Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/crypto/external/bsd/openssl/dist merge for OpenSSL 1.0.2k
details: https://anonhg.NetBSD.org/src/rev/3541c756f03c
branches: trunk
changeset: 350945:3541c756f03c
user: spz <spz%NetBSD.org@localhost>
date: Fri Jan 27 23:16:20 2017 +0000
description:
merge for OpenSSL 1.0.2k
diffstat:
crypto/external/bsd/openssl/dist/CHANGES | 61 ++
crypto/external/bsd/openssl/dist/Configure | 34 +-
crypto/external/bsd/openssl/dist/Makefile | 5 +-
crypto/external/bsd/openssl/dist/NEWS | 8 +-
crypto/external/bsd/openssl/dist/README | 36 +-
crypto/external/bsd/openssl/dist/apps/ca.c | 6 +-
crypto/external/bsd/openssl/dist/apps/s_client.c | 7 +-
crypto/external/bsd/openssl/dist/apps/s_server.c | 7 +-
crypto/external/bsd/openssl/dist/apps/speed.c | 14 +-
crypto/external/bsd/openssl/dist/crypto/bn/bn_exp.c | 5 +-
crypto/external/bsd/openssl/dist/crypto/ec/ec2_mult.c | 20 +-
crypto/external/bsd/openssl/dist/crypto/evp/e_aes.c | 4 +-
crypto/external/bsd/openssl/dist/crypto/opensslv.h | 6 +-
crypto/external/bsd/openssl/dist/crypto/rsa/rsa_oaep.c | 8 +-
crypto/external/bsd/openssl/dist/crypto/ui/ui_lib.c | 138 ++--
crypto/external/bsd/openssl/dist/crypto/ui/ui_openssl.c | 59 +-
crypto/external/bsd/openssl/dist/doc/crypto/EVP_DigestVerifyInit.pod | 2 +-
crypto/external/bsd/openssl/dist/openssl.spec | 2 +-
crypto/external/bsd/openssl/dist/ssl/s2_lib.c | 2 +-
crypto/external/bsd/openssl/dist/ssl/s3_clnt.c | 44 +-
crypto/external/bsd/openssl/dist/ssl/s3_pkt.c | 23 +-
crypto/external/bsd/openssl/dist/ssl/s3_srvr.c | 33 +-
crypto/external/bsd/openssl/dist/ssl/ssl_err.c | 1 +
crypto/external/bsd/openssl/dist/ssl/ssl_lib.c | 4 +-
crypto/external/bsd/openssl/dist/ssl/ssl_locl.h | 2 +-
crypto/external/bsd/openssl/dist/ssl/ssl_sess.c | 9 +
crypto/external/bsd/openssl/dist/ssl/t1_lib.c | 293 ++++++---
27 files changed, 535 insertions(+), 298 deletions(-)
diffs (truncated from 1840 to 300 lines):
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/CHANGES
--- a/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/CHANGES Fri Jan 27 23:16:20 2017 +0000
@@ -2,6 +2,67 @@
OpenSSL CHANGES
_______________
+ Changes between 1.0.2j and 1.0.2k [26 Jan 2017]
+
+ *) Truncated packet could crash via OOB read
+
+ If one side of an SSL/TLS path is running on a 32-bit host and a specific
+ cipher is being used, then a truncated packet can cause that host to
+ perform an out-of-bounds read, usually resulting in a crash.
+
+ This issue was reported to OpenSSL by Robert Å?wiÄ?cki of Google.
+ (CVE-2017-3731)
+ [Andy Polyakov]
+
+ *) BN_mod_exp may produce incorrect results on x86_64
+
+ There is a carry propagating bug in the x86_64 Montgomery squaring
+ procedure. No EC algorithms are affected. Analysis suggests that attacks
+ against RSA and DSA as a result of this defect would be very difficult to
+ perform and are not believed likely. Attacks against DH are considered just
+ feasible (although very difficult) because most of the work necessary to
+ deduce information about a private key may be performed offline. The amount
+ of resources required for such an attack would be very significant and
+ likely only accessible to a limited number of attackers. An attacker would
+ additionally need online access to an unpatched system using the target
+ private key in a scenario with persistent DH parameters and a private
+ key that is shared between multiple clients. For example this can occur by
+ default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+ similar to CVE-2015-3193 but must be treated as a separate problem.
+
+ This issue was reported to OpenSSL by the OSS-Fuzz project.
+ (CVE-2017-3732)
+ [Andy Polyakov]
+
+ *) Montgomery multiplication may produce incorrect results
+
+ There is a carry propagating bug in the Broadwell-specific Montgomery
+ multiplication procedure that handles input lengths divisible by, but
+ longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+ and DH private keys are impossible. This is because the subroutine in
+ question is not used in operations with the private key itself and an input
+ of the attacker's direct choice. Otherwise the bug can manifest itself as
+ transient authentication and key negotiation failures or reproducible
+ erroneous outcome of public-key operations with specially crafted input.
+ Among EC algorithms only Brainpool P-512 curves are affected and one
+ presumably can attack ECDH key negotiation. Impact was not analyzed in
+ detail, because pre-requisites for attack are considered unlikely. Namely
+ multiple clients have to choose the curve in question and the server has to
+ share the private key among them, neither of which is default behaviour.
+ Even then only clients that chose the curve will be affected.
+
+ This issue was publicly reported as transient failures and was not
+ initially recognized as a security issue. Thanks to Richard Morgan for
+ providing reproducible case.
+ (CVE-2016-7055)
+ [Andy Polyakov]
+
+ *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+ or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+ prevent issues where no progress is being made and the peer continually
+ sends unrecognised record types, using up resources processing them.
+ [Matt Caswell]
+
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/Configure
--- a/crypto/external/bsd/openssl/dist/Configure Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/Configure Fri Jan 27 23:16:20 2017 +0000
@@ -7,6 +7,7 @@
require 5.000;
use strict;
+use File::Compare;
# see INSTALL for instructions.
@@ -57,12 +58,13 @@
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
-# 386 generate 80386 code
# enable-weak-ssl-ciphers
# Enable EXPORT and LOW SSLv3 ciphers that are disabled by
# default. Note, weak SSLv2 ciphers are unconditionally
# disabled.
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# 386 generate 80386 code in assembly modules
+# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
+# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
@@ -1792,8 +1794,16 @@
}
close(IN);
close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+if ((compare($Makefile, "$Makefile.new"))
+ or file_newer('Configure', $Makefile)
+ or file_newer('config', $Makefile)
+ or file_newer('Makefile.org', $Makefile))
+ {
+ rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+ rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+ }
+else
+ { unlink("$Makefile.new"); }
print "CC =$cc\n";
print "CFLAG =$cflags\n";
@@ -1985,9 +1995,13 @@
print OUT "}\n";
print OUT "#endif\n";
close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
+if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
+ {
+ rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+ rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+ }
+else
+ { unlink("crypto/opensslconf.h.new"); }
# Fix the date
@@ -2289,3 +2303,9 @@
print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
return $errorcnt;
}
+
+sub file_newer
+ {
+ my ($file1, $file2) = @_;
+ return (stat($file1))[9] > (stat($file2))[9]
+ }
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/Makefile
--- a/crypto/external/bsd/openssl/dist/Makefile Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/Makefile Fri Jan 27 23:16:20 2017 +0000
@@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
-VERSION=1.0.2j
+VERSION=1.0.2k
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
@@ -203,7 +203,8 @@
$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS} \
$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS} \
- $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+ $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS} \
+ $${APPS+APPS}
# LC_ALL=C ensures that error [and other] messages are delivered in
# same language for uniform treatment.
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/NEWS
--- a/crypto/external/bsd/openssl/dist/NEWS Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/NEWS Fri Jan 27 23:16:20 2017 +0000
@@ -5,9 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [26 Jan 2017]
+
+ o Truncated packet could crash via OOB read (CVE-2017-3731)
+ o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+ o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
- o Fix Use After Free for large message sizes (CVE-2016-6309)
+ o Missing CRL sanity check (CVE-2016-7052)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/README
--- a/crypto/external/bsd/openssl/dist/README Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/README Fri Jan 27 23:16:20 2017 +0000
@@ -1,5 +1,5 @@
- OpenSSL 1.0.2j 26 Sep 2016
+ OpenSSL 1.0.2k 26 Jan 2017
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -66,13 +66,13 @@
If you have any problems with OpenSSL then please take the following steps
first:
- - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+ - Download the latest version from the repository
to see if the problem has already been addressed
- - Remove ASM versions of libraries
+ - Configure with no-asm
- Remove compiler optimisation flags
- If you wish to report a bug then please include the following information in
- any bug report:
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
- On Unix systems:
Self-test report generated by 'make report'
@@ -84,27 +84,9 @@
- Problem Description (steps that will reproduce the problem, if known)
- Stack Traceback (if the application dumps core)
- Email the report to:
-
- rt%openssl.org@localhost
-
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up. (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list. Confidential mail
- may be sent to openssl-security%openssl.org@localhost (PGP key available from the
- key servers).
-
- Please do NOT use this for general assistance or support queries.
Just because something doesn't work the way you expect does not mean it
is necessarily a bug in OpenSSL.
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt%openssl.org@localhost with a link to the PR so that we can more easily
- keep track of it.
-
HOW TO CONTRIBUTE TO OpenSSL
----------------------------
@@ -113,7 +95,7 @@
LEGALITIES
----------
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/apps/ca.c
--- a/crypto/external/bsd/openssl/dist/apps/ca.c Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/ca.c Fri Jan 27 23:16:20 2017 +0000
@@ -319,9 +319,7 @@
#define BSIZE 256
MS_STATIC char buf[3][BSIZE];
char *randfile = NULL;
-#ifndef OPENSSL_NO_ENGINE
char *engine = NULL;
-#endif
char *tofree = NULL;
DB_ATTR db_attr;
@@ -595,9 +593,7 @@
if (!load_config(bio_err, conf))
goto err;
-#ifndef OPENSSL_NO_ENGINE
e = setup_engine(bio_err, engine, 0);
-#endif
/* Lets get the config section we are using */
if (section == NULL) {
@@ -1485,6 +1481,7 @@
X509_CRL_free(crl);
NCONF_free(conf);
NCONF_free(extconf);
+ release_engine(e);
OBJ_cleanup();
apps_shutdown();
OPENSSL_EXIT(ret);
@@ -2227,7 +2224,6 @@
sk = CONF_get_section(parms, "default");
if (sk_CONF_VALUE_num(sk) == 0) {
BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
- CONF_free(parms);
goto err;
}
diff -r 6c2c58edcd94 -r 3541c756f03c crypto/external/bsd/openssl/dist/apps/s_client.c
--- a/crypto/external/bsd/openssl/dist/apps/s_client.c Fri Jan 27 23:00:46 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/apps/s_client.c Fri Jan 27 23:16:20 2017 +0000
@@ -695,12 +695,12 @@
char *inrand = NULL;
int mbuf_len = 0;
struct timeval timeout, *timeoutp;
Home |
Main Index |
Thread Index |
Old Index