Commit e08d133b authored by Jung-uk Kim's avatar Jung-uk Kim
Browse files

OpenSSL: Merge OpenSSL 1.1.1o

(cherry picked from commit 34252e89)
parent 5949d17a
......@@ -7,6 +7,19 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
 
Changes between 1.1.1n and 1.1.1o [3 May 2022]
*) Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
[Tomáš Mráz]
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
 
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
......
......@@ -5,10 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
o Fixed a bug in the c_rehash script which was not properly sanitising
shell metacharacters to prevent command injection (CVE-2022-1292)
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli ([CVE-2022-0778])
forever for non-prime moduli (CVE-2022-0778)
Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
......
OpenSSL 1.1.1n 15 Mar 2022
OpenSSL 1.1.1o 3 May 2022
Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
......
......@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
if (cb_data != NULL && cb_data->password != NULL
&& *(const char*)cb_data->password != '\0')
pw_min_len = 1;
else if (!verify)
pw_min_len = 0;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
......
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -590,6 +590,8 @@ int x509_main(int argc, char **argv)
xca = load_cert(CAfile, CAformat, "CA Certificate");
if (xca == NULL)
goto end;
if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
goto end;
}
out = bio_open_default(outfile, 'w', outformat);
......@@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
goto end;
}
if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
goto end;
if (!X509_set_serialNumber(x, bs))
goto end;
......
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
if (rm != NULL)
bn_rshift_fixed_top(rm, snum, norm_shift);
if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
goto err;
BN_CTX_end(ctx);
return 1;
err:
......
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return ret;
}
BN_RECP_CTX_init(&recp);
BN_CTX_start(ctx);
aa = BN_CTX_get(ctx);
val[0] = BN_CTX_get(ctx);
if (val[0] == NULL)
goto err;
BN_RECP_CTX_init(&recp);
if (m->neg) {
/* ignore sign of 'm' */
if (!BN_copy(aa, m))
......
/*
* Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2015-2016 Cryptography Research, Inc.
*
* Licensed under the OpenSSL license (the "License"). You may not use
......@@ -577,6 +577,7 @@ static int recode_wnaf(struct smvt_control *control,
int32_t delta = odd & mask;
assert(position >= 0);
assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */
if (odd & (1 << (table_bits + 1)))
delta -= (1 << (table_bits + 1));
current -= delta * (1 << pos);
......
/*
* Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2014, Intel Corporation. All Rights Reserved.
* Copyright (c) 2015, CloudFlare, Inc.
*
......@@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
return 0;
}
memset(&p, 0, sizeof(p));
BN_CTX_start(ctx);
if (scalar) {
......
......@@ -393,6 +393,26 @@ static int int_load(dynamic_data_ctx *ctx)
return 0;
}
/*
* Unfortunately the version checker does not distinguish between
* engines built for openssl 1.1.x and openssl 3.x, but loading
* an engine that is built for openssl 3.x will cause a fatal
* error. Detect such engines, since EVP_PKEY_get_base_id is exported
* as a function in openssl 3.x, while it is named EVP_PKEY_base_id
* in openssl 1.1.x. Therefore we take the presence of that symbol
* as an indication that the engine will be incompatible.
*/
static int using_libcrypto_3(dynamic_data_ctx *ctx)
{
int ret;
ERR_set_mark();
ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL;
ERR_pop_to_mark();
return ret;
}
static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
{
ENGINE cpy;
......@@ -442,18 +462,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
/*
* We fail if the version checker veto'd the load *or* if it is
* deferring to us (by returning its version) and we think it is too
* old.
* Unfortunately the version checker does not distinguish between
* engines built for openssl 1.1.x and openssl 3.x, but loading
* an engine that is built for openssl 3.x will cause a fatal
* error. Detect such engines, since EVP_PKEY_get_base_id is exported
* as a function in openssl 3.x, while it is named EVP_PKEY_base_id
* in openssl 1.1.x. Therefore we take the presence of that symbol
* as an indication that the engine will be incompatible.
* old. Also fail if this is engine for openssl 3.x.
*/
if (vcheck_res < OSSL_DYNAMIC_OLDEST
|| DSO_bind_func(ctx->dynamic_dso,
"EVP_PKEY_get_base_id") != NULL) {
if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) {
/* Fail */
ctx->bind_engine = NULL;
ctx->v_check = NULL;
......
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -23,7 +23,9 @@
#include "internal/constant_time.h"
#include "e_os.h"
#ifndef OPENSSL_NO_ERR
static int err_load_strings(const ERR_STRING_DATA *str);
#endif
static void ERR_STATE_free(ERR_STATE *s);
#ifndef OPENSSL_NO_ERR
......@@ -76,9 +78,9 @@ static ERR_STRING_DATA ERR_str_functs[] = {
{ERR_PACK(0, SYS_F_BIND, 0), "bind"},
{ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
{ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
# ifdef OPENSSL_SYS_WINDOWS
#ifdef OPENSSL_SYS_WINDOWS
{ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
# endif
#endif
{ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
{ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
{ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
......@@ -141,21 +143,26 @@ static int set_err_thread_local;
static CRYPTO_THREAD_LOCAL err_thread_local;
static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
static CRYPTO_RWLOCK *err_string_lock;
static CRYPTO_RWLOCK *err_string_lock = NULL;
#ifndef OPENSSL_NO_ERR
static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
#endif
/*
* The internal state
*/
#ifndef OPENSSL_NO_ERR
static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
#endif
static int int_err_library_number = ERR_LIB_USER;
static unsigned long get_error_values(int inc, int top, const char **file,
int *line, const char **data,
int *flags);
#ifndef OPENSSL_NO_ERR
static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
{
unsigned long ret, l;
......@@ -184,7 +191,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
return p;
}
#ifndef OPENSSL_NO_ERR
/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
# define SPACE_SYS_STR_REASONS 8 * 1024
# define NUM_SYS_STR_REASONS 127
......@@ -299,6 +305,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
err_string_lock = CRYPTO_THREAD_lock_new();
if (err_string_lock == NULL)
return 0;
#ifndef OPENSSL_NO_ERR
int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
err_string_data_cmp);
if (int_error_hash == NULL) {
......@@ -306,6 +313,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
err_string_lock = NULL;
return 0;
}
#endif
return 1;
}
......@@ -315,10 +323,13 @@ void err_cleanup(void)
CRYPTO_THREAD_cleanup_local(&err_thread_local);
CRYPTO_THREAD_lock_free(err_string_lock);
err_string_lock = NULL;
#ifndef OPENSSL_NO_ERR
lh_ERR_STRING_DATA_free(int_error_hash);
int_error_hash = NULL;
#endif
}
#ifndef OPENSSL_NO_ERR
/*
* Legacy; pack in the library.
*/
......@@ -342,6 +353,7 @@ static int err_load_strings(const ERR_STRING_DATA *str)
CRYPTO_THREAD_unlock(err_string_lock);
return 1;
}
#endif
int ERR_load_ERR_strings(void)
{
......@@ -360,24 +372,31 @@ int ERR_load_ERR_strings(void)
int ERR_load_strings(int lib, ERR_STRING_DATA *str)
{
#ifndef OPENSSL_NO_ERR
if (ERR_load_ERR_strings() == 0)
return 0;
err_patch(lib, str);
err_load_strings(str);
#endif
return 1;
}
int ERR_load_strings_const(const ERR_STRING_DATA *str)
{
#ifndef OPENSSL_NO_ERR
if (ERR_load_ERR_strings() == 0)
return 0;
err_load_strings(str);
#endif
return 1;
}
int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
{
#ifndef OPENSSL_NO_ERR
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return 0;
......@@ -389,14 +408,14 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
for (; str->error; str++)
(void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
CRYPTO_THREAD_unlock(err_string_lock);
#endif
return 1;
}
void err_free_strings_int(void)
{
if (!RUN_ONCE(&err_string_init, do_err_strings_init))
return;
/* obsolete */
}
/********************************************************/
......@@ -636,6 +655,7 @@ char *ERR_error_string(unsigned long e, char *ret)
const char *ERR_lib_error_string(unsigned long e)
{
#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p;
unsigned long l;
......@@ -647,10 +667,14 @@ const char *ERR_lib_error_string(unsigned long e)
d.error = ERR_PACK(l, 0, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
#else
return NULL;
#endif
}
const char *ERR_func_error_string(unsigned long e)
{
#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p;
unsigned long l, f;
......@@ -663,10 +687,14 @@ const char *ERR_func_error_string(unsigned long e)
d.error = ERR_PACK(l, f, 0);
p = int_err_get_item(&d);
return ((p == NULL) ? NULL : p->string);
#else
return NULL;
#endif
}
const char *ERR_reason_error_string(unsigned long e)
{
#ifndef OPENSSL_NO_ERR
ERR_STRING_DATA d, *p = NULL;
unsigned long l, r;
......@@ -683,6 +711,9 @@ const char *ERR_reason_error_string(unsigned long e)
p = int_err_get_item(&d);
}
return ((p == NULL) ? NULL : p->string);
#else
return NULL;
#endif
}
void err_delete_thread_state(void)
......
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
# define PTRDIFF_T size_t
#endif
int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
{
PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
/*
......@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int i, j, bl, cmpl = inl;
int i, j, bl;
size_t cmpl = (size_t)inl;
if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
cmpl = (cmpl + 7) / 8;
......@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
const unsigned char *in, int inl)
{
int fix_len, cmpl = inl;
int fix_len;
unsigned int b;
size_t cmpl = (size_t)inl;
/* Prevent accidental use of encryption context when decrypting */
if (ctx->encrypt) {
......
/*
* Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st {
typedef struct evp_pbe_st EVP_PBE_CTL;
DEFINE_STACK_OF(EVP_PBE_CTL)
int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len);
/*
* Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -211,7 +211,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
}
static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
static int load_crypto_strings_inited = 0;
DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
{
int ret = 1;
......@@ -225,7 +225,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
"err_load_crypto_strings_int()\n");
# endif
ret = err_load_crypto_strings_int();
load_crypto_strings_inited = 1;
#endif
return ret;
}
......@@ -549,14 +548,6 @@ void OPENSSL_cleanup(void)
async_deinit();
}
if (load_crypto_strings_inited) {
#ifdef OPENSSL_INIT_DEBUG
fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
"err_free_strings_int()\n");
#endif
err_free_strings_int();
}
key = destructor_key.value;
destructor_key.sane = -1;
CRYPTO_THREAD_cleanup_local(&key);
......
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -47,6 +47,9 @@ struct OPENSSL_s390xcap_st {
unsigned long long kma[2];
};
#if defined(__GNUC__) && defined(__linux)
__attribute__ ((visibility("hidden")))
#endif
extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
/* convert facility bit number or function code to bit mask */
......
/*
* Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -26,6 +26,9 @@ void OPENSSL_vx_probe(void);
struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
#if defined(__GNUC__) && defined(__linux)
__attribute__ ((visibility("hidden")))
#endif
void OPENSSL_cpuid_setup(void)
{
sigset_t oset;
......
......@@ -22,3 +22,13 @@ pub 2048R/0E604491 2013-04-30
Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
uid Matt Caswell <matt@openssl.org>
uid Matt Caswell <frodo@baggins.org>
pub rsa4096 2021-02-14
B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45
uid Paul Dale <pauli@openssl.org>
pub rsa4096 2021-07-16
A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C
uid Tomáš Mráz <tm@t8m.info>
uid Tomáš Mráz <tomas@arleto.cz>
uid Tomáš Mráz <tomas@openssl.org>
......@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
All currently supported protocols have the same default timeout value
of 300 seconds.
This timeout value is used as the ticket lifetime hint for stateless session
tickets. It is also used as the timeout value within the ticket itself.
For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
seconds).
For TLSv1.2, tickets generated during an initial handshake use the value
as specified. Tickets generated during a resumed handshake have a value
of 0 for the ticket lifetime hint.
=head1 RETURN VALUES
SSL_CTX_set_timeout() returns the previously set timeout value.
......@@ -58,7 +68,7 @@ L<SSL_get_default_timeout(3)>
=head1 COPYRIGHT
Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
......
/*
* Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
......@@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010efL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n-freebsd 15 Mar 2022"
# define OPENSSL_VERSION_NUMBER 0x101010ffL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o-freebsd 3 May 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
......
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
......@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
return TLS1_AD_NO_APPLICATION_PROTOCOL;
case SSL_AD_CERTIFICATE_REQUIRED:
return SSL_AD_HANDSHAKE_FAILURE;
case SSL_AD_MISSING_EXTENSION:
return SSL_AD_HANDSHAKE_FAILURE;
default:
return -1;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment