From 534093fcd17276a7192ff0c017b9b54e0e199279 Mon Sep 17 00:00:00 2001 From: Futaura Date: Wed, 25 Oct 2023 10:34:59 +0100 Subject: [PATCH] OpenSSL 3.1.4 integration --- CHANGES.md | 7 +++++++ Makefile | 2 +- include/libraries/amisslmaster.h | 1 + include/openssl/cmserr.h | 3 ++- include/openssl/core_dispatch.h | 19 ++++++++++++++++++- include/openssl/core_names.h | 1 + include/openssl/evp.h | 4 +++- include/openssl/opensslv.h | 10 +++++----- include/openssl/pkcs7.h | 6 +++--- include/openssl/randerr.h | 3 ++- src/amisslmaster_library.c | 3 ++- 11 files changed, 45 insertions(+), 14 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index db4b822f7..6c24bbf3b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,10 @@ +## AmiSSL 5.12 (25.10.2023) + +- Updated OpenSSL backend to full compatibility with the latest + OpenSSL 3.1.4 (24.10.2023) version which provides various bug and + security fixes, including one moderate severity vulnerability: + + Fix incorrect cipher key & IV length processing. (CVE-2023-5363) + ## AmiSSL 5.11 (19.9.2023) - Updated OpenSSL backend to full compatibility with the latest diff --git a/Makefile b/Makefile index 3d4c1bd2c..88e207d2c 100644 --- a/Makefile +++ b/Makefile @@ -152,7 +152,7 @@ endif # none - because we want to compile with -Wall all the time VERSION=5 -REVISION=11 +REVISION=12 include openssl/VERSION.dat VERSIONNAME=$(MAJOR)$(MINOR)$(PATCH) diff --git a/include/libraries/amisslmaster.h b/include/libraries/amisslmaster.h index 896adad6a..daf041422 100644 --- a/include/libraries/amisslmaster.h +++ b/include/libraries/amisslmaster.h @@ -58,6 +58,7 @@ enum AmiSSLVersion AMISSL_V311, /* AmiSSL v5.9 */ AMISSL_V312, /* AmiSSL v5.10 */ AMISSL_V313, /* AmiSSL v5.11 */ + AMISSL_V314, /* AmiSSL v5.12 */ /* ADD NEW VERSIONS ABOVE THIS LINE */ AMISSL_VMAX diff --git a/include/openssl/cmserr.h b/include/openssl/cmserr.h index 7bc087b6b..b8f4acffc 100644 --- a/include/openssl/cmserr.h +++ b/include/openssl/cmserr.h @@ -6,7 +6,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -125,6 +125,7 @@ # define CMS_R_UNSUPPORTED_LABEL_SOURCE 193 # define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE 155 # define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 +# define CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM 195 # define CMS_R_UNSUPPORTED_TYPE 156 # define CMS_R_UNWRAP_ERROR 157 # define CMS_R_UNWRAP_FAILURE 180 diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 968b23c0b..7c7ffba97 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -5,7 +5,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -193,6 +193,12 @@ OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf, OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr)) +/* New seeding functions prototypes with the 101-104 series */ +#define OSSL_FUNC_CLEANUP_USER_ENTROPY 96 +#define OSSL_FUNC_CLEANUP_USER_NONCE 97 +#define OSSL_FUNC_GET_USER_ENTROPY 98 +#define OSSL_FUNC_GET_USER_NONCE 99 + #define OSSL_FUNC_SELF_TEST_CB 100 OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg)) @@ -205,14 +211,25 @@ OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK ** OSSL_CORE_MAKE_FUNC(size_t, get_entropy, (const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, size_t min_len, size_t max_len)) +OSSL_CORE_MAKE_FUNC(size_t, get_user_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, int entropy, + size_t min_len, size_t max_len)) OSSL_CORE_MAKE_FUNC(void, cleanup_entropy, (const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_user_entropy, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) OSSL_CORE_MAKE_FUNC(size_t, get_nonce, (const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len)) +OSSL_CORE_MAKE_FUNC(size_t, get_user_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char **pout, size_t min_len, + size_t max_len, const void *salt, + size_t salt_len)) OSSL_CORE_MAKE_FUNC(void, cleanup_nonce, (const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len)) +OSSL_CORE_MAKE_FUNC(void, cleanup_user_nonce, (const OSSL_CORE_HANDLE *handle, + unsigned char *buf, size_t len)) /* Functions to access the core's providers */ #define OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB 105 diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index 5e6c23e94..36c33eb1f 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -260,6 +260,7 @@ extern "C" { #define OSSL_RAND_PARAM_MAX_REQUEST "max_request" #define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy" #define OSSL_RAND_PARAM_TEST_NONCE "test_nonce" +#define OSSL_RAND_PARAM_GENERATE "generate" /* RAND/DRBG names */ #define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests" diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 6c92380bc..09fc5f73c 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -5,7 +5,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -97,6 +97,8 @@ /* Easy to use macros for EVP_PKEY related selections */ # define EVP_PKEY_KEY_PARAMETERS \ ( OSSL_KEYMGMT_SELECT_ALL_PARAMETERS ) +# define EVP_PKEY_PRIVATE_KEY \ + ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PRIVATE_KEY ) # define EVP_PKEY_PUBLIC_KEY \ ( EVP_PKEY_KEY_PARAMETERS | OSSL_KEYMGMT_SELECT_PUBLIC_KEY ) # define EVP_PKEY_KEYPAIR \ diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index 9d17abad8..02e0797b7 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -41,7 +41,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 1 -# define OPENSSL_VERSION_PATCH 3 +# define OPENSSL_VERSION_PATCH 4 /* * Additional version information @@ -86,21 +86,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.1.3" -# define OPENSSL_FULL_VERSION_STR "3.1.3" +# define OPENSSL_VERSION_STR "3.1.4" +# define OPENSSL_FULL_VERSION_STR "3.1.4" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "19 Sep 2023" +# define OPENSSL_RELEASE_DATE "24 Oct 2023" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.3 19 Sep 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.1.4 24 Oct 2023" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/include/openssl/pkcs7.h b/include/openssl/pkcs7.h index 1fd0072f8..33f974da0 100644 --- a/include/openssl/pkcs7.h +++ b/include/openssl/pkcs7.h @@ -8,7 +8,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,8 +71,8 @@ typedef struct pkcs7_signer_info_st { PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; X509_ALGOR *digest_alg; STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ - X509_ALGOR *digest_enc_alg; - ASN1_OCTET_STRING *enc_digest; + X509_ALGOR *digest_enc_alg; /* confusing name, actually used for signing */ + ASN1_OCTET_STRING *enc_digest; /* confusing name, actually signature */ STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ /* The private key to sign with */ EVP_PKEY *pkey; diff --git a/include/openssl/randerr.h b/include/openssl/randerr.h index ea5b231c6..2716bbe9c 100644 --- a/include/openssl/randerr.h +++ b/include/openssl/randerr.h @@ -6,7 +6,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -53,6 +53,7 @@ # define RAND_R_GENERATE_ERROR 112 # define RAND_R_INSUFFICIENT_DRBG_STRENGTH 139 # define RAND_R_INTERNAL_ERROR 113 +# define RAND_R_INVALID_PROPERTY_QUERY 137 # define RAND_R_IN_ERROR_STATE 114 # define RAND_R_NOT_A_REGULAR_FILE 122 # define RAND_R_NOT_INSTANTIATED 115 diff --git a/src/amisslmaster_library.c b/src/amisslmaster_library.c index 204fc81a9..7c578efcc 100644 --- a/src/amisslmaster_library.c +++ b/src/amisslmaster_library.c @@ -249,7 +249,8 @@ LIBPROTO(OpenAmiSSL, struct Library *, REG(a6, UNUSED __BASE_OR_IFACE)) // (https://wiki.openssl.org/index.php/OpenSSL_3.0#Versioning_Scheme) but we must // take care to prevent applications requiring newer API functions from loading // older libraries that do not contain those required entries - if(LibAPIVersion <= AMISSL_V313 && OpenLib(&AmiSSLBase,"313") == NULL + if(LibAPIVersion <= AMISSL_V314 && OpenLib(&AmiSSLBase,"314") == NULL + && OpenLib(&AmiSSLBase,"313") == NULL && OpenLib(&AmiSSLBase,"312") == NULL && OpenLib(&AmiSSLBase,"311") == NULL) if(LibAPIVersion <= AMISSL_V310 && OpenLib(&AmiSSLBase,"310") == NULL)