Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/external/bsd/openssl/dist Changes between 1.1.1j and ...



details:   https://anonhg.NetBSD.org/src/rev/f38ab7ce14d2
branches:  trunk
changeset: 1019928:f38ab7ce14d2
user:      christos <christos%NetBSD.org@localhost>
date:      Thu Mar 25 18:27:01 2021 +0000

description:
Changes between 1.1.1j and 1.1.1k [xx XXX xxxx]

Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag. This flag enables additional security
checks of the certificates present in a certificate chain. It is
not set by default.

Starting from OpenSSL version 1.1.1h a check to disallow certificates
in the chain that have explicitly encoded elliptic curve parameters
was added as an additional strict check.

An error in the implementation of this check meant that the result
of a previous check to confirm that certificates in the chain are
valid CA certificates was overwritten. This effectively bypasses
the check that non-CA certificates must not be able to issue other
certificates.

If a "purpose" has been configured then there is a subsequent
opportunity for checks that the certificate is a valid CA. All of
the named "purpose" values implemented in libcrypto perform this
check. Therefore, where a purpose is set the certificate chain will
still be rejected even when the strict flag has been used. A purpose
is set by default in libssl client and server certificate verification
routines, but it can be overridden or removed by an application.

In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a
purpose for the certificate verification or, in the case of TLS
client or server applications, override the default purpose.
([CVE-2021-3450])

Tomasz Mraz

Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a client.
If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms
extension (where it was present in the initial ClientHello), but
includes a signature_algorithms_cert extension then a NULL pointer
dereference will result, leading to a crash and a denial of service
attack.

A server is only vulnerable if it has TLSv1.2 and renegotiation
enabled (which is the default configuration). OpenSSL TLS clients
are not impacted by this issue. ([CVE-2021-3449])

Peter Kaestle and Samuel Sapalski

diffstat:

 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl    |   4 +-
 crypto/external/bsd/openssl/dist/apps/s_cb.c                          |   5 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c               |   3 +-
 crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c               |   4 +-
 crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c                |   8 +-
 crypto/external/bsd/openssl/dist/crypto/o_time.c                      |   6 +-
 crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c               |   8 +-
 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ssl.c                 |   2 +-
 crypto/external/bsd/openssl/dist/fuzz/x509.c                          |   2 +-
 crypto/external/bsd/openssl/dist/include/openssl/opensslv.h           |   6 +-
 crypto/external/bsd/openssl/dist/ssl/statem/extensions.c              |   4 +
 crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c         |  16 +++-
 crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c             |   8 +-
 crypto/external/bsd/openssl/dist/ssl/statem/statem_srvr.c             |  19 +++-
 crypto/external/bsd/openssl/dist/test/recipes/70-test_renegotiation.t |  38 +++++++++-
 crypto/external/bsd/openssl/dist/test/verify_extra_test.c             |  16 +++-
 crypto/external/bsd/openssl/dist/tools/c_rehash.in                    |   4 +-
 crypto/external/bsd/openssl/dist/util/perl/TLSProxy/Message.pm        |  39 +++++++--
 18 files changed, 151 insertions(+), 41 deletions(-)

diffs (truncated from 578 to 300 lines):

diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl
--- a/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl        Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/unix-Makefile.tmpl        Thu Mar 25 18:27:01 2021 +0000
@@ -917,8 +917,8 @@
           done )
 
 ordinals:
-       ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl crypto update )
-       ( b=`pwd`; cd $(SRCDIR); $(PERL) -I$$b util/mkdef.pl ssl update )
+       $(PERL) $(SRCDIR)/util/mkdef.pl crypto update
+       $(PERL) $(SRCDIR)/util/mkdef.pl ssl update
 
 test_ordinals:
        ( cd test; \
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/apps/s_cb.c
--- a/crypto/external/bsd/openssl/dist/apps/s_cb.c      Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_cb.c      Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -934,7 +934,8 @@
                 if (!SSL_build_cert_chain(ssl, 0))
                     return 0;
             } else if (exc->chain != NULL) {
-                SSL_set1_chain(ssl, exc->chain);
+                if (!SSL_set1_chain(ssl, exc->chain))
+                    return 0;
             }
         }
         exc = exc->prev;
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c   Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/asn1_par.c   Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -325,6 +325,7 @@
                 }
                 if (BIO_puts(bp, "]") <= 0)
                     goto end;
+                dump_cont = 0;
             }
 
             if (!nl) {
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c
--- a/crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c   Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c   Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -113,6 +113,8 @@
     ndef_aux = *(NDEF_SUPPORT **)parg;
 
     derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
     if ((p = OPENSSL_malloc(derlen)) == NULL) {
         ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
         return 0;
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c
--- a/crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c    Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/modes/cbc128.c    Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -69,7 +69,8 @@
         in += 16;
         out += 16;
     }
-    memcpy(ivec, iv, 16);
+    if (ivec != iv)
+        memcpy(ivec, iv, 16);
 }
 
 void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
@@ -114,7 +115,8 @@
                 out += 16;
             }
         }
-        memcpy(ivec, iv, 16);
+        if (ivec != iv)
+            memcpy(ivec, iv, 16);
     } else {
         if (STRICT_ALIGNMENT &&
             ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/o_time.c
--- a/crypto/external/bsd/openssl/dist/crypto/o_time.c  Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/o_time.c  Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -133,8 +133,8 @@
 static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
                       long *pday, int *psec)
 {
-    int offset_hms, offset_day;
-    long time_jd;
+    int offset_hms;
+    long offset_day, time_jd;
     int time_year, time_month, time_day;
     /* split offset into days and day seconds */
     offset_day = offset_sec / SECS_PER_DAY;
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c
--- a/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c   Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c   Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -432,9 +432,13 @@
 RAND_POOL *rand_pool_new(int entropy_requested, int secure,
                          size_t min_len, size_t max_len)
 {
-    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+    RAND_POOL *pool;
     size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
 
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return NULL;
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
     if (pool == NULL) {
         RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ssl.c
--- a/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ssl.c     Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ssl.c     Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/fuzz/x509.c
--- a/crypto/external/bsd/openssl/dist/fuzz/x509.c      Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/fuzz/x509.c      Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL licenses, (the "License");
  * you may not use this file except in compliance with the License.
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/include/openssl/opensslv.h
--- a/crypto/external/bsd/openssl/dist/include/openssl/opensslv.h       Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/include/openssl/opensslv.h       Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,8 +39,8 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x101010afL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1j  16 Feb 2021"
+# define OPENSSL_VERSION_NUMBER  0x101010bfL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1k  25 Mar 2021"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/ssl/statem/extensions.c
--- a/crypto/external/bsd/openssl/dist/ssl/statem/extensions.c  Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/statem/extensions.c  Thu Mar 25 18:27:01 2021 +0000
@@ -336,6 +336,8 @@
         tls_construct_stoc_key_share, tls_construct_ctos_key_share,
         final_key_share
     },
+#else
+    INVALID_EXTENSION,
 #endif
     {
         /* Must be after key_share */
@@ -1137,6 +1139,7 @@
     /* Clear any signature algorithms extension received */
     OPENSSL_free(s->s3->tmp.peer_sigalgs);
     s->s3->tmp.peer_sigalgs = NULL;
+    s->s3->tmp.peer_sigalgslen = 0;
 
     return 1;
 }
@@ -1146,6 +1149,7 @@
     /* Clear any signature algorithms extension received */
     OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
     s->s3->tmp.peer_cert_sigalgs = NULL;
+    s->s3->tmp.peer_cert_sigalgslen = 0;
 
     return 1;
 }
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c
--- a/crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c     Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c     Thu Mar 25 18:27:01 2021 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -816,6 +816,7 @@
         OPENSSL_free(s->psksession_id);
         s->psksession_id = OPENSSL_memdup(id, idlen);
         if (s->psksession_id == NULL) {
+            s->psksession_id_len = 0;
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
             return EXT_RETURN_FAIL;
@@ -1375,6 +1376,7 @@
         OPENSSL_free(s->ext.peer_ecpointformats);
         s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
         if (s->ext.peer_ecpointformats == NULL) {
+            s->ext.peer_ecpointformats_len = 0;
             SSLfatal(s, SSL_AD_INTERNAL_ERROR,
                      SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
             return 0;
@@ -1492,8 +1494,13 @@
         s->ext.scts_len = (uint16_t)size;
         if (size > 0) {
             s->ext.scts = OPENSSL_malloc(size);
-            if (s->ext.scts == NULL
-                    || !PACKET_copy_bytes(pkt, s->ext.scts, size)) {
+            if (s->ext.scts == NULL) {
+                s->ext.scts_len = 0;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+                         ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
                 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
                          ERR_R_INTERNAL_ERROR);
                 return 0;
@@ -1592,6 +1599,7 @@
     OPENSSL_free(s->ext.npn);
     s->ext.npn = OPENSSL_malloc(selected_len);
     if (s->ext.npn == NULL) {
+        s->ext.npn_len = 0;
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
                  ERR_R_INTERNAL_ERROR);
         return 0;
@@ -1632,6 +1640,7 @@
     OPENSSL_free(s->s3->alpn_selected);
     s->s3->alpn_selected = OPENSSL_malloc(len);
     if (s->s3->alpn_selected == NULL) {
+        s->s3->alpn_selected_len = 0;
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
                  ERR_R_INTERNAL_ERROR);
         return 0;
@@ -1663,6 +1672,7 @@
         s->session->ext.alpn_selected =
             OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
         if (s->session->ext.alpn_selected == NULL) {
+            s->session->ext.alpn_selected_len = 0;
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
                      ERR_R_INTERNAL_ERROR);
             return 0;
diff -r 3fc0eb79a19a -r f38ab7ce14d2 crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c
--- a/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c Thu Mar 25 16:43:51 2021 +0000
+++ b/crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c Thu Mar 25 18:27:01 2021 +0000
@@ -2462,6 +2462,7 @@
         s->s3->tmp.ctype_len = 0;
         OPENSSL_free(s->pha_context);
         s->pha_context = NULL;
+        s->pha_context_len = 0;
 
         if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
             !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
@@ -2771,16 +2772,17 @@
     }
     s->ext.ocsp.resp = OPENSSL_malloc(resplen);
     if (s->ext.ocsp.resp == NULL) {
+        s->ext.ocsp.resp_len = 0;
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
                  ERR_R_MALLOC_FAILURE);



Home | Main Index | Thread Index | Old Index