Skip to content

Commit

Permalink
deps: upgrade openssl sources to quictls/openssl-3.0.3
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ git clone [email protected]:quictls/openssl.git
    $ cd openssl
    $ git checkout openssl-3.0.3+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../../../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: #43025
Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-May/000223.html
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Beth Griggs <[email protected]>
  • Loading branch information
RafaelGSS committed May 13, 2022
1 parent 36ad9e8 commit 05fb807
Show file tree
Hide file tree
Showing 220 changed files with 2,187 additions and 913 deletions.
110 changes: 109 additions & 1 deletion deps/openssl/openssl/CHANGES.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,120 @@ breaking changes, and mappings for the large list of deprecated functions.

[Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod

### Changes between 3.0.2 and 3.0.2+quic [15 Mar 2022]
### Changes between 3.0.3 and 3.0.3+quic [3 May 2022]

* Add QUIC API support from BoringSSL.

*Todd Short*

### Changes between 3.0.2 and 3.0.3 [3 May 2022]

* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed by
some operating systems in a manner where it is automatically executed. On
such operating systems, an attacker could execute arbitrary commands with the
privileges of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)

*Tomáš Mráz*

* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
certificate on an OCSP response. The bug caused the function in the case
where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
response (meaning a successful verification) even in the case where the
response signing certificate fails to verify.

It is anticipated that most users of `OCSP_basic_verify` will not use the
OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return
a negative value (indicating a fatal error) in the case of a certificate
verification failure. The normal expected return value in this case would be
0.

This issue also impacts the command line OpenSSL "ocsp" application. When
verifying an ocsp response with the "-no_cert_checks" option the command line
application will report that the verification is successful even though it
has in fact failed. In this case the incorrect successful response will also
be accompanied by error messages showing the failure and contradicting the
apparently successful result.
([CVE-2022-1343])

*Matt Caswell*

* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key. This made the MAC key trivially predictable.

An attacker could exploit this issue by performing a man-in-the-middle attack
to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
that the modified data would still pass the MAC integrity check.

Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
endpoint will always be rejected by the recipient and the connection will
fail at that point. Many application protocols require data to be sent from
the client to the server first. Therefore, in such a case, only an OpenSSL
3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.

If both endpoints are OpenSSL 3.0 then the attacker could modify data being
sent in both directions. In this case both clients and servers could be
affected, regardless of the application protocol.

Note that in the absence of an attacker this bug means that an OpenSSL 3.0
endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete
the handshake when using this ciphersuite.

The confidentiality of data is not impacted by this issue, i.e. an attacker
cannot decrypt data that has been encrypted using this ciphersuite - they can
only modify it.

In order for this attack to work both endpoints must legitimately negotiate
the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in
OpenSSL 3.0, and is not available within the default provider or the default
ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been
negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the
following must have occurred:

1) OpenSSL must have been compiled with the (non-default) compile time option
enable-weak-ssl-ciphers

2) OpenSSL must have had the legacy provider explicitly loaded (either
through application code or via configuration)

3) The ciphersuite must have been explicitly added to the ciphersuite list

4) The libssl security level must have been set to 0 (default is 1)

5) A version of SSL/TLS below TLSv1.3 must have been negotiated

6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any
others that both endpoints have in common
(CVE-2022-1434)

*Matt Caswell*

* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries.

This function is used when decoding certificates or keys. If a long lived
process periodically decodes certificates or keys its memory usage will
expand without bounds and the process might be terminated by the operating
system causing a denial of service. Also traversing the empty hash table
entries will take increasingly more time.

Typically such long lived processes might be TLS clients or TLS servers
configured to accept client certificate authentication.
(CVE-2022-1473)

*Hugo Landau, Aliaksei Levin*

* The functions `OPENSSL_LH_stats` and `OPENSSL_LH_stats_bio` now only report
the `num_items`, `num_nodes` and `num_alloc_nodes` statistics. All other
statistics are no longer supported. For compatibility, these statistics are
still listed in the output but are now always reported as zero.

*Hugo Landau*

### Changes between 3.0.1 and 3.0.2 [15 Mar 2022]

* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ guidelines:
GitHub Actions and AppVeyor are required, and they are started automatically
whenever a PR is created or updated.
[coding style]: https://www.openssl.org/policies/codingstyle.html
[coding style]: https://www.openssl.org/policies/technical/coding-style.html
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Configurations/platform/AIX.pm
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ sub staticname {
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};

return platform::BASE->staticname($_[1]) . '_a';
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}
11 changes: 11 additions & 0 deletions deps/openssl/openssl/NEWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,17 @@ OpenSSL Releases
OpenSSL 3.0
-----------

### Major changes between OpenSSL 3.0.2 and OpenSSL 3.0.3 [3 May 2022]

* Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection ([CVE-2022-1292])
* Fixed a bug in the function `OCSP_basic_verify` that verifies the signer
certificate on an OCSP response ([CVE-2022-1343])
* Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
AAD data as the MAC key ([CVE-2022-1434])
* Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
occuppied by the removed hash table entries ([CVE-2022-1473])

### Major changes between OpenSSL 3.0.1 and OpenSSL 3.0.2 [15 Mar 2022]

* Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
Expand Down
84 changes: 47 additions & 37 deletions deps/openssl/openssl/NOTES-WINDOWS.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,12 +28,12 @@ For this option you can use Cygwin.
Native builds using Visual C++
==============================

The native builds using Visual C++ have a VC-* prefix.
The native builds using Visual C++ have a `VC-*` prefix.

Requirement details
-------------------

In addition to the requirements and instructions listed in INSTALL.md,
In addition to the requirements and instructions listed in `INSTALL.md`,
these are required as well:

### Perl
Expand Down Expand Up @@ -64,22 +64,26 @@ Quick start

4. Use Visual Studio Developer Command Prompt with administrative privileges,
choosing one of its variants depending on the intended architecture.
Or run "cmd" and execute "vcvarsall.bat" with one of the options x86,
x86_amd64, x86_arm, x86_arm64, amd64, amd64_x86, amd64_arm, or amd64_arm64.
This sets up the environment variables needed for nmake.exe, cl.exe, etc.
Or run `cmd` and execute `vcvarsall.bat` with one of the options `x86`,
`x86_amd64`, `x86_arm`, `x86_arm64`, `amd64`, `amd64_x86`, `amd64_arm`,
or `amd64_arm64`.
This sets up the environment variables needed for `nmake.exe`, `cl.exe`,
etc.
See also
<https://docs.microsoft.com/cpp/build/building-on-the-command-line>

5. From the root of the OpenSSL source directory enter
perl Configure VC-WIN32 if you want 32-bit OpenSSL or
perl Configure VC-WIN64A if you want 64-bit OpenSSL or
perl Configure to let Configure figure out the platform
- `perl Configure VC-WIN32` if you want 32-bit OpenSSL or
- `perl Configure VC-WIN64A` if you want 64-bit OpenSSL or
- `perl Configure VC-WIN64-ARM` if you want Windows on Arm (win-arm64)
OpenSSL or
- `perl Configure` to let Configure figure out the platform

6. nmake
6. `nmake`

7. nmake test
7. `nmake test`

8. nmake install
8. `nmake install`

For the full installation instructions, or if anything goes wrong at any stage,
check the INSTALL.md file.
Expand Down Expand Up @@ -109,37 +113,37 @@ installation for examples), these fallbacks are used:
ALSO NOTE that those directories are usually write protected, even if
your account is in the Administrators group. To work around that,
start the command prompt by right-clicking on it and choosing "Run as
Administrator" before running 'nmake install'. The other solution
Administrator" before running `nmake install`. The other solution
is, of course, to choose a different set of directories by using
--prefix and --openssldir when configuring.
`--prefix` and `--openssldir` when configuring.

Special notes for Universal Windows Platform builds, aka VC-*-UWP
--------------------------------------------------------------------
Special notes for Universal Windows Platform builds, aka `VC-*-UWP`
-------------------------------------------------------------------

- UWP targets only support building the static and dynamic libraries.

- You should define the platform type to "uwp" and the target arch via
"vcvarsall.bat" before you compile. For example, if you want to build
"arm64" builds, you should run "vcvarsall.bat x86_arm64 uwp".
- You should define the platform type to `uwp` and the target arch via
`vcvarsall.bat` before you compile. For example, if you want to build
`arm64` builds, you should run `vcvarsall.bat x86_arm64 uwp`.

Native builds using Embarcadero C++Builder
=========================================

This toolchain (a descendant of Turbo/Borland C++) is an alternative to MSVC.
OpenSSL currently includes an experimental 32-bit configuration targeting the
Clang-based compiler (bcc32c.exe) in v10.3.3 Community Edition.
Clang-based compiler (`bcc32c.exe`) in v10.3.3 Community Edition.
<https://www.embarcadero.com/products/cbuilder/starter>

1. Install Perl.

2. Open the RAD Studio Command Prompt.

3. Go to the root of the OpenSSL source directory and run:
perl Configure BC-32 --prefix=%CD%
`perl Configure BC-32 --prefix=%CD%`

4. make -N
4. `make -N`

5. make -N test
5. `make -N test`

6. Build your program against this OpenSSL:
* Set your include search path to the "include" subdirectory of OpenSSL.
Expand All @@ -166,32 +170,38 @@ MinGW offers an alternative way to build native OpenSSL, by cross compilation.

- Perl, at least version 5.10.0, which usually comes pre-installed with MSYS2

- make, installed using "pacman -S make" into the MSYS2 environment
- make, installed using `pacman -S make` into the MSYS2 environment

- MinGW[64] compiler: mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc.
- MinGW[64] compiler: `mingw-w64-i686-gcc` and/or `mingw-w64-x86_64-gcc`.
These compilers must be on your MSYS2 $PATH.
A common error is to not have these on your $PATH.
The MSYS2 version of gcc will not work correctly here.

In the MSYS2 shell do the configuration depending on the target architecture:

./Configure mingw ...

or

./Configure mingw64 ...

or

./Configure ...

for the default architecture.

Apart from that, follow the Unix / Linux instructions in INSTALL.md.
Apart from that, follow the Unix / Linux instructions in `INSTALL.md`.

* It is also possible to build mingw[64] on Linux or Cygwin.

In this case configure with the corresponding --cross-compile-prefix= option.
For example
In this case configure with the corresponding `--cross-compile-prefix=`
option. For example

./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...

or

./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...

This requires that you've installed the necessary add-on packages for
Expand All @@ -203,18 +213,18 @@ Linking native applications
This section applies to all native builds.

If you link with static OpenSSL libraries then you're expected to
additionally link your application with WS2_32.LIB, GDI32.LIB,
ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
additionally link your application with `WS2_32.LIB`, `GDI32.LIB`,
`ADVAPI32.LIB`, `CRYPT32.LIB` and `USER32.LIB`. Those developing
non-interactive service applications might feel concerned about
linking with GDI32.LIB and USER32.LIB, as they are justly associated
linking with `GDI32.LIB` and `USER32.LIB`, as they are justly associated
with interactive desktop, which is not available to service
processes. The toolkit is designed to detect in which context it's
currently executed, GUI, console app or service, and act accordingly,
namely whether or not to actually make GUI calls. Additionally those
who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
who wish to `/DELAYLOAD:GDI32.DLL` and `/DELAYLOAD:USER32.DLL` and
actually keep them off service process should consider implementing
and exporting from .exe image in question own _OPENSSL_isservice not
relying on USER32.DLL. E.g., on Windows Vista and later you could:
and exporting from .exe image in question own `_OPENSSL_isservice` not
relying on `USER32.DLL`. E.g., on Windows Vista and later you could:

__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
{
Expand All @@ -233,7 +243,7 @@ See also the OPENSSL_Applink manual page.
Hosted builds using Cygwin
==========================

Cygwin implements a POSIX/Unix runtime system (cygwin1.dll) on top of the
Cygwin implements a POSIX/Unix runtime system (`cygwin1.dll`) on top of the
Windows subsystem and provides a Bash shell and GNU tools environment.
Consequently, a build of OpenSSL with Cygwin is virtually identical to the
Unix procedure.
Expand All @@ -249,7 +259,7 @@ To build OpenSSL using Cygwin, you need to:

Apart from that, follow the Unix / Linux instructions in INSTALL.md.

NOTE: "make test" and normal file operations may fail in directories
mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
NOTE: `make test` and normal file operations may fail in directories
mounted as text (i.e. `mount -t c:\somewhere /home`) due to Cygwin
stripping of carriage returns. To avoid this ensure that a binary
mount is used, e.g. mount -b c:\somewhere /home.
mount is used, e.g. `mount -b c:\somewhere /home`.
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ What This Is
This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
to the website, the official source distribution is at
<https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.2%2Bquic/README-OpenSSL.md)
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.3%2Bquic/README-OpenSSL.md)

This fork adds APIs that can be used by QUIC implementations for connection
handshakes. Quoting the IETF Working group
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/VERSION.dat
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
MAJOR=3
MINOR=0
PATCH=2
PATCH=3
PRE_RELEASE_TAG=
BUILD_METADATA=quic
RELEASE_DATE="15 Mar 2022"
RELEASE_DATE="3 May 2022"
SHLIB_VERSION=81.3
6 changes: 3 additions & 3 deletions deps/openssl/openssl/apps/ca.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -2367,7 +2367,7 @@ static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)

case REV_CRL_REASON:
for (i = 0; i < 8; i++) {
if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
if (OPENSSL_strcasecmp(rev_arg, crl_reasons[i]) == 0) {
reason = crl_reasons[i];
break;
}
Expand Down Expand Up @@ -2584,7 +2584,7 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
}
if (reason_str) {
for (i = 0; i < NUM_REASONS; i++) {
if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
if (OPENSSL_strcasecmp(reason_str, crl_reasons[i]) == 0) {
reason_code = i;
break;
}
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/apps/cmp.c
Original file line number Diff line number Diff line change
Expand Up @@ -1745,7 +1745,7 @@ static int handle_opt_geninfo(OSSL_CMP_CTX *ctx)
valptr[0] = '\0';
valptr++;

if (strncasecmp(valptr, "int:", 4) != 0) {
if (OPENSSL_strncasecmp(valptr, "int:", 4) != 0) {
CMP_err("missing 'int:' in -geninfo option");
return 0;
}
Expand Down
Loading

0 comments on commit 05fb807

Please sign in to comment.