Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/OPENSSL]: src/crypto/external/bsd/openssl/dist Import OpenSSL 1.1.1t
details: https://anonhg.NetBSD.org/src/rev/af0b7c8df54d
branches: OPENSSL
changeset: 373410:af0b7c8df54d
user: christos <christos%NetBSD.org@localhost>
date: Tue Feb 07 22:17:58 2023 +0000
description:
Import OpenSSL 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have
been fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Changes between 1.1.1n and 1.1.1o [3 May 2022]
*) Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed
by some operating systems in a manner where it is automatically executed.
On such operating systems, an attacker could execute arbitrary commands
with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
[Tomáš Mráz]
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 172 ++
crypto/external/bsd/openssl/dist/Configurations/10-main.conf | 16 +-
crypto/external/bsd/openssl/dist/Configure | 18 +-
crypto/external/bsd/openssl/dist/NEWS | 35 +-
crypto/external/bsd/openssl/dist/README | 4 +-
crypto/external/bsd/openssl/dist/apps/apps.c | 17 +-
crypto/external/bsd/openssl/dist/apps/apps.h | 11 +-
crypto/external/bsd/openssl/dist/apps/ca.c | 8 +-
crypto/external/bsd/openssl/dist/apps/ocsp.c | 4 +-
crypto/external/bsd/openssl/dist/apps/s_cb.c | 28 +-
crypto/external/bsd/openssl/dist/apps/s_server.c | 49 +-
crypto/external/bsd/openssl/dist/apps/x509.c | 16 +-
crypto/external/bsd/openssl/dist/config | 3 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesni-x86.pl | 6 +-
crypto/external/bsd/openssl/dist/crypto/aes/asm/aesv8-armx.pl | 64 +-
crypto/external/bsd/openssl/dist/crypto/asn1/asn_mime.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/asn1/bio_asn1.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/asn1/bio_ndef.c | 41 +-
crypto/external/bsd/openssl/dist/crypto/asn1/charmap.pl | 9 +-
crypto/external/bsd/openssl/dist/crypto/bio/b_print.c | 22 +-
crypto/external/bsd/openssl/dist/crypto/bn/asm/x86_64-mont5.pl | 198 +---
crypto/external/bsd/openssl/dist/crypto/bn/bn_blind.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_div.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_err.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c | 83 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_gcd.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_local.h | 36 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_mont.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_nist.c | 35 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_prime.pl | 9 +-
crypto/external/bsd/openssl/dist/crypto/bn/build.info | 3 +-
crypto/external/bsd/openssl/dist/crypto/bn/rsa_sup_mul.c | 614 ++++++++++
crypto/external/bsd/openssl/dist/crypto/bn/rsaz_exp.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/bn/rsaz_exp.h | 25 +-
crypto/external/bsd/openssl/dist/crypto/cms/cms_enc.c | 5 +
crypto/external/bsd/openssl/dist/crypto/cms/cms_err.c | 2 +
crypto/external/bsd/openssl/dist/crypto/conf/keysets.pl | 10 +-
crypto/external/bsd/openssl/dist/crypto/ec/curve448/curve448.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_asn1.c | 16 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec_key.c | 15 +-
crypto/external/bsd/openssl/dist/crypto/ec/ecp_nistz256.c | 3 +-
crypto/external/bsd/openssl/dist/crypto/engine/eng_dyn.c | 33 +-
crypto/external/bsd/openssl/dist/crypto/err/err.c | 45 +-
crypto/external/bsd/openssl/dist/crypto/err/openssl.txt | 5 +-
crypto/external/bsd/openssl/dist/crypto/evp/bio_enc.c | 9 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_enc.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/evp/evp_local.h | 4 +-
crypto/external/bsd/openssl/dist/crypto/init.c | 13 +-
crypto/external/bsd/openssl/dist/crypto/objects/obj_dat.pl | 11 +-
crypto/external/bsd/openssl/dist/crypto/objects/objects.pl | 13 +-
crypto/external/bsd/openssl/dist/crypto/objects/objxref.pl | 13 +-
crypto/external/bsd/openssl/dist/crypto/pem/pem_lib.c | 10 +-
crypto/external/bsd/openssl/dist/crypto/rand/drbg_lib.c | 20 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_lib.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_vms.c | 90 +-
crypto/external/bsd/openssl/dist/crypto/rand/rand_win.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ameth.c | 1 +
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_ossl.c | 19 +-
crypto/external/bsd/openssl/dist/crypto/s390x_arch.h | 5 +-
crypto/external/bsd/openssl/dist/crypto/s390xcap.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/txt_db/txt_db.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/x509/by_dir.c | 18 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_cmp.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_req.c | 46 +-
crypto/external/bsd/openssl/dist/crypto/x509/x509_vfy.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/x509/x_all.c | 11 +-
crypto/external/bsd/openssl/dist/crypto/x509/x_crl.c | 14 +-
crypto/external/bsd/openssl/dist/crypto/x509/x_name.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_addr.c | 33 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_asid.c | 33 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_genn.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_lib.c | 6 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_sxnet.c | 22 +-
crypto/external/bsd/openssl/dist/crypto/x509v3/v3_utl.c | 9 +-
crypto/external/bsd/openssl/dist/doc/fingerprints.txt | 10 +
crypto/external/bsd/openssl/dist/doc/man1/x509.pod | 24 +-
crypto/external/bsd/openssl/dist/doc/man3/BIO_f_base64.pod | 5 +-
crypto/external/bsd/openssl/dist/doc/man3/CMS_add0_cert.pod | 32 +-
crypto/external/bsd/openssl/dist/doc/man3/CMS_verify.pod | 81 +-
crypto/external/bsd/openssl/dist/doc/man3/EC_KEY_new.pod | 20 +-
crypto/external/bsd/openssl/dist/doc/man3/EVP_EncryptInit.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/OPENSSL_LH_COMPFUNC.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/OPENSSL_init_crypto.pod | 4 +-
crypto/external/bsd/openssl/dist/doc/man3/PKCS7_sign.pod | 47 +-
crypto/external/bsd/openssl/dist/doc/man3/PKCS7_sign_add_signer.pod | 55 +-
crypto/external/bsd/openssl/dist/doc/man3/PKCS7_verify.pod | 104 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set1_verify_cert_store.pod | 15 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_CTX_set_timeout.pod | 12 +-
crypto/external/bsd/openssl/dist/doc/man3/SSL_get_current_cipher.pod | 6 +-
crypto/external/bsd/openssl/dist/doc/man3/X509_STORE_CTX_new.pod | 10 +-
crypto/external/bsd/openssl/dist/engines/asm/e_padlock-x86.pl | 4 +-
crypto/external/bsd/openssl/dist/engines/asm/e_padlock-x86_64.pl | 4 +-
crypto/external/bsd/openssl/dist/include/crypto/bn.h | 7 +-
crypto/external/bsd/openssl/dist/include/openssl/bnerr.h | 3 +-
crypto/external/bsd/openssl/dist/include/openssl/cmserr.h | 1 +
crypto/external/bsd/openssl/dist/include/openssl/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/include/openssl/ssl.h | 12 +-
crypto/external/bsd/openssl/dist/include/openssl/x509v3.h | 4 +-
crypto/external/bsd/openssl/dist/ssl/packet.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/packet_local.h | 39 +-
crypto/external/bsd/openssl/dist/ssl/record/rec_layer_s3.c | 33 +-
crypto/external/bsd/openssl/dist/ssl/record/ssl3_buffer.c | 9 +-
crypto/external/bsd/openssl/dist/ssl/record/ssl3_record.c | 16 +-
crypto/external/bsd/openssl/dist/ssl/s3_enc.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/s3_lib.c | 12 +
crypto/external/bsd/openssl/dist/ssl/ssl_cert.c | 6 +
crypto/external/bsd/openssl/dist/ssl/ssl_ciph.c | 6 +-
crypto/external/bsd/openssl/dist/ssl/ssl_init.c | 19 +-
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 28 +-
crypto/external/bsd/openssl/dist/ssl/ssl_local.h | 3 +-
crypto/external/bsd/openssl/dist/ssl/ssl_rsa.c | 83 +-
crypto/external/bsd/openssl/dist/ssl/ssl_txt.c | 6 +-
crypto/external/bsd/openssl/dist/ssl/statem/extensions_clnt.c | 23 +-
crypto/external/bsd/openssl/dist/ssl/statem/extensions_srvr.c | 21 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_clnt.c | 7 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_dtls.c | 8 +-
crypto/external/bsd/openssl/dist/ssl/statem/statem_srvr.c | 23 +-
crypto/external/bsd/openssl/dist/ssl/t1_enc.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 18 +-
crypto/external/bsd/openssl/dist/ssl/tls13_enc.c | 3 +-
crypto/external/bsd/openssl/dist/test/certs/ee-ed25519.pem | 43 +-
crypto/external/bsd/openssl/dist/test/certs/embeddedSCTs1-key.pem | 38 +-
crypto/external/bsd/openssl/dist/test/certs/embeddedSCTs1.pem | 35 +-
crypto/external/bsd/openssl/dist/test/certs/embeddedSCTs1.sct | 12 +-
crypto/external/bsd/openssl/dist/test/certs/embeddedSCTs1_issuer-key.pem | 15 +
crypto/external/bsd/openssl/dist/test/certs/embeddedSCTs1_issuer.pem | 30 +-
crypto/external/bsd/openssl/dist/test/certs/root-ed25519.pem | 45 +-
crypto/external/bsd/openssl/dist/test/certs/rootCA.pem | 94 +-
crypto/external/bsd/openssl/dist/test/ct_test.c | 4 +-
crypto/external/bsd/openssl/dist/test/dtls_mtu_test.c | 50 +-
crypto/external/bsd/openssl/dist/test/dtlstest.c | 90 +-
crypto/external/bsd/openssl/dist/test/ec_internal_test.c | 36 +-
crypto/external/bsd/openssl/dist/test/exptest.c | 33 +-
crypto/external/bsd/openssl/dist/test/pemtest.c | 32 +-
crypto/external/bsd/openssl/dist/test/recipes/10-test_bn_data/bnmod.txt | 65 +
crypto/external/bsd/openssl/dist/test/recipes/25-test_x509.t | 63 +-
crypto/external/bsd/openssl/dist/test/recipes/30-test_evp_data/evpciph.txt | 52 +-
crypto/external/bsd/openssl/dist/test/recipes/70-test_tls13hrr.t | 53 +-
crypto/external/bsd/openssl/dist/test/recipes/80-test_cms.t | 17 +-
crypto/external/bsd/openssl/dist/test/recipes/80-test_ssl_new.t | 6 +-
crypto/external/bsd/openssl/dist/test/recipes/95-test_external_pyca_data/cryptography.sh | 20 +-
crypto/external/bsd/openssl/dist/test/smime-certs/badrsa.pem | 18 +
crypto/external/bsd/openssl/dist/test/smime-certs/mksmime-certs.sh | 24 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smdh.pem | 72 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa1.pem | 86 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa2.pem | 86 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smdsa3.pem | 86 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smec1.pem | 36 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smec2.pem | 38 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smroot.pem | 90 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa1.pem | 90 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa2.pem | 90 +-
crypto/external/bsd/openssl/dist/test/smime-certs/smrsa3.pem | 90 +-
crypto/external/bsd/openssl/dist/test/ssl-tests/10-resumption.conf | 121 +-
crypto/external/bsd/openssl/dist/test/ssl-tests/11-dtls_resumption.conf | 124 ++-
crypto/external/bsd/openssl/dist/test/ssl-tests/30-supported-groups.conf | 54 +
crypto/external/bsd/openssl/dist/test/ssl-tests/30-supported-groups.conf.in | 45 +
crypto/external/bsd/openssl/dist/test/ssl-tests/protocol_version.pm | 65 +-
crypto/external/bsd/openssl/dist/test/sslapitest.c | 566 ++++++++-
crypto/external/bsd/openssl/dist/test/ssltestlib.c | 35 +-
crypto/external/bsd/openssl/dist/test/ssltestlib.h | 3 +-
crypto/external/bsd/openssl/dist/test/test_test.c | 398 +++---
crypto/external/bsd/openssl/dist/test/testutil/driver.c | 4 +-
crypto/external/bsd/openssl/dist/test/v3ext.c | 295 ++++-
crypto/external/bsd/openssl/dist/test/v3nametest.c | 10 +-
crypto/external/bsd/openssl/dist/test/x509_internal_test.c | 57 +-
crypto/external/bsd/openssl/dist/tools/c_rehash.in | 231 ++-
crypto/external/bsd/openssl/dist/util/perl/OpenSSL/copyright.pm | 41 +
crypto/external/bsd/openssl/dist/util/private.num | 4 +
169 files changed, 5017 insertions(+), 1706 deletions(-)
diffs (truncated from 10699 to 300 lines):
diff -r 760cfcc582db -r af0b7c8df54d crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Tue Mar 15 20:47:08 2022 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Tue Feb 07 22:17:58 2023 +0000
@@ -7,6 +7,178 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
+ *) Fixed X.400 address type confusion in X.509 GeneralName.
+
+ There is a type confusion vulnerability relating to X.400 address processing
+ inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+ but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+ vulnerability may allow an attacker who can provide a certificate chain and
+ CRL (neither of which need have a valid signature) to pass arbitrary
+ pointers to a memcmp call, creating a possible read primitive, subject to
+ some constraints. Refer to the advisory for more information. Thanks to
+ David Benjamin for discovering this issue. (CVE-2023-0286)
+
+ This issue has been fixed by changing the public header file definition of
+ GENERAL_NAME so that x400Address reflects the implementation. It was not
+ possible for any existing application to successfully use the existing
+ definition; however, if any application references the x400Address field
+ (e.g. in dead code), note that the type of this field has changed. There is
+ no ABI change.
+ [Hugo Landau]
+
+ *) Fixed Use-after-free following BIO_new_NDEF.
+
+ The public API function BIO_new_NDEF is a helper function used for
+ streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
+ to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
+ be called directly by end user applications.
+
+ The function receives a BIO from the caller, prepends a new BIO_f_asn1
+ filter BIO onto the front of it to form a BIO chain, and then returns
+ the new head of the BIO chain to the caller. Under certain conditions,
+ for example if a CMS recipient public key is invalid, the new filter BIO
+ is freed and the function returns a NULL result indicating a failure.
+ However, in this case, the BIO chain is not properly cleaned up and the
+ BIO passed by the caller still retains internal pointers to the previously
+ freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
+ then a use-after-free will occur. This will most likely result in a crash.
+ (CVE-2023-0215)
+ [Viktor Dukhovni, Matt Caswell]
+
+ *) Fixed Double free after calling PEM_read_bio_ex.
+
+ The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+ decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
+ data. If the function succeeds then the "name_out", "header" and "data"
+ arguments are populated with pointers to buffers containing the relevant
+ decoded data. The caller is responsible for freeing those buffers. It is
+ possible to construct a PEM file that results in 0 bytes of payload data.
+ In this case PEM_read_bio_ex() will return a failure code but will populate
+ the header argument with a pointer to a buffer that has already been freed.
+ If the caller also frees this buffer then a double free will occur. This
+ will most likely lead to a crash.
+
+ The functions PEM_read_bio() and PEM_read() are simple wrappers around
+ PEM_read_bio_ex() and therefore these functions are also directly affected.
+
+ These functions are also called indirectly by a number of other OpenSSL
+ functions including PEM_X509_INFO_read_bio_ex() and
+ SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
+ internal uses of these functions are not vulnerable because the caller does
+ not free the header argument if PEM_read_bio_ex() returns a failure code.
+ (CVE-2022-4450)
+ [Kurt Roeckx, Matt Caswell]
+
+ *) Fixed Timing Oracle in RSA Decryption.
+
+ A timing based side channel exists in the OpenSSL RSA Decryption
+ implementation which could be sufficient to recover a plaintext across
+ a network in a Bleichenbacher style attack. To achieve a successful
+ decryption an attacker would have to be able to send a very large number
+ of trial messages for decryption. The vulnerability affects all RSA padding
+ modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+ (CVE-2022-4304)
+ [Dmitry Belyavsky, Hubert Kario]
+
+ Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
+
+ *) Fixed a regression introduced in 1.1.1r version not refreshing the
+ certificate data to be signed before signing the certificate.
+ [Gibeom Gwon]
+
+ Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
+
+ *) Fixed the linux-mips64 Configure target which was missing the
+ SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+ platform.
+ [Adam Joseph]
+
+ *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
+ causing incorrect results in some cases as a result.
+ [Paul Dale]
+
+ *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+ report correct results in some cases
+ [Matt Caswell]
+
+ *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
+ different key sizes
+ [Todd Short]
+
+ *) Added the loongarch64 target
+ [Shi Pujin]
+
+ *) Fixed a DRBG seed propagation thread safety issue
+ [Bernd Edlinger]
+
+ *) Fixed a memory leak in tls13_generate_secret
+ [Bernd Edlinger]
+
+ *) Fixed reported performance degradation on aarch64. Restored the
+ implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+ 32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+ reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+ The new algorithm is still used for 32 bit targets.
+ [Bernd Edlinger]
+
+ *) Added a missing header for memcmp that caused compilation failure on some
+ platforms
+ [Gregor Jasny]
+
+ Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
+
+ *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+ implementation would not encrypt the entirety of the data under some
+ circumstances. This could reveal sixteen bytes of data that was
+ preexisting in the memory that wasn't written. In the special case of
+ "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+ Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+ they are both unaffected.
+ (CVE-2022-2097)
+ [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
+
+ Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
+
+ *) In addition to the c_rehash shell command injection identified in
+ CVE-2022-1292, further bugs where the c_rehash script does not
+ properly sanitise shell metacharacters to prevent command injection have been
+ fixed.
+
+ When the CVE-2022-1292 was fixed it was not discovered that there
+ are other places in the script where the file names of certificates
+ being hashed were possibly passed to a command executed through the shell.
+
+ This script is distributed by some operating systems in a manner where
+ it is automatically executed. On such operating systems, an attacker
+ could execute arbitrary commands with the privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-2068)
+ [Daniel Fiala, Tomáš Mráz]
+
+ *) When OpenSSL TLS client is connecting without any supported elliptic
+ curves and TLS-1.3 protocol is disabled the connection will no longer fail
+ if a ciphersuite that does not use a key exchange based on elliptic
+ curves can be negotiated.
+ [Tomáš Mráz]
+
+ Changes between 1.1.1n and 1.1.1o [3 May 2022]
+
+ *) Fixed a bug in the c_rehash script which was not properly sanitising shell
+ metacharacters to prevent command injection. This script is distributed
+ by some operating systems in a manner where it is automatically executed.
+ On such operating systems, an attacker could execute arbitrary commands
+ with the privileges of the script.
+
+ Use of the c_rehash script is considered obsolete and should be replaced
+ by the OpenSSL rehash command line tool.
+ (CVE-2022-1292)
+ [Tomáš Mráz]
+
Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
diff -r 760cfcc582db -r af0b7c8df54d crypto/external/bsd/openssl/dist/Configurations/10-main.conf
--- a/crypto/external/bsd/openssl/dist/Configurations/10-main.conf Tue Mar 15 20:47:08 2022 +0000
+++ b/crypto/external/bsd/openssl/dist/Configurations/10-main.conf Tue Feb 07 22:17:58 2023 +0000
@@ -742,7 +742,7 @@
inherit_from => [ "linux-generic32", asm("mips64_asm") ],
cflags => add("-mabi=n32"),
cxxflags => add("-mabi=n32"),
- bn_ops => "RC4_CHAR",
+ bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
perlasm_scheme => "n32",
multilib => "32",
},
@@ -761,6 +761,13 @@
perlasm_scheme => "linux64",
},
+ # loongarch64 below refers to contemporary LoongArch Architecture
+ # specifications,
+ "linux64-loongarch64" => {
+ inherit_from => [ "linux-generic64"],
+ perlasm_scheme => "linux64",
+ },
+
#### IA-32 targets...
#### These two targets are a bit aged and are to be used on older Linux
#### machines where gcc doesn't understand -m32 and -m64
@@ -995,6 +1002,13 @@
perlasm_scheme => "linux64",
},
+ "BSD-aarch64" => {
+ inherit_from => [ "BSD-generic64", asm("aarch64_asm") ],
+ lib_cppflags => add("-DL_ENDIAN"),
+ bn_ops => "SIXTY_FOUR_BIT_LONG",
+ perlasm_scheme => "linux64",
+ },
+
"bsdi-elf-gcc" => {
inherit_from => [ "BASE_unix", asm("x86_elf_asm") ],
CC => "gcc",
diff -r 760cfcc582db -r af0b7c8df54d crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure Tue Mar 15 20:47:08 2022 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure Tue Feb 07 22:17:58 2023 +0000
@@ -1,6 +1,6 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
@@ -1215,7 +1215,7 @@
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
@@ -1712,8 +1712,8 @@
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
- ( $builder_platform."-".$target{build_file}.".tmpl",
- $target{build_file}.".tmpl" );
+ ( $builder_platform."-".$config{build_file}.".tmpl",
+ $config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
@@ -1937,8 +1937,8 @@
}
next if @skip && $skip[$#skip] <= 0;
push @rawlines, $_
- if ($target_kind eq $target{build_file}
- || $target_kind eq $target{build_file}."(".$builder_platform.")");
+ if ($target_kind eq $config{build_file}
+ || $target_kind eq $config{build_file}."(".$builder_platform.")");
}
},
qr/^\s*(?:#.*)?$/ => sub { },
@@ -2813,8 +2813,8 @@
my %builders = (
unified => sub {
- print 'Creating ',$target{build_file},"\n";
- run_dofile(catfile($blddir, $target{build_file}),
+ print 'Creating ',$config{build_file},"\n";
+ run_dofile(catfile($blddir, $config{build_file}),
@{$config{build_file_templates}});
},
);
@@ -2868,7 +2868,7 @@
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
- my $build_file = $target{build_file} // "build file";
+ my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
diff -r 760cfcc582db -r af0b7c8df54d crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS Tue Mar 15 20:47:08 2022 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS Tue Feb 07 22:17:58 2023 +0000
@@ -5,10 +5,43 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
+ o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+ o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+ o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
+ o Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
+
+ Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
+
Home |
Main Index |
Thread Index |
Old Index