[openwrt/openwrt] openssl: bump to 1.1.1t

LEDE Commits lede-commits at lists.infradead.org
Sat Feb 11 15:39:51 PST 2023


hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/4ae86b3358a149a17411657b12103ccebfbdb11b

commit 4ae86b3358a149a17411657b12103ccebfbdb11b
Author: John Audia <therealgraysky at proton.me>
AuthorDate: Tue Feb 7 14:56:52 2023 -0500

    openssl: bump to 1.1.1t
    
    Removed upstreamed patch: 010-padlock.patch
    
    Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
    
      *) Fixed X.400 address type confusion in X.509 GeneralName.
    
         There is a type confusion vulnerability relating to X.400 address processing
         inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
         but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
         vulnerability may allow an attacker who can provide a certificate chain and
         CRL (neither of which need have a valid signature) to pass arbitrary
         pointers to a memcmp call, creating a possible read primitive, subject to
         some constraints. Refer to the advisory for more information. Thanks to
         David Benjamin for discovering this issue. (CVE-2023-0286)
    
         This issue has been fixed by changing the public header file definition of
         GENERAL_NAME so that x400Address reflects the implementation. It was not
         possible for any existing application to successfully use the existing
         definition; however, if any application references the x400Address field
         (e.g. in dead code), note that the type of this field has changed. There is
         no ABI change.
         [Hugo Landau]
    
      *) Fixed Use-after-free following BIO_new_NDEF.
    
         The public API function BIO_new_NDEF is a helper function used for
         streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
         to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
         be called directly by end user applications.
    
         The function receives a BIO from the caller, prepends a new BIO_f_asn1
         filter BIO onto the front of it to form a BIO chain, and then returns
         the new head of the BIO chain to the caller. Under certain conditions,
         for example if a CMS recipient public key is invalid, the new filter BIO
         is freed and the function returns a NULL result indicating a failure.
         However, in this case, the BIO chain is not properly cleaned up and the
         BIO passed by the caller still retains internal pointers to the previously
         freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
         then a use-after-free will occur. This will most likely result in a crash.
         (CVE-2023-0215)
         [Viktor Dukhovni, Matt Caswell]
    
      *) Fixed Double free after calling PEM_read_bio_ex.
    
         The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
         decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
         data. If the function succeeds then the "name_out", "header" and "data"
         arguments are populated with pointers to buffers containing the relevant
         decoded data. The caller is responsible for freeing those buffers. It is
         possible to construct a PEM file that results in 0 bytes of payload data.
         In this case PEM_read_bio_ex() will return a failure code but will populate
         the header argument with a pointer to a buffer that has already been freed.
         If the caller also frees this buffer then a double free will occur. This
         will most likely lead to a crash.
    
         The functions PEM_read_bio() and PEM_read() are simple wrappers around
         PEM_read_bio_ex() and therefore these functions are also directly affected.
    
         These functions are also called indirectly by a number of other OpenSSL
         functions including PEM_X509_INFO_read_bio_ex() and
         SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
         internal uses of these functions are not vulnerable because the caller does
         not free the header argument if PEM_read_bio_ex() returns a failure code.
         (CVE-2022-4450)
         [Kurt Roeckx, Matt Caswell]
    
      *) Fixed Timing Oracle in RSA Decryption.
    
         A timing based side channel exists in the OpenSSL RSA Decryption
         implementation which could be sufficient to recover a plaintext across
         a network in a Bleichenbacher style attack. To achieve a successful
         decryption an attacker would have to be able to send a very large number
         of trial messages for decryption. The vulnerability affects all RSA padding
         modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
         (CVE-2022-4304)
         [Dmitry Belyavsky, Hubert Kario]
    
    Signed-off-by: John Audia <therealgraysky at proton.me>
---
 package/libs/openssl/Makefile                  |  6 +--
 package/libs/openssl/patches/010-padlock.patch | 52 --------------------------
 2 files changed, 3 insertions(+), 55 deletions(-)

diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile
index d9b082979b..4883ef82ea 100644
--- a/package/libs/openssl/Makefile
+++ b/package/libs/openssl/Makefile
@@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_BASE:=1.1.1
-PKG_BUGFIX:=s
+PKG_BUGFIX:=t
 PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
-PKG_RELEASE:=$(AUTORELEASE)
+PKG_RELEASE:=1
 PKG_USE_MIPS16:=0
 
 PKG_BUILD_PARALLEL:=1
@@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
-PKG_HASH:=c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa
+PKG_HASH:=8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b
 
 PKG_LICENSE:=OpenSSL
 PKG_LICENSE_FILES:=LICENSE
diff --git a/package/libs/openssl/patches/010-padlock.patch b/package/libs/openssl/patches/010-padlock.patch
deleted file mode 100644
index e859295cd6..0000000000
--- a/package/libs/openssl/patches/010-padlock.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2bcf8e69bd92e33d84c48e7d108d3d46b22f8a6d Mon Sep 17 00:00:00 2001
-From: ValdikSS <iam at valdikss.org.ru>
-Date: Wed, 18 Jan 2023 20:14:48 +0300
-Subject: [PATCH] Padlock: fix byte swapping assembly for AES-192 and 256
-
-Byte swapping code incorrectly uses the number of AES rounds to swap expanded
-AES key, while swapping only a single dword in a loop, resulting in swapped
-key and partially swapped expanded keys, breaking AES encryption and
-decryption on VIA Padlock hardware.
-
-This commit correctly sets the number of swapping loops to be done.
-
-Fixes #20073
-
-CLA: trivial
-
-Reviewed-by: Hugo Landau <hlandau at openssl.org>
-Reviewed-by: Tomas Mraz <tomas at openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/20077)
-
-(cherry picked from commit 7331e7ef79fe4499d81cc92249e9c97e9ff9291a)
----
- engines/asm/e_padlock-x86.pl    | 2 ++
- engines/asm/e_padlock-x86_64.pl | 2 ++
- 2 files changed, 4 insertions(+)
-
-diff --git a/engines/asm/e_padlock-x86.pl b/engines/asm/e_padlock-x86.pl
-index 5b097ce3ef9b..07f7000fd38a 100644
---- a/engines/asm/e_padlock-x86.pl
-+++ b/engines/asm/e_padlock-x86.pl
-@@ -116,6 +116,8 @@
- &function_begin_B("padlock_key_bswap");
- 	&mov	("edx",&wparam(0));
- 	&mov	("ecx",&DWP(240,"edx"));
-+	&inc	("ecx");
-+	&shl	("ecx",2);
- &set_label("bswap_loop");
- 	&mov	("eax",&DWP(0,"edx"));
- 	&bswap	("eax");
-diff --git a/engines/asm/e_padlock-x86_64.pl b/engines/asm/e_padlock-x86_64.pl
-index 09b0aaa48dfe..dfd2ae656375 100644
---- a/engines/asm/e_padlock-x86_64.pl
-+++ b/engines/asm/e_padlock-x86_64.pl
-@@ -92,6 +92,8 @@
- .align	16
- padlock_key_bswap:
- 	mov	240($arg1),%edx
-+	inc	%edx
-+	shl	\$2,%edx
- .Lbswap_loop:
- 	mov	($arg1),%eax
- 	bswap	%eax




More information about the lede-commits mailing list