d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Import OpenSSL 1.1.1p

Browse Source
This commit is contained in:
Jung-uk Kim 2022-06-21 10:36:39 -04:00
parent cf0ffd7607
commit 54ae8e38f7
25 changed files with 296 additions and 282 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CHANGES
View File

@ -7,18 +7,44 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Changes between 1.1.1n and 1.1.1o [3 May 2022]
*) Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.
metacharacters to prevent command injection. This script is distributed
by some operating systems in a manner where it is automatically executed.
On such operating systems, an attacker could execute arbitrary commands
with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
[Tomáš Mráz]
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
[Tomáš Mráz]
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]

6
NEWS
View File

@ -5,6 +5,12 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
o Fixed additional bugs in the c_rehash script which was not properly
sanitising shell metacharacters to prevent command injection
(CVE-2022-2068)
Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
o Fixed a bug in the c_rehash script which was not properly sanitising

2
README
View File

@ -1,5 +1,5 @@
OpenSSL 1.1.1o 3 May 2022
OpenSSL 1.1.1p 21 Jun 2022
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

49
apps/s_server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -2236,6 +2236,30 @@ static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
SSL_CTX_sess_get_cache_size(ssl_ctx));
}
static long int count_reads_callback(BIO *bio, int cmd, const char *argp,
int argi, long int argl, long int ret)
{
unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio);
switch (cmd) {
case BIO_CB_READ: /* No break here */
case BIO_CB_GETS:
if (p_counter != NULL)
++*p_counter;
break;
default:
break;
}
if (s_debug) {
BIO_set_callback_arg(bio, (char *)bio_s_out);
ret = bio_dump_callback(bio, cmd, argp, argi, argl, ret);
BIO_set_callback_arg(bio, (char *)p_counter);
}
return ret;
}
static int sv_body(int s, int stype, int prot, unsigned char *context)
{
char *buf = NULL;
@ -2353,10 +2377,7 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
SSL_set_accept_state(con);
/* SSL_set_fd(con,s); */
if (s_debug) {
BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
}
BIO_set_callback(SSL_get_rbio(con), count_reads_callback);
if (s_msg) {
#ifndef OPENSSL_NO_SSL_TRACE
if (s_msg == 2)
@ -2648,7 +2669,25 @@ static int sv_body(int s, int stype, int prot, unsigned char *context)
*/
if ((!async || !SSL_waiting_for_async(con))
&& !SSL_is_init_finished(con)) {
/*
* Count number of reads during init_ssl_connection.
* It helps us to distinguish configuration errors from errors
* caused by a client.
*/
unsigned int read_counter = 0;
BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter);
i = init_ssl_connection(con);
BIO_set_callback_arg(SSL_get_rbio(con), NULL);
/*
* If initialization fails without reads, then
* there was a fatal error in configuration.
*/
if (i <= 0 && read_counter == 0) {
ret = -1;
goto err;
}
if (i < 0) {
ret = 0;

3
config
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -709,6 +709,7 @@ case "$GUESSOS" in
ia64-*-*bsd*) OUT="BSD-ia64" ;;
x86_64-*-dragonfly*) OUT="BSD-x86_64" ;;
amd64-*-*bsd*) OUT="BSD-x86_64" ;;
arm64-*-*bsd*) OUT="BSD-aarch64" ;;
*86*-*-*bsd*) # mimic ld behaviour when it's looking for libc...
if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD
libc=/usr/lib/libc.so

198
crypto/bn/asm/x86_64-mont5.pl
View File

@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@ -2101,193 +2101,6 @@ __bn_post4x_internal:
.size __bn_post4x_internal,.-__bn_post4x_internal
___
}
{
$code.=<<___;
.globl bn_from_montgomery
.type bn_from_montgomery,\@abi-omnipotent
.align 32
bn_from_montgomery:
.cfi_startproc
testl \$7,`($win64?"48(%rsp)":"%r9d")`
jz bn_from_mont8x
xor %eax,%eax
ret
.cfi_endproc
.size bn_from_montgomery,.-bn_from_montgomery
.type bn_from_mont8x,\@function,6
.align 32
bn_from_mont8x:
.cfi_startproc
.byte 0x67
mov %rsp,%rax
.cfi_def_cfa_register %rax
push %rbx
.cfi_push %rbx
push %rbp
.cfi_push %rbp
push %r12
.cfi_push %r12
push %r13
.cfi_push %r13
push %r14
.cfi_push %r14
push %r15
.cfi_push %r15
.Lfrom_prologue:
shl \$3,${num}d # convert $num to bytes
lea ($num,$num,2),%r10 # 3*$num in bytes
neg $num
mov ($n0),$n0 # *n0
##############################################################
# Ensure that stack frame doesn't alias with $rptr+3*$num
# modulo 4096, which covers ret[num], am[num] and n[num]
# (see bn_exp.c). The stack is allocated to aligned with
# bn_power5's frame, and as bn_from_montgomery happens to be
# last operation, we use the opportunity to cleanse it.
#
lea -320(%rsp,$num,2),%r11
mov %rsp,%rbp
sub $rptr,%r11
and \$4095,%r11
cmp %r11,%r10
jb .Lfrom_sp_alt
sub %r11,%rbp # align with $aptr
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
jmp .Lfrom_sp_done
.align 32
.Lfrom_sp_alt:
lea 4096-320(,$num,2),%r10
lea -320(%rbp,$num,2),%rbp # future alloca(frame+2*$num*8+256)
sub %r10,%r11
mov \$0,%r10
cmovc %r10,%r11
sub %r11,%rbp
.Lfrom_sp_done:
and \$-64,%rbp
mov %rsp,%r11
sub %rbp,%r11
and \$-4096,%r11
lea (%rbp,%r11),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
jmp .Lfrom_page_walk_done
.Lfrom_page_walk:
lea -4096(%rsp),%rsp
mov (%rsp),%r10
cmp %rbp,%rsp
ja .Lfrom_page_walk
.Lfrom_page_walk_done:
mov $num,%r10
neg $num
##############################################################
# Stack layout
#
# +0 saved $num, used in reduction section
# +8 &t[2*$num], used in reduction section
# +32 saved *n0
# +40 saved %rsp
# +48 t[2*$num]
#
mov $n0, 32(%rsp)
mov %rax, 40(%rsp) # save original %rsp
.cfi_cfa_expression %rsp+40,deref,+8
.Lfrom_body:
mov $num,%r11
lea 48(%rsp),%rax
pxor %xmm0,%xmm0
jmp .Lmul_by_1
.align 32
.Lmul_by_1:
movdqu ($aptr),%xmm1
movdqu 16($aptr),%xmm2
movdqu 32($aptr),%xmm3
movdqa %xmm0,(%rax,$num)
movdqu 48($aptr),%xmm4
movdqa %xmm0,16(%rax,$num)
.byte 0x48,0x8d,0xb6,0x40,0x00,0x00,0x00 # lea 64($aptr),$aptr
movdqa %xmm1,(%rax)
movdqa %xmm0,32(%rax,$num)
movdqa %xmm2,16(%rax)
movdqa %xmm0,48(%rax,$num)
movdqa %xmm3,32(%rax)
movdqa %xmm4,48(%rax)
lea 64(%rax),%rax
sub \$64,%r11
jnz .Lmul_by_1
movq $rptr,%xmm1
movq $nptr,%xmm2
.byte 0x67
mov $nptr,%rbp
movq %r10, %xmm3 # -num
___
$code.=<<___ if ($addx);
mov OPENSSL_ia32cap_P+8(%rip),%r11d
and \$0x80108,%r11d
cmp \$0x80108,%r11d # check for AD*X+BMI2+BMI1
jne .Lfrom_mont_nox
lea (%rax,$num),$rptr
call __bn_sqrx8x_reduction
call __bn_postx4x_internal
pxor %xmm0,%xmm0
lea 48(%rsp),%rax
jmp .Lfrom_mont_zero
.align 32
.Lfrom_mont_nox:
___
$code.=<<___;
call __bn_sqr8x_reduction
call __bn_post4x_internal
pxor %xmm0,%xmm0
lea 48(%rsp),%rax
jmp .Lfrom_mont_zero
.align 32
.Lfrom_mont_zero:
mov 40(%rsp),%rsi # restore %rsp
.cfi_def_cfa %rsi,8
movdqa %xmm0,16*0(%rax)
movdqa %xmm0,16*1(%rax)
movdqa %xmm0,16*2(%rax)
movdqa %xmm0,16*3(%rax)
lea 16*4(%rax),%rax
sub \$32,$num
jnz .Lfrom_mont_zero
mov \$1,%rax
mov -48(%rsi),%r15
.cfi_restore %r15
mov -40(%rsi),%r14
.cfi_restore %r14
mov -32(%rsi),%r13
.cfi_restore %r13
mov -24(%rsi),%r12
.cfi_restore %r12
mov -16(%rsi),%rbp
.cfi_restore %rbp
mov -8(%rsi),%rbx
.cfi_restore %rbx
lea (%rsi),%rsp
.cfi_def_cfa_register %rsp
.Lfrom_epilogue:
ret
.cfi_endproc
.size bn_from_mont8x,.-bn_from_mont8x
___
}
}}}
if ($addx) {{{
@ -3894,10 +3707,6 @@ mul_handler:
.rva .LSEH_begin_bn_power5
.rva .LSEH_end_bn_power5
.rva .LSEH_info_bn_power5
.rva .LSEH_begin_bn_from_mont8x
.rva .LSEH_end_bn_from_mont8x
.rva .LSEH_info_bn_from_mont8x
___
$code.=<<___ if ($addx);
.rva .LSEH_begin_bn_mulx4x_mont_gather5
@ -3929,11 +3738,6 @@ $code.=<<___;
.byte 9,0,0,0
.rva mul_handler
.rva .Lpower5_prologue,.Lpower5_body,.Lpower5_epilogue # HandlerData[]
.align 8
.LSEH_info_bn_from_mont8x:
.byte 9,0,0,0
.rva mul_handler
.rva .Lfrom_prologue,.Lfrom_body,.Lfrom_epilogue # HandlerData[]
___
$code.=<<___ if ($addx);
.align 8

44
crypto/bn/bn_exp.c
View File

@ -900,14 +900,21 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
#if defined(OPENSSL_BN_ASM_MONT5)
if (window == 5 && top > 1) {
/*
* This optimization uses ideas from http://eprint.iacr.org/2011/239,
* specifically optimization of cache-timing attack countermeasures
* and pre-computation optimization.
*/
/*
* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size...
* This optimization uses ideas from https://eprint.iacr.org/2011/239,
* specifically optimization of cache-timing attack countermeasures,
* pre-computation optimization, and Almost Montgomery Multiplication.
*
* The paper discusses a 4-bit window to optimize 512-bit modular
* exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
* important.
*
* |bn_mul_mont_gather5| and |bn_power5| implement the "almost"
* reduction variant, so the values here may not be fully reduced.
* They are bounded by R (i.e. they fit in |top| words), not |m|.
* Additionally, we pass these "almost" reduced inputs into
* |bn_mul_mont|, which implements the normal reduction variant.
* Given those inputs, |bn_mul_mont| may not give reduced
* output, but it will still produce "almost" reduced output.
*/
void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
const void *table, const BN_ULONG *np,
@ -919,9 +926,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
const void *table, const BN_ULONG *np,
const BN_ULONG *n0, int num, int power);
int bn_get_bits5(const BN_ULONG *ap, int off);
int bn_from_montgomery(BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *not_used, const BN_ULONG *np,
const BN_ULONG *n0, int num);
BN_ULONG *n0 = mont->n0, *np;
@ -1010,14 +1014,18 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
}
}
ret = bn_from_montgomery(tmp.d, tmp.d, NULL, np, n0, top);
tmp.top = top;
bn_correct_top(&tmp);
if (ret) {
if (!BN_copy(rr, &tmp))
ret = 0;
goto err; /* non-zero ret means it's not error */
}
/*
* The result is now in |tmp| in Montgomery form, but it may not be
* fully reduced. This is within bounds for |BN_from_montgomery|
* (tmp < R <= m*R) so it will, when converting from Montgomery form,
* produce a fully reduced result.
*
* This differs from Figure 2 of the paper, which uses AMM(h, 1) to
* convert from Montgomery form with unreduced output, followed by an
* extra reduction step. In the paper's terminology, we replace
* steps 9 and 10 with MM(h, 1).
*/
} else
#endif
{

10
crypto/bn/rsaz_exp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2012, Intel Corporation. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -66,6 +66,7 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
unsigned char *R2 = table_s; /* borrow */
int index;
int wvalue;
BN_ULONG tmp[16];
if ((((size_t)p_str & 4095) + 320) >> 12) {
result = p_str;
@ -237,7 +238,10 @@ void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
rsaz_1024_red2norm_avx2(result_norm, result);
bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16);
OPENSSL_cleanse(storage, sizeof(storage));
OPENSSL_cleanse(tmp, sizeof(tmp));
}
/*
@ -266,6 +270,7 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
unsigned char *p_str = (unsigned char *)exponent;
int index;
unsigned int wvalue;
BN_ULONG tmp[8];
/* table[0] = 1_inv */
temp[0] = 0 - m[0];
@ -309,7 +314,10 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
/* from Montgomery */
rsaz_512_mul_by_one(result, temp, m, k0);
bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8);
OPENSSL_cleanse(storage, sizeof(storage));
OPENSSL_cleanse(tmp, sizeof(tmp));
}
#endif

25
crypto/bn/rsaz_exp.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2012, Intel Corporation. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -22,6 +22,8 @@
# define RSAZ_ENABLED
# include <openssl/bn.h>
# include "internal/constant_time.h"
# include "bn_local.h"
void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
const BN_ULONG base_norm[16],
@ -35,6 +37,27 @@ void RSAZ_512_mod_exp(BN_ULONG result[8],
const BN_ULONG m_norm[8], BN_ULONG k0,
const BN_ULONG RR[8]);
static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
const BN_ULONG *a,
const BN_ULONG *b, size_t num)
{
size_t i;
for (i = 0; i < num; i++) {
r[i] = constant_time_select_64(mask, a[i], b[i]);
}
}
static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r,
BN_ULONG carry,
const BN_ULONG *m,
BN_ULONG *tmp, size_t num)
{
carry -= bn_sub_words(tmp, r, m, num);
bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num);
return carry;
}
# endif
#endif

12
crypto/ec/ec_asn1.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
/* extract seed (optional) */
if (params->curve->seed != NULL) {
/*
* This happens for instance with
* fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
* and causes the OPENSSL_malloc below to choke on the
* zero length allocation request.
*/
if (params->curve->seed->length == 0) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
goto err;
}
OPENSSL_free(ret->seed);
if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);

5
crypto/ec/ec_key.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
@ -657,8 +657,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
return 0;
}
eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key);
if (eckey->priv_key == NULL) {
if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) {
ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
return 0;
}

6
crypto/x509/x509_cmp.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -34,7 +34,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
unsigned long ret = 0;
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
unsigned char md[16];
char *f;
char *f = NULL;
if (ctx == NULL)
goto err;
@ -45,7 +45,6 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
goto err;
if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
goto err;
OPENSSL_free(f);
if (!EVP_DigestUpdate
(ctx, (unsigned char *)a->cert_info.serialNumber.data,
(unsigned long)a->cert_info.serialNumber.length))
@ -56,6 +55,7 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
) & 0xffffffffL;
err:
OPENSSL_free(f);
EVP_MD_CTX_free(ctx);
return ret;
}

14
crypto/x509/x_crl.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -103,13 +103,17 @@ static int crl_set_issuers(X509_CRL *crl)
if (gtmp) {
gens = gtmp;
if (!crl->issuers) {
if (crl->issuers == NULL) {
crl->issuers = sk_GENERAL_NAMES_new_null();
if (!crl->issuers)
if (crl->issuers == NULL) {
GENERAL_NAMES_free(gtmp);
return 0;
}
}
if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) {
GENERAL_NAMES_free(gtmp);
return 0;
}
}
rev->issuer = gens;
@ -255,7 +259,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
break;
case ASN1_OP_FREE_POST:
if (crl->meth->crl_free) {
if (crl->meth != NULL && crl->meth->crl_free != NULL) {
if (!crl->meth->crl_free(crl))
return 0;
}

33
crypto/x509v3/v3_asid.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
*/
int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
{
return (a == NULL ||
a == b ||
(b != NULL &&
!X509v3_asid_inherits(a) &&
!X509v3_asid_inherits(b) &&
asid_contains(b->asnum->u.asIdsOrRanges,
a->asnum->u.asIdsOrRanges) &&
asid_contains(b->rdi->u.asIdsOrRanges,
a->rdi->u.asIdsOrRanges)));
int subset;
if (a == NULL || a == b)
return 1;
if (b == NULL)
return 0;
if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b))
return 0;
subset = a->asnum == NULL
|| (b->asnum != NULL
&& asid_contains(b->asnum->u.asIdsOrRanges,
a->asnum->u.asIdsOrRanges));
if (!subset)
return 0;
return a->rdi == NULL
|| (b->rdi != NULL
&& asid_contains(b->rdi->u.asIdsOrRanges,
a->rdi->u.asIdsOrRanges));
}
/*

20
crypto/x509v3/v3_sxnet.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -57,12 +57,24 @@ IMPLEMENT_ASN1_FUNCTIONS(SXNET)
static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
int indent)
{
long v;
int64_t v;
char *tmp;
SXNETID *id;
int i;
v = ASN1_INTEGER_get(sx->version);
BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
/*
* Since we add 1 to the version number to display it, we don't support
* LONG_MAX since that would cause on overflow.
*/
if (!ASN1_INTEGER_get_int64(&v, sx->version)
|| v >= LONG_MAX
|| v < LONG_MIN) {
BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
} else {
long vl = (long)v;
BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
}
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);

5
doc/man3/BIO_f_base64.pod
View File

@ -38,9 +38,8 @@ to flush the final block through the BIO.
The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags().
For writing, it causes all data to be written on one line without
newline at the end.
For reading, it forces the decoder to process the data regardless
of newlines. All newlines are ignored and the input does not need
to contain any newline at all.
For reading, it expects the data to be all on one line (with or
without a trailing newline).
=head1 NOTES

15
doc/man3/SSL_CTX_set1_verify_cert_store.pod
View File

@ -5,7 +5,9 @@
SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store,
SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store,
SSL_set0_verify_cert_store, SSL_set1_verify_cert_store,
SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate
SSL_set0_chain_cert_store, SSL_set1_chain_cert_store,
SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store,
SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate
verification or chain store
=head1 SYNOPSIS
@ -16,11 +18,15 @@ verification or chain store
int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st);
int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st);
int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st);
int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st);
=head1 DESCRIPTION
@ -34,6 +40,11 @@ SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(),
SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar
except they apply to SSL structure B<ssl>.
SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(),
SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the
objects previously set via the above calls. A pointer to the object (or NULL if
no such object has been set) is written to B<*st>.
All these functions are implemented as macros. Those containing a B<1>
increment the reference count of the supplied store so it must
be freed at some point after the operation. Those containing a B<0> do
@ -90,7 +101,7 @@ These functions were added in OpenSSL 1.0.2.
=head1 COPYRIGHT
Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy

4
include/openssl/opensslv.h
View File

@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x101010ffL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o 3 May 2022"
# define OPENSSL_VERSION_NUMBER 0x1010110fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p 21 Jun 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)

12
include/openssl/ssl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -1305,6 +1305,8 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
# define SSL_CTRL_GET_MAX_PROTO_VERSION 131
# define SSL_CTRL_GET_SIGNATURE_NID 132
# define SSL_CTRL_GET_TMP_KEY 133
# define SSL_CTRL_GET_VERIFY_CERT_STORE 137
# define SSL_CTRL_GET_CHAIN_CERT_STORE 138
# define SSL_CERT_SET_FIRST 1
# define SSL_CERT_SET_NEXT 2
# define SSL_CERT_SET_SERVER 3
@ -1360,10 +1362,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
# define SSL_CTX_set1_verify_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
# define SSL_CTX_get0_verify_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
# define SSL_CTX_set0_chain_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
# define SSL_CTX_set1_chain_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
# define SSL_CTX_get0_chain_cert_store(ctx,st) \
SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
# define SSL_set0_chain(s,sk) \
SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk))
# define SSL_set1_chain(s,sk) \
@ -1386,10 +1392,14 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
# define SSL_set1_verify_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
#define SSL_get0_verify_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
# define SSL_set0_chain_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
# define SSL_set1_chain_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
#define SSL_get0_chain_cert_store(s,st) \
SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
# define SSL_get1_groups(s, glist) \
SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
# define SSL_CTX_set1_groups(ctx, glist, glistlen) \

16
ssl/record/ssl3_record.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -1532,6 +1532,7 @@ int ssl3_cbc_copy_mac(unsigned char *out,
#if defined(CBC_MAC_ROTATE_IN_PLACE)
unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
unsigned char *rotated_mac;
char aux1, aux2, aux3, mask;
#else
unsigned char rotated_mac[EVP_MAX_MD_SIZE];
#endif
@ -1581,9 +1582,16 @@ int ssl3_cbc_copy_mac(unsigned char *out,
#if defined(CBC_MAC_ROTATE_IN_PLACE)
j = 0;
for (i = 0; i < md_size; i++) {
/* in case cache-line is 32 bytes, touch second line */
((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32];
out[j++] = rotated_mac[rotate_offset++];
/*
* in case cache-line is 32 bytes,
* load from both lines and select appropriately
*/
aux1 = rotated_mac[rotate_offset & ~32];
aux2 = rotated_mac[rotate_offset | 32];
mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset);
aux3 = constant_time_select_8(mask, aux1, aux2);
out[j++] = aux3;
rotate_offset++;
rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
}
#else

12
ssl/s3_lib.c
View File

@ -3676,6 +3676,12 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
case SSL_CTRL_GET_VERIFY_CERT_STORE:
return ssl_cert_get_cert_store(s->cert, parg, 0);
case SSL_CTRL_GET_CHAIN_CERT_STORE:
return ssl_cert_get_cert_store(s->cert, parg, 1);
case SSL_CTRL_GET_PEER_SIGNATURE_NID:
if (s->s3->tmp.peer_sigalg == NULL)
return 0;
@ -3949,6 +3955,12 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
case SSL_CTRL_SET_CHAIN_CERT_STORE:
return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
case SSL_CTRL_GET_VERIFY_CERT_STORE:
return ssl_cert_get_cert_store(ctx->cert, parg, 0);
case SSL_CTRL_GET_CHAIN_CERT_STORE:
return ssl_cert_get_cert_store(ctx->cert, parg, 1);
/* A Thawte special :-) */
case SSL_CTRL_EXTRA_CHAIN_CERT:
if (ctx->extra_certs == NULL) {

6
ssl/ssl_cert.c
View File

@ -876,6 +876,12 @@ int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
return 1;
}
int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
{
*pstore = (chain ? c->chain_store : c->verify_store);
return 1;
}
int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
{
int level;

3
ssl/ssl_local.h
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
* Copyright 2005 Nokia. All rights reserved.
*
@ -2301,6 +2301,7 @@ __owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
int ref);
__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,

18
ssl/statem/extensions_clnt.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -118,6 +118,8 @@ static int use_ecc(SSL *s)
int i, end, ret = 0;
unsigned long alg_k, alg_a;
STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
const uint16_t *pgroups = NULL;
size_t num_groups, j;
/* See if we support any ECC ciphersuites */
if (s->version == SSL3_VERSION)
@ -139,7 +141,19 @@ static int use_ecc(SSL *s)
}
sk_SSL_CIPHER_free(cipher_stack);
return ret;
if (!ret)
return 0;
/* Check we have at least one EC supported group */
tls1_get_supported_groups(s, &pgroups, &num_groups);
for (j = 0; j < num_groups; j++) {
uint16_t ctmp = pgroups[j];
if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
return 1;
}
return 0;
}
EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,

18
ssl/t1_lib.c
View File

@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -2369,22 +2369,20 @@ int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
ca_dn = s->s3->tmp.peer_ca_names;
if (!sk_X509_NAME_num(ca_dn))
if (ca_dn == NULL
|| sk_X509_NAME_num(ca_dn) == 0
|| ssl_check_ca_name(ca_dn, x))
rv |= CERT_PKEY_ISSUER_NAME;
if (!(rv & CERT_PKEY_ISSUER_NAME)) {
if (ssl_check_ca_name(ca_dn, x))
rv |= CERT_PKEY_ISSUER_NAME;
}
if (!(rv & CERT_PKEY_ISSUER_NAME)) {
else
for (i = 0; i < sk_X509_num(chain); i++) {
X509 *xtmp = sk_X509_value(chain, i);
if (ssl_check_ca_name(ca_dn, xtmp)) {
rv |= CERT_PKEY_ISSUER_NAME;
break;
}
}
}
if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
goto end;
} else
@ -2555,6 +2553,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
int rv, start_idx, i;
if (x == NULL) {
x = sk_X509_value(sk, 0);
if (x == NULL)
return ERR_R_INTERNAL_ERROR;
start_idx = 1;
} else
start_idx = 0;