Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSL]: src/crypto/external/bsd/openssl/dist Changes between 1.1.1j an...
details: https://anonhg.NetBSD.org/src/rev/9a1e6f6d59d7
branches: OPENSSL
changeset: 953948:9a1e6f6d59d7
user: christos <christos%NetBSD.org@localhost>
date: Thu Mar 25 18:27:01 2021 +0000
description:
Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]
Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag. This flag enables additional security
checks of the certificates present in a certificate chain. It is
not set by default.
Starting from OpenSSL version 1.1.1h a check to disallow certificates
in the chain that have explicitly encoded elliptic curve parameters
was added as an additional strict check.
An error in the implementation of this check meant that the result
of a previous check to confirm that certificates in the chain are
valid CA certificates was overwritten. This effectively bypasses
the check that non-CA certificates must not be able to issue other
certificates.
If a "purpose" has been configured then there is a subsequent
opportunity for checks that the certificate is a valid CA. All of
the named "purpose" values implemented in libcrypto perform this
check. Therefore, where a purpose is set the certificate chain will
still be rejected even when the strict flag has been used. A purpose
is set by default in libssl client and server certificate verification
routines, but it can be overridden or removed by an application.
In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a
purpose for the certificate verification or, in the case of TLS
client or server applications, override the default purpose.
([CVE-2021-3450])
Tomasz Mraz
Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a client.
If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms
extension (where it was present in the initial ClientHello), but
includes a signature_algorithms_cert extension then a NULL pointer
dereference will result, leading to a crash and a denial of service
attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation
enabled (which is the default configuration). OpenSSL TLS clients
are not impacted by this issue. ([CVE-2021-3449])
Peter Kaestle and Samuel Sapalski
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 44 ++++++++++
crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl | 4 +-
crypto/external/bsd/openssl/dist/NEWS | 8 +
crypto/external/bsd/openssl/dist/README | 4 +-
crypto/external/bsd/openssl/dist/apps/s_cb.c | 5 +-
crypto/external/bsd/openssl/dist/apps/s_time.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c | 17 +++-
crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/o_time.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ssl.c | 2 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 12 +-
crypto/external/bsd/openssl/dist/fuzz/x509.c | 2 +-
crypto/external/bsd/openssl/dist/include/openssl/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 7 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 16 ++-
crypto/external/bsd/openssl/dist/ssl/statem/extensions.c | 4 +
crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c | 16 ++-
crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_srvr.c | 19 +++-
crypto/external/bsd/openssl/dist/test/recipes/70-test_renegotiation.t | 38 ++++++++-
crypto/external/bsd/openssl/dist/test/rsa_test.c | 4 +-
crypto/external/bsd/openssl/dist/test/verify_extra_test.c | 16 +++-
crypto/external/bsd/openssl/dist/tools/c_rehash.in | 4 +-
crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Message.pm | 39 +++++++-
29 files changed, 254 insertions(+), 63 deletions(-)
diffs (truncated from 892 to 300 lines):
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Thu Mar 25 18:27:01 2021 +0000
@@ -7,6 +7,50 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
+
+ *) Fixed a problem with verifying a certificate chain when using the
+ X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
+ of the certificates present in a certificate chain. It is not set by
+ default.
+
+ Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+ the chain that have explicitly encoded elliptic curve parameters was added
+ as an additional strict check.
+
+ An error in the implementation of this check meant that the result of a
+ previous check to confirm that certificates in the chain are valid CA
+ certificates was overwritten. This effectively bypasses the check
+ that non-CA certificates must not be able to issue other certificates.
+
+ If a "purpose" has been configured then there is a subsequent opportunity
+ for checks that the certificate is a valid CA. All of the named "purpose"
+ values implemented in libcrypto perform this check. Therefore, where
+ a purpose is set the certificate chain will still be rejected even when the
+ strict flag has been used. A purpose is set by default in libssl client and
+ server certificate verification routines, but it can be overridden or
+ removed by an application.
+
+ In order to be affected, an application must explicitly set the
+ X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+ for the certificate verification or, in the case of TLS client or server
+ applications, override the default purpose.
+ (CVE-2021-3450)
+ [Tomáš Mráz]
+
+ *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+ crafted renegotiation ClientHello message from a client. If a TLSv1.2
+ renegotiation ClientHello omits the signature_algorithms extension (where
+ it was present in the initial ClientHello), but includes a
+ signature_algorithms_cert extension then a NULL pointer dereference will
+ result, leading to a crash and a denial of service attack.
+
+ A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
+ (which is the default configuration). OpenSSL TLS clients are not impacted
+ by this issue.
+ (CVE-2021-3449)
+ [Peter Kästle and Samuel Sapalski]
+
Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
*) Fixed the X509_issuer_and_serial_hash() function. It attempts to
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl Thu Mar 25 18:27:01 2021 +0000
@@ -917,8 +917,8 @@
done )
ordinals:
- ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
- ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
+ $(PERL) $(SRCDIR)/util/mkdef.pl crypto update
+ $(PERL) $(SRCDIR)/util/mkdef.pl ssl update
test_ordinals:
( cd test; \
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS Thu Mar 25 18:27:01 2021 +0000
@@ -5,6 +5,14 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+
+ o Fixed a problem with verifying a certificate chain when using the
+ X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
+ o Fixed an issue where an OpenSSL TLS server may crash if sent a
+ maliciously crafted renegotiation ClientHello message from a client
+ (CVE-2021-3449)
+
Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/README
--- a/crypto/external/bsd/openssl/dist/README Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/README Thu Mar 25 18:27:01 2021 +0000
@@ -1,7 +1,7 @@
- OpenSSL 1.1.1j 16 Feb 2021
+ OpenSSL 1.1.1k 25 Mar 2021
- Copyright (c) 1998-2020 The OpenSSL Project
+ Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/apps/s_cb.c
--- a/crypto/external/bsd/openssl/dist/apps/s_cb.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_cb.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -934,7 +934,8 @@
if (!SSL_build_cert_chain(ssl, 0))
return 0;
} else if (exc->chain != NULL) {
- SSL_set1_chain(ssl, exc->chain);
+ if (!SSL_set1_chain(ssl, exc->chain))
+ return 0;
}
}
exc = exc->prev;
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/apps/s_time.c
--- a/crypto/external/bsd/openssl/dist/apps/s_time.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_time.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -263,7 +263,8 @@
nConn, totalTime, ((double)nConn / totalTime), bytes_read);
printf
("%d connections in %ld real seconds, %ld bytes read per connection\n",
- nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+ nConn, (long)time(NULL) - finishtime + maxtime,
+ nConn > 0 ? bytes_read / nConn : 0l);
/*
* Now loop and time connections using the same session id over and over
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -325,6 +325,7 @@
}
if (BIO_puts(bp, "]") <= 0)
goto end;
+ dump_cont = 0;
}
if (!nl) {
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -113,6 +113,8 @@
ndef_aux = *(NDEF_SUPPORT **)parg;
derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+ if (derlen < 0)
+ return 0;
if ((p = OPENSSL_malloc(derlen)) == NULL) {
ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
return 0;
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c
--- a/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/engine/eng_devcrypto.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -758,8 +758,9 @@
void engine_load_devcrypto_int()
{
ENGINE *e = NULL;
+ int fd;
- if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) {
+ if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) {
#ifndef ENGINE_DEVCRYPTO_DEBUG
if (errno != ENOENT)
#endif
@@ -767,6 +768,18 @@
return;
}
+#ifdef CRIOGET
+ if (ioctl(fd, CRIOGET, &cfd) < 0) {
+ fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno));
+ close(fd);
+ cfd = -1;
+ return;
+ }
+ close(fd);
+#else
+ cfd = fd;
+#endif
+
if ((e = ENGINE_new()) == NULL
|| !ENGINE_set_destroy_function(e, devcrypto_unload)) {
ENGINE_free(e);
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c
--- a/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c
--- a/crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,7 +69,8 @@
in += 16;
out += 16;
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
}
void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
@@ -114,7 +115,8 @@
out += 16;
}
}
- memcpy(ivec, iv, 16);
+ if (ivec != iv)
+ memcpy(ivec, iv, 16);
} else {
if (STRICT_ALIGNMENT &&
((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c
--- a/crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/modes/gcm128.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -1385,8 +1385,8 @@
else
ctx->Yi.d[3] = ctr;
for (i = 0; i < 16 / sizeof(size_t); ++i) {
- size_t c = in[i];
- out[i] = c ^ ctx->EKi.t[i];
+ size_t c = in_t[i];
+ out_t[i] = c ^ ctx->EKi.t[i];
ctx->Xi.t[i] ^= c;
}
GCM_MUL(ctx);
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/o_time.c
--- a/crypto/external/bsd/openssl/dist/crypto/o_time.c Sat Feb 20 03:12:10 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/o_time.c Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -133,8 +133,8 @@
static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
long *pday, int *psec)
{
- int offset_hms, offset_day;
- long time_jd;
+ int offset_hms;
+ long offset_day, time_jd;
int time_year, time_month, time_day;
/* split offset into days and day seconds */
offset_day = offset_sec / SECS_PER_DAY;
diff -r 508f289236dd -r 9a1e6f6d59d7 crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c
--- a/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c Sat Feb 20 03:12:10 2021 +0000
Home |
Main Index |
Thread Index |
Old Index