Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit c83dd99

Browse filesBrowse files
richardlaurichardlau
committed
deps: upgrade openssl sources to 1.1.1n
This updates all sources in deps/openssl/openssl by: $ cd deps/openssl/ $ rm -rf openssl $ tar zxf ~/tmp/openssl-1.1.1n.tar.gz $ mv openssl-1.1.1n openssl $ git add --all openssl $ git commit openssl PR-URL: #42347 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Joe Sepi <sepi@joesepi.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
1 parent b5c52e3 commit c83dd99
Copy full SHA for c83dd99

60 files changed

+808-219Lines changed: 808 additions & 219 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Dismiss banner
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎deps/openssl/openssl/CHANGES‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/CHANGES
+37Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,43 @@
77
https://github.com/openssl/openssl/commits/ and pick the appropriate
88
release branch.
99

10+
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
11+
12+
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
13+
for non-prime moduli.
14+
15+
Internally this function is used when parsing certificates that contain
16+
elliptic curve public keys in compressed form or explicit elliptic curve
17+
parameters with a base point encoded in compressed form.
18+
19+
It is possible to trigger the infinite loop by crafting a certificate that
20+
has invalid explicit curve parameters.
21+
22+
Since certificate parsing happens prior to verification of the certificate
23+
signature, any process that parses an externally supplied certificate may
24+
thus be subject to a denial of service attack. The infinite loop can also
25+
be reached when parsing crafted private keys as they can contain explicit
26+
elliptic curve parameters.
27+
28+
Thus vulnerable situations include:
29+
30+
- TLS clients consuming server certificates
31+
- TLS servers consuming client certificates
32+
- Hosting providers taking certificates or private keys from customers
33+
- Certificate authorities parsing certification requests from subscribers
34+
- Anything else which parses ASN.1 elliptic curve parameters
35+
36+
Also any other applications that use the BN_mod_sqrt() where the attacker
37+
can control the parameter values are vulnerable to this DoS issue.
38+
(CVE-2022-0778)
39+
[Tomáš Mráz]
40+
41+
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
42+
to the list of ciphersuites providing Perfect Forward Secrecy as
43+
required by SECLEVEL >= 3.
44+
45+
[Dmitry Belyavskiy, Nicola Tuveri]
46+
1047
Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
1148

1249
*) Avoid loading of a dynamic engine twice.
Collapse file

‎deps/openssl/openssl/Configurations/10-main.conf‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configurations/10-main.conf
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -988,6 +988,13 @@ my %targets = (
988988
perlasm_scheme => "elf",
989989
},
990990

991+
# riscv64 below refers to contemporary RISCV Architecture
992+
# specifications,
993+
"BSD-riscv64" => {
994+
inherit_from => [ "BSD-generic64"],
995+
perlasm_scheme => "linux64",
996+
},
997+
991998
"bsdi-elf-gcc" => {
992999
inherit_from => [ "BASE_unix", asm("x86_elf_asm") ],
9931000
CC => "gcc",
@@ -1765,7 +1772,7 @@ my %targets = (
17651772

17661773
disable => add('pinshared'),
17671774

1768-
apps_aux_src => "vms_term_sock.c",
1775+
apps_aux_src => "vms_term_sock.c vms_decc_argv.c",
17691776
apps_init_src => "vms_decc_init.c",
17701777
},
17711778

Collapse file

‎deps/openssl/openssl/Configurations/descrip.mms.tmpl‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configurations/descrip.mms.tmpl
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -438,7 +438,8 @@ test : tests
438438
DEFINE SRCTOP {- sourcedir() -}
439439
DEFINE BLDTOP {- builddir() -}
440440
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
441-
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
441+
engines = F$PARSE("{- builddir("engines") -}","A.;",,,"syntax_only") - "A.;"
442+
DEFINE OPENSSL_ENGINES 'engines'
442443
DEFINE OPENSSL_DEBUG_MEMORY "on"
443444
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
444445
$(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
Collapse file

‎deps/openssl/openssl/Configure‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/Configure
+11-11Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3161,25 +3161,25 @@ sub resolve_config {
31613161
}
31623162
}
31633163

3164-
foreach (sort keys %all_keys) {
3165-
my $previous = $combined_inheritance{$_};
3164+
foreach my $key (sort keys %all_keys) {
3165+
my $previous = $combined_inheritance{$key};
31663166

31673167
# Current target doesn't have a value for the current key?
31683168
# Assign it the default combiner, the rest of this loop body
31693169
# will handle it just like any other coderef.
3170-
if (!exists $table{$target}->{$_}) {
3171-
$table{$target}->{$_} = $default_combiner;
3170+
if (!exists $table{$target}->{$key}) {
3171+
$table{$target}->{$key} = $default_combiner;
31723172
}
31733173

3174-
$table{$target}->{$_} = process_values($table{$target}->{$_},
3175-
$combined_inheritance{$_},
3176-
$target, $_);
3177-
unless(defined($table{$target}->{$_})) {
3178-
delete $table{$target}->{$_};
3174+
$table{$target}->{$key} = process_values($table{$target}->{$key},
3175+
$combined_inheritance{$key},
3176+
$target, $key);
3177+
unless(defined($table{$target}->{$key})) {
3178+
delete $table{$target}->{$key};
31793179
}
31803180
# if ($extra_checks &&
3181-
# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {
3182-
# warn "$_ got replaced in $target\n";
3181+
# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) {
3182+
# warn "$key got replaced in $target\n";
31833183
# }
31843184
}
31853185

Collapse file

‎deps/openssl/openssl/NEWS‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/NEWS
+5Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@
55
This file gives a brief overview of the major changes between each OpenSSL
66
release. For more details please read the CHANGES file.
77

8+
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
9+
10+
o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
11+
forever for non-prime moduli ([CVE-2022-0778])
12+
813
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
914

1015
o None
Collapse file

‎deps/openssl/openssl/README‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/README
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11

2-
OpenSSL 1.1.1m 14 Dec 2021
2+
OpenSSL 1.1.1n 15 Mar 2022
33

44
Copyright (c) 1998-2021 The OpenSSL Project
55
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Collapse file

‎deps/openssl/openssl/apps/apps.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/apps.c
+7-3Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
300300
int ui_flags = 0;
301301
const char *prompt_info = NULL;
302302
char *prompt;
303+
int pw_min_len = PW_MIN_LENGTH;
303304

304305
if (cb_data != NULL && cb_data->prompt_info != NULL)
305306
prompt_info = cb_data->prompt_info;
307+
if (cb_data != NULL && cb_data->password != NULL
308+
&& *(const char*)cb_data->password != '\0')
309+
pw_min_len = 1;
306310
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
307311
if (!prompt) {
308312
BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
317321
(void)UI_add_user_data(ui, cb_data);
318322

319323
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
320-
PW_MIN_LENGTH, bufsiz - 1);
324+
pw_min_len, bufsiz - 1);
321325

322326
if (ok >= 0 && verify) {
323327
buff = app_malloc(bufsiz, "password buffer");
324328
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
325-
PW_MIN_LENGTH, bufsiz - 1, buf);
329+
pw_min_len, bufsiz - 1, buf);
326330
}
327331
if (ok >= 0)
328332
do {
Collapse file

‎deps/openssl/openssl/apps/openssl.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/openssl.c
+2-4Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -120,7 +120,6 @@ int main(int argc, char *argv[])
120120
{
121121
FUNCTION f, *fp;
122122
LHASH_OF(FUNCTION) *prog = NULL;
123-
char **copied_argv = NULL;
124123
char *p, *pname;
125124
char buf[1024];
126125
const char *prompt;
@@ -137,7 +136,7 @@ int main(int argc, char *argv[])
137136
bio_err = dup_bio_err(FORMAT_TEXT);
138137

139138
#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
140-
copied_argv = argv = copy_argv(&argc, argv);
139+
argv = copy_argv(&argc, argv);
141140
#elif defined(_WIN32)
142141
/*
143142
* Replace argv[] with UTF-8 encoded strings.
@@ -258,7 +257,6 @@ int main(int argc, char *argv[])
258257
}
259258
ret = 1;
260259
end:
261-
OPENSSL_free(copied_argv);
262260
OPENSSL_free(default_config_file);
263261
lh_FUNCTION_free(prog);
264262
OPENSSL_free(arg.argv);
Collapse file

‎deps/openssl/openssl/apps/passwd.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/passwd.c
+5-5Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the OpenSSL license (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
407407
n >>= 1;
408408
}
409409
if (!EVP_DigestFinal_ex(md, buf, NULL))
410-
return NULL;
410+
goto err;
411411

412412
for (i = 0; i < 1000; i++) {
413413
if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
633633
n >>= 1;
634634
}
635635
if (!EVP_DigestFinal_ex(md, buf, NULL))
636-
return NULL;
636+
goto err;
637637

638638
/* P sequence */
639639
if (!EVP_DigestInit_ex(md2, sha, NULL))
@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
644644
goto err;
645645

646646
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
647-
return NULL;
647+
goto err;
648648

649649
if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
650650
goto err;
@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
661661
goto err;
662662

663663
if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
664-
return NULL;
664+
goto err;
665665

666666
if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
667667
goto err;
Collapse file

‎deps/openssl/openssl/apps/s_client.c‎

Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_client.c
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
938938
struct timeval tv;
939939
#endif
940940
const char *servername = NULL;
941+
char *sname_alloc = NULL;
941942
int noservername = 0;
942943
const char *alpn_in = NULL;
943944
tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
15881589
"%s: -proxy argument malformed or ambiguous\n", prog);
15891590
goto end;
15901591
}
1592+
if (servername == NULL && !noservername) {
1593+
res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
1594+
if (!res) {
1595+
BIO_printf(bio_err,
1596+
"%s: -connect argument malformed or ambiguous\n", prog);
1597+
goto end;
1598+
}
1599+
servername = sname_alloc;
1600+
}
15911601
} else {
15921602
int res = 1;
15931603
char *tmp_host = host, *tmp_port = port;
@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)
31493159
#ifndef OPENSSL_NO_SRP
31503160
OPENSSL_free(srp_arg.srppassin);
31513161
#endif
3162+
OPENSSL_free(sname_alloc);
31523163
OPENSSL_free(connectstr);
31533164
OPENSSL_free(bindstr);
31543165
OPENSSL_free(bindhost);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.