Skip to content

Commit

Permalink
deps: upgrade openssl sources to OpenSSL_1_1_1u
Browse files Browse the repository at this point in the history
This updates all sources in deps/openssl/openssl by:
    $ git clone https://github.com/quictls/openssl
    $ cd openssl
    $ git checkout OpenSSL_1_1_1u+quic
    $ cd ../node/deps/openssl
    $ rm -rf openssl
    $ cp -R ../openssl openssl
    $ rm -rf openssl/.git* openssl/.travis*
    $ git add --all openssl
    $ git commit openssl

PR-URL: nodejs#48369
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>

# Conflicts:
#	deps/openssl/openssl/README.md
#	deps/openssl/openssl/include/openssl/opensslv.h
  • Loading branch information
RafaelGSS authored and denihs committed Jun 28, 2023
1 parent d3a4b8c commit 6f0674e
Show file tree
Hide file tree
Showing 48 changed files with 1,116 additions and 810 deletions.
58 changes: 58 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,64 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1t and 1.1.1u [30 May 2023]

*) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.

OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier. (CVE-2023-2650)

To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.

The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).

For each byte of every sub-identifier, only the 7 lower bits are part of
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.

Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5

[Richard Levitte]

*) Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304).
The previous fix for this timing side channel turned out to cause
a severe 2-3x performance regression in the typical use case
compared to 1.1.1s. The new fix uses existing constant time
code paths, and restores the previous performance level while
fully eliminating all existing timing side channels.
The fix was developed by Bernd Edlinger with testing support
by Hubert Kario.
[Bernd Edlinger]

*) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0466)
[Tomas Mraz]

*) Fixed an issue where invalid certificate policies in leaf certificates are
silently ignored by OpenSSL and other certificate policy checks are skipped
for that certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on the
certificate altogether. (CVE-2023-0465)
[Matt Caswell]

*) Limited the number of nodes created in a policy tree to mitigate
against CVE-2023-0464. The default limit is set to 1000 nodes, which
should be sufficient for most installations. If required, the limit
can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
time define to a desired maximum number of nodes or zero to allow
unlimited growth. (CVE-2023-0464)
[Paul Dale]

Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

*) Fixed X.400 address type confusion in X.509 GeneralName.
Expand Down
10 changes: 6 additions & 4 deletions deps/openssl/openssl/Configurations/descrip.mms.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
our $sover_dirname = sprintf "%02d%02d", split(/\./, $config{shlib_version_number});
our $osslver = sprintf "%02d%02d", split(/\./, $config{version});

our $shlibvariant = $target{shlib_variant} || "";

our $sourcedir = $config{sourcedir};
our $builddir = $config{builddir};
sub sourcefile {
Expand Down Expand Up @@ -47,13 +49,13 @@
map { (my $x = $_) =~ s/\.a$//; $x }
@{$unified_info{libraries}};
our @shlibs =
map { $unified_info{sharednames}->{$_} || () }
map { $unified_info{sharednames}->{$_}.$shlibvariant || () }
grep(!/\.a$/, @{$unified_info{libraries}});
our @install_libs =
map { (my $x = $_) =~ s/\.a$//; $x }
@{$unified_info{install}->{libraries}};
our @install_shlibs =
map { $unified_info{sharednames}->{$_} || () }
map { $unified_info{sharednames}->{$_}.$shlibvariant || () }
grep(!/\.a$/, @{$unified_info{install}->{libraries}});

# This is a horrible hack, but is needed because recursive inclusion of files
Expand Down Expand Up @@ -695,7 +697,7 @@ reconfigure reconf :
}
return map { $_ =~ /\.a$/
? $`.".OLB"
: $unified_info{sharednames}->{$_}.".EXE" } @_;
: $unified_info{sharednames}->{$_}.$shlibvariant.".EXE" } @_;
}

# Helper function to deal with inclusion directory specs.
Expand Down Expand Up @@ -912,7 +914,7 @@ EOF
sub libobj2shlib {
my %args = @_;
my $lib = $args{lib};
my $shlib = $args{shlib};
my $shlib = $args{shlib}.$shlibvariant;
my $libd = dirname($lib);
my $libn = basename($lib);
my @objs = map { (my $x = $_) =~ s|\.o$|.OBJ|; $x }
Expand Down
3 changes: 2 additions & 1 deletion deps/openssl/openssl/Configurations/windows-makefile.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
our $exeext = $target{exe_extension} || ".exe";
our $libext = $target{lib_extension} || ".lib";
our $shlibext = $target{shared_extension} || ".dll";
our $shlibvariant = $target{shlib_variant} || "";
our $shlibextimport = $target{shared_import_extension} || ".lib";
our $dsoext = $target{dso_extension} || ".dll";

Expand All @@ -35,7 +36,7 @@
my $lib = shift;
return () if $disabled{shared} || $lib =~ /\.a$/;
return () unless defined $unified_info{sharednames}->{$lib};
return $unified_info{sharednames}->{$lib} . $shlibext;
return $unified_info{sharednames}->{$lib} . $shlibvariant . $shlibext;
}

sub lib {
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -1244,7 +1244,7 @@ if ($target =~ /^mingw/ && `$config{CC} --target-help 2>&1` =~ m/-mno-cygwin/m)
}

if ($target =~ /linux.*-mips/ && !$disabled{asm}
&& !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
&& !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
# minimally required architecture flags for assembly modules
my $value;
$value = '-mips2' if ($target =~ /mips32/);
Expand Down
9 changes: 9 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]

o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Fixed handling of invalid certificate policies in leaf certificates
(CVE-2023-0465)
o Limited the number of nodes created in a policy tree ([CVE-2023-0464])

Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]

o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@

OpenSSL 1.1.1t 7 Feb 2023
OpenSSL 1.1.1u 30 May 2023

Copyright (c) 1998-2022 The OpenSSL Project
Copyright (c) 1998-2023 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
All rights reserved.

Expand Down
105 changes: 105 additions & 0 deletions deps/openssl/openssl/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
What This Is
============

This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition
to the website, the official source distribution is at
<https://github.com/openssl/openssl>. The OpenSSL `README` can be found at
[README-OpenSSL.md](https://github.com/quictls/openssl/blob/OpenSSL_1_1_1u%2Bquic/README-OpenSSL.md).

This fork adds APIs that can be used by QUIC implementations for connection
handshakes. Quoting the IETF Working group
[charter](https://datatracker.ietf.org/wg/quic/about/), QUIC is a "UDP-based,
stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you
should use the official OpenSSL distributions.

The APIs here are used by Microsoft's
[MsQuic](https://github.com/microsoft/msquic) and Google's
[Chromium QUIC](https://chromium.googlesource.com/chromium/src/+/master/net/quic/)

We are not in competition with OpenSSL project. We informed them of
our plans to fork the code before we went public. We do not speak for the
OpenSSL project, and can only point to a
[blog post](https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/) and
[openssl-project email](https://github.com/quictls/openssl/discussions/54)
that provides their view of QUIC support.

As stated in their blog post, the OpenSSL team is focused on their 3.0 release
(released 2021-09-07), and does not intend to add QUIC functionality to 1.1.x.
There is a community need for a QUIC-capable TLS library. This fork is intended
as stopgap solution to enable higher level frameworks and runtimes to use QUIC
with the proven and reliable TLS functionality from OpenSSL. This fork will be
maintained until OpenSSL officially provides reasonable support for QUIC
implementations.

This fork can be considered a supported version of
[OpenSSL PR 8797](https://github.com/openssl/openssl/pull/8797).
We will endeavor to track OpenSSL releases within a day or so, and there is an
item below about how we'll follow their tagging.

On to the questions and answers.

What about branches?
--------------------
We don't want to conflict with OpenSSL branch names. Our current plan is to append
`+quic`. Release tags are likely to be the QUIC branch with `-releaseX` appended.
For example, the OpenSSL tag `openssl-3.0.0` would have a branch named
`openssl-3.0.0+quic` and a release tag of `openssl-3.0.0+quic-release1`.

How are you keeping current with OpenSSL?
-----------------------------------------
(In other words, "What about rebasing?")

Our plan is to always rebase on top of an upstream release tag. In particular:
- The changes for QUIC will always be at the tip of the branch -- you will know what
is from the original OpenSSL and what is for QUIC.
- New versions are quickly created once upstream creates a new tag.
- The use of git commands (such as "cherry") can be used to ensure that all changes
have moved forward with minimal or no changes. You will be able to see "QUIC: Add X"
on all branches and the commit itself will be nearly identical on all branches, and
any changes to that can be easily identified.

What about library names?
-------------------------
Library names will be the same, but will use a different version number. The version
numbers for the current OpenSSL libraries are `1.1` (for the 1.1.0 and 1.1.1 branches)
and `3` (for the 3.0 branch). We will be prefixing `81` (ASCII for 'Q') to
the version numbers to generate a unique version number.

- `libcrypto.so.81.3` vs `libcrypto.so.3`
- `libcrypto.so.81.1.1` vs `libcrypto.so.1.1`
- `libssl.so.81.3` vs `libssl.so.3`
- `libssl.so.81.1.1` vs `libssl.so.1.1`

The SONAME of these libraries are all different, guaranteeing the correct library
will be used.

...and the executable?
----------------------
We currently do not have any plans to change the name, mainly because we
haven't made any changes there. If you see a need, please open an issue.

The `openssl version` command will report that it is `+quic` enabled.

...and FIPS?
------------
We are not doing anything with FIPS. This is actually good news: you should
be able to load the OpenSSL 3.0 FIPS module into an application built against
this fork and everything should Just Work&#8482;.

How can I contribute?
---------------------
We want any code here to be acceptable to OpenSSL. This means that all contributors
must have signed the appropriate
[contributor license agreements](https://www.openssl.org/policies/cla.html). We
will not ask for copies of any paperwork, you just need to tell us that you've
done so (and we might verify with OpenSSL). We are only interested in making it
easier and better for at least the mentioned QUIC implementations to use a variant
of OpenSSL. If you have a pull request that changes the TLS protocol, or adds
assembly support for a new CPU, or otherwise is not specific to enabling QUIC,
please contribute that to OpenSSL. This fork is intended to be a clean extension
to OpenSSL, with the deltas being specific to QUIC.

Who are you?
------------
This is a collaborative effort between [Akamai](https://www.akamai.com) and
[Microsoft](https://www.microsoft.com). We welcome anyone to contribute!
4 changes: 2 additions & 2 deletions deps/openssl/openssl/crypto/aes/asm/bsaes-armv7.pl
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#! /usr/bin/env perl
# Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
# Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
Expand All @@ -14,7 +14,7 @@
# details see http://www.openssl.org/~appro/cryptogams/.
#
# Specific modes and adaptation for Linux kernel by Ard Biesheuvel
# of Linaro. Permission to use under GPL terms is granted.
# of Linaro.
# ====================================================================

# Bit-sliced AES for ARM NEON
Expand Down
8 changes: 7 additions & 1 deletion deps/openssl/openssl/crypto/asn1/a_bitstr.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
Expand Down Expand Up @@ -148,6 +148,9 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
int w, v, iv;
unsigned char *c;

if (n < 0)
return 0;

w = n / 8;
v = 1 << (7 - (n & 0x07));
iv = ~v;
Expand Down Expand Up @@ -182,6 +185,9 @@ int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
{
int w, v;

if (n < 0)
return 0;

w = n / 8;
v = 1 << (7 - (n & 0x07));
if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
Expand Down
1 change: 0 additions & 1 deletion deps/openssl/openssl/crypto/bio/b_print.c
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,6 @@ _dopr(char **sbuffer,
case 'G':
case 'g':
/* not implemented for UEFI */
ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
return 0;
#endif
case 'c':
Expand Down
Loading

0 comments on commit 6f0674e

Please sign in to comment.