kaduk
Bernd Edlinger
Bodo Möller
David Benjamin
+David von Oheimb
+Dmitry Belyavskiy (Дмитрий Белявский)
Emilia Käsper
Eric Young
Geoff Thorpe
@@ -22,14 +24,19 @@ Lutz Jänicke
Mark J. Cox
Matt Caswell
Matthias St. Pierre
+Nicola Tuveri
Nils Larsch
+Patrick Steuer
Paul Dale
Paul C. Sutton
+Paul Yang
Ralf S. Engelschall
Rich Salz
Richard Levitte
+Shane Lontis
Stephen Henson
Steve Marquess
Tim Hudson
+Tomáš Mráz
Ulf Möller
Viktor Dukhovni
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 4d61c1dadbaa..a4a63a9bea22 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+ *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+ create a unique hash value based on the issuer and serial number data
+ contained within an X509 certificate. However it was failing to correctly
+ handle any errors that may occur while parsing the issuer field (which might
+ occur if the issuer field is maliciously constructed). This may subsequently
+ result in a NULL pointer deref and a crash leading to a potential denial of
+ service attack.
+ (CVE-2021-23841)
+ [Matt Caswell]
+
+ *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks. This is considered a
+ bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+ CVE-2021-23839.
+ [Matt Caswell]
+
+ *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+ functions. Previously they could overflow the output length argument in some
+ cases where the input length is close to the maximum permissable length for
+ an integer on the platform. In such cases the return value from the function
+ call would be 1 (indicating success), but the output length value would be
+ negative. This could cause applications to behave incorrectly or crash.
+ (CVE-2021-23840)
+ [Matt Caswell]
+
+ *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+ implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+ could be exploited in a side channel attack to recover the password. Since
+ the attack is local host only this is outside of the current OpenSSL
+ threat model and therefore no CVE is assigned.
+
+ Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+ issue.
+ [Matt Caswell]
+
Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
*) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
diff --git a/crypto/openssl/CONTRIBUTING b/crypto/openssl/CONTRIBUTING
index 57be75ce2b8a..83c0dde12819 100644
--- a/crypto/openssl/CONTRIBUTING
+++ b/crypto/openssl/CONTRIBUTING
@@ -41,8 +41,8 @@ guidelines:
https://www.openssl.org/policies/codingstyle.html) and compile
without warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
- platforms: try to ensure you only use portable features. Clean builds
- via Travis and AppVeyor are required, and they are started automatically
+ platforms: try to ensure you only use portable features. Clean builds via
+ GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
5. When at all possible, patches should include tests. These can
diff --git a/crypto/openssl/Configure b/crypto/openssl/Configure
index 1423e1bfe14f..8e7ee1a599cc 100755
--- a/crypto/openssl/Configure
+++ b/crypto/openssl/Configure
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1203,6 +1203,10 @@ foreach (keys %useradd) {
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
+ disable('static', 'pic', 'threads');
+}
+
# Allow overriding the build file name
$config{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
@@ -1523,10 +1527,6 @@ if ($strict_warnings)
}
}
-if (grep { $_ eq '-static' } @{$config{LDFLAGS}}) {
- disable('static', 'pic', 'threads');
-}
-
$config{CFLAGS} = [ map { $_ eq '--ossl-strict-warnings'
? @strict_warnings_collection
: ( $_ ) }
@@ -2640,19 +2640,22 @@ _____
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
- print " $what\n" unless $disabled{$what};
+ print " $what\n"
+ unless grep { $_ =~ /^${what}$/ } keys %disabled;
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
- if ($disabled{$what}) {
- print " $what", ' ' x ($longest - length($what) + 1),
- "[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
- print $disabled_info{$what}->{macro}
- if $disabled_info{$what}->{macro};
+ my @what2 = grep { $_ =~ /^${what}$/ } keys %disabled;
+ my $what3 = $what2[0];
+ if ($what3) {
+ print " $what3", ' ' x ($longest - length($what3) + 1),
+ "[$disabled{$what3}]", ' ' x ($longest2 - length($disabled{$what3}) + 1);
+ print $disabled_info{$what3}->{macro}
+ if $disabled_info{$what3}->{macro};
print ' (skip ',
- join(', ', @{$disabled_info{$what}->{skipped}}),
+ join(', ', @{$disabled_info{$what3}->{skipped}}),
')'
- if $disabled_info{$what}->{skipped};
+ if $disabled_info{$what3}->{skipped};
print "\n";
}
}
diff --git a/crypto/openssl/INSTALL b/crypto/openssl/INSTALL
index be84f2aa8e5d..f6f754fd5e26 100644
--- a/crypto/openssl/INSTALL
+++ b/crypto/openssl/INSTALL
@@ -106,8 +106,7 @@
This will build and install OpenSSL in the default location, which is:
Unix: normal installation directories under /usr/local
- OpenVMS: SYS$COMMON:[OPENSSL-'version'...], where 'version' is the
- OpenSSL version number with underscores instead of periods.
+ OpenVMS: SYS$COMMON:[OPENSSL]
Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
The installation directory should be appropriately protected to ensure
@@ -116,7 +115,9 @@
your Operating System it is recommended that you do not overwrite the system
version and instead install to somewhere else.
- If you want to install it anywhere else, run config like this:
+ If you want to install it anywhere else, run config like this (the options
+ --prefix and --openssldir are explained further down, and the values shown
+ here are mere examples):
On Unix:
@@ -198,7 +199,7 @@
Unix: /usr/local
Windows: C:\Program Files\OpenSSL
or C:\Program Files (x86)\OpenSSL
- OpenVMS: SYS$COMMON:[OPENSSL-'version']
+ OpenVMS: SYS$COMMON:[OPENSSL]
--release
Build OpenSSL without debugging symbols. This is the default.
@@ -970,9 +971,9 @@
share/doc/openssl/html/man7
Contains the HTML rendition of the man-pages.
- OpenVMS ('arch' is replaced with the architecture name, "Alpha"
- or "ia64", 'sover' is replaced with the shared library version
- (0101 for 1.1), and 'pz' is replaced with the pointer size
+ OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
+ or "IA64", 'sover' is replaced with the shared library version
+ (0101 for 1.1.x), and 'pz' is replaced with the pointer size
OpenSSL was built with):
[.EXE.'arch'] Contains the openssl binary.
diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS
index 98f6791a8b79..3cce52506645 100644
--- a/crypto/openssl/NEWS
+++ b/crypto/openssl/NEWS
@@ -5,6 +5,16 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+ o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+ function (CVE-2021-23841)
+ o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+ padding mode to correctly check for rollback attacks
+ o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+ EVP_DecryptUpdate functions (CVE-2021-23840)
+ o Fixed SRP_Calc_client_key so that it runs in constant time
+
Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
diff --git a/crypto/openssl/README b/crypto/openssl/README
index 6325127b5693..da5629f92c81 100644
--- a/crypto/openssl/README
+++ b/crypto/openssl/README
@@ -1,5 +1,5 @@
- OpenSSL 1.1.1i 8 Dec 2020
+ OpenSSL 1.1.1j 16 Feb 2021
Copyright (c) 1998-2020 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/crypto/openssl/apps/ca.c b/crypto/openssl/apps/ca.c
index 6c9b1e57bc67..390ac37493c8 100644
--- a/crypto/openssl/apps/ca.c
+++ b/crypto/openssl/apps/ca.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -2223,62 +2223,51 @@ static int get_certificate_status(const char *serial, CA_DB *db)
static int do_updatedb(CA_DB *db)
{
- ASN1_UTCTIME *a_tm = NULL;
+ ASN1_TIME *a_tm = NULL;
int i, cnt = 0;
- int db_y2k, a_y2k; /* flags = 1 if y >= 2000 */
- char **rrow, *a_tm_s;
+ char **rrow;
- a_tm = ASN1_UTCTIME_new();
+ a_tm = ASN1_TIME_new();
if (a_tm == NULL)
return -1;
- /* get actual time and make a string */
+ /* get actual time */
if (X509_gmtime_adj(a_tm, 0) == NULL) {
- ASN1_UTCTIME_free(a_tm);
+ ASN1_TIME_free(a_tm);
return -1;
}
- a_tm_s = app_malloc(a_tm->length + 1, "time string");
-
- memcpy(a_tm_s, a_tm->data, a_tm->length);
- a_tm_s[a_tm->length] = '\0';
-
- if (strncmp(a_tm_s, "49", 2) <= 0)
- a_y2k = 1;
- else
- a_y2k = 0;
for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
if (rrow[DB_type][0] == DB_TYPE_VAL) {
/* ignore entries that are not valid */
- if (strncmp(rrow[DB_exp_date], "49", 2) <= 0)
- db_y2k = 1;
- else
- db_y2k = 0;
+ ASN1_TIME *exp_date = NULL;
- if (db_y2k == a_y2k) {
- /* all on the same y2k side */
- if (strcmp(rrow[DB_exp_date], a_tm_s) <= 0) {
- rrow[DB_type][0] = DB_TYPE_EXP;
- rrow[DB_type][1] = '\0';
- cnt++;
+ exp_date = ASN1_TIME_new();
+ if (exp_date == NULL) {
+ ASN1_TIME_free(a_tm);
+ return -1;
+ }
- BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
- }
- } else if (db_y2k < a_y2k) {
+ if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+ ASN1_TIME_free(a_tm);
+ ASN1_TIME_free(exp_date);
+ return -1;
+ }
+
+ if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
rrow[DB_type][0] = DB_TYPE_EXP;
rrow[DB_type][1] = '\0';
cnt++;
BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
}
-
+ ASN1_TIME_free(exp_date);
}
}
- ASN1_UTCTIME_free(a_tm);
- OPENSSL_free(a_tm_s);
+ ASN1_TIME_free(a_tm);
return cnt;
}
diff --git a/crypto/openssl/apps/progs.pl b/crypto/openssl/apps/progs.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/armcap.c b/crypto/openssl/crypto/armcap.c
index 58e54f0da2e1..8bf96f10214f 100644
--- a/crypto/openssl/crypto/armcap.c
+++ b/crypto/openssl/crypto/armcap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,6 +69,23 @@ void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
# define OSSL_IMPLEMENT_GETAUXVAL
# endif
# endif
+# if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+# endif
/*
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
diff --git a/crypto/openssl/crypto/asn1/charmap.h b/crypto/openssl/crypto/asn1/charmap.h
index cac354c6bf33..e234c9e615d0 100644
--- a/crypto/openssl/crypto/asn1/charmap.h
+++ b/crypto/openssl/crypto/asn1/charmap.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/asn1/charmap.pl
*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/crypto/asn1/charmap.pl b/crypto/openssl/crypto/asn1/charmap.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/bf/asm/bf-586.pl b/crypto/openssl/crypto/bf/asm/bf-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/bn/asm/bn-586.pl b/crypto/openssl/crypto/bn/asm/bn-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/bn/asm/co-586.pl b/crypto/openssl/crypto/bn/asm/co-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/bn/asm/ppc.pl b/crypto/openssl/crypto/bn/asm/ppc.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/bn/bn_prime.h b/crypto/openssl/crypto/bn/bn_prime.h
index ba48244534b0..1a25c285773a 100644
--- a/crypto/openssl/crypto/bn/bn_prime.h
+++ b/crypto/openssl/crypto/bn/bn_prime.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/bn/bn_prime.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/crypto/bn/bn_prime.pl b/crypto/openssl/crypto/bn/bn_prime.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/cast/asm/cast-586.pl b/crypto/openssl/crypto/cast/asm/cast-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/conf/conf_def.c b/crypto/openssl/crypto/conf/conf_def.c
index 3d710f12ae07..31c02cc49e22 100644
--- a/crypto/openssl/crypto/conf/conf_def.c
+++ b/crypto/openssl/crypto/conf/conf_def.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -185,6 +185,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BUF_MEM *buff = NULL;
char *s, *p, *end;
int again;
+ int first_call = 1;
long eline = 0;
char btmp[DECIMAL_SIZE(eline) + 1];
CONF_VALUE *v = NULL, *tv;
@@ -233,6 +234,19 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
BIO_gets(in, p, CONFBUFSIZE - 1);
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
+ if (first_call) {
+ /* Other BOMs imply unsupported multibyte encoding,
+ * so don't strip them and let the error raise */
+ const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+ if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
+ memmove(p, p + 3, i - 3);
+ p[i - 3] = 0;
+ i -= 3;
+ ii -= 3;
+ }
+ first_call = 0;
+ }
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
BIO *parent;
diff --git a/crypto/openssl/crypto/conf/conf_def.h b/crypto/openssl/crypto/conf/conf_def.h
index 2ced300e40d6..1e4a03e10bbd 100644
--- a/crypto/openssl/crypto/conf/conf_def.h
+++ b/crypto/openssl/crypto/conf/conf_def.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/conf/keysets.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/openssl/crypto/conf/keysets.pl b/crypto/openssl/crypto/conf/keysets.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/des/asm/crypt586.pl b/crypto/openssl/crypto/des/asm/crypt586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/des/asm/des-586.pl b/crypto/openssl/crypto/des/asm/des-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/des/asm/desboth.pl b/crypto/openssl/crypto/des/asm/desboth.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index daffdf74dd37..117f2fa883ff 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -25,18 +25,45 @@ int DH_generate_key(DH *dh)
return dh->meth->generate_key(dh);
}
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
- return dh->meth->compute_key(key, pub_key, dh);
+ int ret = 0, i;
+ volatile size_t npad = 0, mask = 1;
+
+ /* compute the key; ret is constant unless compute_key is external */
+ if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+ return ret;
+
+ /* count leading zero bytes, yet still touch all bytes */
+ for (i = 0; i < ret; i++) {
+ mask &= !key[i];
+ npad += mask;
+ }
+
+ /* unpad key */
+ ret -= npad;
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memmove(key, key + npad, ret);
+ /* key-dependent memory access, potentially leaking npad / ret */
+ memset(key + ret, 0, npad);
+
+ return ret;
}
int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
{
int rv, pad;
+
+ /* rv is constant unless compute_key is external */
rv = dh->meth->compute_key(key, pub_key, dh);
if (rv <= 0)
return rv;
pad = BN_num_bytes(dh->p) - rv;
+ /* pad is constant (zero) unless compute_key is external */
if (pad > 0) {
memmove(key + pad, key, rv);
memset(key, 0, pad);
@@ -212,7 +239,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
goto err;
}
- ret = BN_bn2bin(tmp, key);
+ ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
err:
BN_CTX_end(ctx);
BN_CTX_free(ctx);
diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt
index d547c45913d6..b22e8a735ccf 100644
--- a/crypto/openssl/crypto/err/openssl.txt
+++ b/crypto/openssl/crypto/err/openssl.txt
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -2284,6 +2284,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
+EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index b9b6490fe069..0843caf4f0a4 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <limits.h>
#include <assert.h>
#include "internal/cryptlib.h"
#include <openssl/evp.h>
@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
return 1;
} else {
j = bl - i;
+
+ /*
+ * Once we've processed the first j bytes from in, the amount of
+ * data left that is a multiple of the block length is:
+ * (inl - j) & ~(bl - 1)
+ * We must ensure that this amount of data, plus the one block that
+ * we process from ctx->buf does not exceed INT_MAX
+ */
+ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+ EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+ EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(&(ctx->buf[i]), in, j);
inl -= j;
in += j;
@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
return 0;
}
+ /*
+ * final_used is only ever set if buf_len is 0. Therefore the maximum
+ * length output we will ever see from evp_EncryptDecryptUpdate is
+ * the maximum multiple of the block length that is <= inl, or just:
+ * inl & ~(b - 1)
+ * Since final_used has been set then the final output length is:
+ * (inl & ~(b - 1)) + b
+ * This must never exceed INT_MAX
+ */
+ if ((inl & ~(b - 1)) > INT_MAX - b) {
+ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+ return 0;
+ }
memcpy(out, ctx->final, b);
out += b;
fix_len = 1;
diff --git a/crypto/openssl/crypto/evp/evp_err.c b/crypto/openssl/crypto/evp/evp_err.c
index 05481d827fb4..32ac0125de24 100644
--- a/crypto/openssl/crypto/evp/evp_err.c
+++ b/crypto/openssl/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operation not supported for this keytype"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
"operaton not initialized"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+ "output would overflow"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
diff --git a/crypto/openssl/crypto/md5/asm/md5-586.pl b/crypto/openssl/crypto/md5/asm/md5-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/mem_sec.c b/crypto/openssl/crypto/mem_sec.c
index b5f959ba15d5..222c786cbaef 100644
--- a/crypto/openssl/crypto/mem_sec.c
+++ b/crypto/openssl/crypto/mem_sec.c
@@ -34,6 +34,12 @@
# include <errno.h>
# endif
# endif
+# if defined(__FreeBSD__)
+# define MADV_DONTDUMP MADV_NOCORE
+# endif
+# if !defined(MAP_CONCEAL)
+# define MAP_CONCEAL 0
+# endif
# include <sys/param.h>
# include <sys/stat.h>
# include <fcntl.h>
@@ -442,7 +448,7 @@ static int sh_init(size_t size, int minsize)
if (1) {
#ifdef MAP_ANON
sh.map_result = mmap(NULL, sh.map_size,
- PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, -1, 0);
+ PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
} else {
#endif
int fd;
diff --git a/crypto/openssl/crypto/objects/obj_dat.h b/crypto/openssl/crypto/objects/obj_dat.h
index d1b1bc7faf91..24b49a2df258 100644
--- a/crypto/openssl/crypto/objects/obj_dat.h
+++ b/crypto/openssl/crypto/objects/obj_dat.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by crypto/objects/obj_dat.pl
*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
diff --git a/crypto/openssl/crypto/objects/obj_dat.pl b/crypto/openssl/crypto/objects/obj_dat.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/objects/obj_xref.h b/crypto/openssl/crypto/objects/obj_xref.h
index 1ca04bbff19f..5c3561ab7d7e 100644
--- a/crypto/openssl/crypto/objects/obj_xref.h
+++ b/crypto/openssl/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
* WARNING: do not edit!
* Generated by objxref.pl
*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/crypto/openssl/crypto/objects/objects.pl b/crypto/openssl/crypto/objects/objects.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/perlasm/cbc.pl b/crypto/openssl/crypto/perlasm/cbc.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/perlasm/x86asm.pl b/crypto/openssl/crypto/perlasm/x86asm.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/perlasm/x86nasm.pl b/crypto/openssl/crypto/perlasm/x86nasm.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl b/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
index f77e1170f66b..70f46cd140aa 100755
--- a/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
+++ b/crypto/openssl/crypto/poly1305/asm/poly1305-armv4.pl
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -133,10 +133,10 @@ poly1305_init:
# ifdef __thumb2__
itete eq
# endif
- addeq r12,r11,#(poly1305_emit-.Lpoly1305_init)
- addne r12,r11,#(poly1305_emit_neon-.Lpoly1305_init)
- addeq r11,r11,#(poly1305_blocks-.Lpoly1305_init)
- addne r11,r11,#(poly1305_blocks_neon-.Lpoly1305_init)
+ addeq r12,r11,#(.Lpoly1305_emit-.Lpoly1305_init)
+ addne r12,r11,#(.Lpoly1305_emit_neon-.Lpoly1305_init)
+ addeq r11,r11,#(.Lpoly1305_blocks-.Lpoly1305_init)
+ addne r11,r11,#(.Lpoly1305_blocks_neon-.Lpoly1305_init)
# endif
# ifdef __thumb2__
orr r12,r12,#1 @ thumb-ify address
@@ -352,6 +352,7 @@ $code.=<<___;
.type poly1305_emit,%function
.align 5
poly1305_emit:
+.Lpoly1305_emit:
stmdb sp!,{r4-r11}
.Lpoly1305_emit_enter:
@@ -671,6 +672,7 @@ poly1305_init_neon:
.type poly1305_blocks_neon,%function
.align 5
poly1305_blocks_neon:
+.Lpoly1305_blocks_neon:
ldr ip,[$ctx,#36] @ is_base2_26
ands $len,$len,#-16
beq .Lno_data_neon
@@ -1157,6 +1159,7 @@ poly1305_blocks_neon:
.type poly1305_emit_neon,%function
.align 5
poly1305_emit_neon:
+.Lpoly1305_emit_neon:
ldr ip,[$ctx,#36] @ is_base2_26
stmdb sp!,{r4-r11}
diff --git a/crypto/openssl/crypto/ppccap.c b/crypto/openssl/crypto/ppccap.c
index b12cd949ccfe..e51156468ae5 100644
--- a/crypto/openssl/crypto/ppccap.c
+++ b/crypto/openssl/crypto/ppccap.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -214,6 +214,24 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
# endif
#endif
+#if defined(__FreeBSD__)
+# include <sys/param.h>
+# if __FreeBSD_version >= 1200000
+# include <sys/auxv.h>
+# define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+ unsigned long val = 0ul;
+
+ if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+ return 0ul;
+
+ return val;
+}
+# endif
+#endif
+
/* I wish <sys/auxv.h> was universally available */
#define HWCAP 16 /* AT_HWCAP */
#define HWCAP_PPC64 (1U << 30)
diff --git a/crypto/openssl/crypto/rc4/asm/rc4-586.pl b/crypto/openssl/crypto/rc4/asm/rc4-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/rc5/asm/rc5-586.pl b/crypto/openssl/crypto/rc5/asm/rc5-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/ripemd/asm/rmd-586.pl b/crypto/openssl/crypto/ripemd/asm/rmd-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/rsa/rsa_ssl.c b/crypto/openssl/crypto/rsa/rsa_ssl.c
index 1f155be175da..ecdb3cee1fa3 100644
--- a/crypto/openssl/crypto/rsa/rsa_ssl.c
+++ b/crypto/openssl/crypto/rsa/rsa_ssl.c
@@ -55,7 +55,7 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
/*
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
- * if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
* preserves error code reporting for backward compatibility.
*/
int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
@@ -122,7 +122,13 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
RSA_R_NULL_BEFORE_BLOCK_MISSING);
mask = ~good;
- good &= constant_time_ge(threes_in_row, 8);
+ /*
+ * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note
+ * that RFC5246 incorrectly states this the other way around, i.e. reject
+ * if it is not preceded by 8 consecutive 0x03 bytes. However this is
+ * corrected in subsequent errata for that RFC.
+ */
+ good &= constant_time_lt(threes_in_row, 8);
err = constant_time_select_int(mask | good, err,
RSA_R_SSLV3_ROLLBACK_ATTACK);
mask = ~good;
diff --git a/crypto/openssl/crypto/sha/asm/sha1-586.pl b/crypto/openssl/crypto/sha/asm/sha1-586.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/sha/asm/sha1-ia64.pl b/crypto/openssl/crypto/sha/asm/sha1-ia64.pl
old mode 100644
new mode 100755
diff --git a/crypto/openssl/crypto/srp/srp_lib.c b/crypto/openssl/crypto/srp/srp_lib.c
index 4f417de0c989..ce3504825c53 100644
--- a/crypto/openssl/crypto/srp/srp_lib.c
+++ b/crypto/openssl/crypto/srp/srp_lib.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2004, EdelKey Project. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@@ -177,6 +177,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
{
BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+ BIGNUM *xtmp = NULL;
BN_CTX *bn_ctx;
if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
@@ -185,10 +186,13 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
if ((tmp = BN_new()) == NULL ||
(tmp2 = BN_new()) == NULL ||
- (tmp3 = BN_new()) == NULL)
+ (tmp3 = BN_new()) == NULL ||
+ (xtmp = BN_new()) == NULL)
goto err;
- if (!BN_mod_exp(tmp, g, x, N, bn_ctx))
+ BN_with_flags(xtmp, x, BN_FLG_CONSTTIME);
+ BN_set_flags(tmp, BN_FLG_CONSTTIME);
+ if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx))
goto err;
if ((k = srp_Calc_k(N, g)) == NULL)
goto err;
@@ -196,7 +200,7 @@ BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
goto err;
if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
goto err;
- if (!BN_mul(tmp3, u, x, bn_ctx))
+ if (!BN_mul(tmp3, u, xtmp, bn_ctx))
*** 1150 LINES SKIPPED ***
More information about the dev-commits-src-all
mailing list