Skip to content

Commit

Permalink
deps: upgrade openssl sources to OpenSSL_1_1_1q
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1q+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs/node#43692
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-July/000232.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Danielle Adams <[email protected]>
  • Loading branch information
RafaelGSS authored and guangwong committed Oct 10, 2022
1 parent 60498fc commit 4d5b94a
Show file tree
Hide file tree
Showing 17 changed files with 49,260 additions and 22 deletions.
13 changes: 13 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1p and 1.1.1q [5 Jul 2022]

*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.

Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]

Changes between 1.1.1o and 1.1.1p [21 Jun 2022]

*) In addition to the c_rehash shell command injection identified in
Expand Down
5 changes: 5 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]

o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
(CVE-2022-2097)

Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]

o Fixed additional bugs in the c_rehash script which was not properly
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README-OpenSSL.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.1.1p 21 Jun 2022
OpenSSL 1.1.1q 5 Jul 2022

Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ What This Is
This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
to the website, the official source distribution is at
<https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1p%2Bquic/README-OpenSSL.md).
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1q%2Bquic/README-OpenSSL.md).

This fork adds APIs that can be used by QUIC implementations for connection
handshakes. Quoting the IETF Working group
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/crypto/aes/asm/aesni-x86.pl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -2027,7 +2027,7 @@ sub aesni_generate6
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));

&set_label("short");
&add ($len,16*6);
Expand Down Expand Up @@ -2453,7 +2453,7 @@ sub aesni_generate6
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
&jb (&label("grandloop"));
&jbe (&label("grandloop"));

&set_label("short");
&add ($len,16*6);
Expand Down
8 changes: 5 additions & 3 deletions deps/openssl/openssl/crypto/bn/bn_gcd.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down Expand Up @@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;

BN_one(X);
if (!BN_one(X))
goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/ec/ec_asn1.c
Original file line number Diff line number Diff line change
Expand Up @@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
}

/* extract the order */
if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
Expand All @@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
} else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
} else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
Expand Down
16 changes: 13 additions & 3 deletions deps/openssl/openssl/crypto/x509v3/v3_addr.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand All @@ -13,6 +13,8 @@

#include <stdio.h>
#include <stdlib.h>
#include <assert.h>
#include <string.h>

#include "internal/cryptlib.h"
#include <openssl/conf.h>
Expand Down Expand Up @@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min,
unsigned char mask;
int i, j;

if (memcmp(min, max, length) <= 0)
return -1;
/*
* It is the responsibility of the caller to confirm min <= max. We don't
* use ossl_assert() here since we have no way of signalling an error from
* this function - so we just use a plain assert instead.
*/
assert(memcmp(min, max, length) <= 0);

for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
Expand Down Expand Up @@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result,
IPAddressOrRange *aor;
int i, prefixlen;

if (memcmp(min, max, length) > 0)
return 0;

if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
return make_addressPrefix(result, min, prefixlen);

Expand Down
2 changes: 2 additions & 0 deletions deps/openssl/openssl/crypto/x509v3/v3_sxnet.c
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
if (tmp == NULL)
return 0;
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
ASN1_STRING_print(out, id->user);
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/doc/man3/SSL_get_current_cipher.pod
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ SSL_get_pending_cipher - get SSL_CIPHER of a connection

#include <openssl/ssl.h>

SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);

const char *SSL_get_cipher_name(const SSL *s);
const char *SSL_get_cipher(const SSL *s);
Expand Down Expand Up @@ -61,7 +61,7 @@ L<ssl(7)>, L<SSL_CIPHER_get_name(3)>

=head1 COPYRIGHT

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
Expand Down
1 change: 0 additions & 1 deletion deps/openssl/openssl/include/crypto/bn_conf.h

This file was deleted.

1 change: 0 additions & 1 deletion deps/openssl/openssl/include/crypto/dso_conf.h

This file was deleted.

1 change: 0 additions & 1 deletion deps/openssl/openssl/include/openssl/opensslconf.h

This file was deleted.

4 changes: 2 additions & 2 deletions deps/openssl/openssl/include/openssl/opensslv.h
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1010110fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p+quic 21 Jun 2022"
# define OPENSSL_VERSION_NUMBER 0x1010111fL
# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q+quic 5 Jul 2022"

/*-
* The macros below are to be used for shared library (.so, .dll, ...)
Expand Down
Loading

0 comments on commit 4d5b94a

Please sign in to comment.