Accepting request 738478 from home:jsikes:branches:security:tls

fix for bug found by nodejs12 tests. Enjoy!

OBS-URL: https://build.opensuse.org/request/show/738478
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=45

openssl-1_1.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Oct 14 18:36:37 UTC 2019 - Jason Sikes <jsikes@suse.com>
+
+- Merged upstream changes to allow NULL salt values in EVP_PBE_scrypt().
+  * Revealed by nodejs12 during bsc#1149572.
+  * Modified openssl-jsc-SLE-8789-backport_KDF.patch
+
 -------------------------------------------------------------------
 Mon Oct 14 08:45:39 UTC 2019 - Adam Majer <adam.majer@suse.de>
 

openssl-jsc-SLE-8789-backport_KDF.patch

@@ -9347,7 +9347,7 @@ Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
  /*
   * Maximum permitted memory allow this to be overridden with Configuration
   * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
-@@ -160,107 +37,38 @@ int EVP_PBE_scrypt(const char *pass, siz
+@@ -160,107 +37,42 @@ int EVP_PBE_scrypt(const char *pass, siz
                     uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
                     unsigned char *key, size_t keylen)
  {
@@ -9401,6 +9401,10 @@ Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
 +    if (pass == NULL) {
 +        pass = empty;
 +        passlen = 0;
++    }
++    if (salt == NULL) {
++        salt = (const unsigned char *)empty;
++        saltlen = 0;
      }
 -
 -    /*
@@ -10713,59 +10717,3 @@ Index: openssl-1.1.1d/doc/man7/EVP_KDF_SSHKDF.pod
 +
 +=cut
 +
-Index: openssl-1.1.1d/crypto/evp/pbe_scrypt.c
-===================================================================
---- openssl-1.1.1d.orig/crypto/evp/pbe_scrypt.c
-+++ openssl-1.1.1d/crypto/evp/pbe_scrypt.c
-@@ -57,16 +57,26 @@ int EVP_PBE_scrypt(const char *pass, siz
-         EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PARAMETER_TOO_LARGE);
-         return 0;
-     }
--    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
--            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
--                            salt, (size_t)saltlen) != 1
--            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1
-+    if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_N, N) != 1
-             || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_R, (uint32_t)r) != 1
-             || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SCRYPT_P, (uint32_t)p) != 1
--            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1
--            || EVP_KDF_derive(kctx, key, keylen) != 1)
-+            || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MAXMEM_BYTES, maxmem) != 1)
-         rv = 0;
- 
-+    /* Only set salt and passphrase when actual key generation is to take place.
-+     * Without output key, we are only checking parameter ranges
-+     */
-+    if (rv && key != NULL) {
-+        if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_PASS, pass, (size_t)passlen) != 1
-+                || EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SALT,
-+                                salt, (size_t)saltlen) != 1)
-+            rv = 0;
-+    }
-+
-+    if (rv && EVP_KDF_derive(kctx, key, keylen) != 1)
-+        rv = 0;
-+
-+
-     EVP_KDF_CTX_free(kctx);
-     return rv;
- }
-Index: openssl-1.1.1d/crypto/kdf/scrypt.c
-===================================================================
---- openssl-1.1.1d.orig/crypto/kdf/scrypt.c
-+++ openssl-1.1.1d/crypto/kdf/scrypt.c
-@@ -251,12 +251,12 @@ static int kdf_scrypt_ctrl_str(EVP_KDF_I
- static int kdf_scrypt_derive(EVP_KDF_IMPL *impl, unsigned char *key,
-                              size_t keylen)
- {
--    if (impl->pass == NULL) {
-+    if (key != NULL && impl->pass == NULL) {
-         KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
-         return 0;
-     }
- 
--    if (impl->salt == NULL) {
-+    if (key != NULL && impl->salt == NULL) {
-         KDFerr(KDF_F_KDF_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
-         return 0;
-     }