Merge remote-tracking branch 'upstream/OpenSSL_1_0_2-stable' into 1.0.2-chacha

Author: PeterMosmans

.travis.yml

@@ -14,3 +14,4 @@ compiler:
 
 script:
   - ./config enable-static-engine enable-ec_nistp_64_gcc_128 enable-gost enable-idea enable-md2 enable-rc5 enable-rfc3779 enable-ssl-trace enable-ssl2 enable-ssl3 enable-zlib experimental-jpake no-zlib-dynamic 1>/dev/null && make depend 1>/dev/null && make 1>/dev/null && make test
+

CHANGES

@@ -2,9 +2,48 @@
  OpenSSL CHANGES
  _______________
 
- Changes between 1.0.2i and 1.0.2j [xx XXX xxxx]
+ Changes between 1.0.2j and 1.0.2k [xx XXX xxxx]
+
+  *) Montgomery multiplication may produce incorrect results
+
+     There is a carry propagating bug in the Broadwell-specific Montgomery
+     multiplication procedure that handles input lengths divisible by, but
+     longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+     and DH private keys are impossible. This is because the subroutine in
+     question is not used in operations with the private key itself and an input
+     of the attacker's direct choice. Otherwise the bug can manifest itself as
+     transient authentication and key negotiation failures or reproducible
+     erroneous outcome of public-key operations with specially crafted input.
+     Among EC algorithms only Brainpool P-512 curves are affected and one
+     presumably can attack ECDH key negotiation. Impact was not analyzed in
+     detail, because pre-requisites for attack are considered unlikely. Namely
+     multiple clients have to choose the curve in question and the server has to
+     share the private key among them, neither of which is default behaviour.
+     Even then only clients that chose the curve will be affected.
+
+     This issue was publicly reported as transient failures and was not
+     initially recognized as a security issue. Thanks to Richard Morgan for
+     providing reproducible case.
+     (CVE-2016-7055)
+     [Andy Polyakov]
+
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
+
+ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
 
-  *)
+  *) Missing CRL sanity check
+
+     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
+     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
+     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
+
+     This issue only affects the OpenSSL 1.0.2i
+     (CVE-2016-7052)
+     [Matt Caswell]
 
  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
 

CONTRIBUTING

@@ -1,4 +1,4 @@
-HOW TO CONTRIBUTE TO PATCHES OpenSSL
+HOW TO CONTRIBUTE PATCHES TO OpenSSL
 ------------------------------------
 
 (Please visit https://www.openssl.org/community/getting-started.html for
@@ -11,34 +11,12 @@ OpenSSL community you might want to discuss it on the openssl-dev mailing
 list first.  Someone may be already working on the same thing or there
 may be a good reason as to why that feature isn't implemented.
 
-The best way to submit a patch is to make a pull request on GitHub.
-(It is not necessary to send mail to [email protected] to open a ticket!)
-If you think the patch could use feedback from the community, please
-start a thread on openssl-dev.
+To submit a patch, make a pull request on GitHub.  If you think the patch
+could use feedback from the community, please start a thread on openssl-dev
+to discuss it.
 
-You can also submit patches by sending it as mail to [email protected].
-Please include the word "PATCH" and an explanation of what the patch
-does in the subject line.  If you do this, our preferred format is "git
-format-patch" output. For example to provide a patch file containing the
-last commit in your local git repository use the following command:
-
-    % git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-    % cd openssl-work
-    ...make your changes...
-    % ./Configure dist; make clean
-    % cd ..
-    % diff -ur openssl-orig openssl-work >mydiffs.patch
-
-Note that pull requests are generally easier for the team, and community, to
-work with.  Pull requests benefit from all of the standard GitHub features,
-including code review tools, simpler integration, and CI build support.
-
-No matter how a patch is submitted, the following items will help make
-the acceptance and review process faster:
+Having addressed the following items before the PR will help make the
+acceptance and review process faster:
 
     1. Anything other than trivial contributions will require a contributor
     licensing agreement, giving us permission to use your code. See
@@ -55,21 +33,22 @@ the acceptance and review process faster:
         in the file LICENSE in the source distribution or at
         https://www.openssl.org/source/license.html
 
-    3.  Patches should be as current as possible.  When using GitHub, please
-    expect to have to rebase and update often. Note that we do not accept merge
-    commits. You will be asked to remove them before a patch is considered
-    acceptable.
+    3.  Patches should be as current as possible; expect to have to rebase
+    often. We do not accept merge commits; You will be asked to remove
+    them before a patch is considered acceptable.
 
     4.  Patches should follow our coding style (see
     https://www.openssl.org/policies/codingstyle.html) and compile without
     warnings. Where gcc or clang is availble you should use the
     --strict-warnings Configure option.  OpenSSL compiles on many varied
     platforms: try to ensure you only use portable features.
+    Clean builds via Travis and AppVeyor are expected, and done whenever
+    a PR is created or updated.
 
-    5.  When at all possible, patches should include tests. These can either be
-    added to an existing test, or completely new.  Please see test/README
-    for information on the test framework.
+    5.  When at all possible, patches should include tests. These can
+    either be added to an existing test, or completely new.  Please see
+    test/README for information on the test framework.
 
-    6.  New features or changed functionality must include documentation. Please
-    look at the "pod" files in doc/apps, doc/crypto and doc/ssl for examples of
-    our style.
+    6.  New features or changed functionality must include
+    documentation. Please look at the "pod" files in doc/apps, doc/crypto
+    and doc/ssl for examples of our style.

Configure

@@ -7,6 +7,7 @@ eval 'exec perl -S $0 ${1+"$@"}'
 
 require 5.000;
 use strict;
+use File::Compare;
 
 # see INSTALL for instructions.
 
@@ -1812,8 +1813,16 @@ while (<IN>)
 	}
 close(IN);
 close(OUT);
-rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
-rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+if ((compare($Makefile, "$Makefile.new"))
+	or file_newer('Configure', $Makefile)
+	or file_newer('config', $Makefile)
+	or file_newer('Makefile.org', $Makefile))
+	{
+	rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
+	rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";
+	}
+else
+	{ unlink("$Makefile.new"); }
 
 print "CC            =$cc\n";
 print "CFLAG         =$cflags\n";
@@ -2007,9 +2016,13 @@ print OUT "#ifdef  __cplusplus\n";
 print OUT "}\n";
 print OUT "#endif\n";
 close(OUT);
-rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
-rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
-
+if (compare("crypto/opensslconf.h.new","crypto/opensslconf.h"))
+	{
+	rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+	rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+	}
+else
+	{ unlink("crypto/opensslconf.h.new"); }
 
 # Fix the date
 
@@ -2314,3 +2327,9 @@ sub test_sanity
 	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
 	return $errorcnt;
 	}
+
+sub file_newer
+	{
+	my ($file1, $file2) = @_;
+	return (stat($file1))[9] > (stat($file2))[9]
+	}

INSTALL

@@ -159,18 +159,18 @@
      OpenSSL binary ("openssl"). The libraries will be built in the top-level
      directory, and the binary will be in the "apps" directory.
 
-     If "make" fails, look at the output.  There may be reasons for
-     the failure that aren't problems in OpenSSL itself (like missing
-     standard headers).  If it is a problem with OpenSSL itself, please
-     report the problem to <openssl-[email protected]> (note that your
-     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
-     forwarded to a public mailing list). Include the output of "make
-     report" in your message.  Please check out the request tracker. Maybe
-     the bug was already reported or has already been fixed.
-
-     [If you encounter assembler error messages, try the "no-asm"
-     configuration option as an immediate fix.]
+     If the build fails, look at the output.  There may be reasons
+     for the failure that aren't problems in OpenSSL itself (like
+     missing standard headers).  If you are having problems you can
+     get help by sending an email to the openssl-users email list (see
+     https://www.openssl.org/community/mailinglists.html for details). If
+     it is a bug with OpenSSL itself, please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues. Please review the existing
+     ones first; maybe the bug was already reported or has already been
+     fixed.
+
+     (If you encounter assembler error messages, try the "no-asm"
+     configuration option as an immediate fix.)
 
      Compiling parts of OpenSSL with gcc and others with the system
      compiler will result in unresolved symbols on some systems.

Makefile.org

@@ -203,7 +203,8 @@ CLEARENV=	TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}	\
 		$${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}		\
 		$${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS}	\
 		$${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}	\
-		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
+		$${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}	\
+		$${APPS+APPS}
 
 # LC_ALL=C ensures that error [and other] messages are delivered in
 # same language for uniform treatment.

NEWS

@@ -5,9 +5,13 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [under development]
+  Major changes between OpenSSL 1.0.2j and OpenSSL 1.0.2k [under development]
 
-      o
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
+
+      o Missing CRL sanity check (CVE-2016-7052)
 
   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
 

README

@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2j-dev
+ OpenSSL 1.0.2k-dev
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -66,13 +66,13 @@
  If you have any problems with OpenSSL then please take the following steps
  first:
 
-    - Download the current snapshot from ftp://ftp.openssl.org/snapshot/
+    - Download the latest version from the repository
       to see if the problem has already been addressed
-    - Remove ASM versions of libraries
+    - Configure with no-asm
     - Remove compiler optimisation flags
 
- If you wish to report a bug then please include the following information in
- any bug report:
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
 
     - On Unix systems:
         Self-test report generated by 'make report'
@@ -84,27 +84,9 @@
     - Problem Description (steps that will reproduce the problem, if known)
     - Stack Traceback (if the application dumps core)
 
- Email the report to:
-
-    [email protected]
-
- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list.  Confidential mail
- may be sent to [email protected] (PGP key available from the
- key servers).
-
- Please do NOT use this for general assistance or support queries.
  Just because something doesn't work the way you expect does not mean it
  is necessarily a bug in OpenSSL.
 
- You can also make GitHub pull requests. If you do this, please also send
- mail to [email protected] with a link to the PR so that we can more easily
- keep track of it.
-
  HOW TO CONTRIBUTE TO OpenSSL
  ----------------------------
 
@@ -113,7 +95,7 @@
  LEGALITIES
  ----------
 
- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.

apps/apps.c

@@ -972,7 +972,10 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
         if (!e)
             BIO_printf(err, "no engine specified\n");
         else {
-            pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+            if (ENGINE_init(e)) {
+                pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+                ENGINE_finish(e);
+            }
             if (!pkey) {
                 BIO_printf(err, "cannot load %s from engine\n", key_descrip);
                 ERR_print_errors(err);
@@ -1532,11 +1535,13 @@ static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
     }
     return e;
 }
+#endif
 
 ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 {
     ENGINE *e = NULL;
 
+#ifndef OPENSSL_NO_ENGINE
     if (engine) {
         if (strcmp(engine, "auto") == 0) {
             BIO_printf(err, "enabling auto ENGINE support\n");
@@ -1561,13 +1566,19 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
         }
 
         BIO_printf(err, "engine \"%s\" set.\n", ENGINE_get_id(e));
-
-        /* Free our "structural" reference. */
-        ENGINE_free(e);
     }
+#endif
     return e;
 }
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+    if (e != NULL)
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
 #endif
+}
 
 int load_config(BIO *err, CONF *cnf)
 {

apps/apps.h

@@ -259,9 +259,9 @@ STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
                               const char *pass, ENGINE *e,
                               const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
-# ifndef OPENSSL_NO_ENGINE
+
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
-# endif
+void release_engine(ENGINE *e);
 
 # ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,