diff options
41 files changed, 327 insertions, 133 deletions
@@ -7,6 +7,43 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1m and 1.1.1n [15 Mar 2022] + + *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever + for non-prime moduli. + + Internally this function is used when parsing certificates that contain + elliptic curve public keys in compressed form or explicit elliptic curve + parameters with a base point encoded in compressed form. + + It is possible to trigger the infinite loop by crafting a certificate that + has invalid explicit curve parameters. + + Since certificate parsing happens prior to verification of the certificate + signature, any process that parses an externally supplied certificate may + thus be subject to a denial of service attack. The infinite loop can also + be reached when parsing crafted private keys as they can contain explicit + elliptic curve parameters. + + Thus vulnerable situations include: + + - TLS clients consuming server certificates + - TLS servers consuming client certificates + - Hosting providers taking certificates or private keys from customers + - Certificate authorities parsing certification requests from subscribers + - Anything else which parses ASN.1 elliptic curve parameters + + Also any other applications that use the BN_mod_sqrt() where the attacker + can control the parameter values are vulnerable to this DoS issue. + (CVE-2022-0778) + [Tomáš Mráz] + + *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489) + to the list of ciphersuites providing Perfect Forward Secrecy as + required by SECLEVEL >= 3. + + [Dmitry Belyavskiy, Nicola Tuveri] + Changes between 1.1.1l and 1.1.1m [14 Dec 2021] *) Avoid loading of a dynamic engine twice. diff --git a/Configure b/Configure index faf57b155a1c..4bea49d7da76 100755 --- a/Configure +++ b/Configure @@ -3161,25 +3161,25 @@ sub resolve_config { } } - foreach (sort keys %all_keys) { - my $previous = $combined_inheritance{$_}; + foreach my $key (sort keys %all_keys) { + my $previous = $combined_inheritance{$key}; # Current target doesn't have a value for the current key? # Assign it the default combiner, the rest of this loop body # will handle it just like any other coderef. - if (!exists $table{$target}->{$_}) { - $table{$target}->{$_} = $default_combiner; + if (!exists $table{$target}->{$key}) { + $table{$target}->{$key} = $default_combiner; } - $table{$target}->{$_} = process_values($table{$target}->{$_}, - $combined_inheritance{$_}, - $target, $_); - unless(defined($table{$target}->{$_})) { - delete $table{$target}->{$_}; + $table{$target}->{$key} = process_values($table{$target}->{$key}, + $combined_inheritance{$key}, + $target, $key); + unless(defined($table{$target}->{$key})) { + delete $table{$target}->{$key}; } # if ($extra_checks && -# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) { -# warn "$_ got replaced in $target\n"; +# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) { +# warn "$key got replaced in $target\n"; # } } @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022] + + o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop + forever for non-prime moduli ([CVE-2022-0778]) + Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] o None @@ -1,5 +1,5 @@ - OpenSSL 1.1.1m 14 Dec 2021 + OpenSSL 1.1.1n 15 Mar 2022 Copyright (c) 1998-2021 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/apps/apps.c b/apps/apps.c index c06241abb975..1a92271595f1 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) int ui_flags = 0; const char *prompt_info = NULL; char *prompt; + int pw_min_len = PW_MIN_LENGTH; if (cb_data != NULL && cb_data->prompt_info != NULL) prompt_info = cb_data->prompt_info; + if (cb_data != NULL && cb_data->password != NULL + && *(const char*)cb_data->password != '\0') + pw_min_len = 1; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); @@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) (void)UI_add_user_data(ui, cb_data); ok = UI_add_input_string(ui, prompt, ui_flags, buf, - PW_MIN_LENGTH, bufsiz - 1); + pw_min_len, bufsiz - 1); if (ok >= 0 && verify) { buff = app_malloc(bufsiz, "password buffer"); ok = UI_add_verify_string(ui, prompt, ui_flags, buff, - PW_MIN_LENGTH, bufsiz - 1, buf); + pw_min_len, bufsiz - 1, buf); } if (ok >= 0) do { diff --git a/apps/openssl.c b/apps/openssl.c index ff7b759a40b1..f35d57f2648c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -120,7 +120,6 @@ int main(int argc, char *argv[]) { FUNCTION f, *fp; LHASH_OF(FUNCTION) *prog = NULL; - char **copied_argv = NULL; char *p, *pname; char buf[1024]; const char *prompt; @@ -137,7 +136,7 @@ int main(int argc, char *argv[]) bio_err = dup_bio_err(FORMAT_TEXT); #if defined(OPENSSL_SYS_VMS) && defined(__DECC) - copied_argv = argv = copy_argv(&argc, argv); + argv = copy_argv(&argc, argv); #elif defined(_WIN32) /* * Replace argv[] with UTF-8 encoded strings. @@ -258,7 +257,6 @@ int main(int argc, char *argv[]) } ret = 1; end: - OPENSSL_free(copied_argv); OPENSSL_free(default_config_file); lh_FUNCTION_free(prog); OPENSSL_free(arg.argv); diff --git a/apps/passwd.c b/apps/passwd.c index d741d05335f8..af08ccd4ac0f 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt) n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; for (i = 0; i < 1000; i++) { if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL)) @@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) n >>= 1; } if (!EVP_DigestFinal_ex(md, buf, NULL)) - return NULL; + goto err; /* P sequence */ if (!EVP_DigestInit_ex(md2, sha, NULL)) @@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL) goto err; @@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt) goto err; if (!EVP_DigestFinal_ex(md2, temp_buf, NULL)) - return NULL; + goto err; if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL) goto err; diff --git a/apps/s_client.c b/apps/s_client.c index 121cd1444fe6..00effc80375a 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv) struct timeval tv; #endif const char *servername = NULL; + char *sname_alloc = NULL; int noservername = 0; const char *alpn_in = NULL; tlsextctx tlsextcbp = { NULL, 0 }; @@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv) "%s: -proxy argument malformed or ambiguous\n", prog); goto end; } + if (servername == NULL && !noservername) { + res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST); + if (!res) { + BIO_printf(bio_err, + "%s: -connect argument malformed or ambiguous\n", prog); + goto end; + } + servername = sname_alloc; + } } else { int res = 1; char *tmp_host = host, *tmp_port = port; @@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv) #ifndef OPENSSL_NO_SRP OPENSSL_free(srp_arg.srppassin); #endif + OPENSSL_free(sname_alloc); OPENSSL_free(connectstr); OPENSSL_free(bindstr); OPENSSL_free(bindhost); diff --git a/apps/s_socket.c b/apps/s_socket.c index aee366d5f457..96f16d2931cd 100644 --- a/apps/s_socket.c +++ b/apps/s_socket.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port, #endif if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), - protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { BIO_closesocket(*sock); *sock = INVALID_SOCKET; continue; @@ -704,6 +704,7 @@ case "$GUESSOS" in __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DL_ENDIAN" ;; powerpc64-*-*bsd*) OUT="BSD-generic64"; __CNF_CPPFLAGS="$__CNF_CPPFLAGS -DB_ENDIAN" ;; + riscv64-*-*bsd*) OUT="BSD-riscv64" ;; sparc64-*-*bsd*) OUT="BSD-sparc64" ;; ia64-*-*bsd*) OUT="BSD-ia64" ;; x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index e234c9e615d0..5630291bd58c 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c index 8ea32bce401b..0af7a330bc68 100644 --- a/crypto/bio/b_addr.c +++ b/crypto/bio/b_addr.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -744,7 +744,7 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type, # pragma pointer_size 32 #endif /* Windows doesn't seem to have in_addr_t */ -#ifdef OPENSSL_SYS_WINDOWS +#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) static uint32_t he_fallback_address; static const char *he_fallback_addresses[] = { (char *)&he_fallback_address, NULL }; diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c index e542abe46fa1..eac0896e6869 100644 --- a/crypto/bn/bn_exp2.c +++ b/crypto/bn/bn_exp2.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, bn_check_top(p2); bn_check_top(m); - if (!(m->d[0] & 1)) { + if (!BN_is_odd(m)) { BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } diff --git a/crypto/bn/bn_prime.h b/crypto/bn/bn_prime.h index 1a25c285773a..8f2d7e995a01 100644 --- a/crypto/bn/bn_prime.h +++ b/crypto/bn/bn_prime.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/bn/bn_prime.pl * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/bn/bn_print.c b/crypto/bn/bn_print.c index 69749a9fa7dc..17ac6e7cac1c 100644 --- a/crypto/bn/bn_print.c +++ b/crypto/bn/bn_print.c @@ -142,7 +142,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a) continue; if (i == 0 || i > INT_MAX / 4) - goto err; + return 0; num = i + neg; if (bn == NULL) diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c index 1723d5ded5a8..6a42ce8a9413 100644 --- a/crypto/bn/bn_sqrt.c +++ b/crypto/bn/bn_sqrt.c @@ -1,5 +1,5 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) /* * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number - * Theory", algorithm 1.5.1). 'p' must be prime! + * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or + * an incorrect "result" will be returned. */ { BIGNUM *ret = in; @@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) goto vrfy; } - /* find smallest i such that b^(2^i) = 1 */ - i = 1; - if (!BN_mod_sqr(t, b, p, ctx)) - goto end; - while (!BN_is_one(t)) { - i++; - if (i == e) { - BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); - goto end; + /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ + for (i = 1; i < e; i++) { + if (i == 1) { + if (!BN_mod_sqr(t, b, p, ctx)) + goto end; + + } else { + if (!BN_mod_mul(t, t, t, p, ctx)) + goto end; } - if (!BN_mod_mul(t, t, t, p, ctx)) - goto end; + if (BN_is_one(t)) + break; + } + /* If not found, a is not a square or p is not prime. */ + if (i >= e) { + BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); + goto end; } /* t := y^2^(e - i - 1) */ diff --git a/crypto/conf/conf_def.h b/crypto/conf/conf_def.h index 1e4a03e10bbd..0490236287ac 100644 --- a/crypto/conf/conf_def.h +++ b/crypto/conf/conf_def.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/conf/keysets.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c index b675ed7892e2..474a60c9bf13 100644 --- a/crypto/engine/eng_all.c +++ b/crypto/engine/eng_all.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,9 +12,6 @@ void ENGINE_load_builtin_engines(void) { - /* Some ENGINEs need this */ - OPENSSL_cpuid_setup(); - OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); } diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c index 87c762edb8a0..6a0ddc162d00 100644 --- a/crypto/engine/eng_dyn.c +++ b/crypto/engine/eng_dyn.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -443,8 +443,17 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too * old. + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 3.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_get_base_id is exported + * as a function in openssl 3.x, while it is named EVP_PKEY_base_id + * in openssl 1.1.x. Therefore we take the presence of that symbol + * as an indication that the engine will be incompatible. */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST) { + if (vcheck_res < OSSL_DYNAMIC_OLDEST + || DSO_bind_func(ctx->dynamic_dso, + "EVP_PKEY_get_base_id") != NULL) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index d1bfa274ca81..01a6f251f56e 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -15,6 +15,22 @@ #include "crypto/evp.h" #include "evp_local.h" + +static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force) +{ + if (ctx->digest != NULL) { + if (ctx->digest->cleanup != NULL + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->md_data != NULL && ctx->digest->ctx_size > 0 + && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE) + || force)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + ctx->md_data = NULL; + } + } +} + /* This call frees resources associated with the context */ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) { @@ -25,13 +41,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because * sometimes only copies of the context are ever finalised. */ - if (ctx->digest && ctx->digest->cleanup - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) - ctx->digest->cleanup(ctx); - if (ctx->digest && ctx->digest->ctx_size && ctx->md_data - && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - } + cleanup_old_md_data(ctx, 0); + /* * pctx should be freed by the user of EVP_MD_CTX * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set @@ -76,6 +87,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (ctx->engine && ctx->digest && (type == NULL || (type->type == ctx->digest->type))) goto skip_to_init; + if (type) { /* * Ensure an ENGINE left lying around from last time is cleared (the @@ -119,10 +131,8 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) } #endif if (ctx->digest != type) { - if (ctx->digest && ctx->digest->ctx_size) { - OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); - ctx->md_data = NULL; - } + cleanup_old_md_data(ctx, 1); + ctx->digest = type; if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) { ctx->update = type->update; diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c index 9dc887d91e4b..603224975ca1 100644 --- a/crypto/lhash/lhash.c +++ b/crypto/lhash/lhash.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -343,7 +343,8 @@ unsigned long OPENSSL_LH_strhash(const char *c) v = n | (*c); n += 0x100; r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; @@ -364,7 +365,8 @@ unsigned long openssl_lh_strcasehash(const char *c) for (n = 0x100; *c != '\0'; n += 0x100) { v = n | ossl_tolower(*c); r = (int)((v >> 2) ^ v) & 0x0f; - ret = (ret << r) | (ret >> (32 - r)); + /* cast to uint64_t to avoid 32 bit shift of 32 bit value */ + ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r)); ret &= 0xFFFFFFFFL; ret ^= v * v; c++; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 46006fe6cf9c..7e8de727f310 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n) return NULL; } return (ASN1_OBJECT *)&(nid_objs[n]); - } else if (added == NULL) + } else if (added == NULL) { + OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); return NULL; - else { + } else { ad.type = ADDED_NID; ad.obj = &ob; ob.nid = n; diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 24b49a2df258..63bf69e4437d 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/obj_dat.pl * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h index 5c3561ab7d7e..5ef094bbfd84 100644 --- a/crypto/objects/obj_xref.h +++ b/crypto/objects/obj_xref.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by objxref.pl * - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index 9526c16536cb..0f630a5bd963 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -1,5 +1,5 @@ /* - * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -572,6 +572,8 @@ static int echo_console(UI *ui) static int close_console(UI *ui) { + int ret = 1; + if (tty_in != stdin) fclose(tty_in); if (tty_out != stderr) @@ -584,12 +586,12 @@ static int close_console(UI *ui) BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status); UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR); ERR_add_error_data(2, "status=", tmp_num); - return 0; + ret = 0; } # endif CRYPTO_THREAD_unlock(ui->lock); - return 1; + return ret; } # if !defined(OPENSSL_SYS_WINCE) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index e404fcc602df..b18489f67f6e 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -2201,6 +2201,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, /* If purpose not set use default */ if (!purpose) purpose = def_purpose; + /* + * If purpose is set but we don't have a default then set the default to + * the current purpose + */ + else if (def_purpose == 0) + def_purpose = purpose; /* If we have a purpose then check it is valid */ if (purpose) { X509_PURPOSE *ptmp; @@ -2213,11 +2219,6 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, ptmp = X509_PURPOSE_get0(idx); if (ptmp->trust == X509_TRUST_DEFAULT) { idx = X509_PURPOSE_get_by_id(def_purpose); - /* - * XXX: In the two callers above def_purpose is always 0, which is - * not a known value, so idx will always be -1. How is the - * X509_TRUST_DEFAULT case actually supposed to be handled? - */ if (idx == -1) { X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, X509_R_UNKNOWN_PURPOSE_ID); diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index f41c699b5af0..a7ff4b4fb4d3 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -538,8 +538,11 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email return 0; emtmp = OPENSSL_strndup((char *)email->data, email->length); - if (emtmp == NULL) + if (emtmp == NULL) { + X509_email_free(*sk); + *sk = NULL; return 0; + } /* Don't add duplicates */ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { @@ -828,8 +831,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, rv = equal(a->data, a->length, (unsigned char *)b, blen, flags); else if (a->length == (int)blen && !memcmp(a->data, b, blen)) rv = 1; - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)a->data, a->length); + if (*peername == NULL) + return -1; + } } else { int astrlen; unsigned char *astr; @@ -842,8 +848,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal, return -1; } rv = equal(astr, astrlen, (unsigned char *)b, blen, flags); - if (rv > 0 && peername) + if (rv > 0 && peername != NULL) { *peername = OPENSSL_strndup((char *)astr, astrlen); + if (*peername == NULL) { + OPENSSL_free(astr); + return -1; + } + } OPENSSL_free(astr); } return rv; diff --git a/doc/man1/cms.pod b/doc/man1/cms.pod index 2caf3ef4d156..c30e834cfae7 100644 --- a/doc/man1/cms.pod +++ b/doc/man1/cms.pod @@ -719,6 +719,9 @@ the list of permitted ciphers in a database and only use those. No revocation checking is done on the signer's certificate. +The B<-binary> option does not work correctly when processing text input which +(contrary to the S/MIME specification) uses LF rather than CRLF line endings. + =head1 HISTORY The use of multiple B<-signer> options and the B<-resign> command were first @@ -735,7 +738,7 @@ The -no_alt_chains option was added in OpenSSL 1.0.2b. =head1 COPYRIGHT -Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_ctrl.pod b/doc/man3/BIO_ctrl.pod index 2e438c3ce952..cf6ba135dfe9 100644 --- a/doc/man3/BIO_ctrl.pod +++ b/doc/man3/BIO_ctrl.pod @@ -16,7 +16,7 @@ BIO_get_info_callback, BIO_set_info_callback, BIO_info_cb long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg); long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *cb); - char *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); + void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg); long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg); int BIO_reset(BIO *b); @@ -126,7 +126,7 @@ the case of BIO_seek() on a file BIO for a successful operation. =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BIO_f_base64.pod b/doc/man3/BIO_f_base64.pod index 5097c2849ba1..c2c5309a6017 100644 --- a/doc/man3/BIO_f_base64.pod +++ b/doc/man3/BIO_f_base64.pod @@ -21,13 +21,26 @@ any data read through it. Base64 BIOs do not support BIO_gets() or BIO_puts(). +For writing, output is by default divided to lines of length 64 +characters and there is always a newline at the end of output. + +For reading, first line should be at most 1024 +characters long. If it is longer then it is ignored completely. +Other input lines can be of any length. There must be a newline +at the end of input. + +This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag. + BIO_flush() on a base64 BIO that is being written through is used to signal that no more data is to be encoded: this is used to flush the final block through the BIO. -The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags() -to encode the data all on one line or expect the data to be all -on one line. +The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags(). +For writing, it causes all data to be written on one line without +newline at the end. +For reading, it forces the decoder to process the data regardless +of newlines. All newlines are ignored and the input does not need +to contain any newline at all. =head1 NOTES @@ -81,7 +94,7 @@ to reliably determine EOF (for example a MIME boundary). =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod index dccd4790ede7..a4912fbab1d5 100644 --- a/doc/man3/BN_add.pod +++ b/doc/man3/BN_add.pod @@ -3,7 +3,7 @@ =head1 NAME BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add, -BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd - +BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd - arithmetic operations on BIGNUMs =head1 SYNOPSIS @@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); + BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); + int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, @@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>. BN_mod_sqr() takes the square of I<a> modulo B<m> and places the result in I<r>. +BN_mod_sqrt() returns the modular square root of I<a> such that +C<in^2 = a (mod p)>. The modulus I<p> must be a +prime, otherwise an error or an incorrect "result" will be returned. +The result is stored into I<in> which can be NULL. The result will be +newly allocated in that case. + BN_exp() raises I<a> to the I<p>-th power and places the result in I<r> (C<r=a^p>). This function is faster than repeated applications of BN_mul(). @@ -108,7 +116,10 @@ the arguments. =head1 RETURN VALUES -For all functions, 1 is returned for success, 0 on error. The return +The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is +not a prime), or NULL. + +For all remaining functions, 1 is returned for success, 0 on error. The return value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>). The error codes can be obtained by L<ERR_get_error(3)>. @@ -119,7 +130,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)> =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/DEFINE_STACK_OF.pod b/doc/man3/DEFINE_STACK_OF.pod index 43a3214d584a..6f4ac7ec0ef0 100644 --- a/doc/man3/DEFINE_STACK_OF.pod +++ b/doc/man3/DEFINE_STACK_OF.pod @@ -238,7 +238,8 @@ sk_TYPE_pop(), sk_TYPE_shift(), sk_TYPE_delete() and sk_TYPE_delete_ptr() return a pointer to the deleted element or B<NULL> on error. sk_TYPE_insert(), sk_TYPE_push() and sk_TYPE_unshift() return the total -number of elements in the stack and 0 if an error occurred. +number of elements in the stack and 0 if an error occurred. sk_TYPE_push() +further returns -1 if B<sk> is B<NULL>. sk_TYPE_set() returns a pointer to the replacement element or B<NULL> on error. diff --git a/doc/man3/OBJ_nid2obj.pod b/doc/man3/OBJ_nid2obj.pod index 74379ad817da..b37d992307c2 100644 --- a/doc/man3/OBJ_nid2obj.pod +++ b/doc/man3/OBJ_nid2obj.pod @@ -68,13 +68,15 @@ If I<no_name> is 0 then long names and short names will be interpreted as well as numerical forms. If I<no_name> is 1 only the numerical form is acceptable. -OBJ_obj2txt() converts the B<ASN1_OBJECT> B<a> into a textual representation. -The representation is written as a null terminated string to B<buf> -at most B<buf_len> bytes are written, truncating the result if necessary. -The total amount of space required is returned. If B<no_name> is 0 then -if the object has a long or short name then that will be used, otherwise -the numerical form will be used. If B<no_name> is 1 then the numerical -form will always be used. +OBJ_obj2txt() converts the B<ASN1_OBJECT> I<a> into a textual representation. +Unless I<buf> is NULL, +the representation is written as a NUL-terminated string to I<buf>, where +at most I<buf_len> bytes are written, truncating the result if necessary. +In any case it returns the total string length, excluding the NUL character, +required for non-truncated representation, or -1 on error. +If I<no_name> is 0 then if the object has a long or short name +then that will be used, otherwise the numerical form will be used. +If I<no_name> is 1 then the numerical form will always be used. i2t_ASN1_OBJECT() is the same as OBJ_obj2txt() with the I<no_name> set to zero. @@ -141,6 +143,13 @@ on error. OBJ_obj2nid(), OBJ_ln2nid(), OBJ_sn2nid() and OBJ_txt2nid() return a NID or B<NID_undef> on error. +OBJ_add_sigid() returns 1 on success or 0 on error. + +i2t_ASN1_OBJECT() an OBJ_obj2txt() return -1 on error. +On success, they return the length of the string written to I<buf> if I<buf> is +not NULL and I<buf_len> is big enough, otherwise the total string length. +Note that this does not count the trailing NUL character. + =head1 EXAMPLES Create an object for B<commonName>: @@ -161,15 +170,6 @@ Create a new object directly: obj = OBJ_txt2obj("1.2.3.4", 1); -=head1 BUGS - -OBJ_obj2txt() is awkward and messy to use: it doesn't follow the -convention of other OpenSSL functions where the buffer can be set -to B<NULL> to determine the amount of data that should be written. -Instead B<buf> must point to a valid buffer and B<buf_len> should -be set to a positive value. A buffer length of 80 should be more -than enough to handle any OID encountered in practice. - =head1 SEE ALSO L<ERR_get_error(3)> @@ -181,7 +181,7 @@ and should not be used. =head1 COPYRIGHT -Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod index 900c4f3a5648..7f0e08868725 100644 --- a/doc/man3/SSL_CONF_cmd.pod +++ b/doc/man3/SSL_CONF_cmd.pod @@ -434,7 +434,7 @@ B<SessionTicket>: session ticket support, enabled by default. Inverse of B<SSL_OP_NO_TICKET>: that is B<-SessionTicket> is the same as setting B<SSL_OP_NO_TICKET>. -B<Compression>: SSL/TLS compression support, enabled by default. Inverse +B<Compression>: SSL/TLS compression support, disabled by default. Inverse of B<SSL_OP_NO_COMPRESSION>. B<EmptyFragments>: use empty fragments as a countermeasure against a @@ -694,7 +694,7 @@ B<AllowNoDHEKEX> and B<PrioritizeChaCha> were added in OpenSSL 1.1.1. =head1 COPYRIGHT -Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod index aba7fff781e5..b8024dc4af66 100644 --- a/doc/man3/X509_STORE_CTX_new.pod +++ b/doc/man3/X509_STORE_CTX_new.pod @@ -11,7 +11,10 @@ X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted, X509_STORE_CTX_get_num_untrusted, X509_STORE_CTX_set_default, X509_STORE_CTX_set_verify, -X509_STORE_CTX_verify_fn +X509_STORE_CTX_verify_fn, +X509_STORE_CTX_set_purpose, +X509_STORE_CTX_set_trust, +X509_STORE_CTX_purpose_inherit - X509_STORE_CTX initialisation =head1 SYNOPSIS @@ -44,6 +47,11 @@ X509_STORE_CTX_verify_fn typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); + int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); + int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); + int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, + int purpose, int trust); + =head1 DESCRIPTION These functions initialise an B<X509_STORE_CTX> structure for subsequent use @@ -120,6 +128,65 @@ following signature: This function should receive the current X509_STORE_CTX as a parameter and return 1 on success or 0 on failure. +X509 certificates may contain information about what purposes keys contained +within them can be used for. For example "TLS WWW Server Authentication" or +"Email Protection". This "key usage" information is held internally to the +certificate itself. In addition the trust store containing trusted certificates +can declare what purposes we trust different certificates for. This "trust" +information is not held within the certificate itself but is "meta" information +held alongside it. This "meta" information is associated with the certificate +after it is issued and could be determined by a system administrator. For +example a certificate might declare that it is suitable for use for both +"TLS WWW Server Authentication" and "TLS Client Authentication", but a system +administrator might only trust it for the former. An X.509 certificate extension +exists that can record extended key usage information to supplement the purpose +information described above. This extended mechanism is arbitrarily extensible +and not well suited for a generic library API; applications that need to +validate extended key usage information in certifiates will need to define a +custom "purpose" (see below) or supply a nondefault verification callback +(L<X509_STORE_set_verify_cb_func(3)>). + +X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being +verified in the I<ctx>. Built-in available values for the I<purpose> argument +are B<X509_PURPOSE_SSL_CLIENT>, B<X509_PURPOSE_SSL_SERVER>, +B<X509_PURPOSE_NS_SSL_SERVER>, B<X509_PURPOSE_SMIME_SIGN>, +B<X509_PURPOSE_SMIME_ENCRYPT>, B<X509_PURPOSE_CRL_SIGN>, B<X509_PURPOSE_ANY>, +B<X509_PURPOSE_OCSP_HELPER> and B<X509_PURPOSE_TIMESTAMP_SIGN>. It is also +possible to create a custom purpose value. Setting a purpose will ensure that +the key usage declared within certificates in the chain being verified is +consistent with that purpose as well as, potentially, other checks. Every +purpose also has an associated default trust value which will also be set at the +same time. During verification this trust setting will be verified to check it +is consistent with the trust set by the system administrator for certificates in +the chain. + +X509_STORE_CTX_set_trust() sets the trust value for the target certificate +being verified in the I<ctx>. Built-in available values for the I<trust> +argument are B<X509_TRUST_COMPAT>, B<X509_TRUST_SSL_CLIENT>, +B<X509_TRUST_SSL_SERVER>, B<X509_TRUST_EMAIL>, B<X509_TRUST_OBJECT_SIGN>, +B<X509_TRUST_OCSP_SIGN>, B<X509_TRUST_OCSP_REQUEST> and B<X509_TRUST_TSA>. It is +also possible to create a custom trust value. Since X509_STORE_CTX_set_purpose() +also sets the trust value it is normally sufficient to only call that function. +If both are called then X509_STORE_CTX_set_trust() should be called after +X509_STORE_CTX_set_purpose() since the trust setting of the last call will be +used. + +It should not normally be necessary for end user applications to call +X509_STORE_CTX_purpose_inherit() directly. Typically applications should call +X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this +function it is possible to set the purpose and trust values for the I<ctx> at +the same time. The I<def_purpose> and I<purpose> arguments can have the same +purpose values as described for X509_STORE_CTX_set_purpose() above. The I<trust> +argument can have the same trust values as described in +X509_STORE_CTX_set_trust() above. Any of the I<def_purpose>, I<purpose> or +I<trust> values may also have the value 0 to indicate that the supplied +parameter should be ignored. After calling this function the purpose to be used +for verification is set from the I<purpose> argument, and the trust is set from +the I<trust> argument. If I<trust> is 0 then the trust value will be set from +the default trust value for I<purpose>. If the default trust value for the +purpose is I<X509_TRUST_DEFAULT> and I<trust> is 0 then the default trust value +associated with the I<def_purpose> value is used for the trust setting instead. + =head1 NOTES The certificates and CRLs in a store are used internally and should B<not> @@ -164,7 +231,7 @@ The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/include/internal/sockets.h b/include/internal/sockets.h index 39186efef207..4fc1aecdbb20 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,8 @@ # include <sys/un.h> # include <tcp.h> # include <netdb.h> +# include <arpa/inet.h> +# include <netinet/tcp.h> # elif defined(_WIN32_WCE) && _WIN32_WCE<410 # define getservbyname _masked_declaration_getservbyname # endif diff --git a/include/openssl/engine.h b/include/openssl/engine.h index 0780f0fb5f32..d707eaeb6ee3 100644 --- a/include/openssl/engine.h +++ b/include/openssl/engine.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -722,6 +722,7 @@ typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id, CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \ fns->mem_fns.realloc_fn, \ fns->mem_fns.free_fn); \ + OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \ skip_cbs: \ if (!fn(e, id)) return 0; \ return 1; } diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h index eb812ed18dcc..53516a06c69b 100644 --- a/include/openssl/obj_mac.h +++ b/include/openssl/obj_mac.h @@ -2,7 +2,7 @@ * WARNING: do not edit! * Generated by crypto/objects/objects.pl * - * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 261d7cb326cb..c48626447036 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010dfL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1m 14 Dec 2021" +# define OPENSSL_VERSION_NUMBER 0x101010efL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n 15 Mar 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b256a4b93503..e4cf007f82a5 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA256, @@ -2187,7 +2187,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA256, @@ -2203,7 +2203,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA256, @@ -2235,7 +2235,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA256, @@ -2251,7 +2251,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA256, @@ -2267,7 +2267,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA256, diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e7feda81d046..eba96b207eee 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the OpenSSL license (the "License"). You may not use @@ -901,7 +901,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid, void *other, void *ex) { - int level, minbits; + int level, minbits, pfs_mask; minbits = ssl_get_security_level_bits(s, ctx, &level); @@ -936,8 +936,9 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, if (level >= 2 && c->algorithm_enc == SSL_RC4) return 0; /* Level 3: forward secure ciphersuites only */ + pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK; if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + !(c->algorithm_mkey & pfs_mask)) return 0; break; } |