deps: upgrade openssl sources to OpenSSL_1_1_1n

This updates all sources in deps/openssl/openssl by: $ git clone https://github.com/quictls/openssl $ cd openssl $ git checkout OpenSSL_1_1_1n+quic $ cd ../node/deps/openssl $ rm -rf openssl $ cp -R ../openssl openssl $ rm -rf openssl/.git* openssl/.travis* $ git add --all openssl $ git commit openssl PR-URL: #42352 Refs: https://mta.openssl.org/pipermail/openssl-announce/2022-March/000218.html Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Danielle Adams <adamzdanielle@gmail.com>
nodejs · Mar 17, 2022 · 7a6a870 · 7a6a870
1 parent e10e4fd
commit 7a6a870
Show file tree

Hide file tree

Showing 61 changed files with 809 additions and 220 deletions.
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
@@ -7,6 +7,43 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
+
+  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+     for non-prime moduli.
+
+     Internally this function is used when parsing certificates that contain
+     elliptic curve public keys in compressed form or explicit elliptic curve
+     parameters with a base point encoded in compressed form.
+
+     It is possible to trigger the infinite loop by crafting a certificate that
+     has invalid explicit curve parameters.
+
+     Since certificate parsing happens prior to verification of the certificate
+     signature, any process that parses an externally supplied certificate may
+     thus be subject to a denial of service attack. The infinite loop can also
+     be reached when parsing crafted private keys as they can contain explicit
+     elliptic curve parameters.
+
+     Thus vulnerable situations include:
+
+      - TLS clients consuming server certificates
+      - TLS servers consuming client certificates
+      - Hosting providers taking certificates or private keys from customers
+      - Certificate authorities parsing certification requests from subscribers
+      - Anything else which parses ASN.1 elliptic curve parameters
+
+     Also any other applications that use the BN_mod_sqrt() where the attacker
+     can control the parameter values are vulnerable to this DoS issue.
+     (CVE-2022-0778)
+     [Tomáš Mráz]
+
+  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+     to the list of ciphersuites providing Perfect Forward Secrecy as
+     required by SECLEVEL >= 3.
+
+     [Dmitry Belyavskiy, Nicola Tuveri]
+
  Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
 
   *) Avoid loading of a dynamic engine twice.

diff --git a/deps/openssl/openssl/Configurations/10-main.conf b/deps/openssl/openssl/Configurations/10-main.conf
@@ -988,6 +988,13 @@ my %targets = (
         perlasm_scheme   => "elf",
     },
 
+    # riscv64 below refers to contemporary RISCV Architecture
+    # specifications,
+    "BSD-riscv64" => {
+        inherit_from     => [ "BSD-generic64"],
+        perlasm_scheme   => "linux64",
+    },
+
     "bsdi-elf-gcc" => {
         inherit_from     => [ "BASE_unix", asm("x86_elf_asm") ],
         CC               => "gcc",
@@ -1765,7 +1772,7 @@ my %targets = (
 
         disable          => add('pinshared'),
 
-        apps_aux_src     => "vms_term_sock.c",
+        apps_aux_src     => "vms_term_sock.c vms_decc_argv.c",
         apps_init_src    => "vms_decc_init.c",
     },
 

diff --git a/deps/openssl/openssl/Configurations/descrip.mms.tmpl b/deps/openssl/openssl/Configurations/descrip.mms.tmpl
@@ -438,7 +438,8 @@ test : tests
         DEFINE SRCTOP {- sourcedir() -}
         DEFINE BLDTOP {- builddir() -}
         DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
-        DEFINE OPENSSL_ENGINES {- builddir("engines") -}
+        engines = F$PARSE("{- builddir("engines") -}","A.;",,,"syntax_only") - "A.;"
+        DEFINE OPENSSL_ENGINES 'engines'
         DEFINE OPENSSL_DEBUG_MEMORY "on"
         IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
         $(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)

diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure
@@ -3164,25 +3164,25 @@ sub resolve_config {
         }
     }
 
-    foreach (sort keys %all_keys) {
-        my $previous = $combined_inheritance{$_};
+    foreach my $key (sort keys %all_keys) {
+        my $previous = $combined_inheritance{$key};
 
         # Current target doesn't have a value for the current key?
         # Assign it the default combiner, the rest of this loop body
         # will handle it just like any other coderef.
-        if (!exists $table{$target}->{$_}) {
-            $table{$target}->{$_} = $default_combiner;
+        if (!exists $table{$target}->{$key}) {
+            $table{$target}->{$key} = $default_combiner;
         }
 
-        $table{$target}->{$_} = process_values($table{$target}->{$_},
-                                               $combined_inheritance{$_},
-                                               $target, $_);
-        unless(defined($table{$target}->{$_})) {
-            delete $table{$target}->{$_};
+        $table{$target}->{$key} = process_values($table{$target}->{$key},
+                                               $combined_inheritance{$key},
+                                               $target, $key);
+        unless(defined($table{$target}->{$key})) {
+            delete $table{$target}->{$key};
         }
 #        if ($extra_checks &&
-#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$_})) {
-#            warn "$_ got replaced in $target\n";
+#            $previous && !($add_called ||  $previous ~~ $table{$target}->{$key})) {
+#            warn "$key got replaced in $target\n";
 #        }
     }
 

diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
+
+      o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+        forever for non-prime moduli ([CVE-2022-0778])
+
   Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
 
       o None

diff --git a/deps/openssl/openssl/README-OpenSSL.md b/deps/openssl/openssl/README-OpenSSL.md
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1m 14 Dec 2021
+ OpenSSL 1.1.1n 15 Mar 2022
 
  Copyright (c) 1998-2021 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

diff --git a/deps/openssl/openssl/README.md b/deps/openssl/openssl/README.md
@@ -4,7 +4,7 @@ What This Is
 This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
 to the website, the official source distribution is at
 <https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
-[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1m%2Bquic/README-OpenSSL.md).
+[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1n%2Bquic/README-OpenSSL.md).
 
 This fork adds APIs that can be used by QUIC implementations for connection
 handshakes. Quoting the IETF Working group

diff --git a/deps/openssl/openssl/apps/apps.c b/deps/openssl/openssl/apps/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         int ui_flags = 0;
         const char *prompt_info = NULL;
         char *prompt;
+        int pw_min_len = PW_MIN_LENGTH;
 
         if (cb_data != NULL && cb_data->prompt_info != NULL)
             prompt_info = cb_data->prompt_info;
+        if (cb_data != NULL && cb_data->password != NULL
+                && *(const char*)cb_data->password != '\0')
+            pw_min_len = 1;
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
         if (!prompt) {
             BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         (void)UI_add_user_data(ui, cb_data);
 
         ok = UI_add_input_string(ui, prompt, ui_flags, buf,
-                                 PW_MIN_LENGTH, bufsiz - 1);
+                                 pw_min_len, bufsiz - 1);
 
         if (ok >= 0 && verify) {
             buff = app_malloc(bufsiz, "password buffer");
             ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
-                                      PW_MIN_LENGTH, bufsiz - 1, buf);
+                                      pw_min_len, bufsiz - 1, buf);
         }
         if (ok >= 0)
             do {

diff --git a/deps/openssl/openssl/apps/openssl.c b/deps/openssl/openssl/apps/openssl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -120,7 +120,6 @@ int main(int argc, char *argv[])
 {
     FUNCTION f, *fp;
     LHASH_OF(FUNCTION) *prog = NULL;
-    char **copied_argv = NULL;
     char *p, *pname;
     char buf[1024];
     const char *prompt;
@@ -137,7 +136,7 @@ int main(int argc, char *argv[])
     bio_err = dup_bio_err(FORMAT_TEXT);
 
 #if defined(OPENSSL_SYS_VMS) && defined(__DECC)
-    copied_argv = argv = copy_argv(&argc, argv);
+    argv = copy_argv(&argc, argv);
 #elif defined(_WIN32)
     /*
      * Replace argv[] with UTF-8 encoded strings.
@@ -258,7 +257,6 @@ int main(int argc, char *argv[])
     }
     ret = 1;
  end:
-    OPENSSL_free(copied_argv);
     OPENSSL_free(default_config_file);
     lh_FUNCTION_free(prog);
     OPENSSL_free(arg.argv);

diff --git a/deps/openssl/openssl/apps/passwd.c b/deps/openssl/openssl/apps/passwd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -407,7 +407,7 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
         n >>= 1;
     }
     if (!EVP_DigestFinal_ex(md, buf, NULL))
-        return NULL;
+        goto err;
 
     for (i = 0; i < 1000; i++) {
         if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
@@ -633,7 +633,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
         n >>= 1;
     }
     if (!EVP_DigestFinal_ex(md, buf, NULL))
-        return NULL;
+        goto err;
 
     /* P sequence */
     if (!EVP_DigestInit_ex(md2, sha, NULL))
@@ -644,7 +644,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
             goto err;
 
     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-        return NULL;
+        goto err;
 
     if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
         goto err;
@@ -661,7 +661,7 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
             goto err;
 
     if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
-        return NULL;
+        goto err;
 
     if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
         goto err;

diff --git a/deps/openssl/openssl/apps/s_client.c b/deps/openssl/openssl/apps/s_client.c
@@ -938,6 +938,7 @@ int s_client_main(int argc, char **argv)
     struct timeval tv;
 #endif
     const char *servername = NULL;
+    char *sname_alloc = NULL;
     int noservername = 0;
     const char *alpn_in = NULL;
     tlsextctx tlsextcbp = { NULL, 0 };
@@ -1588,6 +1589,15 @@ int s_client_main(int argc, char **argv)
                        "%s: -proxy argument malformed or ambiguous\n", prog);
             goto end;
         }
+        if (servername == NULL && !noservername) {
+            res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+            if (!res) {
+                BIO_printf(bio_err,
+                        "%s: -connect argument malformed or ambiguous\n", prog);
+                goto end;
+            }
+            servername = sname_alloc;
+        }
     } else {
         int res = 1;
         char *tmp_host = host, *tmp_port = port;
@@ -3149,6 +3159,7 @@ int s_client_main(int argc, char **argv)
 #ifndef OPENSSL_NO_SRP
     OPENSSL_free(srp_arg.srppassin);
 #endif
+    OPENSSL_free(sname_alloc);
     OPENSSL_free(connectstr);
     OPENSSL_free(bindstr);
     OPENSSL_free(bindhost);

diff --git a/deps/openssl/openssl/apps/s_socket.c b/deps/openssl/openssl/apps/s_socket.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port,
 #endif
 
         if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
-                         protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+                         BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
             BIO_closesocket(*sock);
             *sock = INVALID_SOCKET;
             continue;

diff --git a/deps/openssl/openssl/apps/vms_decc_argv.c b/deps/openssl/openssl/apps/vms_decc_argv.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include "apps.h"                /* for app_malloc() and copy_argv() */
+
+char **newargv = NULL;
+
+static void cleanup_argv(void)
+{
+    OPENSSL_free(newargv);
+    newargv = NULL;
+}
+
+char **copy_argv(int *argc, char *argv[])
+{
+    /*-
+     * The note below is for historical purpose.  On VMS now we always
+     * copy argv "safely."
+     *
+     * 2011-03-22 SMS.
+     * If we have 32-bit pointers everywhere, then we're safe, and
+     * we bypass this mess, as on non-VMS systems.
+     * Problem 1: Compaq/HP C before V7.3 always used 32-bit
+     * pointers for argv[].
+     * Fix 1: For a 32-bit argv[], when we're using 64-bit pointers
+     * everywhere else, we always allocate and use a 64-bit
+     * duplicate of argv[].
+     * Problem 2: Compaq/HP C V7.3 (Alpha, IA64) before ECO1 failed
+     * to NULL-terminate a 64-bit argv[].  (As this was written, the
+     * compiler ECO was available only on IA64.)
+     * Fix 2: Unless advised not to (VMS_TRUST_ARGV), we test a
+     * 64-bit argv[argc] for NULL, and, if necessary, use a
+     * (properly) NULL-terminated (64-bit) duplicate of argv[].
+     * The same code is used in either case to duplicate argv[].
+     * Some of these decisions could be handled in preprocessing,
+     * but the code tends to get even uglier, and the penalty for
+     * deciding at compile- or run-time is tiny.
+     */
+
+    int i, count = *argc;
+    char **p = newargv;
+
+    cleanup_argv();
+
+    newargv = app_malloc(sizeof(*newargv) * (count + 1), "argv copy");
+    if (newargv == NULL)
+        return NULL;
+
+    /* Register automatic cleanup on first use */
+    if (p == NULL)
+        OPENSSL_atexit(cleanup_argv);
+
+    for (i = 0; i < count; i++)
+        newargv[i] = argv[i];
+    newargv[i] = NULL;
+    *argc = i;
+    return newargv;
+}