Fixes X.509 Email Address Buffer Overflows (CVE-2022-3602, CVE-2022-3786).
In good OpenSSL tradition, they ship ~250 commits since OpenSSL 3.0.5, the
last non-retracted release.
One might wonder how a punycode decoder that overflows on an example string
from the RFC makes it into a cryptographic library released in '21. Compare
test_puny_overrun() with RFC 3492 7.1 (L)... In PR 9654 someone asked about
tests early on - this was dismissed since a handful of cert chains suffices
to exercise a tricky decoder. The review could then focus on more important
things like file placement, license comments, comment formatting and style.
Ignoring a request for turning a magic number into a constant, not even one
of the 127 items on the PR is on the scary code itself.
It is also questionable whether it was really necessary to classify this as
CRITICAL and generate that much panic. It's bad, but not eye-wateringly bad
(disregarding the development process that led to this fiasco.)
Good thing this was at least downgraded to HIGH in the final announcement.
No one will be surprised that there is more than one issue in this code, so
instead of one CRITICAL issues, we get two HIGH ones. Sounds fair.
https://www.openssl.org/news/secadv/20221101.txthttps://www.openssl.org/news/secadv/20221101b.txt
The OpenSSL 1.1.1r and 3.0.6 releases have been withdrawn. Apparently
there is a regression that isn't security relevant but bad enough for
them to recommend to downgrade. If failure to encrypt is LOW severity,
no-one knows how bad things actually are... What a mess.
https://marc.info/?l=openssl-announce&m=166558438331847&w=2
1) don't use openssl unless really needed (either a port requires something
which is particularly openssl-specific, or there is some other special reason),
and 2) add some comments to the port explaining why libressl isn't used.
in the normal case ports should use libressl. don't just use openssl to avoid
a few patches because of stupid version detection ifdefs.
Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
...
*) SSL/TLS tracing code. This parses out SSL/TLS records using the
message callback and prints the results. Needs compile time option
"enable-ssl-trace". New options to s_client and s_server to enable
tracing.
[Steve Henson]
It is especially handy when looking at TLS handshakes, e.g. to try
figure out why nc(1)/libtls TLSv1.3 fails but openssl(1)/libssl doesn't.
LibreSSL's openssl(1) has
-msg
Show all protocol messages with hex dump.
but it is not as nearly insightful as OpenSSL's s_client(1)
-trace
Show verbose trace output of protocol messages. OpenSSL needs
to be compiled with enable-ssl-trace for this option to work.
Upstream enabled "ssl-trace" by default as of 10.06.2021, see commit
726f92e016bac53175ed5d5321bce1ddf6b207d6.
Feedback sthen tb
OK tb
- Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
function (CVE-2021-23841)
- Fixed the RSA_padding_check_SSLv23() function and the
RSA_SSLV23_PADDING padding mode to correctly check for rollback attacks
- Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate functions (CVE-2021-23840)
- Fixed SRP_Calc_client_key so that it runs in constant time
As diagnosed by kettenis, running the regress/lib/libssl/interop/openssl
test results in a SIGILL or SIGBUS due to an alignment issue. The reason
for this is that the configure magic fails to pick up -m64 which is
needed for the perlasm to generate the correct flavor of assembly.
None of the approaches for setting variables in the main port Makefile
worked. Since we already patch out -O3 from Configure, I added -m64
there. The resulting binary seems to work well. The interop tests on
sparc64 pass with this patch.
Many thanks to kettenis for figuring this out and to sthen who helped
me save a lot of time with FLAVOR=no_man.
ok sthen
- Fixed NULL pointer deref in the GENERAL_NAME_cmp function, CVE-2020-1971
- In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
when validating a certificate path.
On OpenBSD, setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, ...) only allows
setting to 1 (which is the default anyway). Setting to 0 results in EINVAL.
This doesn't fix everything, there are still some other problems with binds
to v6 addresses with OpenSSL 1.1 on OpenBSD.
