Skip to content

Commit

Permalink
deps: upgrade openssl sources to quictls/openssl-3.0.7+quic
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ git clone [email protected]:quictls/openssl.git
    $ cd openssl
    $ git checkout openssl-3.0.7+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../../../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

CVE-ID: CVE-2022-3602, CVE-2022-3786
PR-URL: nodejs#45286
  • Loading branch information
RafaelGSS authored and lucshi committed Nov 9, 2022
1 parent 4925221 commit 3ef5be6
Show file tree
Hide file tree
Showing 296 changed files with 55,895 additions and 2,027 deletions.
159 changes: 158 additions & 1 deletion deps/openssl/openssl/CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,169 @@ breaking changes, and mappings for the large list of deprecated functions.

[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod

### Changes between 3.0.5 and 3.0.5+quic [5 Jul 2022]
### Changes between 3.0.7 and 3.0.7+quic [1 Nov 2022]

* Add QUIC API support from BoringSSL.

*Todd Short*

### Changes between 3.0.6 and 3.0.7 [1 Nov 2022]

* Fixed two buffer overflows in punycode decoding functions.

A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.

In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.

An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])

An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])

*Paul Dale*

* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
that ignore the CRT parameters.

*Shane Lontis*

* Fixed a regression introduced in 3.0.6 version raising errors on some stack
operations.

*Tomáš Mráz*

* Fixed a regression introduced in 3.0.6 version not refreshing the certificate
data to be signed before signing the certificate.

*Gibeom Gwon*

* Added RIPEMD160 to the default provider.

*Paul Dale*

* Ensured that the key share group sent or accepted for the key exchange
is allowed for the protocol version.

*Matt Caswell*

### Changes between 3.0.5 and 3.0.6 [11 Oct 2022]

* OpenSSL supports creating a custom cipher via the legacy
EVP_CIPHER_meth_new() function and associated function calls. This function
was deprecated in OpenSSL 3.0 and application authors are instead encouraged
to use the new provider mechanism in order to implement custom ciphers.

OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers
passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and
EVP_CipherInit_ex2() functions (as well as other similarly named encryption
and decryption initialisation functions). Instead of using the custom cipher
directly it incorrectly tries to fetch an equivalent cipher from the
available providers. An equivalent cipher is found based on the NID passed to
EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a
given cipher. However it is possible for an application to incorrectly pass
NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef
is used in this way the OpenSSL encryption/decryption initialisation function
will match the NULL cipher as being equivalent and will fetch this from the
available providers. This will succeed if the default provider has been
loaded (or if a third party provider has been loaded that offers this
cipher). Using the NULL cipher means that the plaintext is emitted as the
ciphertext.

Applications are only affected by this issue if they call
EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an
encryption/decryption initialisation function. Applications that only use
SSL/TLS are not impacted by this issue.
([CVE-2022-3358])

*Matt Caswell*

* Fix LLVM vs Apple LLVM version numbering confusion that caused build failures
on MacOS 10.11

*Richard Levitte*

* Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.

*Adam Joseph*

* Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a
ticket

*Matt Caswell*

* Correctly handle a retransmitted ClientHello in DTLS

*Matt Caswell*

* Fixed detection of ktls support in cross-compile environment on Linux

*Tomas Mraz*

* Fixed some regressions and test failures when running the 3.0.0 FIPS provider
against 3.0.x

*Paul Dale*

* Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases

*Matt Caswell*

* Fix UWP builds by defining VirtualLock

*Charles Milette*

* For known safe primes use the minimum key length according to RFC 7919.
Longer private key sizes unnecessarily raise the cycles needed to compute the
shared secret without any increase of the real security. This fixes a
regression from 1.1.1 where these shorter keys were generated for the known
safe primes.

*Tomas Mraz*

* Added the loongarch64 target

*Shi Pujin*

* Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were
only passed to the FIPS provider and not to the default or legacy provider.

*Juergen Christ*

* Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.

*Bernd Edlinger*

* Added a missing header for memcmp that caused compilation failure on some
platforms

*Gregor Jasny*

### Changes between 3.0.4 and 3.0.5 [5 Jul 2022]

* The OpenSSL 3.0.4 release introduced a serious bug in the RSA
Expand Down
13 changes: 10 additions & 3 deletions deps/openssl/openssl/Configurations/10-main.conf
Original file line number Diff line number Diff line change
Expand Up @@ -797,7 +797,7 @@ my %targets = (
inherit_from => [ "linux-latomic" ],
cflags => add("-mabi=n32"),
cxxflags => add("-mabi=n32"),
bn_ops => "RC4_CHAR",
bn_ops => "RC4_CHAR SIXTY_FOUR_BIT",
asm_arch => 'mips64',
perlasm_scheme => "n32",
multilib => "32",
Expand All @@ -818,6 +818,13 @@ my %targets = (
perlasm_scheme => "linux64",
},

# loongarch64 below refers to contemporary LoongArch Architecture
# specifications,
"linux64-loongarch64" => {
inherit_from => [ "linux-generic64"],
perlasm_scheme => "linux64",
},

#### IA-32 targets...
#### These two targets are a bit aged and are to be used on older Linux
#### machines where gcc doesn't understand -m32 and -m64
Expand Down Expand Up @@ -1302,7 +1309,7 @@ my %targets = (
inherit_from => [ "BASE_Windows" ],
template => 1,
CC => "cl",
CPP => '"$(CC)" /EP /C',
CPP => '$(CC) /EP /C',
CFLAGS => "/W3 /wd4090 /nologo",
coutflag => "/Fo",
LD => "link",
Expand All @@ -1311,7 +1318,7 @@ my %targets = (
ldpostoutflag => "",
ld_resp_delim => "\n",
bin_lflags => "setargv.obj",
makedepcmd => '"$(CC)" /Zs /showIncludes',
makedepcmd => '$(CC) /Zs /showIncludes',
makedep_scheme => 'VC',
AR => "lib",
ARFLAGS => "/nologo",
Expand Down
1 change: 1 addition & 0 deletions deps/openssl/openssl/Configurations/50-djgpp.conf
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

my %targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/openssl/Configurations/windows-makefile.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -500,8 +500,8 @@ uninstall_docs: uninstall_html_docs
{- output_off() if $disabled{fips}; "" -}
install_fips: build_sw $(INSTALL_FIPSMODULECONF)
# @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR)
@$(PERL) $(SRCDIR)\util\mkdir-p.pl $(OPENSSLDIR)
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)"
@"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)"
@$(ECHO) "*** Installing FIPS module"
@$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)"
@"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)"
Expand Down Expand Up @@ -742,7 +742,7 @@ EOF
rel2abs($config{builddir}));
my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : '';
my $ord_name =
$args{generator}->[1] || platform->dsoname($args{product});
$args{generator}->[1] || basename(platform->dsoname($args{product}));
return <<"EOF";
$target: $gen0 $deps $mkdef
"\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target
Expand Down
81 changes: 16 additions & 65 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ use lib "$FindBin::Bin/util/perl";
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/;
use File::Path qw/mkpath/;
use File::Compare qw(compare_text);
use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt";
use OpenSSL::Glob;
use OpenSSL::Template;
Expand Down Expand Up @@ -1506,9 +1505,7 @@ unless ($disabled{asan} || defined $detected_sanitizers{asan}) {
}

unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) {
# -DPEDANTIC or -fnosanitize=alignment may also be required on some
# platforms.
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all";
push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC";
}

unless ($disabled{msan} || defined $detected_sanitizers{msan}) {
Expand Down Expand Up @@ -1720,20 +1717,13 @@ unless ($disabled{devcryptoeng}) {

unless ($disabled{ktls}) {
$config{ktls}="";
my $cc = $config{CROSS_COMPILE}.$config{CC};
if ($target =~ m/^linux/) {
my $usr = "/usr/$config{cross_compile_prefix}";
chop($usr);
if ($config{cross_compile_prefix} eq "") {
$usr = "/usr";
}
my $minver = (4 << 16) + (13 << 8) + 0;
my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);

if ($verstr[2] < $minver) {
system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
if ($? != 0) {
disable('too-old-kernel', 'ktls');
}
} elsif ($target =~ m/^BSD/) {
my $cc = $config{CROSS_COMPILE}.$config{CC};
system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
if ($? != 0) {
disable('too-old-freebsd', 'ktls');
Expand Down Expand Up @@ -2852,59 +2842,20 @@ $configdata_tmpl->fill_in(
) or die $Text::Template::ERROR;
close CONFIGDATA;

# When using stat() on Windows, we can get it to perform better by avoid some
# data. This doesn't affect the mtime field, so we're not losing anything...
${^WIN32_SLOPPY_STAT} = 1;

my $update_configdata = 0;
my $run_configdata = 0;
if (-f $configdata_outname) {
my $Configure_mtime = (stat($0))[9];
my $configdata_mtime = (stat($configdata_outname))[9];

# If this script was updated after the last configdata.pm, or if
# configdata.pm.new differs from configdata.pm, we update configdata.pm
if ($configdata_mtime < $Configure_mtime
|| compare_text("$configdata_outname.new", $configdata_outname) != 0) {
$update_configdata = 1;
} else {
# If nothing has changed, let's just drop the new one and pretend
# like nothing happened
unlink "$configdata_outname.new";

# We still run configdata.pm if one of the build file (Makefile) or
# the configuration header file are missing
$run_configdata =
!( -f $target{build_file} )
|| !( -f catfile('include', 'openssl', 'configuration.h') );
}
} else {
$update_configdata = 1;
}

if ($update_configdata) {
# If something did change, or there was no previous configdata.pm, we
# rename the new one, set permissions as needed, and run it.
rename "$configdata_outname.new", $configdata_outname;
if ($builder_platform eq 'unix') {
my $mode = (0755 & ~umask);
chmod $mode, 'configdata.pm'
or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
}
$run_configdata = 1;
print "Created $configdata_outname\n";
rename "$configdata_outname.new", $configdata_outname;
if ($builder_platform eq 'unix') {
my $mode = (0755 & ~umask);
chmod $mode, 'configdata.pm'
or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!);
}
print "Created $configdata_outname\n";

if ($run_configdata) {
print "Running $configdata_outname\n";
my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
my $cmd = "$perlcmd $configdata_outname";
#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
system($cmd);
exit 1 if $? != 0;
} else {
print "No changes in $configdata_outname, no need to run it\n";
}
print "Running $configdata_outname\n";
my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
my $cmd = "$perlcmd $configdata_outname";
#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
system($cmd);
exit 1 if $? != 0;

$SIG{__DIE__} = $orig_death_handler;

Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -978,7 +978,7 @@ the individual protocol versions.

### no-{protocol}-method

no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method
no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method

Analogous to `no-{protocol}` but in addition do not build the methods for
applications to explicitly select individual protocol versions. Note that there
Expand Down
13 changes: 12 additions & 1 deletion deps/openssl/openssl/NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,25 @@ OpenSSL Releases
OpenSSL 3.0
-----------

### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022]

* Added RIPEMD160 to the default provider.
* Fixed regressions introduced in 3.0.6 version.
* Fixed two buffer overflows in punycode decoding functions.
([CVE-2022-3786]) and ([CVE-2022-3602])

### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022]

* Fix for custom ciphers to prevent accidental use of NULL encryption
([CVE-2022-3358])

### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022]

* Fixed heap memory corruption with RSA private key operation
([CVE-2022-2274])
* Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
([CVE-2022-2097])


### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022]

* Fixed additional bugs in the c_rehash script which was not properly
Expand Down
1 change: 0 additions & 1 deletion deps/openssl/openssl/README-ENGINES.md
Original file line number Diff line number Diff line change
Expand Up @@ -314,4 +314,3 @@ It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
A quick test done right before the release showed that trying "openssl speed
-engine cswift" generated errors. If the DSO gets enabled, an attempt is made
to write at memory address 0x00000002.

Loading

0 comments on commit 3ef5be6

Please sign in to comment.