summaryrefslogtreecommitdiff
path: root/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-freefilesync/openssl-1.1.1-upstream-sync.patch')
-rw-r--r--openssl-freefilesync/openssl-1.1.1-upstream-sync.patch487
1 files changed, 470 insertions, 17 deletions
diff --git a/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch b/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
index 8032c0e..7e03b8d 100644
--- a/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
+++ b/openssl-freefilesync/openssl-1.1.1-upstream-sync.patch
@@ -24,7 +24,7 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
# define NUM_SYS_STR_REASONS 127
static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-@@ -219,26 +219,30 @@ static void build_SYS_str_reasons(void)
+@@ -219,21 +219,23 @@ static void build_SYS_str_reasons(void)
ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
@@ -35,8 +35,7 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
+ */
+ if (str->string == NULL && cnt < sizeof(strerror_pool)) {
if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
-- size_t l = strlen(cur);
-+ size_t l = strlen(cur) + 1;
+ size_t l = strlen(cur);
str->string = cur;
cnt += l;
@@ -50,21 +49,10 @@ diff -up openssl-1.1.1c/crypto/err/err.c.sync openssl-1.1.1c/crypto/err/err.c
+ * some (most? all?) messages. Lets trim them off.
*/
- while (ossl_isspace(cur[-1])) {
-- cur--;
-- cnt--;
-+ if (cur > strerror_pool && ossl_isspace(cur[-1])) {
-+ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
-+ cur--;
-+ cnt--;
-+ }
-+ *cur++ = '\0';
-+ cnt++;
++ while (cur > strerror_pool && ossl_isspace(cur[-1])) {
+ cur--;
+ cnt--;
}
-- *cur++ = '\0';
-- cnt++;
- }
- }
- if (str->string == NULL)
diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/rand_lib.c
--- openssl-1.1.1c/crypto/rand/rand_lib.c.sync 2019-05-29 17:20:17.175099183 +0200
+++ openssl-1.1.1c/crypto/rand/rand_lib.c 2019-05-30 11:51:20.784850208 +0200
@@ -79,3 +67,468 @@ diff -up openssl-1.1.1c/crypto/rand/rand_lib.c.sync openssl-1.1.1c/crypto/rand/r
pool = rand_pool_new(0, min_len, max_len);
if (pool == NULL)
return 0;
+From 6c2f347c78a530407b5310497080810094427920 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 17 Apr 2019 11:09:05 +0100
+Subject: [PATCH 1/2] Defer sending a KeyUpdate until after pending writes are
+ complete
+
+If we receive a KeyUpdate message (update requested) from the peer while
+we are in the middle of a write, we should defer sending the responding
+KeyUpdate message until after the current write is complete. We do this
+by waiting to send the KeyUpdate until the next time we write and there is
+no pending write data.
+
+This does imply a subtle change in behaviour. Firstly the responding
+KeyUpdate message won't be sent straight away as it is now. Secondly if
+the peer sends multiple KeyUpdates without us doing any writing then we
+will only send one response, as opposed to previously where we sent a
+response for each KeyUpdate received.
+
+Fixes #8677
+
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+(Merged from https://github.com/openssl/openssl/pull/8773)
+
+(cherry picked from commit feb9e31c40c49de6384dd0413685e9b5a15adc99)
+---
+ ssl/record/rec_layer_s3.c | 7 +++++++
+ ssl/statem/statem_clnt.c | 6 ------
+ ssl/statem/statem_lib.c | 7 ++-----
+ ssl/statem/statem_srvr.c | 6 ------
+ 4 files changed, 9 insertions(+), 17 deletions(-)
+
+diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
+index b2f97ef905..b65137c332 100644
+--- a/ssl/record/rec_layer_s3.c
++++ b/ssl/record/rec_layer_s3.c
+@@ -373,6 +373,13 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
+
+ s->rlayer.wnum = 0;
+
++ /*
++ * If we are supposed to be sending a KeyUpdate then go into init unless we
++ * have writes pending - in which case we should finish doing that first.
++ */
++ if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
++ ossl_statem_set_in_init(s, 1);
++
+ /*
+ * When writing early data on the server side we could be "in_init" in
+ * between receiving the EoED and the CF - but we don't want to handle those
+diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
+index 87800cd835..6410414fb6 100644
+--- a/ssl/statem/statem_clnt.c
++++ b/ssl/statem/statem_clnt.c
+@@ -473,12 +473,6 @@ static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_CR_KEY_UPDATE:
+- if (s->key_update != SSL_KEY_UPDATE_NONE) {
+- st->hand_state = TLS_ST_CW_KEY_UPDATE;
+- return WRITE_TRAN_CONTINUE;
+- }
+- /* Fall through */
+-
+ case TLS_ST_CW_KEY_UPDATE:
+ case TLS_ST_CR_SESSION_TICKET:
+ case TLS_ST_CW_FINISHED:
+diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
+index c0482b0a90..2960dafa52 100644
+--- a/ssl/statem/statem_lib.c
++++ b/ssl/statem/statem_lib.c
+@@ -645,12 +645,9 @@ MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
+ /*
+ * If we get a request for us to update our sending keys too then, we need
+ * to additionally send a KeyUpdate message. However that message should
+- * not also request an update (otherwise we get into an infinite loop). We
+- * ignore a request for us to update our sending keys too if we already
+- * sent close_notify.
++ * not also request an update (otherwise we get into an infinite loop).
+ */
+- if (updatetype == SSL_KEY_UPDATE_REQUESTED
+- && (s->shutdown & SSL_SENT_SHUTDOWN) == 0)
++ if (updatetype == SSL_KEY_UPDATE_REQUESTED)
+ s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
+
+ if (!tls13_update_key(s, 0)) {
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index d454326a99..04a23320fc 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -502,12 +502,6 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
+ return WRITE_TRAN_CONTINUE;
+
+ case TLS_ST_SR_KEY_UPDATE:
+- if (s->key_update != SSL_KEY_UPDATE_NONE) {
+- st->hand_state = TLS_ST_SW_KEY_UPDATE;
+- return WRITE_TRAN_CONTINUE;
+- }
+- /* Fall through */
+-
+ case TLS_ST_SW_KEY_UPDATE:
+ st->hand_state = TLS_ST_OK;
+ return WRITE_TRAN_CONTINUE;
+--
+2.20.1
+
+From c8feb1039ccc4cd11e6db084df1446bf863bee1e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 17 Apr 2019 10:30:53 +0100
+Subject: [PATCH 2/2] Write a test for receiving a KeyUpdate (update requested)
+ while writing
+
+Reviewed-by: Ben Kaduk <kaduk@mit.edu>
+(Merged from https://github.com/openssl/openssl/pull/8773)
+
+(cherry picked from commit a77b4dba237d001073d2d1c5d55c674a196c949f)
+---
+ test/sslapitest.c | 92 +++++++++++++++++++++++++++++++++++++++++++++
+ test/ssltestlib.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++
+ test/ssltestlib.h | 3 ++
+ 3 files changed, 191 insertions(+)
+
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 2261fe4a7a..577342644d 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -4290,6 +4290,11 @@ static int test_key_update(void)
+ || !TEST_int_eq(SSL_read(serverssl, buf, sizeof(buf)),
+ strlen(mess)))
+ goto end;
++
++ if (!TEST_int_eq(SSL_write(serverssl, mess, strlen(mess)), strlen(mess))
++ || !TEST_int_eq(SSL_read(clientssl, buf, sizeof(buf)),
++ strlen(mess)))
++ goto end;
+ }
+
+ testresult = 1;
+@@ -4302,6 +4307,91 @@ static int test_key_update(void)
+
+ return testresult;
+ }
++
++/*
++ * Test we can handle a KeyUpdate (update requested) message while write data
++ * is pending.
++ * Test 0: Client sends KeyUpdate while Server is writing
++ * Test 1: Server sends KeyUpdate while Client is writing
++ */
++static int test_key_update_in_write(int tst)
++{
++ SSL_CTX *cctx = NULL, *sctx = NULL;
++ SSL *clientssl = NULL, *serverssl = NULL;
++ int testresult = 0;
++ char buf[20];
++ static char *mess = "A test message";
++ BIO *bretry = BIO_new(bio_s_always_retry());
++ BIO *tmp = NULL;
++ SSL *peerupdate = NULL, *peerwrite = NULL;
++
++ if (!TEST_ptr(bretry)
++ || !TEST_true(create_ssl_ctx_pair(TLS_server_method(),
++ TLS_client_method(),
++ TLS1_3_VERSION,
++ 0,
++ &sctx, &cctx, cert, privkey))
++ || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
++ NULL, NULL))
++ || !TEST_true(create_ssl_connection(serverssl, clientssl,
++ SSL_ERROR_NONE)))
++ goto end;
++
++ peerupdate = tst == 0 ? clientssl : serverssl;
++ peerwrite = tst == 0 ? serverssl : clientssl;
++
++ if (!TEST_true(SSL_key_update(peerupdate, SSL_KEY_UPDATE_REQUESTED))
++ || !TEST_true(SSL_do_handshake(peerupdate)))
++ goto end;
++
++ /* Swap the writing endpoint's write BIO to force a retry */
++ tmp = SSL_get_wbio(peerwrite);
++ if (!TEST_ptr(tmp) || !TEST_true(BIO_up_ref(tmp))) {
++ tmp = NULL;
++ goto end;
++ }
++ SSL_set0_wbio(peerwrite, bretry);
++ bretry = NULL;
++
++ /* Write data that we know will fail with SSL_ERROR_WANT_WRITE */
++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), -1)
++ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_WRITE))
++ goto end;
++
++ /* Reinstate the original writing endpoint's write BIO */
++ SSL_set0_wbio(peerwrite, tmp);
++ tmp = NULL;
++
++ /* Now read some data - we will read the key update */
++ if (!TEST_int_eq(SSL_read(peerwrite, buf, sizeof(buf)), -1)
++ || !TEST_int_eq(SSL_get_error(peerwrite, 0), SSL_ERROR_WANT_READ))
++ goto end;
++
++ /*
++ * Complete the write we started previously and read it from the other
++ * endpoint
++ */
++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
++ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
++ goto end;
++
++ /* Write more data to ensure we send the KeyUpdate message back */
++ if (!TEST_int_eq(SSL_write(peerwrite, mess, strlen(mess)), strlen(mess))
++ || !TEST_int_eq(SSL_read(peerupdate, buf, sizeof(buf)), strlen(mess)))
++ goto end;
++
++ testresult = 1;
++
++ end:
++ SSL_free(serverssl);
++ SSL_free(clientssl);
++ SSL_CTX_free(sctx);
++ SSL_CTX_free(cctx);
++ BIO_free(bretry);
++ BIO_free(tmp);
++
++ return testresult;
++}
+ #endif /* OPENSSL_NO_TLS1_3 */
+
+ static int test_ssl_clear(int idx)
+@@ -5982,6 +6072,7 @@ int setup_tests(void)
+ #ifndef OPENSSL_NO_TLS1_3
+ ADD_ALL_TESTS(test_export_key_mat_early, 3);
+ ADD_TEST(test_key_update);
++ ADD_ALL_TESTS(test_key_update_in_write, 2);
+ #endif
+ ADD_ALL_TESTS(test_ssl_clear, 2);
+ ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
+@@ -6002,4 +6093,5 @@ int setup_tests(void)
+ void cleanup_tests(void)
+ {
+ bio_s_mempacket_test_free();
++ bio_s_always_retry_free();
+ }
+diff --git a/test/ssltestlib.c b/test/ssltestlib.c
+index 05139be750..e1038620ac 100644
+--- a/test/ssltestlib.c
++++ b/test/ssltestlib.c
+@@ -62,9 +62,11 @@ static int tls_dump_puts(BIO *bp, const char *str);
+ /* Choose a sufficiently large type likely to be unused for this custom BIO */
+ #define BIO_TYPE_TLS_DUMP_FILTER (0x80 | BIO_TYPE_FILTER)
+ #define BIO_TYPE_MEMPACKET_TEST 0x81
++#define BIO_TYPE_ALWAYS_RETRY 0x82
+
+ static BIO_METHOD *method_tls_dump = NULL;
+ static BIO_METHOD *meth_mem = NULL;
++static BIO_METHOD *meth_always_retry = NULL;
+
+ /* Note: Not thread safe! */
+ const BIO_METHOD *bio_f_tls_dump_filter(void)
+@@ -612,6 +614,100 @@ static int mempacket_test_puts(BIO *bio, const char *str)
+ return mempacket_test_write(bio, str, strlen(str));
+ }
+
++static int always_retry_new(BIO *bi);
++static int always_retry_free(BIO *a);
++static int always_retry_read(BIO *b, char *out, int outl);
++static int always_retry_write(BIO *b, const char *in, int inl);
++static long always_retry_ctrl(BIO *b, int cmd, long num, void *ptr);
++static int always_retry_gets(BIO *bp, char *buf, int size);
++static int always_retry_puts(BIO *bp, const char *str);
++
++const BIO_METHOD *bio_s_always_retry(void)
++{
++ if (meth_always_retry == NULL) {
++ if (!TEST_ptr(meth_always_retry = BIO_meth_new(BIO_TYPE_ALWAYS_RETRY,
++ "Always Retry"))
++ || !TEST_true(BIO_meth_set_write(meth_always_retry,
++ always_retry_write))
++ || !TEST_true(BIO_meth_set_read(meth_always_retry,
++ always_retry_read))
++ || !TEST_true(BIO_meth_set_puts(meth_always_retry,
++ always_retry_puts))
++ || !TEST_true(BIO_meth_set_gets(meth_always_retry,
++ always_retry_gets))
++ || !TEST_true(BIO_meth_set_ctrl(meth_always_retry,
++ always_retry_ctrl))
++ || !TEST_true(BIO_meth_set_create(meth_always_retry,
++ always_retry_new))
++ || !TEST_true(BIO_meth_set_destroy(meth_always_retry,
++ always_retry_free)))
++ return NULL;
++ }
++ return meth_always_retry;
++}
++
++void bio_s_always_retry_free(void)
++{
++ BIO_meth_free(meth_always_retry);
++}
++
++static int always_retry_new(BIO *bio)
++{
++ BIO_set_init(bio, 1);
++ return 1;
++}
++
++static int always_retry_free(BIO *bio)
++{
++ BIO_set_data(bio, NULL);
++ BIO_set_init(bio, 0);
++ return 1;
++}
++
++static int always_retry_read(BIO *bio, char *out, int outl)
++{
++ BIO_set_retry_read(bio);
++ return -1;
++}
++
++static int always_retry_write(BIO *bio, const char *in, int inl)
++{
++ BIO_set_retry_write(bio);
++ return -1;
++}
++
++static long always_retry_ctrl(BIO *bio, int cmd, long num, void *ptr)
++{
++ long ret = 1;
++
++ switch (cmd) {
++ case BIO_CTRL_FLUSH:
++ BIO_set_retry_write(bio);
++ /* fall through */
++ case BIO_CTRL_EOF:
++ case BIO_CTRL_RESET:
++ case BIO_CTRL_DUP:
++ case BIO_CTRL_PUSH:
++ case BIO_CTRL_POP:
++ default:
++ ret = 0;
++ break;
++ }
++ return ret;
++}
++
++static int always_retry_gets(BIO *bio, char *buf, int size)
++{
++ BIO_set_retry_read(bio);
++ return -1;
++}
++
++static int always_retry_puts(BIO *bio, const char *str)
++{
++ BIO_set_retry_write(bio);
++ return -1;
++}
++
+ int create_ssl_ctx_pair(const SSL_METHOD *sm, const SSL_METHOD *cm,
+ int min_proto_version, int max_proto_version,
+ SSL_CTX **sctx, SSL_CTX **cctx, char *certfile,
+diff --git a/test/ssltestlib.h b/test/ssltestlib.h
+index fa19e7d80d..56e323f5bc 100644
+--- a/test/ssltestlib.h
++++ b/test/ssltestlib.h
+@@ -30,6 +30,9 @@ void bio_f_tls_dump_filter_free(void);
+ const BIO_METHOD *bio_s_mempacket_test(void);
+ void bio_s_mempacket_test_free(void);
+
++const BIO_METHOD *bio_s_always_retry(void);
++void bio_s_always_retry_free(void);
++
+ /* Packet types - value 0 is reserved */
+ #define INJECT_PACKET 1
+ #define INJECT_PACKET_IGNORE_REC_SEQ 2
+--
+2.20.1
+
+diff -up openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind openssl-1.1.1c/include/internal/constant_time_locl.h
+--- openssl-1.1.1c/include/internal/constant_time_locl.h.valgrind 2019-05-28 15:12:21.000000000 +0200
++++ openssl-1.1.1c/include/internal/constant_time_locl.h 2019-06-24 15:02:12.796053536 +0200
+@@ -213,18 +213,66 @@ static ossl_inline unsigned char constan
+ return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+ }
+
++/* Returns the value unmodified, but avoids optimizations. */
++static ossl_inline unsigned int value_barrier(unsigned int a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ unsigned int r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile unsigned int r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for uint32_t. */
++static ossl_inline uint32_t value_barrier_32(uint32_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ uint32_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile uint32_t r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for uint64_t. */
++static ossl_inline uint64_t value_barrier_64(uint64_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ uint64_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile uint64_t r = a;
++#endif
++ return r;
++}
++
++/* Convenience method for size_t. */
++static ossl_inline size_t value_barrier_s(size_t a)
++{
++#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
++ size_t r;
++ __asm__("" : "=r"(r) : "0"(a));
++#else
++ volatile size_t r = a;
++#endif
++ return r;
++}
++
+ static ossl_inline unsigned int constant_time_select(unsigned int mask,
+ unsigned int a,
+ unsigned int b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
+ }
+
+ static ossl_inline size_t constant_time_select_s(size_t mask,
+ size_t a,
+ size_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
+ }
+
+ static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+@@ -249,13 +297,13 @@ static ossl_inline int constant_time_sel
+ static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+ uint32_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
+ }
+
+ static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+ uint64_t b)
+ {
+- return (mask & a) | (~mask & b);
++ return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
+ }
+
+ /*
bgstack15