Index: /branches/rel_apv_10_7_2/tools/update/ustacksystem.ks =================================================================== --- /branches/rel_apv_10_7_2/tools/update/ustacksystem.ks (revision 39192) +++ /branches/rel_apv_10_7_2/tools/update/ustacksystem.ks (working copy) @@ -71,8 +71,8 @@ rsyslog-7.4.7-12.el7.x86_64 audit-2.4.1-5.el7.x86_64 perl-JSON-2.59-2.el7.noarch -openssl-1.0.2k-21.el7.centos.2.x86_64 -openssl-libs-1.0.2k-21.el7.centos.2.x86_64 +openssl-1.0.2k-21.el7.centos.4.x86_64 +openssl-libs-1.0.2k-21.el7.centos.4.x86_64 ustack-1.0-2.x86_64 xmlrpc-epi-0.54.2-1.el7.centos.x86_64 zip-3.0-10.el7.x86_64 Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/build.sh =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/build.sh (revision 39192) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/build.sh (working copy) @@ -18,6 +18,12 @@ PATCH14=sm4_gcm_ccm.patch PATCH15=openssl-1.1.1d-CVE-2022-0778.patch PATCH16=ocsp_retry.patch +PATCH17=openssl-1.1.1d-CVE-2021-3712.patch +PATCH18=openssl-1.1.1d-CVE-2022-1292.patch +PATCH19=openssl-1.1.1d-CVE-2022-4304.patch +PATCH20=openssl-1.1.1d-CVE-2022-4450.patch +PATCH21=openssl-1.1.1d-CVE-2023-0215.patch +PATCH22=openssl-1.1.1d-CVE-2023-0286.patch if [ ! -d $OPENSSL_NAME ] then tar -zxf $TAR_NAME @@ -44,6 +50,12 @@ patch -p1 < ../$PATCH14 patch -p1 < ../$PATCH15 patch -p1 < ../$PATCH16 + patch -p1 < ../$PATCH17 + patch -p1 < ../$PATCH18 + patch -p1 < ../$PATCH19 + patch -p1 < ../$PATCH20 + patch -p1 < ../$PATCH21 + patch -p1 < ../$PATCH22 if [ -f "../../../../../is_zhaoxin" ]; then patch -p1 < ../openssl-1.1.1d-bug102140.patch Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2021-3712.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2021-3712.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2021-3712.patch (working copy) @@ -0,0 +1,508 @@ +diff -urN a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c +--- a/crypto/asn1/asn1_lib.c 2023-02-18 03:31:46.299990554 +0800 ++++ b/crypto/asn1/asn1_lib.c 2023-02-18 03:31:46.434990547 +0800 +@@ -281,7 +281,12 @@ + } + if ((str->length <= len) || (str->data == NULL)) { + c = str->data; ++#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ++ /* No NUL terminator in fuzzing builds */ ++ str->data = OPENSSL_realloc(c, len); ++#else + str->data = OPENSSL_realloc(c, len + 1); ++#endif + if (str->data == NULL) { + ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); + str->data = c; +@@ -291,8 +296,13 @@ + str->length = len; + if (data != NULL) { + memcpy(str->data, data, len); +- /* an allowance for strings :-) */ ++#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ++ /* ++ * Add a NUL terminator. This should not be necessary - but we add it as ++ * a safety precaution ++ */ + str->data[len] = '\0'; ++#endif + } + return 1; + } +diff -urN a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c +--- a/crypto/asn1/t_spki.c 2023-02-18 03:31:46.300990554 +0800 ++++ b/crypto/asn1/t_spki.c 2023-02-18 03:31:46.433990547 +0800 +@@ -38,7 +38,7 @@ + } + chal = spki->spkac->challenge; + if (chal->length) +- BIO_printf(out, " Challenge String: %s\n", chal->data); ++ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); + i = OBJ_obj2nid(spki->sig_algor.algorithm); + BIO_printf(out, " Signature Algorithm: %s", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); +diff -urN a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +--- a/crypto/ec/ec_asn1.c 2023-02-18 03:31:46.313990553 +0800 ++++ b/crypto/ec/ec_asn1.c 2023-02-18 03:31:46.449990546 +0800 +@@ -744,7 +744,10 @@ + ret->seed_len = params->curve->seed->length; + } + +- if (!params->order || !params->base || !params->base->data) { ++ if (params->order == NULL ++ || params->base == NULL ++ || params->base->data == NULL ++ || params->base->length == 0) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); + goto err; + } +diff -urN a/crypto/include/internal/x509_int.h b/crypto/include/internal/x509_int.h +--- a/crypto/include/internal/x509_int.h 2023-02-18 03:31:46.320990553 +0800 ++++ b/crypto/include/internal/x509_int.h 2023-02-18 03:31:46.454990546 +0800 +@@ -8,6 +8,8 @@ + */ + + #include "internal/refcount.h" ++#include ++#include + + /* Internal X509 structures and functions: not for application use */ + +@@ -284,3 +286,6 @@ + int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm); + + void x509_init_sig_info(X509 *x); ++ ++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, ++ size_t vallen, STACK_OF(CONF_VALUE) **extlist); +diff -urN a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c +--- a/crypto/x509v3/v3_akey.c 2023-02-18 03:31:46.337990552 +0800 ++++ b/crypto/x509v3/v3_akey.c 2023-02-18 03:31:46.470990545 +0800 +@@ -39,20 +39,48 @@ + STACK_OF(CONF_VALUE) + *extlist) + { +- char *tmp; ++ char *tmp = NULL; ++ STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist; ++ + if (akeyid->keyid) { + tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length); +- X509V3_add_value("keyid", tmp, &extlist); ++ if (tmp == NULL) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); ++ return NULL; ++ } ++ if (!X509V3_add_value("keyid", tmp, &extlist)) { ++ OPENSSL_free(tmp); ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB); ++ goto err; ++ } + OPENSSL_free(tmp); + } +- if (akeyid->issuer) +- extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); ++ if (akeyid->issuer) { ++ tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); ++ if (tmpextlist == NULL) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB); ++ goto err; ++ } ++ extlist = tmpextlist; ++ } + if (akeyid->serial) { + tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length); +- X509V3_add_value("serial", tmp, &extlist); ++ if (tmp == NULL) { ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE); ++ goto err; ++ } ++ if (!X509V3_add_value("serial", tmp, &extlist)) { ++ OPENSSL_free(tmp); ++ X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_X509_LIB); ++ goto err; ++ } + OPENSSL_free(tmp); + } + return extlist; ++ err: ++ if (origextlist == NULL) ++ sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free); ++ return NULL; + } + + /*- +diff -urN a/crypto/x509v3/v3_alt.c b/crypto/x509v3/v3_alt.c +--- a/crypto/x509v3/v3_alt.c 2023-02-18 03:31:46.337990552 +0800 ++++ b/crypto/x509v3/v3_alt.c 2023-02-18 03:34:50.969980586 +0800 +@@ -9,6 +9,7 @@ + + #include + #include "internal/cryptlib.h" ++#include "crypto/include/internal/x509_int.h" + #include + #include + #include "ext_dat.h" +@@ -86,17 +87,20 @@ + break; + + case GEN_EMAIL: +- if (!X509V3_add_value_uchar("email", gen->d.ia5->data, &ret)) ++ if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data, ++ gen->d.ia5->length, &ret)) + return NULL; + break; + + case GEN_DNS: +- if (!X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret)) ++ if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data, ++ gen->d.ia5->length, &ret)) + return NULL; + break; + + case GEN_URI: +- if (!X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret)) ++ if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data, ++ gen->d.ia5->length, &ret)) + return NULL; + break; + +diff -urN a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c +--- a/crypto/x509v3/v3_cpols.c 2023-02-18 03:31:46.337990552 +0800 ++++ b/crypto/x509v3/v3_cpols.c 2023-02-18 03:31:46.470990545 +0800 +@@ -422,7 +422,8 @@ + qualinfo = sk_POLICYQUALINFO_value(quals, i); + switch (OBJ_obj2nid(qualinfo->pqualid)) { + case NID_id_qt_cps: +- BIO_printf(out, "%*sCPS: %s\n", indent, "", ++ BIO_printf(out, "%*sCPS: %.*s\n", indent, "", ++ qualinfo->d.cpsuri->length, + qualinfo->d.cpsuri->data); + break; + +@@ -447,7 +448,8 @@ + if (notice->noticeref) { + NOTICEREF *ref; + ref = notice->noticeref; +- BIO_printf(out, "%*sOrganization: %s\n", indent, "", ++ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", ++ ref->organization->length, + ref->organization->data); + BIO_printf(out, "%*sNumber%s: ", indent, "", + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); +@@ -470,7 +472,8 @@ + BIO_puts(out, "\n"); + } + if (notice->exptext) +- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", ++ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", ++ notice->exptext->length, + notice->exptext->data); + } + +diff -urN a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c +--- a/crypto/x509v3/v3_ncons.c 2023-02-18 03:31:46.337990552 +0800 ++++ b/crypto/x509v3/v3_ncons.c 2023-02-18 03:31:46.470990545 +0800 +@@ -63,8 +63,31 @@ + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE) + IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS) + ++ ++#define IA5_OFFSET_LEN(ia5base, offset) \ ++ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) ++ ++/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the ++ * starting point to search from ++ */ ++# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) ++ ++/* Like memrrchr but for ASN1_IA5STRING */ ++static char *ia5memrchr(ASN1_IA5STRING *str, int c) ++{ ++ int i; ++ ++ for (i = str->length; i > 0 && str->data[i - 1] != c; i--); ++ ++ if (i == 0) ++ return NULL; ++ ++ return (char *)&str->data[i - 1]; ++} ++ + /* +- * We cannot use strncasecmp here because that applies locale specific rules. ++ * We cannot use strncasecmp here because that applies locale specific rules. It ++ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters. + * For example in Turkish 'I' is not the uppercase character for 'i'. We need to + * do a simple ASCII case comparison ignoring the locale (that is why we use + * numeric constants below). +@@ -89,20 +112,12 @@ + + /* c1 > c2 */ + return 1; +- } else if (*s1 == 0) { +- /* If we get here we know that *s2 == 0 too */ +- return 0; + } + } + + return 0; + } + +-static int ia5casecmp(const char *s1, const char *s2) +-{ +- return ia5ncasecmp(s1, s2, SIZE_MAX); +-} +- + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { +@@ -337,7 +352,7 @@ + --utf8_length; + + /* Reject *embedded* NULs */ +- if ((size_t)utf8_length != strlen((char *)utf8_value)) { ++ if (memchr(utf8_value, 0, utf8_length) != NULL) { + OPENSSL_free(utf8_value); + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + } +@@ -536,9 +551,14 @@ + { + char *baseptr = (char *)base->data; + char *dnsptr = (char *)dns->data; ++ + /* Empty matches everything */ +- if (!*baseptr) ++ if (base->length == 0) + return X509_V_OK; ++ ++ if (dns->length < base->length) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ + /* + * Otherwise can add zero or more components on the left so compare RHS + * and if dns is longer and expect '.' as preceding character. +@@ -549,7 +569,7 @@ + return X509_V_ERR_PERMITTED_VIOLATION; + } + +- if (ia5casecmp(baseptr, dnsptr)) ++ if (ia5ncasecmp(baseptr, dnsptr, base->length)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +@@ -560,16 +580,17 @@ + { + const char *baseptr = (char *)base->data; + const char *emlptr = (char *)eml->data; ++ const char *baseat = ia5memrchr(base, '@'); ++ const char *emlat = ia5memrchr(eml, '@'); ++ size_t basehostlen, emlhostlen; + +- const char *baseat = strchr(baseptr, '@'); +- const char *emlat = strchr(emlptr, '@'); + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* Special case: initial '.' is RHS match */ +- if (!baseat && (*baseptr == '.')) { ++ if (!baseat && base->length > 0 && (*baseptr == '.')) { + if (eml->length > base->length) { + emlptr += eml->length - base->length; +- if (ia5casecmp(baseptr, emlptr) == 0) ++ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; +@@ -589,8 +610,10 @@ + baseptr = baseat + 1; + } + emlptr = emlat + 1; ++ basehostlen = IA5_OFFSET_LEN(base, baseptr); ++ emlhostlen = IA5_OFFSET_LEN(eml, emlptr); + /* Just have hostname left to match: case insensitive */ +- if (ia5casecmp(baseptr, emlptr)) ++ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +@@ -601,10 +624,14 @@ + { + const char *baseptr = (char *)base->data; + const char *hostptr = (char *)uri->data; +- const char *p = strchr(hostptr, ':'); ++ const char *p = ia5memchr(uri, (char *)uri->data, ':'); + int hostlen; ++ + /* Check for foo:// and skip past it */ +- if (!p || (p[1] != '/') || (p[2] != '/')) ++ if (p == NULL ++ || IA5_OFFSET_LEN(uri, p) < 3 ++ || p[1] != '/' ++ || p[2] != '/') + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + hostptr = p + 3; + +@@ -612,13 +639,13 @@ + + /* Look for a port indicator as end of hostname first */ + +- p = strchr(hostptr, ':'); ++ p = ia5memchr(uri, hostptr, ':'); + /* Otherwise look for trailing slash */ +- if (!p) +- p = strchr(hostptr, '/'); ++ if (p == NULL) ++ p = ia5memchr(uri, hostptr, '/'); + +- if (!p) +- hostlen = strlen(hostptr); ++ if (p == NULL) ++ hostlen = IA5_OFFSET_LEN(uri, hostptr); + else + hostlen = p - hostptr; + +@@ -626,7 +653,7 @@ + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Special case: initial '.' is RHS match */ +- if (*baseptr == '.') { ++ if (base->length > 0 && *baseptr == '.') { + if (hostlen > base->length) { + p = hostptr + hostlen - base->length; + if (ia5ncasecmp(p, baseptr, base->length) == 0) +diff -urN a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c +--- a/crypto/x509v3/v3_pci.c 2023-02-18 03:31:46.337990552 +0800 ++++ b/crypto/x509v3/v3_pci.c 2023-02-18 03:31:46.470990545 +0800 +@@ -77,7 +77,8 @@ + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) +- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", ++ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", ++ pci->proxyPolicy->policy->length, + pci->proxyPolicy->policy->data); + return 1; + } +diff -urN a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c +--- a/crypto/x509v3/v3_utl.c 2023-02-18 03:31:46.338990552 +0800 ++++ b/crypto/x509v3/v3_utl.c 2023-02-18 03:31:46.470990545 +0800 +@@ -12,6 +12,7 @@ + #include "e_os.h" + #include "internal/cryptlib.h" + #include ++#include + #include "internal/ctype.h" + #include + #include +@@ -34,17 +35,26 @@ + + /* Add a CONF_VALUE name value pair to stack */ + +-int X509V3_add_value(const char *name, const char *value, +- STACK_OF(CONF_VALUE) **extlist) ++static int x509v3_add_len_value(const char *name, const char *value, ++ size_t vallen, STACK_OF(CONF_VALUE) **extlist) + { + CONF_VALUE *vtmp = NULL; + char *tname = NULL, *tvalue = NULL; + int sk_allocated = (*extlist == NULL); + +- if (name && (tname = OPENSSL_strdup(name)) == NULL) +- goto err; +- if (value && (tvalue = OPENSSL_strdup(value)) == NULL) ++ if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) + goto err; ++ if (value != NULL && vallen > 0) { ++ /* ++ * We tolerate a single trailing NUL character, but otherwise no ++ * embedded NULs ++ */ ++ if (memchr(value, 0, vallen - 1) != NULL) ++ goto err; ++ tvalue = OPENSSL_strndup(value, vallen); ++ if (tvalue == NULL) ++ goto err; ++ } + if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL) + goto err; + if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL) +@@ -67,10 +77,26 @@ + return 0; + } + ++int X509V3_add_value(const char *name, const char *value, ++ STACK_OF(CONF_VALUE) **extlist) ++{ ++ return x509v3_add_len_value(name, value, ++ value != NULL ? strlen((const char *)value) : 0, ++ extlist); ++} ++ + int X509V3_add_value_uchar(const char *name, const unsigned char *value, + STACK_OF(CONF_VALUE) **extlist) + { +- return X509V3_add_value(name, (const char *)value, extlist); ++ return x509v3_add_len_value(name, (const char *)value, ++ value != NULL ? strlen((const char *)value) : 0, ++ extlist); ++} ++ ++int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, ++ size_t vallen, STACK_OF(CONF_VALUE) **extlist) ++{ ++ return x509v3_add_len_value(name, (const char *)value, vallen, extlist); + } + + /* Free function for STACK_OF(CONF_VALUE) */ +@@ -502,18 +528,26 @@ + /* First some sanity checks */ + if (email->type != V_ASN1_IA5STRING) + return 1; +- if (!email->data || !email->length) ++ if (email->data == NULL || email->length == 0) ++ return 1; ++ if (memchr(email->data, 0, email->length) != NULL) + return 1; + if (*sk == NULL) + *sk = sk_OPENSSL_STRING_new(sk_strcmp); + if (*sk == NULL) + return 0; ++ ++ emtmp = OPENSSL_strndup((char *)email->data, email->length); ++ if (emtmp == NULL) ++ return 0; ++ + /* Don't add duplicates */ +- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) ++ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { ++ OPENSSL_free(emtmp); + return 1; +- emtmp = OPENSSL_strdup((char *)email->data); +- if (emtmp == NULL || !sk_OPENSSL_STRING_push(*sk, emtmp)) { +- OPENSSL_free(emtmp); /* free on push failure */ ++ } ++ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { ++ OPENSSL_free(emtmp); /* free on push failure */ + X509_email_free(*sk); + *sk = NULL; + return 0; +diff -urN a/test/x509_time_test.c b/test/x509_time_test.c +--- a/test/x509_time_test.c 2023-02-18 03:31:46.414990548 +0800 ++++ b/test/x509_time_test.c 2023-02-18 03:31:46.543990541 +0800 +@@ -330,10 +330,12 @@ + + /* if t is not NULL but expected_string is NULL, it is an 'OK' case too */ + if (t != NULL && x509_format_tests[idx].expected_string) { +- if (!TEST_str_eq((const char *)t->data, +- x509_format_tests[idx].expected_string)) { +- TEST_info("test_x509_time(%d) failed: expected_string %s, got %s\n", +- idx, x509_format_tests[idx].expected_string, t->data); ++ if (!TEST_mem_eq((const char *)t->data, t->length, ++ x509_format_tests[idx].expected_string, ++ strlen(x509_format_tests[idx].expected_string))) { ++ TEST_info("test_x509_time(%d) failed: expected_string %s, got %.*s\n", ++ idx, x509_format_tests[idx].expected_string, t->length, ++ t->data); + goto out; + } + } Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2021-3712.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-1292.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-1292.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-1292.patch (working copy) @@ -0,0 +1,758 @@ +diff -urN a/apps/rehash.c b/apps/rehash.c +--- a/apps/rehash.c 2023-02-20 19:13:01.620615285 +0800 ++++ b/apps/rehash.c 2023-02-20 19:14:21.971610948 +0800 +@@ -11,514 +11,6 @@ + #include "apps.h" + #include "progs.h" + +-#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \ +- (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000) +-# include +-# include +-# include +-# include +-# include +-# include +-# include +- +-/* +- * Make sure that the processing of symbol names is treated the same as when +- * libcrypto is built. This is done automatically for public headers (see +- * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H), +- * but not for internal headers. +- */ +-# ifdef __VMS +-# pragma names save +-# pragma names as_is,shortened +-# endif +- +-# include "internal/o_dir.h" +- +-# ifdef __VMS +-# pragma names restore +-# endif +- +-# include +-# include +-# include +- +- +-# ifndef PATH_MAX +-# define PATH_MAX 4096 +-# endif +-# ifndef NAME_MAX +-# define NAME_MAX 255 +-# endif +-# define MAX_COLLISIONS 256 +- +-# if defined(OPENSSL_SYS_VXWORKS) +-/* +- * VxWorks has no symbolic links +- */ +- +-# define lstat(path, buf) stat(path, buf) +- +-int symlink(const char *target, const char *linkpath) +-{ +- errno = ENOSYS; +- return -1; +-} +- +-ssize_t readlink(const char *pathname, char *buf, size_t bufsiz) +-{ +- errno = ENOSYS; +- return -1; +-} +-# endif +- +-typedef struct hentry_st { +- struct hentry_st *next; +- char *filename; +- unsigned short old_id; +- unsigned char need_symlink; +- unsigned char digest[EVP_MAX_MD_SIZE]; +-} HENTRY; +- +-typedef struct bucket_st { +- struct bucket_st *next; +- HENTRY *first_entry, *last_entry; +- unsigned int hash; +- unsigned short type; +- unsigned short num_needed; +-} BUCKET; +- +-enum Type { +- /* Keep in sync with |suffixes|, below. */ +- TYPE_CERT=0, TYPE_CRL=1 +-}; +- +-enum Hash { +- HASH_OLD, HASH_NEW, HASH_BOTH +-}; +- +- +-static int evpmdsize; +-static const EVP_MD *evpmd; +-static int remove_links = 1; +-static int verbose = 0; +-static BUCKET *hash_table[257]; +- +-static const char *suffixes[] = { "", "r" }; +-static const char *extensions[] = { "pem", "crt", "cer", "crl" }; +- +- +-static void bit_set(unsigned char *set, unsigned int bit) +-{ +- set[bit >> 3] |= 1 << (bit & 0x7); +-} +- +-static int bit_isset(unsigned char *set, unsigned int bit) +-{ +- return set[bit >> 3] & (1 << (bit & 0x7)); +-} +- +- +-/* +- * Process an entry; return number of errors. +- */ +-static int add_entry(enum Type type, unsigned int hash, const char *filename, +- const unsigned char *digest, int need_symlink, +- unsigned short old_id) +-{ +- static BUCKET nilbucket; +- static HENTRY nilhentry; +- BUCKET *bp; +- HENTRY *ep, *found = NULL; +- unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table); +- +- for (bp = hash_table[ndx]; bp; bp = bp->next) +- if (bp->type == type && bp->hash == hash) +- break; +- if (bp == NULL) { +- bp = app_malloc(sizeof(*bp), "hash bucket"); +- *bp = nilbucket; +- bp->next = hash_table[ndx]; +- bp->type = type; +- bp->hash = hash; +- hash_table[ndx] = bp; +- } +- +- for (ep = bp->first_entry; ep; ep = ep->next) { +- if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) { +- BIO_printf(bio_err, +- "%s: warning: skipping duplicate %s in %s\n", +- opt_getprog(), +- type == TYPE_CERT ? "certificate" : "CRL", filename); +- return 0; +- } +- if (strcmp(filename, ep->filename) == 0) { +- found = ep; +- if (digest == NULL) +- break; +- } +- } +- ep = found; +- if (ep == NULL) { +- if (bp->num_needed >= MAX_COLLISIONS) { +- BIO_printf(bio_err, +- "%s: error: hash table overflow for %s\n", +- opt_getprog(), filename); +- return 1; +- } +- ep = app_malloc(sizeof(*ep), "collision bucket"); +- *ep = nilhentry; +- ep->old_id = ~0; +- ep->filename = OPENSSL_strdup(filename); +- if (bp->last_entry) +- bp->last_entry->next = ep; +- if (bp->first_entry == NULL) +- bp->first_entry = ep; +- bp->last_entry = ep; +- } +- +- if (old_id < ep->old_id) +- ep->old_id = old_id; +- if (need_symlink && !ep->need_symlink) { +- ep->need_symlink = 1; +- bp->num_needed++; +- memcpy(ep->digest, digest, evpmdsize); +- } +- return 0; +-} +- +-/* +- * Check if a symlink goes to the right spot; return 0 if okay. +- * This can be -1 if bad filename, or an error count. +- */ +-static int handle_symlink(const char *filename, const char *fullpath) +-{ +- unsigned int hash = 0; +- int i, type, id; +- unsigned char ch; +- char linktarget[PATH_MAX], *endptr; +- ossl_ssize_t n; +- +- for (i = 0; i < 8; i++) { +- ch = filename[i]; +- if (!isxdigit(ch)) +- return -1; +- hash <<= 4; +- hash += OPENSSL_hexchar2int(ch); +- } +- if (filename[i++] != '.') +- return -1; +- for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) { +- const char *suffix = suffixes[type]; +- if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0) +- break; +- } +- i += strlen(suffixes[type]); +- +- id = strtoul(&filename[i], &endptr, 10); +- if (*endptr != '\0') +- return -1; +- +- n = readlink(fullpath, linktarget, sizeof(linktarget)); +- if (n < 0 || n >= (int)sizeof(linktarget)) +- return -1; +- linktarget[n] = 0; +- +- return add_entry(type, hash, linktarget, NULL, 0, id); +-} +- +-/* +- * process a file, return number of errors. +- */ +-static int do_file(const char *filename, const char *fullpath, enum Hash h) +-{ +- STACK_OF (X509_INFO) *inf = NULL; +- X509_INFO *x; +- X509_NAME *name = NULL; +- BIO *b; +- const char *ext; +- unsigned char digest[EVP_MAX_MD_SIZE]; +- int type, errs = 0; +- size_t i; +- +- /* Does it end with a recognized extension? */ +- if ((ext = strrchr(filename, '.')) == NULL) +- goto end; +- for (i = 0; i < OSSL_NELEM(extensions); i++) { +- if (strcasecmp(extensions[i], ext + 1) == 0) +- break; +- } +- if (i >= OSSL_NELEM(extensions)) +- goto end; +- +- /* Does it have X.509 data in it? */ +- if ((b = BIO_new_file(fullpath, "r")) == NULL) { +- BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n", +- opt_getprog(), filename); +- errs++; +- goto end; +- } +- inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL); +- BIO_free(b); +- if (inf == NULL) +- goto end; +- +- if (sk_X509_INFO_num(inf) != 1) { +- BIO_printf(bio_err, +- "%s: warning: skipping %s," +- "it does not contain exactly one certificate or CRL\n", +- opt_getprog(), filename); +- /* This is not an error. */ +- goto end; +- } +- x = sk_X509_INFO_value(inf, 0); +- if (x->x509 != NULL) { +- type = TYPE_CERT; +- name = X509_get_subject_name(x->x509); +- X509_digest(x->x509, evpmd, digest, NULL); +- } else if (x->crl != NULL) { +- type = TYPE_CRL; +- name = X509_CRL_get_issuer(x->crl); +- X509_CRL_digest(x->crl, evpmd, digest, NULL); +- } else { +- ++errs; +- goto end; +- } +- if (name != NULL) { +- if ((h == HASH_NEW) || (h == HASH_BOTH)) +- errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0); +- if ((h == HASH_OLD) || (h == HASH_BOTH)) +- errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0); +- } +- +-end: +- sk_X509_INFO_pop_free(inf, X509_INFO_free); +- return errs; +-} +- +-static void str_free(char *s) +-{ +- OPENSSL_free(s); +-} +- +-static int ends_with_dirsep(const char *path) +-{ +- if (*path != '\0') +- path += strlen(path) - 1; +-# if defined __VMS +- if (*path == ']' || *path == '>' || *path == ':') +- return 1; +-# elif defined _WIN32 +- if (*path == '\\') +- return 1; +-# endif +- return *path == '/'; +-} +- +-/* +- * Process a directory; return number of errors found. +- */ +-static int do_dir(const char *dirname, enum Hash h) +-{ +- BUCKET *bp, *nextbp; +- HENTRY *ep, *nextep; +- OPENSSL_DIR_CTX *d = NULL; +- struct stat st; +- unsigned char idmask[MAX_COLLISIONS / 8]; +- int n, numfiles, nextid, buflen, errs = 0; +- size_t i; +- const char *pathsep; +- const char *filename; +- char *buf, *copy = NULL; +- STACK_OF(OPENSSL_STRING) *files = NULL; +- +- if (app_access(dirname, W_OK) < 0) { +- BIO_printf(bio_err, "Skipping %s, can't write\n", dirname); +- return 1; +- } +- buflen = strlen(dirname); +- pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": ""; +- buflen += NAME_MAX + 1 + 1; +- buf = app_malloc(buflen, "filename buffer"); +- +- if (verbose) +- BIO_printf(bio_out, "Doing %s\n", dirname); +- +- if ((files = sk_OPENSSL_STRING_new_null()) == NULL) { +- BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname); +- errs = 1; +- goto err; +- } +- while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { +- if ((copy = OPENSSL_strdup(filename)) == NULL +- || sk_OPENSSL_STRING_push(files, copy) == 0) { +- OPENSSL_free(copy); +- BIO_puts(bio_err, "out of memory\n"); +- errs = 1; +- goto err; +- } +- } +- OPENSSL_DIR_end(&d); +- sk_OPENSSL_STRING_sort(files); +- +- numfiles = sk_OPENSSL_STRING_num(files); +- for (n = 0; n < numfiles; ++n) { +- filename = sk_OPENSSL_STRING_value(files, n); +- if (BIO_snprintf(buf, buflen, "%s%s%s", +- dirname, pathsep, filename) >= buflen) +- continue; +- if (lstat(buf, &st) < 0) +- continue; +- if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0) +- continue; +- errs += do_file(filename, buf, h); +- } +- +- for (i = 0; i < OSSL_NELEM(hash_table); i++) { +- for (bp = hash_table[i]; bp; bp = nextbp) { +- nextbp = bp->next; +- nextid = 0; +- memset(idmask, 0, (bp->num_needed + 7) / 8); +- for (ep = bp->first_entry; ep; ep = ep->next) +- if (ep->old_id < bp->num_needed) +- bit_set(idmask, ep->old_id); +- +- for (ep = bp->first_entry; ep; ep = nextep) { +- nextep = ep->next; +- if (ep->old_id < bp->num_needed) { +- /* Link exists, and is used as-is */ +- BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash, +- suffixes[bp->type], ep->old_id); +- if (verbose) +- BIO_printf(bio_out, "link %s -> %s\n", +- ep->filename, buf); +- } else if (ep->need_symlink) { +- /* New link needed (it may replace something) */ +- while (bit_isset(idmask, nextid)) +- nextid++; +- +- BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", +- dirname, pathsep, &n, bp->hash, +- suffixes[bp->type], nextid); +- if (verbose) +- BIO_printf(bio_out, "link %s -> %s\n", +- ep->filename, &buf[n]); +- if (unlink(buf) < 0 && errno != ENOENT) { +- BIO_printf(bio_err, +- "%s: Can't unlink %s, %s\n", +- opt_getprog(), buf, strerror(errno)); +- errs++; +- } +- if (symlink(ep->filename, buf) < 0) { +- BIO_printf(bio_err, +- "%s: Can't symlink %s, %s\n", +- opt_getprog(), ep->filename, +- strerror(errno)); +- errs++; +- } +- bit_set(idmask, nextid); +- } else if (remove_links) { +- /* Link to be deleted */ +- BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", +- dirname, pathsep, &n, bp->hash, +- suffixes[bp->type], ep->old_id); +- if (verbose) +- BIO_printf(bio_out, "unlink %s\n", +- &buf[n]); +- if (unlink(buf) < 0 && errno != ENOENT) { +- BIO_printf(bio_err, +- "%s: Can't unlink %s, %s\n", +- opt_getprog(), buf, strerror(errno)); +- errs++; +- } +- } +- OPENSSL_free(ep->filename); +- OPENSSL_free(ep); +- } +- OPENSSL_free(bp); +- } +- hash_table[i] = NULL; +- } +- +- err: +- sk_OPENSSL_STRING_pop_free(files, str_free); +- OPENSSL_free(buf); +- return errs; +-} +- +-typedef enum OPTION_choice { +- OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, +- OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE +-} OPTION_CHOICE; +- +-const OPTIONS rehash_options[] = { +- {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"}, +- {OPT_HELP_STR, 1, '-', "Valid options are:\n"}, +- {"help", OPT_HELP, '-', "Display this summary"}, +- {"h", OPT_HELP, '-', "Display this summary"}, +- {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"}, +- {"old", OPT_OLD, '-', "Use old-style hash to generate links"}, +- {"n", OPT_N, '-', "Do not remove existing links"}, +- {"v", OPT_VERBOSE, '-', "Verbose output"}, +- {NULL} +-}; +- +- +-int rehash_main(int argc, char **argv) +-{ +- const char *env, *prog; +- char *e, *m; +- int errs = 0; +- OPTION_CHOICE o; +- enum Hash h = HASH_NEW; +- +- prog = opt_init(argc, argv, rehash_options); +- while ((o = opt_next()) != OPT_EOF) { +- switch (o) { +- case OPT_EOF: +- case OPT_ERR: +- BIO_printf(bio_err, "%s: Use -help for summary.\n", prog); +- goto end; +- case OPT_HELP: +- opt_help(rehash_options); +- goto end; +- case OPT_COMPAT: +- h = HASH_BOTH; +- break; +- case OPT_OLD: +- h = HASH_OLD; +- break; +- case OPT_N: +- remove_links = 0; +- break; +- case OPT_VERBOSE: +- verbose = 1; +- break; +- } +- } +- argc = opt_num_rest(); +- argv = opt_rest(); +- +- evpmd = EVP_sha1(); +- evpmdsize = EVP_MD_size(evpmd); +- +- if (*argv != NULL) { +- while (*argv != NULL) +- errs += do_dir(*argv++, h); +- } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) { +- char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' }; +- m = OPENSSL_strdup(env); +- for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc)) +- errs += do_dir(e, h); +- OPENSSL_free(m); +- } else { +- errs += do_dir(X509_get_default_cert_dir(), h); +- } +- +- end: +- return errs; +-} +- +-#else + const OPTIONS rehash_options[] = { + {NULL} + }; +@@ -529,4 +21,3 @@ + return 1; + } + +-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */ +diff -urN a/tools/c_rehash.in b/tools/c_rehash.in +--- a/tools/c_rehash.in 2023-02-20 19:13:01.736615278 +0800 ++++ b/tools/c_rehash.in 2023-02-20 19:14:22.084610941 +0800 +@@ -1,231 +0,0 @@ +-#!{- $config{HASHBANGPERL} -} +- +-# {- join("\n# ", @autowarntext) -} +-# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. +-# +-# Licensed under the OpenSSL license (the "License"). You may not use +-# this file except in compliance with the License. You can obtain a copy +-# in the file LICENSE in the source distribution or at +-# https://www.openssl.org/source/license.html +- +-# Perl c_rehash script, scan all files in a directory +-# and add symbolic links to their hash values. +- +-my $dir = {- quotify1($config{openssldir}) -}; +-my $prefix = {- quotify1($config{prefix}) -}; +- +-my $errorcount = 0; +-my $openssl = $ENV{OPENSSL} || "openssl"; +-my $pwd; +-my $x509hash = "-subject_hash"; +-my $crlhash = "-hash"; +-my $verbose = 0; +-my $symlink_exists=eval {symlink("",""); 1}; +-my $removelinks = 1; +- +-## Parse flags. +-while ( $ARGV[0] =~ /^-/ ) { +- my $flag = shift @ARGV; +- last if ( $flag eq '--'); +- if ( $flag eq '-old') { +- $x509hash = "-subject_hash_old"; +- $crlhash = "-hash_old"; +- } elsif ( $flag eq '-h' || $flag eq '-help' ) { +- help(); +- } elsif ( $flag eq '-n' ) { +- $removelinks = 0; +- } elsif ( $flag eq '-v' ) { +- $verbose++; +- } +- else { +- print STDERR "Usage error; try -h.\n"; +- exit 1; +- } +-} +- +-sub help { +- print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n"; +- print " -old use old-style digest\n"; +- print " -h or -help print this help text\n"; +- print " -v print files removed and linked\n"; +- exit 0; +-} +- +-eval "require Cwd"; +-if (defined(&Cwd::getcwd)) { +- $pwd=Cwd::getcwd(); +-} else { +- $pwd=`pwd`; +- chomp($pwd); +-} +- +-# DOS/Win32 or Unix delimiter? Prefix our installdir, then search. +-my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':'; +-$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : ""); +- +-if (! -x $openssl) { +- my $found = 0; +- foreach (split /$path_delim/, $ENV{PATH}) { +- if (-x "$_/$openssl") { +- $found = 1; +- $openssl = "$_/$openssl"; +- last; +- } +- } +- if ($found == 0) { +- print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n"; +- exit 0; +- } +-} +- +-if (@ARGV) { +- @dirlist = @ARGV; +-} elsif ($ENV{SSL_CERT_DIR}) { +- @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR}; +-} else { +- $dirlist[0] = "$dir/certs"; +-} +- +-if (-d $dirlist[0]) { +- chdir $dirlist[0]; +- $openssl="$pwd/$openssl" if (!-x $openssl); +- chdir $pwd; +-} +- +-foreach (@dirlist) { +- if (-d $_ ) { +- if ( -w $_) { +- hash_dir($_); +- } else { +- print "Skipping $_, can't write\n"; +- $errorcount++; +- } +- } +-} +-exit($errorcount); +- +-sub hash_dir { +- my %hashlist; +- print "Doing $_[0]\n"; +- chdir $_[0]; +- opendir(DIR, "."); +- my @flist = sort readdir(DIR); +- closedir DIR; +- if ( $removelinks ) { +- # Delete any existing symbolic links +- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { +- if (-l $_) { +- print "unlink $_" if $verbose; +- unlink $_ || warn "Can't unlink $_, $!\n"; +- } +- } +- } +- FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { +- # Check to see if certificates and/or CRLs present. +- my ($cert, $crl) = check_file($fname); +- if (!$cert && !$crl) { +- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; +- next; +- } +- link_hash_cert($fname) if ($cert); +- link_hash_crl($fname) if ($crl); +- } +-} +- +-sub check_file { +- my ($is_cert, $is_crl) = (0,0); +- my $fname = $_[0]; +- open IN, $fname; +- while() { +- if (/^-----BEGIN (.*)-----/) { +- my $hdr = $1; +- if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { +- $is_cert = 1; +- last if ($is_crl); +- } elsif ($hdr eq "X509 CRL") { +- $is_crl = 1; +- last if ($is_cert); +- } +- } +- } +- close IN; +- return ($is_cert, $is_crl); +-} +- +- +-# Link a certificate to its subject name hash value, each hash is of +-# the form . where n is an integer. If the hash value already exists +-# then we need to up the value of n, unless its a duplicate in which +-# case we skip the link. We check for duplicates by comparing the +-# certificate fingerprints +- +-sub link_hash_cert { +- my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; +- chomp $hash; +- chomp $fprint; +- $fprint =~ s/^.*=//; +- $fprint =~ tr/://d; +- my $suffix = 0; +- # Search for an unused hash filename +- while(exists $hashlist{"$hash.$suffix"}) { +- # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; +- return; +- } +- $suffix++; +- } +- $hash .= ".$suffix"; +- if ($symlink_exists) { +- print "link $fname -> $hash\n" if $verbose; +- symlink $fname, $hash || warn "Can't symlink, $!"; +- } else { +- print "copy $fname -> $hash\n" if $verbose; +- if (open($in, "<", $fname)) { +- if (open($out,">", $hash)) { +- print $out $_ while (<$in>); +- close $out; +- } else { +- warn "can't open $hash for write, $!"; +- } +- close $in; +- } else { +- warn "can't open $fname for read, $!"; +- } +- } +- $hashlist{$hash} = $fprint; +-} +- +-# Same as above except for a CRL. CRL links are of the form .r +- +-sub link_hash_crl { +- my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; +- chomp $hash; +- chomp $fprint; +- $fprint =~ s/^.*=//; +- $fprint =~ tr/://d; +- my $suffix = 0; +- # Search for an unused hash filename +- while(exists $hashlist{"$hash.r$suffix"}) { +- # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.r$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; +- return; +- } +- $suffix++; +- } +- $hash .= ".r$suffix"; +- if ($symlink_exists) { +- print "link $fname -> $hash\n" if $verbose; +- symlink $fname, $hash || warn "Can't symlink, $!"; +- } else { +- print "cp $fname -> $hash\n" if $verbose; +- system ("cp", $fname, $hash); +- warn "Can't copy, $!" if ($? >> 8) != 0; +- } +- $hashlist{$hash} = $fprint; +-} Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-1292.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4304.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4304.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4304.patch (working copy) @@ -0,0 +1,804 @@ +diff -urN b/configdata.pm c/configdata.pm +--- b/configdata.pm 2023-02-18 03:33:10.001986036 +0800 ++++ c/configdata.pm 2023-02-18 03:40:15.192963086 +0800 +@@ -1983,6 +1983,7 @@ + "crypto/bn/bn_srp.o", + "crypto/bn/bn_word.o", + "crypto/bn/bn_x931p.o", ++ "crypto/bn/rsa_sup_mul.o", + "crypto/bn/rsaz-avx2.o", + "crypto/bn/rsaz-x86_64.o", + "crypto/bn/rsaz_exp.o", +@@ -5911,6 +5912,12 @@ + [ + "crypto", + ], ++ "crypto/bn/rsa_sup_mul.o" => ++ [ ++ ".", ++ "crypto/include", ++ "include", ++ ], + "crypto/bn/rsaz-avx2.o" => + [ + ".", +@@ -11491,6 +11498,10 @@ + [ + "crypto/bn/bn_x931p.c", + ], ++ "crypto/bn/rsa_sup_mul.o" => ++ [ ++ "crypto/bn/rsa_sup_mul.c", ++ ], + "crypto/bn/rsaz-avx2.o" => + [ + "crypto/bn/rsaz-avx2.s", +@@ -13844,6 +13855,7 @@ + "crypto/bn/bn_srp.o", + "crypto/bn/bn_word.o", + "crypto/bn/bn_x931p.o", ++ "crypto/bn/rsa_sup_mul.o", + "crypto/bn/rsaz-avx2.o", + "crypto/bn/rsaz-x86_64.o", + "crypto/bn/rsaz_exp.o", +diff -urN b/crypto/bn/bn_blind.c c/crypto/bn/bn_blind.c +--- b/crypto/bn/bn_blind.c 2023-02-18 03:31:46.438990547 +0800 ++++ c/crypto/bn/bn_blind.c 2023-02-18 03:31:46.561990540 +0800 +@@ -13,20 +13,6 @@ + + #define BN_BLINDING_COUNTER 32 + +-struct bn_blinding_st { +- BIGNUM *A; +- BIGNUM *Ai; +- BIGNUM *e; +- BIGNUM *mod; /* just a reference */ +- CRYPTO_THREAD_ID tid; +- int counter; +- unsigned long flags; +- BN_MONT_CTX *m_ctx; +- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, +- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +- CRYPTO_RWLOCK *lock; +-}; +- + BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) + { + BN_BLINDING *ret = NULL; +diff -urN b/crypto/bn/bn_err.c c/crypto/bn/bn_err.c +--- b/crypto/bn/bn_err.c 2023-02-18 03:31:46.438990547 +0800 ++++ c/crypto/bn/bn_err.c 2023-02-18 03:31:46.561990540 +0800 +@@ -73,6 +73,8 @@ + {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"}, + {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"}, ++ {ERR_PACK(ERR_LIB_BN, BN_F_OSSL_BN_RSA_DO_UNBLIND, 0), ++ "ossl_bn_rsa_do_unblind"}, + {0, NULL} + }; + +diff -urN b/crypto/bn/bn_lcl.h c/crypto/bn/bn_lcl.h +--- b/crypto/bn/bn_lcl.h 2023-02-18 03:31:46.439990547 +0800 ++++ c/crypto/bn/bn_lcl.h 2023-02-18 03:31:46.562990540 +0800 +@@ -263,6 +263,20 @@ + } cb; + }; + ++struct bn_blinding_st { ++ BIGNUM *A; ++ BIGNUM *Ai; ++ BIGNUM *e; ++ BIGNUM *mod; /* just a reference */ ++ CRYPTO_THREAD_ID tid; ++ int counter; ++ unsigned long flags; ++ BN_MONT_CTX *m_ctx; ++ int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, ++ const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); ++ CRYPTO_RWLOCK *lock; ++}; ++ + /*- + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * +diff -urN b/crypto/bn/build.info c/crypto/bn/build.info +--- b/crypto/bn/build.info 2023-02-18 03:31:46.440990546 +0800 ++++ c/crypto/bn/build.info 2023-02-18 03:31:46.562990540 +0800 +@@ -5,7 +5,8 @@ + bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c \ + {- $target{bn_asm_src} -} \ + bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ +- bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c ++ bn_depr.c bn_const.c bn_x931p.c bn_intern.c bn_dh.c bn_srp.c \ ++ rsa_sup_mul.c + INCLUDE[../../libcrypto]=../../crypto/include + + INCLUDE[bn_exp.o]=.. +diff -urN b/crypto/bn/rsa_sup_mul.c c/crypto/bn/rsa_sup_mul.c +--- b/crypto/bn/rsa_sup_mul.c 1970-01-01 08:00:00.000000000 +0800 ++++ c/crypto/bn/rsa_sup_mul.c 2023-02-18 03:41:01.067960610 +0800 +@@ -0,0 +1,614 @@ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "internal/numbers.h" ++#include "internal/constant_time_locl.h" ++#include "bn_lcl.h" ++ ++# if BN_BYTES == 8 ++typedef uint64_t limb_t; ++# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 ++/* nonstandard; implemented by gcc on 64-bit platforms */ ++typedef __uint128_t limb2_t; ++# define HAVE_LIMB2_T ++# endif ++# define LIMB_BIT_SIZE 64 ++# define LIMB_BYTE_SIZE 8 ++# elif BN_BYTES == 4 ++typedef uint32_t limb_t; ++typedef uint64_t limb2_t; ++# define LIMB_BIT_SIZE 32 ++# define LIMB_BYTE_SIZE 4 ++# define HAVE_LIMB2_T ++# else ++# error "Not supported" ++# endif ++ ++/* ++ * For multiplication we're using schoolbook multiplication, ++ * so if we have two numbers, each with 6 "digits" (words) ++ * the multiplication is calculated as follows: ++ * A B C D E F ++ * x I J K L M N ++ * -------------- ++ * N*F ++ * N*E ++ * N*D ++ * N*C ++ * N*B ++ * N*A ++ * M*F ++ * M*E ++ * M*D ++ * M*C ++ * M*B ++ * M*A ++ * L*F ++ * L*E ++ * L*D ++ * L*C ++ * L*B ++ * L*A ++ * K*F ++ * K*E ++ * K*D ++ * K*C ++ * K*B ++ * K*A ++ * J*F ++ * J*E ++ * J*D ++ * J*C ++ * J*B ++ * J*A ++ * I*F ++ * I*E ++ * I*D ++ * I*C ++ * I*B ++ * + I*A ++ * ========================== ++ * N*B N*D N*F ++ * + N*A N*C N*E ++ * + M*B M*D M*F ++ * + M*A M*C M*E ++ * + L*B L*D L*F ++ * + L*A L*C L*E ++ * + K*B K*D K*F ++ * + K*A K*C K*E ++ * + J*B J*D J*F ++ * + J*A J*C J*E ++ * + I*B I*D I*F ++ * + I*A I*C I*E ++ * ++ * 1+1 1+3 1+5 ++ * 1+0 1+2 1+4 ++ * 0+1 0+3 0+5 ++ * 0+0 0+2 0+4 ++ * ++ * 0 1 2 3 4 5 6 ++ * which requires n^2 multiplications and 2n full length additions ++ * as we can keep every other result of limb multiplication in two separate ++ * limbs ++ */ ++ ++#if defined HAVE_LIMB2_T ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ limb2_t t; ++ /* ++ * this is idiomatic code to tell compiler to use the native mul ++ * those three lines will actually compile to single instruction ++ */ ++ ++ t = (limb2_t)a * b; ++ *hi = t >> LIMB_BIT_SIZE; ++ *lo = (limb_t)t; ++} ++#elif (BN_BYTES == 8) && (defined _MSC_VER) ++/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */ ++#pragma intrinsic(_umul128) ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ *lo = _umul128(a, b, hi); ++} ++#else ++/* ++ * if the compiler doesn't have either a 128bit data type nor a "return ++ * high 64 bits of multiplication" ++ */ ++static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) ++{ ++ limb_t a_low = (limb_t)(uint32_t)a; ++ limb_t a_hi = a >> 32; ++ limb_t b_low = (limb_t)(uint32_t)b; ++ limb_t b_hi = b >> 32; ++ ++ limb_t p0 = a_low * b_low; ++ limb_t p1 = a_low * b_hi; ++ limb_t p2 = a_hi * b_low; ++ limb_t p3 = a_hi * b_hi; ++ ++ uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32); ++ ++ *lo = p0 + (p1 << 32) + (p2 << 32); ++ *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy; ++} ++#endif ++ ++/* add two limbs with carry in, return carry out */ ++static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry) ++{ ++ limb_t carry1, carry2, t; ++ /* ++ * `c = a + b; if (c < a)` is idiomatic code that makes compilers ++ * use add with carry on assembly level ++ */ ++ ++ *ret = a + carry; ++ if (*ret < a) ++ carry1 = 1; ++ else ++ carry1 = 0; ++ ++ t = *ret; ++ *ret = t + b; ++ if (*ret < t) ++ carry2 = 1; ++ else ++ carry2 = 0; ++ ++ return carry1 + carry2; ++} ++ ++/* ++ * add two numbers of the same size, return overflow ++ * ++ * add a to b, place result in ret; all arrays need to be n limbs long ++ * return overflow from addition (0 or 1) ++ */ ++static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ limb_t c = 0; ++ ossl_ssize_t i; ++ ++ for(i = n - 1; i > -1; i--) ++ c = _add_limb(&ret[i], a[i], b[i], c); ++ ++ return c; ++} ++ ++/* ++ * return number of limbs necessary for temporary values ++ * when multiplying numbers n limbs large ++ */ ++static ossl_inline size_t mul_limb_numb(size_t n) ++{ ++ return 2 * n * 2; ++} ++ ++/* ++ * multiply two numbers of the same size ++ * ++ * multiply a by b, place result in ret; a and b need to be n limbs long ++ * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs ++ * long ++ */ ++static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp) ++{ ++ limb_t *r_odd, *r_even; ++ size_t i, j, k; ++ ++ r_odd = tmp; ++ r_even = &tmp[2 * n]; ++ ++ memset(ret, 0, 2 * n * sizeof(limb_t)); ++ ++ for (i = 0; i < n; i++) { ++ for (k = 0; k < i + n + 1; k++) { ++ r_even[k] = 0; ++ r_odd[k] = 0; ++ } ++ for (j = 0; j < n; j++) { ++ /* ++ * place results from even and odd limbs in separate arrays so that ++ * we don't have to calculate overflow every time we get individual ++ * limb multiplication result ++ */ ++ if (j % 2 == 0) ++ _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]); ++ else ++ _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]); ++ } ++ /* ++ * skip the least significant limbs when adding multiples of ++ * more significant limbs (they're zero anyway) ++ */ ++ add(ret, ret, r_even, n + i + 1); ++ add(ret, ret, r_odd, n + i + 1); ++ } ++} ++ ++/* modifies the value in place by performing a right shift by one bit */ ++static ossl_inline void rshift1(limb_t *val, size_t n) ++{ ++ limb_t shift_in = 0, shift_out = 0; ++ size_t i; ++ ++ for (i = 0; i < n; i++) { ++ shift_out = val[i] & 1; ++ val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1); ++ shift_in = shift_out; ++ } ++} ++ ++/* extend the LSB of flag to all bits of limb */ ++static ossl_inline limb_t mk_mask(limb_t flag) ++{ ++ flag |= flag << 1; ++ flag |= flag << 2; ++ flag |= flag << 4; ++ flag |= flag << 8; ++ flag |= flag << 16; ++#if (LIMB_BYTE_SIZE == 8) ++ flag |= flag << 32; ++#endif ++ return flag; ++} ++ ++/* ++ * copy from either a or b to ret based on flag ++ * when flag == 0, then copies from b ++ * when flag == 1, then copies from a ++ */ ++static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ /* ++ * would be more efficient with non volatile mask, but then gcc ++ * generates code with jumps ++ */ ++ volatile limb_t mask; ++ size_t i; ++ ++ mask = mk_mask(flag); ++ for (i = 0; i < n; i++) { ++#if (LIMB_BYTE_SIZE == 8) ++ ret[i] = constant_time_select_64(mask, a[i], b[i]); ++#else ++ ret[i] = constant_time_select_32(mask, a[i], b[i]); ++#endif ++ } ++} ++ ++static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow) ++{ ++ limb_t borrow1, borrow2, t; ++ /* ++ * while it doesn't look constant-time, this is idiomatic code ++ * to tell compilers to use the carry bit from subtraction ++ */ ++ ++ *ret = a - borrow; ++ if (*ret > a) ++ borrow1 = 1; ++ else ++ borrow1 = 0; ++ ++ t = *ret; ++ *ret = t - b; ++ if (*ret > t) ++ borrow2 = 1; ++ else ++ borrow2 = 0; ++ ++ return borrow1 + borrow2; ++} ++ ++/* ++ * place the result of a - b into ret, return the borrow bit. ++ * All arrays need to be n limbs long ++ */ ++static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n) ++{ ++ limb_t borrow = 0; ++ ossl_ssize_t i; ++ ++ for (i = n - 1; i > -1; i--) ++ borrow = _sub_limb(&ret[i], a[i], b[i], borrow); ++ ++ return borrow; ++} ++ ++/* return the number of limbs necessary to allocate for the mod() tmp operand */ ++static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum) ++{ ++ return (anum + modnum) * 3; ++} ++ ++/* ++ * calculate a % mod, place the result in ret ++ * size of a is defined by anum, size of ret and mod is modnum, ++ * size of tmp is returned by mod_limb_numb() ++ */ ++static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod, ++ size_t modnum, limb_t *tmp) ++{ ++ limb_t *atmp, *modtmp, *rettmp; ++ limb_t res; ++ size_t i; ++ ++ memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE); ++ ++ atmp = tmp; ++ modtmp = &tmp[anum + modnum]; ++ rettmp = &tmp[(anum + modnum) * 2]; ++ ++ for (i = modnum; i 0; i--, rp--) { ++ v = _mul_add_limb(rp, mod, modnum, rp[modnum - 1] * ni0, tmp2); ++ v = v + carry + rp[-1]; ++ carry |= (v != rp[-1]); ++ carry &= (v <= rp[-1]); ++ rp[-1] = v; ++ } ++ ++ /* perform the final reduction by mod... */ ++ carry -= sub(ret, rp, mod, modnum); ++ ++ /* ...conditionally */ ++ cselect(carry, ret, rp, ret, modnum); ++} ++ ++/* allocated buffer should be freed afterwards */ ++static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs) ++{ ++ int i; ++ int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ limb_t *ptr = buf + (limbs - real_limbs); ++ ++ for (i = 0; i < real_limbs; i++) ++ ptr[i] = bn->d[real_limbs - i - 1]; ++} ++ ++#if LIMB_BYTE_SIZE == 8 ++static ossl_inline uint64_t be64(uint64_t host) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { 1 }; ++ ++ if (is_endian.little) { ++ uint64_t big = 0; ++ ++ big |= (host & 0xff00000000000000) >> 56; ++ big |= (host & 0x00ff000000000000) >> 40; ++ big |= (host & 0x0000ff0000000000) >> 24; ++ big |= (host & 0x000000ff00000000) >> 8; ++ big |= (host & 0x00000000ff000000) << 8; ++ big |= (host & 0x0000000000ff0000) << 24; ++ big |= (host & 0x000000000000ff00) << 40; ++ big |= (host & 0x00000000000000ff) << 56; ++ return big; ++ } else { ++ return host; ++ } ++} ++ ++#else ++/* Not all platforms have htobe32(). */ ++static ossl_inline uint32_t be32(uint32_t host) ++{ ++ const union { ++ long one; ++ char little; ++ } is_endian = { 1 }; ++ ++ if (is_endian.little) { ++ uint32_t big = 0; ++ ++ big |= (host & 0xff000000) >> 24; ++ big |= (host & 0x00ff0000) >> 8; ++ big |= (host & 0x0000ff00) << 8; ++ big |= (host & 0x000000ff) << 24; ++ return big; ++ } else { ++ return host; ++ } ++} ++#endif ++ ++/* ++ * We assume that intermediate, possible_arg2, blinding, and ctx are used ++ * similar to BN_BLINDING_invert_ex() arguments. ++ * to_mod is RSA modulus. ++ * buf and num is the serialization buffer and its length. ++ * ++ * Here we use classic/Montgomery multiplication and modulo. After the calculation finished ++ * we serialize the new structure instead of BIGNUMs taking endianness into account. ++ */ ++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, ++ const BN_BLINDING *blinding, ++ const BIGNUM *possible_arg2, ++ const BIGNUM *to_mod, BN_CTX *ctx, ++ unsigned char *buf, int num) ++{ ++ limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL; ++ limb_t *l_ret = NULL, *l_tmp = NULL, l_buf; ++ size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0; ++ size_t l_tmp_count = 0; ++ int ret = 0; ++ size_t i; ++ unsigned char *tmp; ++ const BIGNUM *arg1 = intermediate; ++ const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2; ++ ++ l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; ++ ++ l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count; ++ l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); ++ l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); ++ l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE); ++ ++ if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL)) ++ goto err; ++ ++ BN_to_limb(arg1, l_im, l_size); ++ BN_to_limb(arg2, l_mul, l_size); ++ BN_to_limb(to_mod, l_mod, l_mod_count); ++ ++ l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE); ++ ++ if (blinding->m_ctx != NULL) { ++ l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ? ++ mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count); ++ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); ++ } else { ++ l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ? ++ mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count); ++ l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); ++ } ++ ++ if ((l_ret == NULL) || (l_tmp == NULL)) ++ goto err; ++ ++ if (blinding->m_ctx != NULL) { ++ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); ++ mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, ++ blinding->m_ctx->n0[0], l_tmp); ++ } else { ++ limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); ++ mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp); ++ } ++ ++ /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */ ++ if (num < BN_num_bytes(to_mod)) { ++ BNerr(BN_F_OSSL_BN_RSA_DO_UNBLIND, ERR_R_PASSED_INVALID_ARGUMENT); ++ goto err; ++ } ++ ++ memset(buf, 0, num); ++ tmp = buf + num - BN_num_bytes(to_mod); ++ for (i = 0; i < l_mod_count; i++) { ++#if LIMB_BYTE_SIZE == 8 ++ l_buf = be64(l_ret[i]); ++#else ++ l_buf = be32(l_ret[i]); ++#endif ++ if (i == 0) { ++ int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num); ++ ++ memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta); ++ tmp += delta; ++ } else { ++ memcpy(tmp, &l_buf, LIMB_BYTE_SIZE); ++ tmp += LIMB_BYTE_SIZE; ++ } ++ } ++ ret = num; ++ ++ err: ++ OPENSSL_free(l_im); ++ OPENSSL_free(l_mul); ++ OPENSSL_free(l_mod); ++ OPENSSL_free(l_tmp); ++ OPENSSL_free(l_ret); ++ ++ return ret; ++} +diff -urN b/crypto/err/openssl.txt c/crypto/err/openssl.txt +--- b/crypto/err/openssl.txt 2023-02-18 03:31:46.450990546 +0800 ++++ c/crypto/err/openssl.txt 2023-02-18 03:31:46.573990539 +0800 +@@ -1,4 +1,4 @@ +-# Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + # + # Licensed under the OpenSSL license (the "License"). You may not use + # this file except in compliance with the License. You can obtain a copy +@@ -231,6 +231,7 @@ + BN_F_BN_SET_WORDS:144:bn_set_words + BN_F_BN_STACK_PUSH:148:BN_STACK_push + BN_F_BN_USUB:115:BN_usub ++BN_F_OSSL_BN_RSA_DO_UNBLIND:151:ossl_bn_rsa_do_unblind + BUF_F_BUF_MEM_GROW:100:BUF_MEM_grow + BUF_F_BUF_MEM_GROW_CLEAN:105:BUF_MEM_grow_clean + BUF_F_BUF_MEM_NEW:101:BUF_MEM_new +diff -urN b/crypto/include/internal/bn_int.h c/crypto/include/internal/bn_int.h +--- b/crypto/include/internal/bn_int.h 2023-02-18 03:31:46.453990546 +0800 ++++ c/crypto/include/internal/bn_int.h 2023-02-18 03:31:46.576990539 +0800 +@@ -86,5 +86,10 @@ + int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n); + int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, + const BIGNUM *d, BN_CTX *ctx); ++int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, ++ const BN_BLINDING *blinding, ++ const BIGNUM *possible_arg2, ++ const BIGNUM *to_mod, BN_CTX *ctx, ++ unsigned char *buf, int num); + + #endif +diff -urN b/crypto/rsa/rsa_ossl.c c/crypto/rsa/rsa_ossl.c +--- b/crypto/rsa/rsa_ossl.c 2023-02-18 03:31:46.462990545 +0800 ++++ c/crypto/rsa/rsa_ossl.c 2023-02-18 03:31:46.585990539 +0800 +@@ -465,11 +465,20 @@ + BN_free(d); + } + +- if (blinding) +- if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) ++ if (blinding) { ++ /* ++ * ossl_bn_rsa_do_unblind() combines blinding inversion and ++ * 0-padded BN BE serialization ++ */ ++ j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx, ++ buf, num); ++ if (j == 0) + goto err; +- +- j = BN_bn2binpad(ret, buf, num); ++ } else { ++ j = BN_bn2binpad(ret, buf, num); ++ if (j < 0) ++ goto err; ++ } + + switch (padding) { + case RSA_PKCS1_PADDING: +diff -urN b/include/openssl/bnerr.h c/include/openssl/bnerr.h +--- b/include/openssl/bnerr.h 2023-02-18 03:31:46.495990543 +0800 ++++ c/include/openssl/bnerr.h 2023-02-18 03:31:46.619990537 +0800 +@@ -72,6 +72,7 @@ + # define BN_F_BN_SET_WORDS 144 + # define BN_F_BN_STACK_PUSH 148 + # define BN_F_BN_USUB 115 ++# define BN_F_OSSL_BN_RSA_DO_UNBLIND 151 + + /* + * BN reason codes. Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4304.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4450.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4450.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4450.patch (working copy) @@ -0,0 +1,13 @@ +diff -urN c/crypto/pem/pem_lib.c d/crypto/pem/pem_lib.c +--- c/crypto/pem/pem_lib.c 2023-02-18 03:31:46.581990539 +0800 ++++ d/crypto/pem/pem_lib.c 2023-02-18 03:31:46.704990532 +0800 +@@ -940,7 +940,9 @@ + *data = pem_malloc(len, flags); + if (*header == NULL || *data == NULL) { + pem_free(*header, flags, 0); ++ *header = NULL; + pem_free(*data, flags, 0); ++ *data = NULL; + goto end; + } + BIO_read(headerB, *header, headerlen); Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2022-4450.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0215.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0215.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0215.patch (working copy) @@ -0,0 +1,140 @@ +diff -urN d/crypto/asn1/bio_ndef.c e/crypto/asn1/bio_ndef.c +--- d/crypto/asn1/bio_ndef.c 2023-02-18 03:31:46.678990534 +0800 ++++ e/crypto/asn1/bio_ndef.c 2023-02-18 03:31:46.808990527 +0800 +@@ -49,12 +49,19 @@ + static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, + void *parg); + ++/* ++ * On success, the returned BIO owns the input BIO as part of its BIO chain. ++ * On failure, NULL is returned and the input BIO is owned by the caller. ++ * ++ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() ++ */ + BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) + { + NDEF_SUPPORT *ndef_aux = NULL; + BIO *asn_bio = NULL; + const ASN1_AUX *aux = it->funcs; + ASN1_STREAM_ARG sarg; ++ BIO *pop_bio = NULL; + + if (!aux || !aux->asn1_cb) { + ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); +@@ -69,21 +76,39 @@ + out = BIO_push(asn_bio, out); + if (out == NULL) + goto err; ++ pop_bio = asn_bio; + +- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); +- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); ++ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0 ++ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 ++ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) ++ goto err; + + /* +- * Now let callback prepends any digest, cipher etc BIOs ASN1 structure +- * needs. ++ * Now let the callback prepend any digest, cipher, etc., that the BIO's ++ * ASN1 structure needs. + */ + + sarg.out = out; + sarg.ndef_bio = NULL; + sarg.boundary = NULL; + +- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) ++ /* ++ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the ++ * middle of some partially built, but not returned BIO chain. ++ */ ++ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) { ++ /* ++ * ndef_aux is now owned by asn_bio so we must not free it in the err ++ * clean up block ++ */ ++ ndef_aux = NULL; + goto err; ++ } ++ ++ /* ++ * We must not fail now because the callback has prepended additional ++ * BIOs to the chain ++ */ + + ndef_aux->val = val; + ndef_aux->it = it; +@@ -91,11 +116,11 @@ + ndef_aux->boundary = sarg.boundary; + ndef_aux->out = out; + +- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); +- + return sarg.ndef_bio; + + err: ++ /* BIO_pop() is NULL safe */ ++ (void)BIO_pop(pop_bio); + BIO_free(asn_bio); + OPENSSL_free(ndef_aux); + return NULL; +diff -urN d/test/recipes/80-test_cms.t e/test/recipes/80-test_cms.t +--- d/test/recipes/80-test_cms.t 2023-02-18 03:31:46.788990528 +0800 ++++ e/test/recipes/80-test_cms.t 2023-02-18 03:31:46.909990521 +0800 +@@ -13,7 +13,7 @@ + use POSIX; + use File::Spec::Functions qw/catfile/; + use File::Compare qw/compare_text/; +-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/; ++use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file with/; + use OpenSSL::Test::Utils; + + setup("test_cms"); +@@ -27,7 +27,7 @@ + my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib) + = disabled qw/des dh dsa ec ec2m rc2 zlib/; + +-plan tests => 6; ++plan tests => 7; + + my @smime_pkcs7_tests = ( + +@@ -584,3 +584,14 @@ + + return ""; + } ++ ++# Check that we get the expected failure return code ++with({ exit_checker => sub { return shift == 6; } }, ++ sub { ++ ok(run(app(['openssl', 'cms', '-encrypt', ++ '-in', srctop_file("test", "smcont.txt"), ++ '-stream', '-recip', ++ srctop_file("test/smime-certs", "badrsa.pem"), ++ ])), ++ "Check failure during BIO setup with -stream is handled correctly"); ++ }); +diff -urN d/test/smime-certs/badrsa.pem e/test/smime-certs/badrsa.pem +--- d/test/smime-certs/badrsa.pem 1970-01-01 08:00:00.000000000 +0800 ++++ e/test/smime-certs/badrsa.pem 2023-02-18 03:31:46.912990521 +0800 +@@ -0,0 +1,18 @@ ++-----BEGIN CERTIFICATE----- ++MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD ++VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY ++DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN ++AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw ++I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A ++/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s ++yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0 ++zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB ++lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww ++CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm ++ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW ++eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt ++5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d ++rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv ++yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/ ++j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg= ++-----END CERTIFICATE----- Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0215.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Index: /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0286.patch =================================================================== --- /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0286.patch (revision 0) +++ /branches/rel_apv_10_7_2/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0286.patch (working copy) @@ -0,0 +1,24 @@ +diff -urN e/crypto/x509v3/v3_genn.c f/crypto/x509v3/v3_genn.c +--- e/crypto/x509v3/v3_genn.c 2023-02-18 03:31:46.845990525 +0800 ++++ f/crypto/x509v3/v3_genn.c 2023-02-18 03:31:47.163990507 +0800 +@@ -97,7 +97,7 @@ + return -1; + switch (a->type) { + case GEN_X400: +- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address); + break; + + case GEN_EDIPARTY: +diff -urN e/include/openssl/x509v3.h f/include/openssl/x509v3.h +--- e/include/openssl/x509v3.h 2023-02-18 03:31:46.874990523 +0800 ++++ f/include/openssl/x509v3.h 2023-02-18 03:31:47.203990505 +0800 +@@ -136,7 +136,7 @@ + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; +- ASN1_TYPE *x400Address; ++ ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; Property changes on: usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2023-0286.patch ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property