Skip to content

Commit

Permalink
openssl 1.1.1n update and jsh fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
Ilu committed Mar 19, 2022
1 parent d0584c5 commit d0e45af
Show file tree
Hide file tree
Showing 2,556 changed files with 723 additions and 222 deletions.
54 changes: 27 additions & 27 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -25,33 +25,33 @@ TEST.DB
W32DHCP.TMP
cacert.pem
3rdparty/curl-7.80.0/lib/curl_config.h
3rdparty/openssl-1.1.1m/libcrypto.pc
3rdparty/openssl-1.1.1m/libssl.pc
3rdparty/openssl-1.1.1m/openssl.pc
3rdparty/openssl-1.1.1m/apps/progs.h
3rdparty/openssl-1.1.1m/crypto/buildinf.h
3rdparty/openssl-1.1.1m/crypto/bf/bf-586.s
3rdparty/openssl-1.1.1m/crypto/bn/bn-586.s
3rdparty/openssl-1.1.1m/crypto/bn/co-586.s
3rdparty/openssl-1.1.1m/crypto/bn/x86-gf2m.s
3rdparty/openssl-1.1.1m/crypto/bn/x86-mont.s
3rdparty/openssl-1.1.1m/crypto/camellia/cmll-x86.s
3rdparty/openssl-1.1.1m/crypto/cast/cast-586.s
3rdparty/openssl-1.1.1m/crypto/chacha/chacha-x86.s
3rdparty/openssl-1.1.1m/crypto/des/crypt586.s
3rdparty/openssl-1.1.1m/crypto/des/des-586.s
3rdparty/openssl-1.1.1m/crypto/ec/ecp_nistz256-x86.s
3rdparty/openssl-1.1.1m/crypto/md5/md5-586.s
3rdparty/openssl-1.1.1m/crypto/modes/ghash-x86.s
3rdparty/openssl-1.1.1m/crypto/poly1305/poly1305-x86.s
3rdparty/openssl-1.1.1m/crypto/rc4/rc4-586.s
3rdparty/openssl-1.1.1m/crypto/ripemd/rmd-586.s
3rdparty/openssl-1.1.1m/crypto/sha/sha1-586.s
3rdparty/openssl-1.1.1m/crypto/sha/sha256-586.s
3rdparty/openssl-1.1.1m/crypto/sha/sha512-586.s
3rdparty/openssl-1.1.1m/include/crypto/bn_conf.h
3rdparty/openssl-1.1.1m/include/crypto/dso_conf.h
3rdparty/openssl-1.1.1m/include/openssl/opensslconf.h
3rdparty/openssl-1.1.1n/libcrypto.pc
3rdparty/openssl-1.1.1n/libssl.pc
3rdparty/openssl-1.1.1n/openssl.pc
3rdparty/openssl-1.1.1n/apps/progs.h
3rdparty/openssl-1.1.1n/crypto/buildinf.h
3rdparty/openssl-1.1.1n/crypto/bf/bf-586.s
3rdparty/openssl-1.1.1n/crypto/bn/bn-586.s
3rdparty/openssl-1.1.1n/crypto/bn/co-586.s
3rdparty/openssl-1.1.1n/crypto/bn/x86-gf2m.s
3rdparty/openssl-1.1.1n/crypto/bn/x86-mont.s
3rdparty/openssl-1.1.1n/crypto/camellia/cmll-x86.s
3rdparty/openssl-1.1.1n/crypto/cast/cast-586.s
3rdparty/openssl-1.1.1n/crypto/chacha/chacha-x86.s
3rdparty/openssl-1.1.1n/crypto/des/crypt586.s
3rdparty/openssl-1.1.1n/crypto/des/des-586.s
3rdparty/openssl-1.1.1n/crypto/ec/ecp_nistz256-x86.s
3rdparty/openssl-1.1.1n/crypto/md5/md5-586.s
3rdparty/openssl-1.1.1n/crypto/modes/ghash-x86.s
3rdparty/openssl-1.1.1n/crypto/poly1305/poly1305-x86.s
3rdparty/openssl-1.1.1n/crypto/rc4/rc4-586.s
3rdparty/openssl-1.1.1n/crypto/ripemd/rmd-586.s
3rdparty/openssl-1.1.1n/crypto/sha/sha1-586.s
3rdparty/openssl-1.1.1n/crypto/sha/sha256-586.s
3rdparty/openssl-1.1.1n/crypto/sha/sha512-586.s
3rdparty/openssl-1.1.1n/include/crypto/bn_conf.h
3rdparty/openssl-1.1.1n/include/crypto/dso_conf.h
3rdparty/openssl-1.1.1n/include/openssl/opensslconf.h
3rdparty/watt32-2.2dev.rel.11/src/build/djgpp/cflags.h
3rdparty/watt32-2.2dev.rel.11/src/build/djgpp/chksum0.iS
3rdparty/watt32-2.2dev.rel.11/src/build/djgpp/cpumodel.iS
2 changes: 1 addition & 1 deletion 3rdparty/curl-7.80.0/packages/DOS/common.dj
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ default: all
# WATT_ROOT should be set during Watt-32 install.
#
WATT32_ROOT = ../../watt32-2.2dev.rel.11
OPENSSL_ROOT = ../../openssl-1.1.1m
OPENSSL_ROOT = ../../openssl-1.1.1n
ZLIB_ROOT = ../../zlib-1.2.11
LIBIDN_ROOT = $(TOPDIR)/../IDN/libidn
ARES_ROOT = $(TOPDIR)/ares
Expand Down
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,43 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.1.1m and 1.1.1n [15 Mar 2022]

*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
for non-prime moduli.

Internally this function is used when parsing certificates that contain
elliptic curve public keys in compressed form or explicit elliptic curve
parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that
has invalid explicit curve parameters.

Since certificate parsing happens prior to verification of the certificate
signature, any process that parses an externally supplied certificate may
thus be subject to a denial of service attack. The infinite loop can also
be reached when parsing crafted private keys as they can contain explicit
elliptic curve parameters.

Thus vulnerable situations include:

- TLS clients consuming server certificates
- TLS servers consuming client certificates
- Hosting providers taking certificates or private keys from customers
- Certificate authorities parsing certification requests from subscribers
- Anything else which parses ASN.1 elliptic curve parameters

Also any other applications that use the BN_mod_sqrt() where the attacker
can control the parameter values are vulnerable to this DoS issue.
(CVE-2022-0778)
[Tomáš Mráz]

*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
to the list of ciphersuites providing Perfect Forward Secrecy as
required by SECLEVEL >= 3.

[Dmitry Belyavskiy, Nicola Tuveri]

Changes between 1.1.1l and 1.1.1m [14 Dec 2021]

*) Avoid loading of a dynamic engine twice.
Expand Down
File renamed without changes.
Original file line number Diff line number Diff line change
Expand Up @@ -988,6 +988,13 @@ my %targets = (
perlasm_scheme => "elf",
},

# riscv64 below refers to contemporary RISCV Architecture
# specifications,
"BSD-riscv64" => {
inherit_from => [ "BSD-generic64"],
perlasm_scheme => "linux64",
},

"bsdi-elf-gcc" => {
inherit_from => [ "BASE_unix", asm("x86_elf_asm") ],
CC => "gcc",
Expand Down Expand Up @@ -1765,7 +1772,7 @@ my %targets = (

disable => add('pinshared'),

apps_aux_src => "vms_term_sock.c",
apps_aux_src => "vms_term_sock.c vms_decc_argv.c",
apps_init_src => "vms_decc_init.c",
},

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,8 @@ test : tests
DEFINE SRCTOP {- sourcedir() -}
DEFINE BLDTOP {- builddir() -}
DEFINE RESULT_D {- builddir(qw(test test-runs)) -}
DEFINE OPENSSL_ENGINES {- builddir("engines") -}
engines = F$PARSE("{- builddir("engines") -}","A.;",,,"syntax_only") - "A.;"
DEFINE OPENSSL_ENGINES 'engines'
DEFINE OPENSSL_DEBUG_MEMORY "on"
IF "$(VERBOSE)" .NES. "" THEN DEFINE VERBOSE "$(VERBOSE)"
$(PERL) {- sourcefile("test", "run_tests.pl") -} $(TESTS)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3161,25 +3161,25 @@ sub resolve_config {
}
}

foreach (sort keys %all_keys) {
my $previous = $combined_inheritance{$_};
foreach my $key (sort keys %all_keys) {
my $previous = $combined_inheritance{$key};

# Current target doesn't have a value for the current key?
# Assign it the default combiner, the rest of this loop body
# will handle it just like any other coderef.
if (!exists $table{$target}->{$_}) {
$table{$target}->{$_} = $default_combiner;
if (!exists $table{$target}->{$key}) {
$table{$target}->{$key} = $default_combiner;
}

$table{$target}->{$_} = process_values($table{$target}->{$_},
$combined_inheritance{$_},
$target, $_);
unless(defined($table{$target}->{$_})) {
delete $table{$target}->{$_};
$table{$target}->{$key} = process_values($table{$target}->{$key},
$combined_inheritance{$key},
$target, $key);
unless(defined($table{$target}->{$key})) {
delete $table{$target}->{$key};
}
# if ($extra_checks &&
# $previous && !($add_called || $previous ~~ $table{$target}->{$_})) {
# warn "$_ got replaced in $target\n";
# $previous && !($add_called || $previous ~~ $table{$target}->{$key})) {
# warn "$key got replaced in $target\n";
# }
}

Expand Down
File renamed without changes.
File renamed without changes.
File renamed without changes.
Loading

0 comments on commit d0e45af

Please sign in to comment.