Merged 1.1.1u

.github/workflows/windows.yml

@@ -57,11 +57,7 @@ jobs:
         - windows-2022
     runs-on: ${{matrix.os}}
     steps:
-<<<<<<< HEAD
-    - uses: actions/checkout@v2
-=======
     - uses: actions/checkout@v3
->>>>>>> OpenSSL_1_1_1t
     - uses: ilammy/msvc-dev-cmd@v1
     - uses: shogo82148/actions-setup-perl@v1
     - name: prepare the build directory
@@ -85,11 +81,7 @@ jobs:
         - windows-2022
     runs-on: ${{matrix.os}}
     steps:
-<<<<<<< HEAD
-    - uses: actions/checkout@v2
-=======
     - uses: actions/checkout@v3
->>>>>>> OpenSSL_1_1_1t
     - uses: ilammy/msvc-dev-cmd@v1
     - uses: shogo82148/actions-setup-perl@v1
     - name: prepare the build directory

CHANGES

@@ -7,6 +7,64 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1t and 1.1.1u [30 May 2023]
+
+  *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
+     OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
+
+     OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+     numeric text form.  For gigantic sub-identifiers, this would take a very
+     long time, the time complexity being O(n^2) where n is the size of that
+     sub-identifier.  (CVE-2023-2650)
+
+     To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
+     IDENTIFIER to canonical numeric text form if the size of that OBJECT
+     IDENTIFIER is 586 bytes or less, and fail otherwise.
+
+     The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
+     IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
+     most 128 sub-identifiers, and that the maximum value that each sub-
+     identifier may have is 2^32-1 (4294967295 decimal).
+
+     For each byte of every sub-identifier, only the 7 lower bits are part of
+     the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
+     these restrictions may occupy is 32 * 128 / 7, which is approximately 586
+     bytes.
+
+     Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+
+     [Richard Levitte]
+
+  *) Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304).
+     The previous fix for this timing side channel turned out to cause
+     a severe 2-3x performance regression in the typical use case
+     compared to 1.1.1s. The new fix uses existing constant time
+     code paths, and restores the previous performance level while
+     fully eliminating all existing timing side channels.
+     The fix was developed by Bernd Edlinger with testing support
+     by Hubert Kario.
+     [Bernd Edlinger]
+
+  *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
+     that it does not enable policy checking. Thanks to
+     David Benjamin for discovering this issue. (CVE-2023-0466)
+     [Tomas Mraz]
+
+  *) Fixed an issue where invalid certificate policies in leaf certificates are
+     silently ignored by OpenSSL and other certificate policy checks are skipped
+     for that certificate. A malicious CA could use this to deliberately assert
+     invalid certificate policies in order to circumvent policy checking on the
+     certificate altogether. (CVE-2023-0465)
+     [Matt Caswell]
+
+  *) Limited the number of nodes created in a policy tree to mitigate
+     against CVE-2023-0464.  The default limit is set to 1000 nodes, which
+     should be sufficient for most installations.  If required, the limit
+     can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
+     time define to a desired maximum number of nodes or zero to allow
+     unlimited growth. (CVE-2023-0464)
+     [Paul Dale]
+
  Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
 
   *) Fixed X.400 address type confusion in X.509 GeneralName.

Configurations/descrip.mms.tmpl

@@ -13,6 +13,8 @@
   our $sover_dirname = sprintf "%02d%02d", split(/\./, $config{shlib_version_number});
   our $osslver = sprintf "%02d%02d", split(/\./, $config{version});
 
+  our $shlibvariant = $target{shlib_variant} || "";
+
   our $sourcedir = $config{sourcedir};
   our $builddir = $config{builddir};
   sub sourcefile {
@@ -47,13 +49,13 @@
       map { (my $x = $_) =~ s/\.a$//; $x }
       @{$unified_info{libraries}};
   our @shlibs =
-      map { $unified_info{sharednames}->{$_} || () }
+      map { $unified_info{sharednames}->{$_}.$shlibvariant || () }
       grep(!/\.a$/, @{$unified_info{libraries}});
   our @install_libs =
       map { (my $x = $_) =~ s/\.a$//; $x }
       @{$unified_info{install}->{libraries}};
   our @install_shlibs =
-      map { $unified_info{sharednames}->{$_} || () }
+      map { $unified_info{sharednames}->{$_}.$shlibvariant || () }
       grep(!/\.a$/, @{$unified_info{install}->{libraries}});
 
   # This is a horrible hack, but is needed because recursive inclusion of files
@@ -695,7 +697,7 @@ reconfigure reconf :
       }
       return map { $_ =~ /\.a$/
                    ? $`.".OLB"
-                   : $unified_info{sharednames}->{$_}.".EXE" } @_;
+                   : $unified_info{sharednames}->{$_}.$shlibvariant.".EXE" } @_;
   }
 
   # Helper function to deal with inclusion directory specs.
@@ -912,7 +914,7 @@ EOF
   sub libobj2shlib {
       my %args = @_;
       my $lib = $args{lib};
-      my $shlib = $args{shlib};
+      my $shlib = $args{shlib}.$shlibvariant;
       my $libd = dirname($lib);
       my $libn = basename($lib);
       my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x }

Configurations/windows-makefile.tmpl

@@ -9,6 +9,7 @@
  our $exeext = $target{exe_extension} || ".exe";
  our $libext = $target{lib_extension} || ".lib";
  our $shlibext = $target{shared_extension} || ".dll";
+ our $shlibvariant = $target{shlib_variant} || "";
  our $shlibextimport = $target{shared_import_extension} || ".lib";
  our $dsoext = $target{dso_extension} || ".dll";
 
@@ -35,7 +36,7 @@
      my $lib = shift;
      return () if $disabled{shared} || $lib =~ /\.a$/;
      return () unless defined $unified_info{sharednames}->{$lib};
-     return $unified_info{sharednames}->{$lib} . $shlibext;
+     return $unified_info{sharednames}->{$lib} . $shlibvariant . $shlibext;
  }
 
  sub lib {

Configure

@@ -1244,7 +1244,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
         }
 
 if ($target =~ /linux.*-mips/ && !$disabled{asm}
-        && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+        && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
         # minimally required architecture flags for assembly modules
         my $value;
         $value = '-mips2' if ($target =~ /mips32/);

NEWS

@@ -5,6 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
+
+      o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
+        OBJECT IDENTIFIER sub-identities.  (CVE-2023-2650)
+      o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
+      o Fixed handling of invalid certificate policies in leaf certificates
+        (CVE-2023-0465)
+      o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
+
   Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
 
       o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)

README

@@ -1,7 +1,7 @@
 
- OpenSSL 1.1.1t 7 Feb 2023
+ OpenSSL 1.1.1u 30 May 2023
 
- Copyright (c) 1998-2022 The OpenSSL Project
+ Copyright (c) 1998-2023 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

README.md

@@ -39,7 +39,7 @@ Note that, referencing the terminology defined by [ETSI](https://www.etsi.org/te
 
 ## Status
 
-This fork is currently in sync with the [OpenSSL\_1\_1\_1t tag](https://github.com/openssl/openssl/tree/OpenSSL_1_1_1t), and adds the following:
+This fork is currently in sync with the [OpenSSL\_1\_1\_1u tag](https://github.com/openssl/openssl/tree/OpenSSL_1_1_1u), and adds the following:
 
 - quantum-safe key exchange in TLS 1.3
 - hybrid (quantum-safe + elliptic curve) key exchange in TLS 1.3

crypto/aes/asm/bsaes-armv7.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -14,7 +14,7 @@
 # details see http://www.openssl.org/~appro/cryptogams/.
 #
 # Specific modes and adaptation for Linux kernel by Ard Biesheuvel
-# of Linaro. Permission to use under GPL terms is granted.
+# of Linaro.
 # ====================================================================
 
 # Bit-sliced AES for ARM NEON

crypto/asn1/a_bitstr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
     int w, v, iv;
     unsigned char *c;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     iv = ~v;
@@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
 {
     int w, v;
 
+    if (n < 0)
+        return 0;
+
     w = n / 8;
     v = 1 << (7 - (n & 0x07));
     if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))

crypto/bio/b_print.c

@@ -305,7 +305,6 @@ _dopr(char **sbuffer,
             case 'G':
             case 'g':
                 /* not implemented for UEFI */
-                ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
                 return 0;
 #endif
             case 'c':