Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade to OpenSSL-1.0.2n #17526

Closed
wants to merge 7 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions deps/openssl/asm/arm-void-gas/aes/aes-armv4.S
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
Expand Down Expand Up @@ -410,7 +410,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,private_AES_set_encrypt_key
adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
Expand Down Expand Up @@ -927,7 +927,7 @@ AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/asm/arm-void-gas/aes/bsaes-armv7.S
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
adr r6,_bsaes_decrypt8
adr r6,.
vldmia r4!, {q9} @ round 0 key
add r6,r6,#.LM0ISR-_bsaes_decrypt8

Expand Down Expand Up @@ -567,7 +567,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
adr r6,_bsaes_encrypt8
adr r6,.
vldmia r4!, {q9} @ round 0 key
sub r6,r6,#_bsaes_encrypt8-.LM0SR

Expand Down Expand Up @@ -998,7 +998,7 @@ _bsaes_encrypt8_bitslice:
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
adr r6,_bsaes_key_convert
adr r6,.
vld1.8 {q7}, [r4]! @ load round 0 key
sub r6,r6,#_bsaes_key_convert-.LM0
vld1.8 {q15}, [r4]! @ load round 1 key
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/asm/arm-void-gas/sha/sha256-armv4.S
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ sha256_block_data_order:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
#else
adr r3,sha256_block_data_order
adr r3,.
#endif
#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
Expand Down
11 changes: 6 additions & 5 deletions deps/openssl/asm/x64-elf-gas/bn/rsaz-avx2.s
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ rsaz_1024_sqr_avx2:
vmovdqu 256-128(%rsi),%ymm8

leaq 192(%rsp),%rbx
vpbroadcastq .Land_mask(%rip),%ymm15
vmovdqu .Land_mask(%rip),%ymm15
jmp .LOOP_GRANDE_SQR_1024

.align 32
Expand Down Expand Up @@ -799,10 +799,10 @@ rsaz_1024_mul_avx2:
vpmuludq 192-128(%rcx),%ymm11,%ymm12
vpaddq %ymm12,%ymm6,%ymm6
vpmuludq 224-128(%rcx),%ymm11,%ymm13
vpblendd $3,%ymm14,%ymm9,%ymm9
vpblendd $3,%ymm14,%ymm9,%ymm12
vpaddq %ymm13,%ymm7,%ymm7
vpmuludq 256-128(%rcx),%ymm11,%ymm0
vpaddq %ymm9,%ymm3,%ymm3
vpaddq %ymm12,%ymm3,%ymm3
vpaddq %ymm0,%ymm8,%ymm8

movq %rbx,%rax
Expand All @@ -815,7 +815,9 @@ rsaz_1024_mul_avx2:
vmovdqu -8+64-128(%rsi),%ymm13

movq %r10,%rax
vpblendd $0xfc,%ymm14,%ymm9,%ymm9
imull %r8d,%eax
vpaddq %ymm9,%ymm4,%ymm4
andl $0x1fffffff,%eax

imulq 16-128(%rsi),%rbx
Expand Down Expand Up @@ -1044,7 +1046,6 @@ rsaz_1024_mul_avx2:

decl %r14d
jnz .Loop_mul_1024
vpermq $0,%ymm15,%ymm15
vpaddq (%rsp),%ymm12,%ymm0

vpsrlq $29,%ymm0,%ymm12
Expand Down Expand Up @@ -1684,7 +1685,7 @@ rsaz_avx2_eligible:

.align 64
.Land_mask:
.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
.Lscatter_permd:
.long 0,2,4,6,7,7,7,7
.Lgather_permd:
Expand Down
11 changes: 6 additions & 5 deletions deps/openssl/asm/x64-macosx-gas/bn/rsaz-avx2.s
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ L$sqr_1024_no_n_copy:
vmovdqu 256-128(%rsi),%ymm8

leaq 192(%rsp),%rbx
vpbroadcastq L$and_mask(%rip),%ymm15
vmovdqu L$and_mask(%rip),%ymm15
jmp L$OOP_GRANDE_SQR_1024

.p2align 5
Expand Down Expand Up @@ -799,10 +799,10 @@ L$oop_mul_1024:
vpmuludq 192-128(%rcx),%ymm11,%ymm12
vpaddq %ymm12,%ymm6,%ymm6
vpmuludq 224-128(%rcx),%ymm11,%ymm13
vpblendd $3,%ymm14,%ymm9,%ymm9
vpblendd $3,%ymm14,%ymm9,%ymm12
vpaddq %ymm13,%ymm7,%ymm7
vpmuludq 256-128(%rcx),%ymm11,%ymm0
vpaddq %ymm9,%ymm3,%ymm3
vpaddq %ymm12,%ymm3,%ymm3
vpaddq %ymm0,%ymm8,%ymm8

movq %rbx,%rax
Expand All @@ -815,7 +815,9 @@ L$oop_mul_1024:
vmovdqu -8+64-128(%rsi),%ymm13

movq %r10,%rax
vpblendd $0xfc,%ymm14,%ymm9,%ymm9
imull %r8d,%eax
vpaddq %ymm9,%ymm4,%ymm4
andl $0x1fffffff,%eax

imulq 16-128(%rsi),%rbx
Expand Down Expand Up @@ -1044,7 +1046,6 @@ L$oop_mul_1024:

decl %r14d
jnz L$oop_mul_1024
vpermq $0,%ymm15,%ymm15
vpaddq (%rsp),%ymm12,%ymm0

vpsrlq $29,%ymm0,%ymm12
Expand Down Expand Up @@ -1684,7 +1685,7 @@ _rsaz_avx2_eligible:

.p2align 6
L$and_mask:
.quad 0x1fffffff,0x1fffffff,0x1fffffff,-1
.quad 0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
L$scatter_permd:
.long 0,2,4,6,7,7,7,7
L$gather_permd:
Expand Down
11 changes: 6 additions & 5 deletions deps/openssl/asm/x64-win32-masm/bn/rsaz-avx2.asm
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,7 @@ $L$sqr_1024_no_n_copy::
vmovdqu ymm8,YMMWORD PTR[((256-128))+rsi]

lea rbx,QWORD PTR[192+rsp]
vpbroadcastq ymm15,QWORD PTR[$L$and_mask]
vmovdqu ymm15,YMMWORD PTR[$L$and_mask]
jmp $L$OOP_GRANDE_SQR_1024

ALIGN 32
Expand Down Expand Up @@ -860,10 +860,10 @@ $L$oop_mul_1024::
vpmuludq ymm12,ymm11,YMMWORD PTR[((192-128))+rcx]
vpaddq ymm6,ymm6,ymm12
vpmuludq ymm13,ymm11,YMMWORD PTR[((224-128))+rcx]
vpblendd ymm9,ymm9,ymm14,3
vpblendd ymm12,ymm9,ymm14,3
vpaddq ymm7,ymm7,ymm13
vpmuludq ymm0,ymm11,YMMWORD PTR[((256-128))+rcx]
vpaddq ymm3,ymm3,ymm9
vpaddq ymm3,ymm3,ymm12
vpaddq ymm8,ymm8,ymm0

mov rax,rbx
Expand All @@ -876,7 +876,9 @@ $L$oop_mul_1024::
vmovdqu ymm13,YMMWORD PTR[((-8+64-128))+rsi]

mov rax,r10
vpblendd ymm9,ymm9,ymm14,0fch
imul eax,r8d
vpaddq ymm4,ymm4,ymm9
and eax,01fffffffh

imul rbx,QWORD PTR[((16-128))+rsi]
Expand Down Expand Up @@ -1105,7 +1107,6 @@ $L$oop_mul_1024::

dec r14d
jnz $L$oop_mul_1024
vpermq ymm15,ymm15,0
vpaddq ymm0,ymm12,YMMWORD PTR[rsp]

vpsrlq ymm12,ymm0,29
Expand Down Expand Up @@ -1783,7 +1784,7 @@ rsaz_avx2_eligible ENDP

ALIGN 64
$L$and_mask::
DQ 01fffffffh,01fffffffh,01fffffffh,-1
DQ 01fffffffh,01fffffffh,01fffffffh,01fffffffh
$L$scatter_permd::
DD 0,2,4,6,7,7,7,7
$L$gather_permd::
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/asm_obsolete/arm-void-gas/aes/aes-armv4.S
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ AES_encrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_encrypt
#else
adr r3,AES_encrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
Expand Down Expand Up @@ -410,7 +410,7 @@ _armv4_AES_set_encrypt_key:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_set_encrypt_key
#else
adr r3,private_AES_set_encrypt_key
adr r3,.
#endif
teq r0,#0
#if __ARM_ARCH__>=7
Expand Down Expand Up @@ -927,7 +927,7 @@ AES_decrypt:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ AES_decrypt
#else
adr r3,AES_decrypt
adr r3,.
#endif
stmdb sp!,{r1,r4-r12,lr}
mov r12,r0 @ inp
Expand Down
6 changes: 3 additions & 3 deletions deps/openssl/asm_obsolete/arm-void-gas/aes/bsaes-armv7.S
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@
.type _bsaes_decrypt8,%function
.align 4
_bsaes_decrypt8:
adr r6,_bsaes_decrypt8
adr r6,.
vldmia r4!, {q9} @ round 0 key
add r6,r6,#.LM0ISR-_bsaes_decrypt8

Expand Down Expand Up @@ -567,7 +567,7 @@ _bsaes_const:
.type _bsaes_encrypt8,%function
.align 4
_bsaes_encrypt8:
adr r6,_bsaes_encrypt8
adr r6,.
vldmia r4!, {q9} @ round 0 key
sub r6,r6,#_bsaes_encrypt8-.LM0SR

Expand Down Expand Up @@ -998,7 +998,7 @@ _bsaes_encrypt8_bitslice:
.type _bsaes_key_convert,%function
.align 4
_bsaes_key_convert:
adr r6,_bsaes_key_convert
adr r6,.
vld1.8 {q7}, [r4]! @ load round 0 key
sub r6,r6,#_bsaes_key_convert-.LM0
vld1.8 {q15}, [r4]! @ load round 1 key
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/asm_obsolete/arm-void-gas/sha/sha256-armv4.S
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,7 @@ sha256_block_data_order:
#if __ARM_ARCH__<7
sub r3,pc,#8 @ sha256_block_data_order
#else
adr r3,sha256_block_data_order
adr r3,.
#endif
#if __ARM_MAX_ARCH__>=7 && !defined(__KERNEL__)
ldr r12,.LOPENSSL_armcap
Expand Down
45 changes: 45 additions & 0 deletions deps/openssl/openssl/CHANGES
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,51 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.

Changes between 1.0.2m and 1.0.2n [7 Dec 2017]

*) Read/write after SSL object in error state

OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state"
mechanism. The intent was that if a fatal error occurred during a handshake
then OpenSSL would move into the error state and would immediately fail if
you attempted to continue the handshake. This works as designed for the
explicit handshake functions (SSL_do_handshake(), SSL_accept() and
SSL_connect()), however due to a bug it does not work correctly if
SSL_read() or SSL_write() is called directly. In that scenario, if the
handshake fails then a fatal error will be returned in the initial function
call. If SSL_read()/SSL_write() is subsequently called by the application
for the same SSL object then it will succeed and the data is passed without
being decrypted/encrypted directly from the SSL/TLS record layer.

In order to exploit this issue an application bug would have to be present
that resulted in a call to SSL_read()/SSL_write() being issued after having
already received a fatal error.

This issue was reported to OpenSSL by David Benjamin (Google).
(CVE-2017-3737)
[Matt Caswell]

*) rsaz_1024_mul_avx2 overflow bug on x86_64

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect would be very difficult to perform and are not believed likely.
Attacks against DH1024 are considered just feasible, because most of the
work necessary to deduce information about a private key may be performed
offline. The amount of resources required for such an attack would be
significant. However, for an attack on TLS to be meaningful, the server
would have to share the DH1024 private key among multiple clients, which is
no longer an option since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

This issue was reported to OpenSSL by David Benjamin (Google). The issue
was originally found via the OSS-Fuzz project.
(CVE-2017-3738)
[Andy Polyakov]

Changes between 1.0.2l and 1.0.2m [2 Nov 2017]

*) bn_sqrx8x_internal carry bug on x86_64
Expand Down
4 changes: 2 additions & 2 deletions deps/openssl/openssl/Configure
Original file line number Diff line number Diff line change
Expand Up @@ -592,9 +592,9 @@ my %table=(
"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
# x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
# 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
# Unified CE target
"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",

# Borland C++ 4.5
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2m
VERSION=1.0.2n
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/Makefile.bak
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
## Makefile for OpenSSL
##

VERSION=1.0.2m
VERSION=1.0.2n
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0
Expand Down
5 changes: 5 additions & 0 deletions deps/openssl/openssl/NEWS
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.

Major changes between OpenSSL 1.0.2m and OpenSSL 1.0.2n [7 Dec 2017]

o Read/write after SSL object in error state (CVE-2017-3737)
o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)

Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]

o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
Expand Down
2 changes: 1 addition & 1 deletion deps/openssl/openssl/README
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@

OpenSSL 1.0.2m 2 Nov 2017
OpenSSL 1.0.2n 7 Dec 2017

Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
Expand Down
Loading