git: 640242a59157 - main - OpenSSL: Merge OpenSSL 1.1.1t Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088'
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 07 Feb 2023 19:03:49 UTC
The branch main has been updated by jkim:
URL: https://cgit.FreeBSD.org/src/commit/?id=640242a5915761ce63205bdb0542fa3c1473c0ff
commit 640242a5915761ce63205bdb0542fa3c1473c0ff
Merge: 146d9da6c2ec 0d51f658515c
Author: Jung-uk Kim <jkim@FreeBSD.org>
AuthorDate: 2023-02-07 18:51:38 +0000
Commit: Jung-uk Kim <jkim@FreeBSD.org>
CommitDate: 2023-02-07 18:51:38 +0000
OpenSSL: Merge OpenSSL 1.1.1t
Merge commit '0d51f658515c605fcc4a8073cb5a8e0d7d904088'
crypto/openssl/CHANGES | 76 ++-
crypto/openssl/Configure | 18 +-
crypto/openssl/NEWS | 7 +
crypto/openssl/README | 2 +-
crypto/openssl/crypto/asn1/asn_mime.c | 6 +-
crypto/openssl/crypto/asn1/bio_asn1.c | 4 +-
crypto/openssl/crypto/asn1/bio_ndef.c | 41 +-
crypto/openssl/crypto/bio/b_print.c | 22 +-
crypto/openssl/crypto/bn/bn_blind.c | 16 +-
crypto/openssl/crypto/bn/bn_err.c | 4 +-
crypto/openssl/crypto/bn/bn_exp.c | 36 +-
crypto/openssl/crypto/bn/bn_local.h | 36 +-
crypto/openssl/crypto/bn/bn_mont.c | 4 +-
crypto/openssl/crypto/bn/build.info | 3 +-
crypto/openssl/crypto/bn/rsa_sup_mul.c | 614 +++++++++++++++++++++++++
crypto/openssl/crypto/cms/cms_enc.c | 5 +
crypto/openssl/crypto/cms/cms_err.c | 2 +
crypto/openssl/crypto/err/openssl.txt | 5 +-
crypto/openssl/crypto/evp/bio_enc.c | 9 +-
crypto/openssl/crypto/pem/pem_lib.c | 8 +-
crypto/openssl/crypto/rsa/rsa_ameth.c | 1 +
crypto/openssl/crypto/rsa/rsa_ossl.c | 19 +-
crypto/openssl/crypto/txt_db/txt_db.c | 4 +-
crypto/openssl/crypto/x509/by_dir.c | 18 +-
crypto/openssl/crypto/x509/x_name.c | 8 +-
crypto/openssl/crypto/x509v3/v3_genn.c | 4 +-
crypto/openssl/engines/asm/e_padlock-x86.pl | 4 +-
crypto/openssl/engines/asm/e_padlock-x86_64.pl | 4 +-
crypto/openssl/include/crypto/bn.h | 7 +-
crypto/openssl/include/openssl/bnerr.h | 3 +-
crypto/openssl/include/openssl/cmserr.h | 1 +
crypto/openssl/include/openssl/opensslv.h | 4 +-
crypto/openssl/include/openssl/x509v3.h | 4 +-
crypto/openssl/ssl/record/rec_layer_s3.c | 26 +-
crypto/openssl/ssl/record/ssl3_buffer.c | 9 +-
35 files changed, 938 insertions(+), 96 deletions(-)
diff --cc crypto/openssl/crypto/bn/rsa_sup_mul.c
index 000000000000,acafefd5febf..acafefd5febf
mode 000000,100644..100644
--- a/crypto/openssl/crypto/bn/rsa_sup_mul.c
+++ b/crypto/openssl/crypto/bn/rsa_sup_mul.c
diff --cc crypto/openssl/engines/asm/e_padlock-x86.pl
index 5b097ce3ef9b,7d5c92d98ce3..7d5c92d98ce3
mode 100755,100644..100755
--- a/crypto/openssl/engines/asm/e_padlock-x86.pl
+++ b/crypto/openssl/engines/asm/e_padlock-x86.pl
diff --cc crypto/openssl/engines/asm/e_padlock-x86_64.pl
index 09b0aaa48dfe,f60bec1e7d5d..f60bec1e7d5d
mode 100755,100644..100755
--- a/crypto/openssl/engines/asm/e_padlock-x86_64.pl
+++ b/crypto/openssl/engines/asm/e_padlock-x86_64.pl
diff --cc crypto/openssl/include/openssl/opensslv.h
index abb8e1203861,7b6c212fa097..6d65f72d9b85
--- a/crypto/openssl/include/openssl/opensslv.h
+++ b/crypto/openssl/include/openssl/opensslv.h
@@@ -39,8 -39,8 +39,8 @@@ extern "C"
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
- # define OPENSSL_VERSION_NUMBER 0x1010113fL
- # define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1s-freebsd 1 Nov 2022"
+ # define OPENSSL_VERSION_NUMBER 0x1010114fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t 7 Feb 2023"
++# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1t-freebsd 7 Feb 2023"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
diff --cc crypto/openssl/ssl/record/rec_layer_s3.c
index 501f58a2b373,1db1712a0986..2968753a2566
--- a/crypto/openssl/ssl/record/rec_layer_s3.c
+++ b/crypto/openssl/ssl/record/rec_layer_s3.c
@@@ -1012,18 -984,19 +1013,20 @@@ int do_ssl3_write(SSL *s, int type, con
}
/*
- * Reserve some bytes for any growth that may occur during encryption.
- * This will be at most one cipher block or the tag length if using
- * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case.
- */
+ * Reserve some bytes for any growth that may occur during encryption. If
+ * we are adding the MAC independently of the cipher algorithm, then the
+ * max encrypted overhead does not need to include an allocation for that
+ * MAC
+ */
- if (!WPACKET_reserve_bytes(thispkt,
- SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
- - mac_size,
- NULL)
+ if (!BIO_get_ktls_send(s->wbio)) {
+ if (!WPACKET_reserve_bytes(thispkt,
- SSL_RT_MAX_CIPHER_BLOCK_SIZE,
- NULL)
- /*
- * We also need next the amount of bytes written to this
- * sub-packet
- */
++ SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
++ - mac_size,
++ NULL)
+ /*
+ * We also need next the amount of bytes written to this
+ * sub-packet
+ */
|| !WPACKET_get_length(thispkt, &len)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
ERR_R_INTERNAL_ERROR);
@@@ -1068,11 -1039,11 +1071,14 @@@
thispkt = &pkt[j];
thiswr = &wr[j];
+ if (BIO_get_ktls_send(s->wbio))
+ goto mac_done;
+
/* Allocate bytes for the encryption overhead */
if (!WPACKET_get_length(thispkt, &origlen)
+ /* Check we allowed enough room for the encryption growth */
+ || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+ - mac_size >= thiswr->length)
/* Encryption should never shrink the data! */
|| origlen > thiswr->length
|| (thiswr->length > origlen