https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
+ Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
+
+ *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+ implementation would not encrypt the entirety of the data under some
+ circumstances. This could reveal sixteen bytes of data that was
+ preexisting in the memory that wasn't written. In the special case of
+ "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+ Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+ they are both unaffected.
+ (CVE-2022-2097)
+ [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo]
+
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
+ Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
+
+ o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+ (CVE-2022-2097)
+
Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
o Fixed additional bugs in the c_rehash script which was not properly
- OpenSSL 1.1.1p 21 Jun 2022
+ OpenSSL 1.1.1q 5 Jul 2022
Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
#! /usr/bin/env perl
-# Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
&pxor ($rndkey1,$inout5);
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
&cmp ($inp,$len); # done yet?
- &jb (&label("grandloop"));
+ &jbe (&label("grandloop"));
&set_label("short");
&add ($len,16*6);
/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
}
/* extract the order */
- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+ if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+ } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
unsigned char mask;
int i, j;
- if (memcmp(min, max, length) <= 0)
- return -1;
+ /*
+ * It is the responsibility of the caller to confirm min <= max. We don't
+ * use ossl_assert() here since we have no way of signalling an error from
+ * this function - so we just use a plain assert instead.
+ */
+ assert(memcmp(min, max, length) <= 0);
+
for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
IPAddressOrRange *aor;
int i, prefixlen;
+ if (memcmp(min, max, length) > 0)
+ return 0;
+
if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
return make_addressPrefix(result, min, prefixlen);
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+ if (tmp == NULL)
+ return 0;
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
ASN1_STRING_print(out, id->user);
#include <openssl/ssl.h>
- SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
- SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
+ const SSL_CIPHER *SSL_get_current_cipher(const SSL *ssl);
+ const SSL_CIPHER *SSL_get_pending_cipher(const SSL *ssl);
const char *SSL_get_cipher_name(const SSL *s);
const char *SSL_get_cipher(const SSL *s);
=head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
-# define OPENSSL_VERSION_NUMBER 0x1010110fL
-# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1p 21 Jun 2022"
+# define OPENSSL_VERSION_NUMBER 0x1010111fL
+# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1q 5 Jul 2022"
/*-
* The macros below are to be used for shared library (.so, .dll, ...)
#
-# Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Operation = DECRYPT
Result = CIPHERFINAL_ERROR
+#Test vectors generated to validate aesni_ocb_encrypt on x86
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = C14DFF7D62A13C4A3422456207453190
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = BE0228651ED4E48A11BDED68D953F3A0
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 17BC6E10B16E5FDC52836E7D589518C7
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = E84AAC18666116990A3A37B3A5FC55BD
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
+
+Cipher = aes-128-ocb
+Key = 000102030405060708090A0B0C0D0E0F
+IV = 000000000001020304050607
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
+
Title = AES XTS test vectors from IEEE Std 1619-2007
# Using the same key twice for encryption is always banned.
#include <openssl/x509v3.h>
#include <openssl/pem.h>
#include <openssl/err.h>
+#include "internal/nelem.h"
#include "testutil.h"
return ret;
}
+#ifndef OPENSSL_NO_RFC3779
static int test_asid(void)
{
ASN1_INTEGER *val1 = NULL, *val2 = NULL;
return testresult;
}
+static struct ip_ranges_st {
+ const unsigned int afi;
+ const char *ip1;
+ const char *ip2;
+ int rorp;
+} ranges[] = {
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.1", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.2", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.3", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.254", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.0.255", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.255", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV4, "192.168.0.1", "192.168.0.1", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV4, "192.168.0.0", "192.168.255.255", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV4, "192.168.1.0", "192.168.255.255", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::1", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::2", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::3", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::fffe", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV6, "2001:0db8::0", "2001:0db8::ffff", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::ffff", IPAddressOrRange_addressRange},
+ { IANA_AFI_IPV6, "2001:0db8::1", "2001:0db8::1", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV6, "2001:0db8::0:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressPrefix},
+ { IANA_AFI_IPV6, "2001:0db8::1:0", "2001:0db8::ffff:ffff", IPAddressOrRange_addressRange}
+};
+
+static int check_addr(IPAddrBlocks *addr, int type)
+{
+ IPAddressFamily *fam;
+ IPAddressOrRange *aorr;
+
+ if (!TEST_int_eq(sk_IPAddressFamily_num(addr), 1))
+ return 0;
+
+ fam = sk_IPAddressFamily_value(addr, 0);
+ if (!TEST_ptr(fam))
+ return 0;
+
+ if (!TEST_int_eq(fam->ipAddressChoice->type, IPAddressChoice_addressesOrRanges))
+ return 0;
+
+ if (!TEST_int_eq(sk_IPAddressOrRange_num(fam->ipAddressChoice->u.addressesOrRanges), 1))
+ return 0;
+
+ aorr = sk_IPAddressOrRange_value(fam->ipAddressChoice->u.addressesOrRanges, 0);
+ if (!TEST_ptr(aorr))
+ return 0;
+
+ if (!TEST_int_eq(aorr->type, type))
+ return 0;
+
+ return 1;
+}
+
+static int test_addr_ranges(void)
+{
+ IPAddrBlocks *addr = NULL;
+ ASN1_OCTET_STRING *ip1 = NULL, *ip2 = NULL;
+ size_t i;
+ int testresult = 0;
+
+ for (i = 0; i < OSSL_NELEM(ranges); i++) {
+ addr = sk_IPAddressFamily_new_null();
+ if (!TEST_ptr(addr))
+ goto end;
+ /*
+ * Has the side effect of installing the comparison function onto the
+ * stack.
+ */
+ if (!TEST_true(X509v3_addr_canonize(addr)))
+ goto end;
+
+ ip1 = a2i_IPADDRESS(ranges[i].ip1);
+ if (!TEST_ptr(ip1))
+ goto end;
+ if (!TEST_true(ip1->length == 4 || ip1->length == 16))
+ goto end;
+ ip2 = a2i_IPADDRESS(ranges[i].ip2);
+ if (!TEST_ptr(ip2))
+ goto end;
+ if (!TEST_int_eq(ip2->length, ip1->length))
+ goto end;
+ if (!TEST_true(memcmp(ip1->data, ip2->data, ip1->length) <= 0))
+ goto end;
+
+ if (!TEST_true(X509v3_addr_add_range(addr, ranges[i].afi, NULL, ip1->data, ip2->data)))
+ goto end;
+
+ if (!TEST_true(X509v3_addr_is_canonical(addr)))
+ goto end;
+
+ if (!check_addr(addr, ranges[i].rorp))
+ goto end;
+
+ sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+ addr = NULL;
+ ASN1_OCTET_STRING_free(ip1);
+ ASN1_OCTET_STRING_free(ip2);
+ ip1 = ip2 = NULL;
+ }
+
+ testresult = 1;
+ end:
+ sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+ ASN1_OCTET_STRING_free(ip1);
+ ASN1_OCTET_STRING_free(ip2);
+ return testresult;
+}
+#endif /* OPENSSL_NO_RFC3779 */
+
int setup_tests(void)
{
if (!TEST_ptr(infile = test_get_argument(0)))
return 0;
ADD_TEST(test_pathlen);
+#ifndef OPENSSL_NO_RFC3779
ADD_TEST(test_asid);
+ ADD_TEST(test_addr_ranges);
+#endif /* OPENSSL_NO_RFC3779 */
return 1;
}