Skip to content

Commit

Permalink
deps: upgrade openssl sources to 1.1.1m
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1m.tar.gz
    $ mv openssl-1.1.1m openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #41172
Refs: https://mta.openssl.org/pipermail/openssl-announce/2021-December/000211.html
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Matteo Collina <[email protected]>
  • Loading branch information
richardlau committed Dec 15, 2021
1 parent 243b2fb commit 60d7d41
Show file tree
Hide file tree
Showing 95 changed files with 1,180 additions and 322 deletions.
20 changes: 20 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,26 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1l and 1.1.1m [14 Dec 2021]

*) Avoid loading of a dynamic engine twice.

[Bernd Edlinger]

*) Fixed building on Debian with kfreebsd kernels

[Mattias Ellert]

*) Prioritise DANE TLSA issuer certs over peer certs

[Viktor Dukhovni]

*) Fixed random API for MacOS prior to 10.12

These MacOS versions don't support the CommonCrypto APIs

[Lenny Primak]

Changes between 1.1.1k and 1.1.1l [24 Aug 2021]

*) Fixed an SM2 Decryption Buffer Overflow.
Expand Down
3 changes: 3 additions & 0 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -1304,16 +1304,19 @@ if ($disabled{"dynamic-engine"}) {

unless ($disabled{asan}) {
push @{$config{cflags}}, "-fsanitize=address";
push @{$config{cxxflags}}, "-fsanitize=address" if $config{CXX};
}

unless ($disabled{ubsan}) {
# -DPEDANTIC or -fnosanitize=alignment may also be required on some
# platforms.
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
push @{$config{cxxflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all" if $config{CXX};
}

unless ($disabled{msan}) {
push @{$config{cflags}}, "-fsanitize=memory";
push @{$config{cxxflags}}, "-fsanitize=memory" if $config{CXX};
}

unless ($disabled{"fuzz-libfuzzer"} && $disabled{"fuzz-afl"}
Expand Down
4 changes: 4 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]

o None

Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]

o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.1.1l 24 Aug 2021
OpenSSL 1.1.1m 14 Dec 2021

Copyright (c) 1998-2021 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
3 changes: 2 additions & 1 deletion deps/openssl/openssl/apps/ciphers.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -172,6 +172,7 @@ int ciphers_main(int argc, char **argv)
if (convert != NULL) {
BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
OPENSSL_cipher_name(convert));
ret = 0;
goto end;
}

Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/apps/dgst.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -316,7 +316,7 @@ int dgst_main(int argc, char **argv)
EVP_MD_CTX *mctx = NULL;
EVP_PKEY_CTX *pctx = NULL;
int r;
if (!BIO_get_md_ctx(bmd, &mctx)) {
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
Expand Down Expand Up @@ -345,7 +345,7 @@ int dgst_main(int argc, char **argv)
/* we use md as a filter, reading from 'in' */
else {
EVP_MD_CTX *mctx = NULL;
if (!BIO_get_md_ctx(bmd, &mctx)) {
if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
BIO_printf(bio_err, "Error getting context\n");
ERR_print_errors(bio_err);
goto end;
Expand Down
4 changes: 3 additions & 1 deletion deps/openssl/openssl/apps/s_cb.c
Original file line number Diff line number Diff line change
Expand Up @@ -819,7 +819,9 @@ int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
{
unsigned int temp;
int res = generate_cookie_callback(ssl, cookie, &temp);
*cookie_len = temp;

if (res != 0)
*cookie_len = temp;
return res;
}

Expand Down
4 changes: 3 additions & 1 deletion deps/openssl/openssl/apps/s_client.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005 Nokia. All rights reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
Expand Down Expand Up @@ -3151,6 +3151,8 @@ int s_client_main(int argc, char **argv)
#endif
OPENSSL_free(connectstr);
OPENSSL_free(bindstr);
OPENSSL_free(bindhost);
OPENSSL_free(bindport);
OPENSSL_free(host);
OPENSSL_free(port);
X509_VERIFY_PARAM_free(vpm);
Expand Down
10 changes: 5 additions & 5 deletions deps/openssl/openssl/apps/s_server.c
Original file line number Diff line number Diff line change
Expand Up @@ -134,12 +134,12 @@ static unsigned int psk_server_cb(SSL *ssl, const char *identity,
if (s_debug)
BIO_printf(bio_s_out, "psk_server_cb\n");

if (SSL_version(ssl) >= TLS1_3_VERSION) {
if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
/*
* This callback is designed for use in TLSv1.2. It is possible to use
* a single callback for all protocol versions - but it is preferred to
* use a dedicated callback for TLSv1.3. For TLSv1.3 we have
* psk_find_session_cb.
* This callback is designed for use in (D)TLSv1.2 (or below). It is
* possible to use a single callback for all protocol versions - but it
* is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
* have psk_find_session_cb.
*/
return 0;
}
Expand Down
10 changes: 7 additions & 3 deletions deps/openssl/openssl/apps/speed.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
*
* Licensed under the OpenSSL license (the "License"). You may not use
Expand Down Expand Up @@ -1590,6 +1590,10 @@ int speed_main(int argc, char **argv)
case OPT_MULTI:
#ifndef NO_FORK
multi = atoi(opt_arg());
if (multi >= INT_MAX / (int)sizeof(int)) {
BIO_printf(bio_err, "%s: multi argument too large\n", prog);
return 0;
}
#endif
break;
case OPT_ASYNCJOBS:
Expand Down Expand Up @@ -3490,7 +3494,7 @@ static int do_multi(int multi, int size_num)
close(fd[1]);
mr = 1;
usertime = 0;
free(fds);
OPENSSL_free(fds);
return 0;
}
printf("Forked child %d\n", n);
Expand Down Expand Up @@ -3603,7 +3607,7 @@ static int do_multi(int multi, int size_num)

fclose(f);
}
free(fds);
OPENSSL_free(fds);
return 1;
}
#endif
Expand Down
15 changes: 9 additions & 6 deletions deps/openssl/openssl/crypto/armcap.c
Original file line number Diff line number Diff line change
Expand Up @@ -106,20 +106,23 @@ static unsigned long getauxval(unsigned long key)
* ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
* AArch64 used AT_HWCAP.
*/
# ifndef AT_HWCAP
# define AT_HWCAP 16
# endif
# ifndef AT_HWCAP2
# define AT_HWCAP2 26
# endif
# if defined(__arm__) || defined (__arm)
# define HWCAP 16
/* AT_HWCAP */
# define HWCAP AT_HWCAP
# define HWCAP_NEON (1 << 12)

# define HWCAP_CE 26
/* AT_HWCAP2 */
# define HWCAP_CE AT_HWCAP2
# define HWCAP_CE_AES (1 << 0)
# define HWCAP_CE_PMULL (1 << 1)
# define HWCAP_CE_SHA1 (1 << 2)
# define HWCAP_CE_SHA256 (1 << 3)
# elif defined(__aarch64__)
# define HWCAP 16
/* AT_HWCAP */
# define HWCAP AT_HWCAP
# define HWCAP_NEON (1 << 1)

# define HWCAP_CE HWCAP
Expand Down
9 changes: 5 additions & 4 deletions deps/openssl/openssl/crypto/asn1/a_print.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand All @@ -18,12 +18,13 @@ int ASN1_PRINTABLE_type(const unsigned char *s, int len)
int ia5 = 0;
int t61 = 0;

if (len <= 0)
len = -1;
if (s == NULL)
return V_ASN1_PRINTABLESTRING;

while ((*s) && (len-- != 0)) {
if (len < 0)
len = strlen((const char *)s);

while (len-- > 0) {
c = *(s++);
if (!ossl_isasn1print(c))
ia5 = 1;
Expand Down
11 changes: 8 additions & 3 deletions deps/openssl/openssl/crypto/asn1/asn1_lib.c
Original file line number Diff line number Diff line change
Expand Up @@ -294,7 +294,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
c = str->data;
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* No NUL terminator in fuzzing builds */
str->data = OPENSSL_realloc(c, len);
str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
#else
str->data = OPENSSL_realloc(c, len + 1);
#endif
Expand All @@ -307,7 +307,11 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
str->length = len;
if (data != NULL) {
memcpy(str->data, data, len);
#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* Set the unused byte to something non NUL and printable. */
if (len == 0)
str->data[len] = '~';
#else
/*
* Add a NUL terminator. This should not be necessary - but we add it as
* a safety precaution
Expand Down Expand Up @@ -375,7 +379,8 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)

i = (a->length - b->length);
if (i == 0) {
i = memcmp(a->data, b->data, a->length);
if (a->length != 0)
i = memcmp(a->data, b->data, a->length);
if (i == 0)
return a->type - b->type;
else
Expand Down
6 changes: 5 additions & 1 deletion deps/openssl/openssl/crypto/bio/bss_dgram.c
Original file line number Diff line number Diff line change
@@ -1,12 +1,16 @@
/*
* Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/

#ifndef _GNU_SOURCE
# define _GNU_SOURCE
#endif

#include <stdio.h>
#include <errno.h>

Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/bio/bss_mem.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -280,7 +280,7 @@ static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
ret = (long)bm->length;
if (ptr != NULL) {
pptr = (char **)ptr;
*pptr = (char *)&(bm->data[0]);
*pptr = (char *)bm->data;
}
break;
case BIO_C_SET_BUF_MEM:
Expand Down
6 changes: 5 additions & 1 deletion deps/openssl/openssl/crypto/bn/asm/mips.pl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -1984,6 +1984,8 @@ ()
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
Expand Down Expand Up @@ -2194,6 +2196,8 @@ ()
sltu $at,$c_2,$t_1
$ADDU $c_3,$t_2,$at
$ST $c_2,$BNSZ($a0)
sltu $at,$c_3,$t_2
$ADDU $c_1,$at
mflo ($t_1,$a_2,$a_0)
mfhi ($t_2,$a_2,$a_0)
___
Expand Down
3 changes: 2 additions & 1 deletion deps/openssl/openssl/crypto/cms/cms_env.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -737,6 +737,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
goto err;
}

OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = ukey;
ec->keylen = ukeylen;

Expand Down
13 changes: 8 additions & 5 deletions deps/openssl/openssl/crypto/dh/dh_ameth.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -629,16 +629,18 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
goto err;

pk = EVP_PKEY_CTX_get0_pkey(pctx);
if (!pk)
goto err;
if (pk->type != EVP_PKEY_DHX)
if (pk == NULL || pk->type != EVP_PKEY_DHX)
goto err;

/* Get parameters from parent key */
dhpeer = DHparams_dup(pk->pkey.dh);
if (dhpeer == NULL)
goto err;

/* We have parameters now set public key */
plen = ASN1_STRING_length(pubkey);
p = ASN1_STRING_get0_data(pubkey);
if (!p || !plen)
if (p == NULL || plen == 0)
goto err;

if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) {
Expand All @@ -655,6 +657,7 @@ static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
pkpeer = EVP_PKEY_new();
if (pkpeer == NULL)
goto err;

EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
dhpeer = NULL;
if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/ec/curve448/field.h
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2014 Cryptography Research, Inc.
*
* Licensed under the OpenSSL license (the "License"). You may not use
Expand Down Expand Up @@ -62,7 +62,7 @@ mask_t gf_eq(const gf x, const gf y);
mask_t gf_lobit(const gf x);
mask_t gf_hibit(const gf x);

void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_highbit);
mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
uint8_t hi_nmask);

Expand Down
Loading

0 comments on commit 60d7d41

Please sign in to comment.