Package: openssl / 1.1.1k-1+deb11u1

Metadata

Package Version Patches format
openssl 1.1.1k-1+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
debian targets.patch | (download)

Configurations/20-debian.conf | 210 210 + 0 - 0 !
1 file changed, 210 insertions(+)

 debian-targets


man section.patch | (download)

Configurations/unix-Makefile.tmpl | 6 4 + 2 - 0 !
util/process_docs.pl | 3 2 + 1 - 0 !
2 files changed, 6 insertions(+), 3 deletions(-)

 man-section


no symbolic.patch | (download)

Configurations/shared-info.pl | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 no-symbolic


pic.patch | (download)

crypto/des/asm/desboth.pl | 17 14 + 3 - 0 !
crypto/perlasm/cbc.pl | 24 20 + 4 - 0 !
crypto/perlasm/x86gas.pl | 16 16 + 0 - 0 !
crypto/x86cpuid.pl | 10 5 + 5 - 0 !
4 files changed, 55 insertions(+), 12 deletions(-)

 pic


c_rehash compat.patch | (download)

tools/c_rehash.in | 20 14 + 6 - 0 !
1 file changed, 14 insertions(+), 6 deletions(-)

 [patch] also create old hash for compatibility


Set systemwide default settings for libssl users.patch | (download)

apps/openssl.cnf | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 set systemwide default settings for libssl users

This config change enforeces a TLS1.2 protocol version as minimum. It
can be overwritten by the system administrator.

It also changes the default security level from 1 to 2, moving from the 80 bit
security level to the 112 bit security level.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Correctly calculate the length of SM2 plaintext given the.patch | (download)

crypto/sm2/sm2_crypt.c | 23 7 + 16 - 0 !
crypto/sm2/sm2_pmeth.c | 2 1 + 1 - 0 !
include/crypto/sm2.h | 3 1 + 2 - 0 !
test/sm2_internal_test.c | 2 1 + 1 - 0 !
4 files changed, 10 insertions(+), 20 deletions(-)

 correctly calculate the length of sm2 plaintext given the ciphertext

Previously the length of the SM2 plaintext could be incorrectly calculated.
The plaintext length was calculated by taking the ciphertext length and
taking off an "overhead" value.

The overhead value was assumed to have a "fixed" element of 10 bytes.
This is incorrect since in some circumstances it can be more than 10 bytes.
Additionally the overhead included the length of two integers C1x and C1y,
which were assumed to be the same length as the field size (32 bytes for
the SM2 curve). However in some cases these integers can have an additional
padding byte when the msb is set, to disambiguate them from negative
integers. Additionally the integers can also be less than 32 bytes in
length in some cases.

If the calculated overhead is incorrect and larger than the actual value
this can result in the calculated plaintext length being too small.
Applications are likely to allocate buffer sizes based on this and therefore
a buffer overrun can occur.

CVE-2021-3711

Issue reported by John Ouyang.

Extend tests for SM2 decryption.patch | (download)

test/recipes/30-test_evp_data/evppkey.txt | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 extend tests for sm2 decryption

Check the case where C1y < 32 bytes in length (i.e. short overhead), and
also the case with longer plaintext and C1x and C1y > 32 bytes in length
(i.e. long overhead)

Check the plaintext buffer is large enough when decryptin.patch | (download)

crypto/sm2/sm2_crypt.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 check the plaintext buffer is large enough when decrypting sm2

Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.

Fix a read buffer overrun in X509_aux_print.patch | (download)

crypto/x509/t_x509.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix a read buffer overrun in x509_aux_print().

The ASN1_STRING_get0_data(3) manual explitely cautions the reader
that the data is not necessarily NUL-terminated, and the function
X509_alias_set1(3) does not sanitize the data passed into it in any
way either, so we must assume the return value from X509_alias_get0(3)
is merely a byte array and not necessarily a string in the sense
of the C language.

I found this bug while writing manual pages for X509_print_ex(3)
and related functions.  Theo Buehler <tb@openbsd.org> checked my
patch to fix the same bug in LibreSSL, see

http://cvsweb.openbsd.org/src/lib/libcrypto/asn1/t_x509a.c#rev1.9

As an aside, note that the function still produces incomplete and
misleading results when the data contains a NUL byte in the middle
and that error handling is consistently absent throughout, even
though the function provides an "int" return value obviously intended
to be 1 for success and 0 for failure, and even though this function
is called by another function that also wants to return 1 for success
and 0 for failure and even does so in many of its code paths, though
not in others.  But let's stay focussed.  Many things would be nice
to have in the wide wild world, but a buffer overflow must not be
allowed to remain in our backyard.

CLA: trivial

Fix i2v_GENERAL_NAME to not assume NUL terminated strings.patch | (download)

crypto/x509v3/v3_alt.c | 10 7 + 3 - 0 !
crypto/x509v3/v3_utl.c | 35 29 + 6 - 0 !
include/crypto/x509.h | 5 5 + 0 - 0 !
3 files changed, 41 insertions(+), 9 deletions(-)

 fix i2v_general_name to not assume nul terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix POLICYINFO printing to not assume NUL terminated stri.patch | (download)

crypto/x509v3/v3_cpols.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 fix policyinfo printing to not assume nul terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix printing of PROXY_CERT_INFO_EXTENSION to not assume N.patch | (download)

crypto/x509v3/v3_pci.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 fix printing of proxy_cert_info_extension to not assume nul
 terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix the name constraints code to not assume NUL terminate.patch | (download)

crypto/x509v3/v3_ncons.c | 89 65 + 24 - 0 !
1 file changed, 65 insertions(+), 24 deletions(-)

 fix the name constraints code to not assume nul terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix test code to not assume NUL terminated strings.patch | (download)

test/x509_time_test.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 fix test code to not assume nul terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix append_ia5 function to not assume NUL terminated stri.patch | (download)

crypto/x509v3/v3_utl.c | 18 13 + 5 - 0 !
1 file changed, 13 insertions(+), 5 deletions(-)

 fix append_ia5 function to not assume nul terminated strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix NETSCAPE_SPKI_print function to not assume NUL termin.patch | (download)

crypto/asn1/t_spki.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix netscape_spki_print function to not assume nul terminated
 strings

ASN.1 strings may not be NUL terminated. Don't assume they are.

Fix EC_GROUP_new_from_ecparameters to check the base leng.patch | (download)

crypto/ec/ec_asn1.c | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 fix ec_group_new_from_ecparameters to check the base length

Check that there's at least one byte in params->base before trying to
read it.

Allow fuzz builds to detect string overruns.patch | (download)

crypto/asn1/asn1_lib.c | 9 9 + 0 - 0 !
1 file changed, 9 insertions(+)

 allow fuzz builds to detect string overruns

If FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION is defined then we don't NUL
terminate ASN1_STRING datatypes. This shouldn't be necessary but we add it
any for safety in normal builds.

Fix the error handling in i2v_AUTHORITY_KEYID.patch | (download)

crypto/x509v3/v3_akey.c | 38 33 + 5 - 0 !
1 file changed, 33 insertions(+), 5 deletions(-)

 fix the error handling in i2v_authority_keyid

Previously if an error path is entered a leak could result.

fixup Allow fuzz builds to detect string overruns.patch | (download)

crypto/asn1/asn1_lib.c | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

 fixup! allow fuzz builds to detect string overruns


fixup Fix the name constraints code to not assume NUL ter.patch | (download)

crypto/x509v3/v3_ncons.c | 36 11 + 25 - 0 !
1 file changed, 11 insertions(+), 25 deletions(-)

 fixup! fix the name constraints code to not assume nul terminated
 strings


fixup Fix i2v_GENERAL_NAME to not assume NUL terminated s.patch | (download)

crypto/x509v3/v3_utl.c | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 fixup! fix i2v_general_name to not assume nul terminated strings