Accepting request 680495 from home:vitezslav_cizek:branches:security:tls

- Use upstream-approved patch for the handling of strerror_r * https://github.com/openssl/openssl/pull/8371 - add openssl-fix-handling-of-GNU-strerror_r.patch - drop strerror.patch - Update to 1.1.1b * Added SCA hardening for modular field inversion in EC_GROUP through a new dedicated field_inv() pointer in EC_METHOD. * Change the info callback signals for the start and end of a post-handshake message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get confused by this and assume that a TLSv1.2 renegotiation has started. This can break KeyUpdate handling. Instead we no longer signal the start and end of a post handshake message exchange (although the messages themselves are still signalled). This could break some applications that were expecting the old signals. However without this KeyUpdate is not usable for many applications. * Fix a bug in the computation of the endpoint-pair shared secret used by DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling interoperability with such broken implementations. However, enabling this switch breaks interoperability with correct implementations. * Fix a use after free bug in d2i_X509_PUBKEY when overwriting a re-used X509_PUBKEY object if the second PUBKEY is malformed. * Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0() OBS-URL: https://build.opensuse.org/request/show/680495 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=30
2019-03-01 13:44:38 +00:00 · 2019-03-01 13:44:38 +00:00 · cdb3e58e2b
commit cdb3e58e2b
parent 1536180cd7
4 changed files with 85 additions and 31 deletions
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@ -1,3 +1,36 @@
+-------------------------------------------------------------------
+Fri Mar  1 13:28:03 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Use upstream-approved patch for the handling of strerror_r
+  * https://github.com/openssl/openssl/pull/8371
+- add openssl-fix-handling-of-GNU-strerror_r.patch
+- drop strerror.patch
+
+-------------------------------------------------------------------
+Thu Feb 28 13:37:55 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Update to 1.1.1b
+  * Added SCA hardening for modular field inversion in EC_GROUP
+    through a new dedicated field_inv() pointer in EC_METHOD.
+  * Change the info callback signals for the start and end of a post-handshake
+    message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+    and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+    confused by this and assume that a TLSv1.2 renegotiation has started. This
+    can break KeyUpdate handling. Instead we no longer signal the start and end
+    of a post handshake message exchange (although the messages themselves are
+    still signalled). This could break some applications that were expecting
+    the old signals. However without this KeyUpdate is not usable for many
+    applications.
+  * Fix a bug in the computation of the endpoint-pair shared secret used
+    by DTLS over SCTP. This breaks interoperability with older versions
+    of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+    switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+    interoperability with such broken implementations. However, enabling
+    this switch breaks interoperability with correct implementations.
+  * Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+    re-used X509_PUBKEY object if the second PUBKEY is malformed.
+  * Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0()
+
 -------------------------------------------------------------------
 Thu Feb 28 12:10:33 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>

--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@ -48,7 +48,8 @@ Patch7:         0001-s390x-assembly-pack-perlasm-support.patch
 Patch8:         0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
 # PATCH-FIX-UPSTREAM FATE#326351 Add vectorized poly1305 implementation for s390x (https://github.com/openssl/openssl/pull/7991)
 Patch9:         0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
-Patch10:        strerror.patch
+# PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8371
+Patch10:        openssl-fix-handling-of-GNU-strerror_r.patch

 BuildRequires:  bc
 BuildRequires:  ed
--- a/openssl-fix-handling-of-GNU-strerror_r.patch
+++ b/openssl-fix-handling-of-GNU-strerror_r.patch
@ -0,0 +1,50 @@
+diff --git a/crypto/o_str.c b/crypto/o_str.c
+index 02578dbf0d..3b271e745b 100644
+--- a/crypto/o_str.c
+++ b/crypto/o_str.c
+@@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ #if defined(_MSC_VER) && _MSC_VER>=1400
+     return !strerror_s(buf, buflen, errnum);
+ #elif defined(_GNU_SOURCE)
+-    return strerror_r(errnum, buf, buflen) != NULL;
+    char *err;
+
+    /*
+     * GNU strerror_r may not actually set buf.
+     * It can return a pointer to some (immutable) static string in which case
+     * buf is left unused.
+     */
+    err = strerror_r(errnum, buf, buflen);
+    if (err == NULL)
+        return 0;
+    /*
+     * If err is statically allocated, err != buf and we need to copy the data.
+     * If err points somewhere inside buf, OPENSSL_strlcpy can handle this,
+     * since src and dest are not annotated with __restrict and the function
+     * reads src byte for byte and writes to dest.
+     * If err == buf we do not have to copy anything.
+     */
+    if (err != buf)
+        OPENSSL_strlcpy(buf, err, buflen);
+    return 1;
+ #elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+       (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+     /*
+@@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+     return !strerror_r(errnum, buf, buflen);
+ #else
+     char *err;
+
+     /* Fall back to non-thread safe strerror()...its all we can do */
+     if (buflen < 2)
+         return 0;
+@@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+     /* Can this ever happen? */
+     if (err == NULL)
+         return 0;
+-    strncpy(buf, err, buflen - 1);
+-    buf[buflen - 1] = '\0';
+    OPENSSL_strlcpy(buf, err, buflen);
+     return 1;
+ #endif
+ }
--- a/strerror.patch
+++ b/strerror.patch
@ -1,30 +0,0 @@
-Index: openssl-1.1.1b/crypto/o_str.c
-===================================================================
--- openssl-1.1.1b.orig/crypto/o_str.c	2019-02-26 15:15:30.000000000 +0100
-+++ openssl-1.1.1b/crypto/o_str.c	2019-02-28 13:07:50.382438959 +0100
-@@ -220,19 +220,6 @@ char *OPENSSL_buf2hexstr(const unsigned
- 
- int openssl_strerror_r(int errnum, char *buf, size_t buflen)
- {
-#if defined(_MSC_VER) && _MSC_VER>=1400
-    return !strerror_s(buf, buflen, errnum);
-#elif defined(_GNU_SOURCE)
-    return strerror_r(errnum, buf, buflen) != NULL;
-#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
-      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
-    /*
-     * We can use "real" strerror_r. The OpenSSL version differs in that it
-     * gives 1 on success and 0 on failure for consistency with other OpenSSL
-     * functions. Real strerror_r does it the other way around
-     */
-    return !strerror_r(errnum, buf, buflen);
-#else
-     char *err;
-     /* Fall back to non-thread safe strerror()...its all we can do */
-     if (buflen < 2)
-@@ -244,5 +231,4 @@ int openssl_strerror_r(int errnum, char
-     strncpy(buf, err, buflen - 1);
-     buf[buflen - 1] = '\0';
-     return 1;
-#endif
- }