From 6efc84492200d9ef03d914e35405508a88aae6c0 Mon Sep 17 00:00:00 2001 From: RafaelGSS Date: Tue, 3 May 2022 16:54:23 -0300 Subject: [PATCH] deps: upgrade openssl sources to OpenSSL_1_1_1o This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1o+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: https://github.com/nodejs/node/pull/42957 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html Reviewed-By: Beth Griggs --- deps/openssl/openssl/CHANGES | 13 ++ deps/openssl/openssl/NEWS | 7 +- deps/openssl/openssl/README-OpenSSL.md | 4 +- deps/openssl/openssl/README.md | 2 +- deps/openssl/openssl/apps/apps.c | 2 + deps/openssl/openssl/apps/x509.c | 6 +- deps/openssl/openssl/crypto/bn/bn_div.c | 8 +- deps/openssl/openssl/crypto/bn/bn_exp.c | 5 +- .../openssl/crypto/ec/curve448/curve448.c | 3 +- deps/openssl/openssl/crypto/ec/ecp_nistz256.c | 3 +- deps/openssl/openssl/crypto/engine/eng_dyn.c | 33 +++-- deps/openssl/openssl/crypto/err/err.c | 45 ++++++- deps/openssl/openssl/crypto/evp/evp_enc.c | 10 +- deps/openssl/openssl/crypto/evp/evp_local.h | 4 +- deps/openssl/openssl/crypto/init.c | 13 +- deps/openssl/openssl/crypto/s390x_arch.h | 5 +- deps/openssl/openssl/crypto/s390xcap.c | 5 +- deps/openssl/openssl/doc/fingerprints.txt | 10 ++ .../openssl/doc/man3/SSL_CTX_set_timeout.pod | 12 +- deps/openssl/openssl/include/crypto/bn_conf.h | 1 - .../openssl/openssl/include/crypto/dso_conf.h | 1 - .../openssl/include/openssl/opensslconf.h | 1 - .../openssl/include/openssl/opensslv.h | 7 +- deps/openssl/openssl/ssl/s3_enc.c | 4 +- deps/openssl/openssl/ssl/ssl_init.c | 19 +-- deps/openssl/openssl/ssl/ssl_lib.c | 4 +- deps/openssl/openssl/ssl/ssl_txt.c | 6 +- deps/openssl/openssl/ssl/statem/statem_clnt.c | 7 +- deps/openssl/openssl/ssl/statem/statem_dtls.c | 8 +- deps/openssl/openssl/ssl/statem/statem_srvr.c | 23 +++- deps/openssl/openssl/ssl/t1_enc.c | 4 +- deps/openssl/openssl/test/dtls_mtu_test.c | 50 ++++++- .../openssl/test/recipes/70-test_tls13hrr.t | 53 +++++++- .../cryptography.sh | 18 +-- .../openssl/test/ssl-tests/10-resumption.conf | 121 ++++++++++++++++- .../test/ssl-tests/11-dtls_resumption.conf | 124 +++++++++++++++++- .../test/ssl-tests/protocol_version.pm | 65 ++++++++- deps/openssl/openssl/test/sslapitest.c | 66 +++++++++- deps/openssl/openssl/tools/c_rehash.in | 31 ++++- 39 files changed, 687 insertions(+), 116 deletions(-) delete mode 100644 deps/openssl/openssl/include/crypto/bn_conf.h delete mode 100644 deps/openssl/openssl/include/crypto/dso_conf.h delete mode 100644 deps/openssl/openssl/include/openssl/opensslconf.h diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index 2858c6b3b7bd4c..74595df17d0c3f 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -7,6 +7,19 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1n and 1.1.1o [3 May 2022] + + *) Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection. This script is distributed by + some operating systems in a manner where it is automatically executed. On + such operating systems, an attacker could execute arbitrary commands with the + privileges of the script. + + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + (CVE-2022-1292) + [Tomáš Mráz] + Changes between 1.1.1m and 1.1.1n [15 Mar 2022] *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS index f4ac262888ad34..d32cf5bb48dd0f 100644 --- a/deps/openssl/openssl/NEWS +++ b/deps/openssl/openssl/NEWS @@ -5,10 +5,15 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022] + + o Fixed a bug in the c_rehash script which was not properly sanitising + shell metacharacters to prevent command injection (CVE-2022-1292) + Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022] o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop - forever for non-prime moduli ([CVE-2022-0778]) + forever for non-prime moduli (CVE-2022-0778) Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021] diff --git a/deps/openssl/openssl/README-OpenSSL.md b/deps/openssl/openssl/README-OpenSSL.md index 3e100933f38809..a56311a4d1867a 100644 --- a/deps/openssl/openssl/README-OpenSSL.md +++ b/deps/openssl/openssl/README-OpenSSL.md @@ -1,7 +1,7 @@ - OpenSSL 1.1.1n 15 Mar 2022 + OpenSSL 1.1.1o 3 May 2022 - Copyright (c) 1998-2021 The OpenSSL Project + Copyright (c) 1998-2022 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. diff --git a/deps/openssl/openssl/README.md b/deps/openssl/openssl/README.md index 0d5261bf706040..63b2406f4e58da 100644 --- a/deps/openssl/openssl/README.md +++ b/deps/openssl/openssl/README.md @@ -4,7 +4,7 @@ What This Is This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition to the website, the official source distribution is at . The OpenSSL `README` can be found at -[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1n%2Bquic/README-OpenSSL.md). +[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1o%2Bquic/README-OpenSSL.md). This fork adds APIs that can be used by QUIC implementations for connection handshakes. Quoting the IETF Working group diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c index 1a92271595f11a..db5b48e4cf2f27 100644 --- a/deps/openssl/openssl/apps/apps.c +++ b/deps/openssl/openssl/apps/apps.c @@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) if (cb_data != NULL && cb_data->password != NULL && *(const char*)cb_data->password != '\0') pw_min_len = 1; + else if (!verify) + pw_min_len = 0; prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); if (!prompt) { BIO_printf(bio_err, "Out of memory\n"); diff --git a/deps/openssl/openssl/apps/x509.c b/deps/openssl/openssl/apps/x509.c index 1043eba0c8a03d..1f53504209dea8 100644 --- a/deps/openssl/openssl/apps/x509.c +++ b/deps/openssl/openssl/apps/x509.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -590,6 +590,8 @@ int x509_main(int argc, char **argv) xca = load_cert(CAfile, CAformat, "CA Certificate"); if (xca == NULL) goto end; + if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) + goto end; } out = bio_open_default(outfile, 'w', outformat); @@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges goto end; } - if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) - goto end; if (!X509_set_serialNumber(x, bs)) goto end; diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c index 0da9f39b31a93d..4273618825cc16 100644 --- a/deps/openssl/openssl/crypto/bn/bn_div.c +++ b/deps/openssl/openssl/crypto/bn/bn_div.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, snum->neg = num_neg; snum->top = div_n; snum->flags |= BN_FLG_FIXED_TOP; - if (rm != NULL) - bn_rshift_fixed_top(rm, snum, norm_shift); + + if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0) + goto err; + BN_CTX_end(ctx); return 1; err: diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c index 9531acfc3c9484..8c54ab005ca681 100644 --- a/deps/openssl/openssl/crypto/bn/bn_exp.c +++ b/deps/openssl/openssl/crypto/bn/bn_exp.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, return ret; } + BN_RECP_CTX_init(&recp); + BN_CTX_start(ctx); aa = BN_CTX_get(ctx); val[0] = BN_CTX_get(ctx); if (val[0] == NULL) goto err; - BN_RECP_CTX_init(&recp); if (m->neg) { /* ignore sign of 'm' */ if (!BN_copy(aa, m)) diff --git a/deps/openssl/openssl/crypto/ec/curve448/curve448.c b/deps/openssl/openssl/crypto/ec/curve448/curve448.c index 12d97f06795b50..3d4db44564e9de 100644 --- a/deps/openssl/openssl/crypto/ec/curve448/curve448.c +++ b/deps/openssl/openssl/crypto/ec/curve448/curve448.c @@ -1,5 +1,5 @@ /* - * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2015-2016 Cryptography Research, Inc. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -577,6 +577,7 @@ static int recode_wnaf(struct smvt_control *control, int32_t delta = odd & mask; assert(position >= 0); + assert(pos < 32); /* can't fail since current & 0xFFFF != 0 */ if (odd & (1 << (table_bits + 1))) delta -= (1 << (table_bits + 1)); current -= delta * (1 << pos); diff --git a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c index 5005249b05eaff..cfad3e15b0bf38 100644 --- a/deps/openssl/openssl/crypto/ec/ecp_nistz256.c +++ b/deps/openssl/openssl/crypto/ec/ecp_nistz256.c @@ -1,5 +1,5 @@ /* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2014, Intel Corporation. All Rights Reserved. * Copyright (c) 2015, CloudFlare, Inc. * @@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, return 0; } + memset(&p, 0, sizeof(p)); BN_CTX_start(ctx); if (scalar) { diff --git a/deps/openssl/openssl/crypto/engine/eng_dyn.c b/deps/openssl/openssl/crypto/engine/eng_dyn.c index 6a0ddc162d009b..27d7b893cdad38 100644 --- a/deps/openssl/openssl/crypto/engine/eng_dyn.c +++ b/deps/openssl/openssl/crypto/engine/eng_dyn.c @@ -393,6 +393,26 @@ static int int_load(dynamic_data_ctx *ctx) return 0; } +/* + * Unfortunately the version checker does not distinguish between + * engines built for openssl 1.1.x and openssl 3.x, but loading + * an engine that is built for openssl 3.x will cause a fatal + * error. Detect such engines, since EVP_PKEY_get_base_id is exported + * as a function in openssl 3.x, while it is named EVP_PKEY_base_id + * in openssl 1.1.x. Therefore we take the presence of that symbol + * as an indication that the engine will be incompatible. + */ +static int using_libcrypto_3(dynamic_data_ctx *ctx) +{ + int ret; + + ERR_set_mark(); + ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL; + ERR_pop_to_mark(); + + return ret; +} + static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) { ENGINE cpy; @@ -442,18 +462,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) /* * We fail if the version checker veto'd the load *or* if it is * deferring to us (by returning its version) and we think it is too - * old. - * Unfortunately the version checker does not distinguish between - * engines built for openssl 1.1.x and openssl 3.x, but loading - * an engine that is built for openssl 3.x will cause a fatal - * error. Detect such engines, since EVP_PKEY_get_base_id is exported - * as a function in openssl 3.x, while it is named EVP_PKEY_base_id - * in openssl 1.1.x. Therefore we take the presence of that symbol - * as an indication that the engine will be incompatible. + * old. Also fail if this is engine for openssl 3.x. */ - if (vcheck_res < OSSL_DYNAMIC_OLDEST - || DSO_bind_func(ctx->dynamic_dso, - "EVP_PKEY_get_base_id") != NULL) { + if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) { /* Fail */ ctx->bind_engine = NULL; ctx->v_check = NULL; diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c index bd116e249acb54..239a3cea9cc22c 100644 --- a/deps/openssl/openssl/crypto/err/err.c +++ b/deps/openssl/openssl/crypto/err/err.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,7 +23,9 @@ #include "internal/constant_time.h" #include "e_os.h" +#ifndef OPENSSL_NO_ERR static int err_load_strings(const ERR_STRING_DATA *str); +#endif static void ERR_STATE_free(ERR_STATE *s); #ifndef OPENSSL_NO_ERR @@ -76,9 +78,9 @@ static ERR_STRING_DATA ERR_str_functs[] = { {ERR_PACK(0, SYS_F_BIND, 0), "bind"}, {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"}, {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"}, -# ifdef OPENSSL_SYS_WINDOWS +#ifdef OPENSSL_SYS_WINDOWS {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"}, -# endif +#endif {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"}, {ERR_PACK(0, SYS_F_FREAD, 0), "fread"}, {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"}, @@ -141,21 +143,26 @@ static int set_err_thread_local; static CRYPTO_THREAD_LOCAL err_thread_local; static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT; -static CRYPTO_RWLOCK *err_string_lock; +static CRYPTO_RWLOCK *err_string_lock = NULL; +#ifndef OPENSSL_NO_ERR static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); +#endif /* * The internal state */ +#ifndef OPENSSL_NO_ERR static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL; +#endif static int int_err_library_number = ERR_LIB_USER; static unsigned long get_error_values(int inc, int top, const char **file, int *line, const char **data, int *flags); +#ifndef OPENSSL_NO_ERR static unsigned long err_string_data_hash(const ERR_STRING_DATA *a) { unsigned long ret, l; @@ -184,7 +191,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) return p; } -#ifndef OPENSSL_NO_ERR /* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */ # define SPACE_SYS_STR_REASONS 8 * 1024 # define NUM_SYS_STR_REASONS 127 @@ -299,6 +305,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) err_string_lock = CRYPTO_THREAD_lock_new(); if (err_string_lock == NULL) return 0; +#ifndef OPENSSL_NO_ERR int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash, err_string_data_cmp); if (int_error_hash == NULL) { @@ -306,6 +313,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init) err_string_lock = NULL; return 0; } +#endif return 1; } @@ -315,10 +323,13 @@ void err_cleanup(void) CRYPTO_THREAD_cleanup_local(&err_thread_local); CRYPTO_THREAD_lock_free(err_string_lock); err_string_lock = NULL; +#ifndef OPENSSL_NO_ERR lh_ERR_STRING_DATA_free(int_error_hash); int_error_hash = NULL; +#endif } +#ifndef OPENSSL_NO_ERR /* * Legacy; pack in the library. */ @@ -342,6 +353,7 @@ static int err_load_strings(const ERR_STRING_DATA *str) CRYPTO_THREAD_unlock(err_string_lock); return 1; } +#endif int ERR_load_ERR_strings(void) { @@ -360,24 +372,31 @@ int ERR_load_ERR_strings(void) int ERR_load_strings(int lib, ERR_STRING_DATA *str) { +#ifndef OPENSSL_NO_ERR if (ERR_load_ERR_strings() == 0) return 0; err_patch(lib, str); err_load_strings(str); +#endif + return 1; } int ERR_load_strings_const(const ERR_STRING_DATA *str) { +#ifndef OPENSSL_NO_ERR if (ERR_load_ERR_strings() == 0) return 0; err_load_strings(str); +#endif + return 1; } int ERR_unload_strings(int lib, ERR_STRING_DATA *str) { +#ifndef OPENSSL_NO_ERR if (!RUN_ONCE(&err_string_init, do_err_strings_init)) return 0; @@ -389,14 +408,14 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str) for (; str->error; str++) (void)lh_ERR_STRING_DATA_delete(int_error_hash, str); CRYPTO_THREAD_unlock(err_string_lock); +#endif return 1; } void err_free_strings_int(void) { - if (!RUN_ONCE(&err_string_init, do_err_strings_init)) - return; + /* obsolete */ } /********************************************************/ @@ -636,6 +655,7 @@ char *ERR_error_string(unsigned long e, char *ret) const char *ERR_lib_error_string(unsigned long e) { +#ifndef OPENSSL_NO_ERR ERR_STRING_DATA d, *p; unsigned long l; @@ -647,10 +667,14 @@ const char *ERR_lib_error_string(unsigned long e) d.error = ERR_PACK(l, 0, 0); p = int_err_get_item(&d); return ((p == NULL) ? NULL : p->string); +#else + return NULL; +#endif } const char *ERR_func_error_string(unsigned long e) { +#ifndef OPENSSL_NO_ERR ERR_STRING_DATA d, *p; unsigned long l, f; @@ -663,10 +687,14 @@ const char *ERR_func_error_string(unsigned long e) d.error = ERR_PACK(l, f, 0); p = int_err_get_item(&d); return ((p == NULL) ? NULL : p->string); +#else + return NULL; +#endif } const char *ERR_reason_error_string(unsigned long e) { +#ifndef OPENSSL_NO_ERR ERR_STRING_DATA d, *p = NULL; unsigned long l, r; @@ -683,6 +711,9 @@ const char *ERR_reason_error_string(unsigned long e) p = int_err_get_item(&d); } return ((p == NULL) ? NULL : p->string); +#else + return NULL; +#endif } void err_delete_thread_state(void) diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c index d835968f253ce2..e756624b2cdf82 100644 --- a/deps/openssl/openssl/crypto/evp/evp_enc.c +++ b/deps/openssl/openssl/crypto/evp/evp_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, # define PTRDIFF_T size_t #endif -int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) +int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len) { PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; /* @@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int i, j, bl, cmpl = inl; + int i, j, bl; + size_t cmpl = (size_t)inl; if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) cmpl = (cmpl + 7) / 8; @@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) { - int fix_len, cmpl = inl; + int fix_len; unsigned int b; + size_t cmpl = (size_t)inl; /* Prevent accidental use of encryption context when decrypting */ if (ctx->encrypt) { diff --git a/deps/openssl/openssl/crypto/evp/evp_local.h b/deps/openssl/openssl/crypto/evp/evp_local.h index f1589d68289428..b59beee49fa8c7 100644 --- a/deps/openssl/openssl/crypto/evp/evp_local.h +++ b/deps/openssl/openssl/crypto/evp/evp_local.h @@ -1,5 +1,5 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st { typedef struct evp_pbe_st EVP_PBE_CTL; DEFINE_STACK_OF(EVP_PBE_CTL) -int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); +int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len); diff --git a/deps/openssl/openssl/crypto/init.c b/deps/openssl/openssl/crypto/init.c index 1b0d523beae0f3..b23af7977cd286 100644 --- a/deps/openssl/openssl/crypto/init.c +++ b/deps/openssl/openssl/crypto/init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -211,7 +211,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete) } static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT; -static int load_crypto_strings_inited = 0; + DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) { int ret = 1; @@ -225,7 +225,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings) "err_load_crypto_strings_int()\n"); # endif ret = err_load_crypto_strings_int(); - load_crypto_strings_inited = 1; #endif return ret; } @@ -549,14 +548,6 @@ void OPENSSL_cleanup(void) async_deinit(); } - if (load_crypto_strings_inited) { -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: " - "err_free_strings_int()\n"); -#endif - err_free_strings_int(); - } - key = destructor_key.value; destructor_key.sane = -1; CRYPTO_THREAD_cleanup_local(&key); diff --git a/deps/openssl/openssl/crypto/s390x_arch.h b/deps/openssl/openssl/crypto/s390x_arch.h index 4d2cc02eb3d306..64e7ebb5662e9b 100644 --- a/deps/openssl/openssl/crypto/s390x_arch.h +++ b/deps/openssl/openssl/crypto/s390x_arch.h @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -47,6 +47,9 @@ struct OPENSSL_s390xcap_st { unsigned long long kma[2]; }; +#if defined(__GNUC__) && defined(__linux) +__attribute__ ((visibility("hidden"))) +#endif extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; /* convert facility bit number or function code to bit mask */ diff --git a/deps/openssl/openssl/crypto/s390xcap.c b/deps/openssl/openssl/crypto/s390xcap.c index 5d58b2d807b427..1097c703b4fbac 100644 --- a/deps/openssl/openssl/crypto/s390xcap.c +++ b/deps/openssl/openssl/crypto/s390xcap.c @@ -1,5 +1,5 @@ /* - * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -26,6 +26,9 @@ void OPENSSL_vx_probe(void); struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P; +#if defined(__GNUC__) && defined(__linux) +__attribute__ ((visibility("hidden"))) +#endif void OPENSSL_cpuid_setup(void) { sigset_t oset; diff --git a/deps/openssl/openssl/doc/fingerprints.txt b/deps/openssl/openssl/doc/fingerprints.txt index 51e76c8f71b91c..3604fbdc658c05 100644 --- a/deps/openssl/openssl/doc/fingerprints.txt +++ b/deps/openssl/openssl/doc/fingerprints.txt @@ -22,3 +22,13 @@ pub 2048R/0E604491 2013-04-30 Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491 uid Matt Caswell uid Matt Caswell + +pub rsa4096 2021-02-14 + B7C1 C143 60F3 53A3 6862 E4D5 231C 84CD DCC6 9C45 +uid Paul Dale + +pub rsa4096 2021-07-16 + A21F AB74 B008 8AA3 6115 2586 B8EF 1A6B A9DA 2D5C +uid Tomáš Mráz +uid Tomáš Mráz +uid Tomáš Mráz diff --git a/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod b/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod index c32585e45f9246..e76353cfd4b9c3 100644 --- a/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod +++ b/deps/openssl/openssl/doc/man3/SSL_CTX_set_timeout.pod @@ -42,6 +42,16 @@ basis, see L. All currently supported protocols have the same default timeout value of 300 seconds. +This timeout value is used as the ticket lifetime hint for stateless session +tickets. It is also used as the timeout value within the ticket itself. + +For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800 +seconds). + +For TLSv1.2, tickets generated during an initial handshake use the value +as specified. Tickets generated during a resumed handshake have a value +of 0 for the ticket lifetime hint. + =head1 RETURN VALUES SSL_CTX_set_timeout() returns the previously set timeout value. @@ -58,7 +68,7 @@ L =head1 COPYRIGHT -Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff --git a/deps/openssl/openssl/include/crypto/bn_conf.h b/deps/openssl/openssl/include/crypto/bn_conf.h deleted file mode 100644 index 79400c6472a49c..00000000000000 --- a/deps/openssl/openssl/include/crypto/bn_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/bn_conf.h" diff --git a/deps/openssl/openssl/include/crypto/dso_conf.h b/deps/openssl/openssl/include/crypto/dso_conf.h deleted file mode 100644 index e7f2afa9872320..00000000000000 --- a/deps/openssl/openssl/include/crypto/dso_conf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../../config/dso_conf.h" diff --git a/deps/openssl/openssl/include/openssl/opensslconf.h b/deps/openssl/openssl/include/openssl/opensslconf.h deleted file mode 100644 index 76c99d433ab886..00000000000000 --- a/deps/openssl/openssl/include/openssl/opensslconf.h +++ /dev/null @@ -1 +0,0 @@ -#include "../../config/opensslconf.h" diff --git a/deps/openssl/openssl/include/openssl/opensslv.h b/deps/openssl/openssl/include/openssl/opensslv.h index 5efa7860a0d954..9c5cabb19d22b6 100644 --- a/deps/openssl/openssl/include/openssl/opensslv.h +++ b/deps/openssl/openssl/include/openssl/opensslv.h @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -39,8 +39,9 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x101010efL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1n+quic 15 Mar 2022" + +# define OPENSSL_VERSION_NUMBER 0x101010ffL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1o+quic 3 May 2022" /*- * The macros below are to be used for shared library (.so, .dll, ...) diff --git a/deps/openssl/openssl/ssl/s3_enc.c b/deps/openssl/openssl/ssl/s3_enc.c index 8a89f512fe6085..7b119b452fd7fd 100644 --- a/deps/openssl/openssl/ssl/s3_enc.c +++ b/deps/openssl/openssl/ssl/s3_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -589,6 +589,8 @@ int ssl3_alert_code(int code) return TLS1_AD_NO_APPLICATION_PROTOCOL; case SSL_AD_CERTIFICATE_REQUIRED: return SSL_AD_HANDSHAKE_FAILURE; + case SSL_AD_MISSING_EXTENSION: + return SSL_AD_HANDSHAKE_FAILURE; default: return -1; } diff --git a/deps/openssl/openssl/ssl/ssl_init.c b/deps/openssl/openssl/ssl/ssl_init.c index d083d9597091ab..a5d45480c9e018 100644 --- a/deps/openssl/openssl/ssl/ssl_init.c +++ b/deps/openssl/openssl/ssl/ssl_init.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,7 +116,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base) } static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT; -static int ssl_strings_inited = 0; + DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) { /* @@ -129,7 +129,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings) "ERR_load_SSL_strings()\n"); # endif ERR_load_SSL_strings(); - ssl_strings_inited = 1; #endif return 1; } @@ -157,20 +156,6 @@ static void ssl_library_stop(void) ssl_comp_free_compression_methods_int(); #endif } - - if (ssl_strings_inited) { -#ifdef OPENSSL_INIT_DEBUG - fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: " - "err_free_strings_int()\n"); -#endif - /* - * If both crypto and ssl error strings are inited we will end up - * calling err_free_strings_int() twice - but that's ok. The second - * time will be a no-op. It's easier to do that than to try and track - * between the two libraries whether they have both been inited. - */ - err_free_strings_int(); - } } /* diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c index 87a5f32c0104a5..401f79914e7da5 100644 --- a/deps/openssl/openssl/ssl/ssl_lib.c +++ b/deps/openssl/openssl/ssl/ssl_lib.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -2169,6 +2169,7 @@ int SSL_shutdown(SSL *s) if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + memset(&args, 0, sizeof(args)); args.s = s; args.type = OTHERFUNC; args.f.func_other = s->method->ssl_shutdown; @@ -3812,6 +3813,7 @@ int SSL_do_handshake(SSL *s) if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { struct ssl_async_args args; + memset(&args, 0, sizeof(args)); args.s = s; ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); diff --git a/deps/openssl/openssl/ssl/ssl_txt.c b/deps/openssl/openssl/ssl/ssl_txt.c index 457bc8b3c20a98..759e1873e6b19a 100644 --- a/deps/openssl/openssl/ssl/ssl_txt.c +++ b/deps/openssl/openssl/ssl/ssl_txt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -130,11 +130,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x) } #endif if (x->time != 0L) { - if (BIO_printf(bp, "\n Start Time: %ld", x->time) <= 0) + if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0) goto err; } if (x->timeout != 0L) { - if (BIO_printf(bp, "\n Timeout : %ld (sec)", x->timeout) <= 0) + if (BIO_printf(bp, "\n Timeout : %lld (sec)", (long long)x->timeout) <= 0) goto err; } if (BIO_puts(bp, "\n") <= 0) diff --git a/deps/openssl/openssl/ssl/statem/statem_clnt.c b/deps/openssl/openssl/ssl/statem/statem_clnt.c index a3526d241b97e0..c8b90971809412 100644 --- a/deps/openssl/openssl/ssl/statem/statem_clnt.c +++ b/deps/openssl/openssl/ssl/statem/statem_clnt.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1430,6 +1430,11 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt) && sversion == TLS1_2_VERSION && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) { + if (s->hello_retry_request != SSL_HRR_NONE) { + SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, + SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE); + goto err; + } s->hello_retry_request = SSL_HRR_PENDING; hrr = 1; if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) { diff --git a/deps/openssl/openssl/ssl/statem/statem_dtls.c b/deps/openssl/openssl/ssl/statem/statem_dtls.c index 8e3fb686ee272f..8fe6cea7235920 100644 --- a/deps/openssl/openssl/ssl/statem/statem_dtls.c +++ b/deps/openssl/openssl/ssl/statem/statem_dtls.c @@ -1,5 +1,5 @@ /* - * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type) else len = s->init_num; - if (len > s->max_send_fragment) - len = s->max_send_fragment; + if (len > ssl_get_max_send_fragment(s)) + len = ssl_get_max_send_fragment(s); /* * XDTLS: this function is too long. split out the CCS part @@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type) ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len, &written); - if (ret < 0) { + if (ret <= 0) { /* * might need to update MTU here, but we don't know which * previous packet caused the failure -- so can't really diff --git a/deps/openssl/openssl/ssl/statem/statem_srvr.c b/deps/openssl/openssl/ssl/statem/statem_srvr.c index 2ed41c72a90594..a6980c32a87fa0 100644 --- a/deps/openssl/openssl/ssl/statem/statem_srvr.c +++ b/deps/openssl/openssl/ssl/statem/statem_srvr.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -3848,15 +3848,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, unsigned char *tick_nonce) { + uint32_t timeout = (uint32_t)s->session->timeout; + /* - * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this - * unspecified for resumed session (for simplicity). + * Ticket lifetime hint: * In TLSv1.3 we reset the "time" field above, and always specify the - * timeout. + * timeout, limited to a 1 week period per RFC8446. + * For TLSv1.2 this is advisory only and we leave this unspecified for + * resumed session (for simplicity). */ - if (!WPACKET_put_bytes_u32(pkt, - (s->hit && !SSL_IS_TLS13(s)) - ? 0 : s->session->timeout)) { +#define ONE_WEEK_SEC (7 * 24 * 60 * 60) + + if (SSL_IS_TLS13(s)) { + if (s->session->timeout > ONE_WEEK_SEC) + timeout = ONE_WEEK_SEC; + } else if (s->hit) + timeout = 0; + + if (!WPACKET_put_bytes_u32(pkt, timeout)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, ERR_R_INTERNAL_ERROR); return 0; diff --git a/deps/openssl/openssl/ssl/t1_enc.c b/deps/openssl/openssl/ssl/t1_enc.c index c85c0b0310e15f..f8e53d4efc796a 100644 --- a/deps/openssl/openssl/ssl/t1_enc.c +++ b/deps/openssl/openssl/ssl/t1_enc.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2005 Nokia. All rights reserved. * * Licensed under the OpenSSL license (the "License"). You may not use @@ -672,6 +672,8 @@ int tls1_alert_code(int code) return TLS1_AD_NO_APPLICATION_PROTOCOL; case SSL_AD_CERTIFICATE_REQUIRED: return SSL_AD_HANDSHAKE_FAILURE; + case SSL_AD_MISSING_EXTENSION: + return SSL_AD_HANDSHAKE_FAILURE; default: return -1; } diff --git a/deps/openssl/openssl/test/dtls_mtu_test.c b/deps/openssl/openssl/test/dtls_mtu_test.c index f20edf02d2f5dd..62b44be7429772 100644 --- a/deps/openssl/openssl/test/dtls_mtu_test.c +++ b/deps/openssl/openssl/test/dtls_mtu_test.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -185,12 +185,58 @@ static int run_mtu_tests(void) end: SSL_CTX_free(ctx); - bio_s_mempacket_test_free(); return ret; } +static int test_server_mtu_larger_than_max_fragment_length(void) +{ + SSL_CTX *ctx = NULL; + SSL *srvr_ssl = NULL, *clnt_ssl = NULL; + int rv = 0; + + if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method()))) + goto end; + + SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback); + SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback); + +#ifndef OPENSSL_NO_DH + if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1))) + goto end; +#endif + + if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl, + NULL, NULL))) + goto end; + + SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU); + if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500))) + goto end; + + SSL_set_tlsext_max_fragment_length(clnt_ssl, + TLSEXT_max_fragment_length_512); + + if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl, + SSL_ERROR_NONE))) + goto end; + + rv = 1; + + end: + SSL_free(clnt_ssl); + SSL_free(srvr_ssl); + SSL_CTX_free(ctx); + return rv; +} + int setup_tests(void) { ADD_TEST(run_mtu_tests); + ADD_TEST(test_server_mtu_larger_than_max_fragment_length); return 1; } + +void cleanup_tests(void) +{ + bio_s_mempacket_test_free(); +} diff --git a/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t index e0b47ed359d8fb..0092a9d747abbb 100644 --- a/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t +++ b/deps/openssl/openssl/test/recipes/70-test_tls13hrr.t @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -37,7 +37,8 @@ my $proxy = TLSProxy::Proxy->new( use constant { CHANGE_HRR_CIPHERSUITE => 0, - CHANGE_CH1_CIPHERSUITE => 1 + CHANGE_CH1_CIPHERSUITE => 1, + DUPLICATE_HRR => 2 }; #Test 1: A client should fail if the server changes the ciphersuite between the @@ -46,7 +47,7 @@ $proxy->filter(\&hrr_filter); $proxy->serverflags("-curves P-256"); my $testtype = CHANGE_HRR_CIPHERSUITE; $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 2; +plan tests => 3; ok(TLSProxy::Message->fail(), "Server ciphersuite changes"); #Test 2: It is an error if the client changes the offered ciphersuites so that @@ -58,6 +59,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE; $proxy->start(); ok(TLSProxy::Message->fail(), "Client ciphersuite changes"); +#Test 3: A client should fail with unexpected_message alert if the server +# sends more than 1 HRR +my $fatal_alert = 0; +$proxy->clear(); +if (disabled("ec")) { + $proxy->serverflags("-curves ffdhe3072"); +} else { + $proxy->serverflags("-curves P-256"); +} +$testtype = DUPLICATE_HRR; +$proxy->start(); +ok($fatal_alert, "Server duplicated HRR"); + sub hrr_filter { my $proxy = shift; @@ -78,6 +92,39 @@ sub hrr_filter return; } + if ($testtype == DUPLICATE_HRR) { + # We're only interested in the HRR + # and the unexpected_message alert from client + if ($proxy->flight == 4) { + $fatal_alert = 1 + if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10; + return; + } + if ($proxy->flight != 3) { + return; + } + + # Find ServerHello record (HRR actually) and insert after that + my $i; + for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) { + next; + } + my $hrr_record = ${$proxy->record_list}[$i]; + my $dup_hrr = TLSProxy::Record->new(3, + $hrr_record->content_type(), + $hrr_record->version(), + $hrr_record->len(), + $hrr_record->sslv2(), + $hrr_record->len_real(), + $hrr_record->decrypt_len(), + $hrr_record->data(), + $hrr_record->decrypt_data()); + + $i++; + splice @{$proxy->record_list}, $i, 0, $dup_hrr; + return; + } + # CHANGE_CH1_CIPHERSUITE if ($proxy->flight != 0) { return; diff --git a/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh b/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh index e1616914a77f2f..0af3e56c980633 100755 --- a/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh +++ b/deps/openssl/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. # # Licensed under the OpenSSL license (the "License"). You may not use @@ -12,6 +12,7 @@ # OpenSSL external testing using the Python Cryptography module # set -e +set -x O_EXE=`pwd`/$BLDTOP/apps O_BINC=`pwd`/$BLDTOP/include @@ -35,30 +36,29 @@ echo "------------------------------------------------------------------" cd $SRCTOP # Create a python virtual env and activate -rm -rf venv-pycrypto -virtualenv venv-pycrypto -. ./venv-pycrypto/bin/activate +rm -rf venv-cryptography +python -m venv venv-cryptography +. ./venv-cryptography/bin/activate cd pyca-cryptography pip install .[test] +pip install -e vectors echo "------------------------------------------------------------------" echo "Building cryptography" echo "------------------------------------------------------------------" -python ./setup.py clean - -CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py build +CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install . echo "------------------------------------------------------------------" echo "Running tests" echo "------------------------------------------------------------------" -CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py test +CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof cd ../ deactivate -rm -rf venv-pycrypto +rm -rf venv-cryptography exit 0 diff --git a/deps/openssl/openssl/test/ssl-tests/10-resumption.conf b/deps/openssl/openssl/test/ssl-tests/10-resumption.conf index 73de974ab013ce..a33a1d80e4d5f7 100644 --- a/deps/openssl/openssl/test/ssl-tests/10-resumption.conf +++ b/deps/openssl/openssl/test/ssl-tests/10-resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 65 +num_tests = 68 test-0 = 0-resumption test-1 = 1-resumption @@ -67,6 +67,9 @@ test-61 = 61-resumption test-62 = 62-resumption test-63 = 63-resumption test-64 = 64-resumption-with-hrr +test-65 = 65-resumption-when-mfl-ext-is-missing +test-66 = 66-resumption-when-mfl-ext-is-different +test-67 = 67-resumption-when-mfl-ext-is-correct # =========================================================== [0-resumption] @@ -2437,3 +2440,119 @@ Method = TLS ResumptionExpected = Yes +# =========================================================== + +[65-resumption-when-mfl-ext-is-missing] +ssl_conf = 65-resumption-when-mfl-ext-is-missing-ssl + +[65-resumption-when-mfl-ext-is-missing-ssl] +server = 65-resumption-when-mfl-ext-is-missing-server +client = 65-resumption-when-mfl-ext-is-missing-client +resume-server = 65-resumption-when-mfl-ext-is-missing-server +resume-client = 65-resumption-when-mfl-ext-is-missing-resume-client + +[65-resumption-when-mfl-ext-is-missing-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[65-resumption-when-mfl-ext-is-missing-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[65-resumption-when-mfl-ext-is-missing-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-65] +ExpectedResult = ServerFail +HandshakeMode = Resume +ResumptionExpected = No +client = 65-resumption-when-mfl-ext-is-missing-client-extra + +[65-resumption-when-mfl-ext-is-missing-client-extra] +MaxFragmentLenExt = 512 + + +# =========================================================== + +[66-resumption-when-mfl-ext-is-different] +ssl_conf = 66-resumption-when-mfl-ext-is-different-ssl + +[66-resumption-when-mfl-ext-is-different-ssl] +server = 66-resumption-when-mfl-ext-is-different-server +client = 66-resumption-when-mfl-ext-is-different-client +resume-server = 66-resumption-when-mfl-ext-is-different-server +resume-client = 66-resumption-when-mfl-ext-is-different-resume-client + +[66-resumption-when-mfl-ext-is-different-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[66-resumption-when-mfl-ext-is-different-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[66-resumption-when-mfl-ext-is-different-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-66] +ExpectedResult = ServerFail +HandshakeMode = Resume +ResumptionExpected = No +client = 66-resumption-when-mfl-ext-is-different-client-extra +resume-client = 66-resumption-when-mfl-ext-is-different-resume-client-extra + +[66-resumption-when-mfl-ext-is-different-client-extra] +MaxFragmentLenExt = 512 + +[66-resumption-when-mfl-ext-is-different-resume-client-extra] +MaxFragmentLenExt = 1024 + + +# =========================================================== + +[67-resumption-when-mfl-ext-is-correct] +ssl_conf = 67-resumption-when-mfl-ext-is-correct-ssl + +[67-resumption-when-mfl-ext-is-correct-ssl] +server = 67-resumption-when-mfl-ext-is-correct-server +client = 67-resumption-when-mfl-ext-is-correct-client +resume-server = 67-resumption-when-mfl-ext-is-correct-server +resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client + +[67-resumption-when-mfl-ext-is-correct-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[67-resumption-when-mfl-ext-is-correct-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[67-resumption-when-mfl-ext-is-correct-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-67] +ExpectedResult = Success +HandshakeMode = Resume +ResumptionExpected = Yes +client = 67-resumption-when-mfl-ext-is-correct-client-extra +resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client-extra + +[67-resumption-when-mfl-ext-is-correct-client-extra] +MaxFragmentLenExt = 512 + +[67-resumption-when-mfl-ext-is-correct-resume-client-extra] +MaxFragmentLenExt = 512 + + diff --git a/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf b/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf index a981fa51dfdf33..635279a30f3796 100644 --- a/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf +++ b/deps/openssl/openssl/test/ssl-tests/11-dtls_resumption.conf @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 16 +num_tests = 19 test-0 = 0-resumption test-1 = 1-resumption @@ -18,6 +18,9 @@ test-12 = 12-resumption test-13 = 13-resumption test-14 = 14-resumption test-15 = 15-resumption +test-16 = 16-resumption-when-mfl-ext-is-missing +test-17 = 17-resumption-when-mfl-ext-is-different +test-18 = 18-resumption-when-mfl-ext-is-correct # =========================================================== [0-resumption] @@ -618,3 +621,122 @@ Method = DTLS ResumptionExpected = Yes +# =========================================================== + +[16-resumption-when-mfl-ext-is-missing] +ssl_conf = 16-resumption-when-mfl-ext-is-missing-ssl + +[16-resumption-when-mfl-ext-is-missing-ssl] +server = 16-resumption-when-mfl-ext-is-missing-server +client = 16-resumption-when-mfl-ext-is-missing-client +resume-server = 16-resumption-when-mfl-ext-is-missing-server +resume-client = 16-resumption-when-mfl-ext-is-missing-resume-client + +[16-resumption-when-mfl-ext-is-missing-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[16-resumption-when-mfl-ext-is-missing-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[16-resumption-when-mfl-ext-is-missing-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-16] +ExpectedResult = ServerFail +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No +client = 16-resumption-when-mfl-ext-is-missing-client-extra + +[16-resumption-when-mfl-ext-is-missing-client-extra] +MaxFragmentLenExt = 512 + + +# =========================================================== + +[17-resumption-when-mfl-ext-is-different] +ssl_conf = 17-resumption-when-mfl-ext-is-different-ssl + +[17-resumption-when-mfl-ext-is-different-ssl] +server = 17-resumption-when-mfl-ext-is-different-server +client = 17-resumption-when-mfl-ext-is-different-client +resume-server = 17-resumption-when-mfl-ext-is-different-server +resume-client = 17-resumption-when-mfl-ext-is-different-resume-client + +[17-resumption-when-mfl-ext-is-different-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[17-resumption-when-mfl-ext-is-different-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[17-resumption-when-mfl-ext-is-different-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-17] +ExpectedResult = ServerFail +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = No +client = 17-resumption-when-mfl-ext-is-different-client-extra +resume-client = 17-resumption-when-mfl-ext-is-different-resume-client-extra + +[17-resumption-when-mfl-ext-is-different-client-extra] +MaxFragmentLenExt = 512 + +[17-resumption-when-mfl-ext-is-different-resume-client-extra] +MaxFragmentLenExt = 1024 + + +# =========================================================== + +[18-resumption-when-mfl-ext-is-correct] +ssl_conf = 18-resumption-when-mfl-ext-is-correct-ssl + +[18-resumption-when-mfl-ext-is-correct-ssl] +server = 18-resumption-when-mfl-ext-is-correct-server +client = 18-resumption-when-mfl-ext-is-correct-client +resume-server = 18-resumption-when-mfl-ext-is-correct-server +resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client + +[18-resumption-when-mfl-ext-is-correct-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[18-resumption-when-mfl-ext-is-correct-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[18-resumption-when-mfl-ext-is-correct-resume-client] +CipherString = DEFAULT +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-18] +ExpectedResult = Success +HandshakeMode = Resume +Method = DTLS +ResumptionExpected = Yes +client = 18-resumption-when-mfl-ext-is-correct-client-extra +resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client-extra + +[18-resumption-when-mfl-ext-is-correct-client-extra] +MaxFragmentLenExt = 512 + +[18-resumption-when-mfl-ext-is-correct-resume-client-extra] +MaxFragmentLenExt = 512 + + diff --git a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm index 943719e84add42..bca0f0ba03e425 100644 --- a/deps/openssl/openssl/test/ssl-tests/protocol_version.pm +++ b/deps/openssl/openssl/test/ssl-tests/protocol_version.pm @@ -1,5 +1,5 @@ # -*- mode: perl; -*- -# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -265,6 +265,69 @@ sub generate_resumption_tests { }; } + push @client_tests, { + "name" => "resumption-when-mfl-ext-is-missing", + "server" => { + }, + "client" => { + "extra" => { + "MaxFragmentLenExt" => 512, + }, + }, + "resume_client" => { + }, + "test" => { + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail", + } + }; + + push @client_tests, { + "name" => "resumption-when-mfl-ext-is-different", + "server" => { + }, + "client" => { + "extra" => { + "MaxFragmentLenExt" => 512, + }, + }, + "resume_client" => { + "extra" => { + "MaxFragmentLenExt" => 1024, + }, + }, + "test" => { + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => "No", + "ExpectedResult" => "ServerFail", + } + }; + + push @client_tests, { + "name" => "resumption-when-mfl-ext-is-correct", + "server" => { + }, + "client" => { + "extra" => { + "MaxFragmentLenExt" => 512, + }, + }, + "resume_client" => { + "extra" => { + "MaxFragmentLenExt" => 512, + }, + }, + "test" => { + "Method" => $method, + "HandshakeMode" => "Resume", + "ResumptionExpected" => "Yes", + "ExpectedResult" => "Success", + } + }; + return (@server_tests, @client_tests); } diff --git a/deps/openssl/openssl/test/sslapitest.c b/deps/openssl/openssl/test/sslapitest.c index 91ac9c22eec0e2..74085a0fe5eff3 100644 --- a/deps/openssl/openssl/test/sslapitest.c +++ b/deps/openssl/openssl/test/sslapitest.c @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -6896,6 +6896,69 @@ static int test_sni_tls13(void) SSL_CTX_free(cctx); return testresult; } + +/* + * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week + * 0 = TLSv1.2 + * 1 = TLSv1.3 + */ +static int test_ticket_lifetime(int idx) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + int version = TLS1_3_VERSION; + +#define ONE_WEEK_SEC (7 * 24 * 60 * 60) +#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC) + + if (idx == 0) { +#ifdef OPENSSL_NO_TLS1_2 + TEST_info("Skipping: TLS 1.2 is disabled."); + return 1; +#else + version = TLS1_2_VERSION; +#endif + } + + if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), + TLS_client_method(), version, version, + &sctx, &cctx, cert, privkey))) + goto end; + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + /* + * Set the timeout to be more than 1 week + * make sure the returned value is the default + */ + if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC), + SSL_get_default_timeout(serverssl))) + goto end; + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (idx == 0) { + /* TLSv1.2 uses the set value */ + if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC)) + goto end; + } else { + /* TLSv1.3 uses the limited value */ + if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC)) + goto end; + } + testresult = 1; + +end: + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} #endif /* * Test that setting an ALPN does not violate RFC @@ -7489,6 +7552,7 @@ int setup_tests(void) #endif #ifndef OPENSSL_NO_TLS1_3 ADD_TEST(test_sni_tls13); + ADD_ALL_TESTS(test_ticket_lifetime, 2); #endif ADD_TEST(test_set_alpn); ADD_TEST(test_inherit_verify_param); diff --git a/deps/openssl/openssl/tools/c_rehash.in b/deps/openssl/openssl/tools/c_rehash.in index fa7c6c9fef91a9..cfd18f5da110f4 100644 --- a/deps/openssl/openssl/tools/c_rehash.in +++ b/deps/openssl/openssl/tools/c_rehash.in @@ -1,7 +1,7 @@ #!{- $config{HASHBANGPERL} -} # {- join("\n# ", @autowarntext) -} -# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -152,6 +152,23 @@ sub check_file { return ($is_cert, $is_crl); } +sub compute_hash { + my $fh; + if ( $^O eq "VMS" ) { + # VMS uses the open through shell + # The file names are safe there and list form is unsupported + if (!open($fh, "-|", join(' ', @_))) { + print STDERR "Cannot compute hash on '$fname'\n"; + return; + } + } else { + if (!open($fh, "-|", @_)) { + print STDERR "Cannot compute hash on '$fname'\n"; + return; + } + } + return (<$fh>, <$fh>); +} # Link a certificate to its subject name hash value, each hash is of # the form . where n is an integer. If the hash value already exists @@ -161,10 +178,12 @@ sub check_file { sub link_hash_cert { my $fname = $_[0]; - $fname =~ s/\"/\\\"/g; - my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; + my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, + "-fingerprint", "-noout", + "-in", $fname); chomp $hash; chomp $fprint; + return if !$hash; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0; @@ -202,10 +221,12 @@ sub link_hash_cert { sub link_hash_crl { my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; + my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, + "-fingerprint", "-noout", + "-in", $fname); chomp $hash; chomp $fprint; + return if !$hash; $fprint =~ s/^.*=//; $fprint =~ tr/://d; my $suffix = 0;