openssl-1.0: update to 1.0.2u

RMerl · Jan 8, 2020 · fa942c6 · fa942c6
1 parent 3346532
commit fa942c6
Show file tree

Hide file tree

Showing 11 changed files with 267 additions and 210 deletions.
diff --git a/release/src/router/openssl-1.0/CHANGES b/release/src/router/openssl-1.0/CHANGES
@@ -7,6 +7,20 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.0.2t and 1.0.2u [20 Dec 2019]
+
+  *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+     used in exponentiation with 512-bit moduli. No EC algorithms are
+     affected. Analysis suggests that attacks against 2-prime RSA1024,
+     3-prime RSA1536, and DSA1024 as a result of this defect would be very
+     difficult to perform and are not believed likely. Attacks against DH512
+     are considered just feasible. However, for an attack the target would
+     have to re-use the DH512 private key, which is not recommended anyway.
+     Also applications directly using the low level API BN_mod_exp may be
+     affected if they use BN_FLG_CONSTTIME.
+     (CVE-2019-1551)
+     [Andy Polyakov]
+
  Changes between 1.0.2s and 1.0.2t [10 Sep 2019]
 
    *) For built-in EC curves, ensure an EC_GROUP built from the curve name is

diff --git a/release/src/router/openssl-1.0/NEWS b/release/src/router/openssl-1.0/NEWS
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2t and OpenSSL 1.0.2u [20 Dec 2019]
+
+      o Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+        used in exponentiation with 512-bit moduli (CVE-2019-1551)
+
   Major changes between OpenSSL 1.0.2s and OpenSSL 1.0.2t [10 Sep 2019]
 
       o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey

diff --git a/release/src/router/openssl-1.0/README b/release/src/router/openssl-1.0/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2t 10 Sep 2019
+ OpenSSL 1.0.2u 20 Dec 2019
 
  Copyright (c) 1998-2019 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

diff --git a/release/src/router/openssl-1.0/apps/s_server.c b/release/src/router/openssl-1.0/apps/s_server.c
@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 /* ====================================================================
- * Copyright (c) 1998-2018 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -3045,6 +3045,12 @@ static int www_body(int s, int stype, unsigned char *context)
                 if (e[0] == ' ')
                     break;
 
+                if (e[0] == ':') {
+                    /* Windows drive. We treat this the same way as ".." */
+                    dot = -1;
+                    break;
+                }
+
                 switch (dot) {
                 case 1:
                     dot = (e[0] == '.') ? 2 : 0;
@@ -3053,11 +3059,11 @@ static int www_body(int s, int stype, unsigned char *context)
                     dot = (e[0] == '.') ? 3 : 0;
                     break;
                 case 3:
-                    dot = (e[0] == '/') ? -1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
                     break;
                 }
                 if (dot == 0)
-                    dot = (e[0] == '/') ? 1 : 0;
+                    dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
             }
             dot = (dot == 3) || (dot == -1); /* filename contains ".."
                                               * component */
@@ -3071,11 +3077,11 @@ static int www_body(int s, int stype, unsigned char *context)
 
             if (dot) {
                 BIO_puts(io, text);
-                BIO_printf(io, "'%s' contains '..' reference\r\n", p);
+                BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
                 break;
             }
 
-            if (*p == '/') {
+            if (*p == '/' || *p == '\\') {
                 BIO_puts(io, text);
                 BIO_printf(io, "'%s' is an invalid path\r\n", p);
                 break;

diff --git a/release/src/router/openssl-1.0/appveyor.yml b/release/src/router/openssl-1.0/appveyor.yml
@@ -15,7 +15,7 @@ configuration:
     - shared
 
 matrix:
-    allow_failures:
+    exclude:
         - platform: x64
           VSVER: 9
         - platform: x64

diff --git a/release/src/router/openssl-1.0/crypto/asn1/x_bignum.c b/release/src/router/openssl-1.0/crypto/asn1/x_bignum.c
@@ -4,7 +4,7 @@
  * 2000.
  */
 /* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2000-2019 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -102,15 +102,15 @@ ASN1_ITEM_end(CBIGNUM)
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
     *pval = (ASN1_VALUE *)BN_new();
-    if (*pval)
+    if (*pval != NULL)
         return 1;
     else
         return 0;
 }
 
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-    if (!*pval)
+    if (*pval == NULL)
         return;
     if (it->size & BN_SENSITIVE)
         BN_clear_free((BIGNUM *)*pval);
@@ -124,7 +124,7 @@ static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
 {
     BIGNUM *bn;
     int pad;
-    if (!*pval)
+    if (*pval == NULL)
         return -1;
     bn = (BIGNUM *)*pval;
     /* If MSB set in an octet we need a padding byte */