From 2c7e51fae79c829004bada5ab21138d8075ae713 Mon Sep 17 00:00:00 2001 From: Futaura Date: Tue, 30 Jan 2024 18:24:33 +0000 Subject: [PATCH] OpenSSL 3.2.1 integration --- CHANGES.md | 14 ++++++++++++++ Makefile | 2 +- dist/AmiSSL.readme | 4 ++-- include/libraries/amisslmaster.h | 5 +++-- include/openssl/conferr.h | 3 ++- include/openssl/e_ostime.h | 9 +++++++++ include/openssl/opensslv.h | 10 +++++----- src/amisslmaster_library.c | 5 +++-- 8 files changed, 39 insertions(+), 13 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 2876da18a..f4bb20b1b 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,3 +1,17 @@ +## AmiSSL 5.14 (30.1.2024) + +- Updated OpenSSL backend to full compatibility with the latest + OpenSSL 3.2.1 (30.1.2024) version which includes fixes for these + low severity vulnerabilities: + + Fixed PKCS12 decoding crashes. + (CVE-2024-0727) + + Fixed excessive time spent checking invalid RSA public keys. + (CVE-2023-6237) + + Fixed excessive time spent in DH check / generation with large Q + parameter value. + (CVE-2023-5678) +- Removed redundant POWER8 VSX Poly1305 and ChaCha20 code. + ## AmiSSL 5.13 (22.12.2023) - Switched to OpenSSL 3.2, with full compatibility with the latest diff --git a/Makefile b/Makefile index 2d560a587..49c55a08a 100644 --- a/Makefile +++ b/Makefile @@ -152,7 +152,7 @@ endif # none - because we want to compile with -Wall all the time VERSION=5 -REVISION=13 +REVISION=14 include openssl/VERSION.dat VERSIONNAME=$(MAJOR)$(MINOR)$(PATCH) diff --git a/dist/AmiSSL.readme b/dist/AmiSSL.readme index 7c44b9e5e..57bbdcd8d 100644 --- a/dist/AmiSSL.readme +++ b/dist/AmiSSL.readme @@ -119,11 +119,11 @@ Legal information ----------------- AmiSSL v1 Copyright (c) 1999-2006 Andrija Antonijevic. AmiSSL v2/v3 Copyright (c) 2002-2006 Andrija Antonijevic, Stefan Burstroem. -AmiSSL v4/v5 Copyright (c) 2014-2023 AmiSSL Open Source Team. +AmiSSL v4/v5 Copyright (c) 2014-2024 AmiSSL Open Source Team. All Rights Reserved. OpenSSL Cryptography and SSL/TLS Toolkit -Copyright (c) 1995-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright (c) 1995-2024 The OpenSSL Project Authors. All Rights Reserved. AmiSSL uses a modified version of OpenSSL. Both AmiSSL and OpenSSL are licensed under the Apache License, Version 2.0 (the "License"); diff --git a/include/libraries/amisslmaster.h b/include/libraries/amisslmaster.h index 23825efa6..c81c8091d 100644 --- a/include/libraries/amisslmaster.h +++ b/include/libraries/amisslmaster.h @@ -5,7 +5,7 @@ AmiSSL - OpenSSL wrapper for AmigaOS-based systems Copyright (c) 1999-2006 Andrija Antonijevic, Stefan Burstroem. - Copyright (c) 2006-2023 AmiSSL Open Source Team. + Copyright (c) 2006-2024 AmiSSL Open Source Team. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); @@ -60,7 +60,8 @@ enum AmiSSLVersion AMISSL_V313, /* AmiSSL v5.11 */ AMISSL_V314, /* AmiSSL v5.12 */ AMISSL_V320, /* AmiSSL v5.13 */ - + AMISSL_V321, /* AmiSSL v5.14 */ + /* ADD NEW VERSIONS ABOVE THIS LINE */ AMISSL_VMAX }; diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h index 0cd5835d6..8b1829ece 100644 --- a/include/openssl/conferr.h +++ b/include/openssl/conferr.h @@ -6,7 +6,7 @@ * * This file has been modified for use with AmiSSL for AmigaOS-based systems. * - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,6 +50,7 @@ # define CONF_R_NUMBER_TOO_LARGE 121 # define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_RECURSIVE_SECTION_REFERENCE 126 # define CONF_R_RELATIVE_PATH 125 # define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 diff --git a/include/openssl/e_ostime.h b/include/openssl/e_ostime.h index 6d7ad9628..c726b9064 100644 --- a/include/openssl/e_ostime.h +++ b/include/openssl/e_ostime.h @@ -35,6 +35,15 @@ # if defined(OPENSSL_SYS_WINDOWS) # include +# if !defined(_WINSOCKAPI_) + /* + * winsock2.h defines _WINSOCK2API_ and both winsock2.h and winsock.h define + * _WINSOCKAPI_. Both of these provide struct timeval. Don't include + * winsock2.h if either header has been included to avoid breakage with + * applications that prefer to use over . + */ +# include +# endif # elif defined(OPENSSL_SYS_AMIGA) && !defined(AMISSL_COMPILE) && \ ((defined(__amigaos4__) && defined(__USE_OLD_TIMEVAL__)) || \ (!defined(__amigaos4__) && !defined(__USE_NEW_TIMEVAL__))) diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h index f56c01b7b..ddde77f95 100644 --- a/include/openssl/opensslv.h +++ b/include/openssl/opensslv.h @@ -41,7 +41,7 @@ extern "C" { */ # define OPENSSL_VERSION_MAJOR 3 # define OPENSSL_VERSION_MINOR 2 -# define OPENSSL_VERSION_PATCH 0 +# define OPENSSL_VERSION_PATCH 1 /* * Additional version information @@ -86,21 +86,21 @@ extern "C" { * longer variant with OPENSSL_VERSION_PRE_RELEASE_STR and * OPENSSL_VERSION_BUILD_METADATA_STR appended. */ -# define OPENSSL_VERSION_STR "3.2.0" -# define OPENSSL_FULL_VERSION_STR "3.2.0" +# define OPENSSL_VERSION_STR "3.2.1" +# define OPENSSL_FULL_VERSION_STR "3.2.1" /* * SECTION 3: ADDITIONAL METADATA * * These strings are defined separately to allow them to be parsable. */ -# define OPENSSL_RELEASE_DATE "23 Nov 2023" +# define OPENSSL_RELEASE_DATE "30 Jan 2024" /* * SECTION 4: BACKWARD COMPATIBILITY */ -# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.0 23 Nov 2023" +# define OPENSSL_VERSION_TEXT "OpenSSL 3.2.1 30 Jan 2024" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ # ifdef OPENSSL_VERSION_PRE_RELEASE diff --git a/src/amisslmaster_library.c b/src/amisslmaster_library.c index cf2c3bcd4..afca718e9 100644 --- a/src/amisslmaster_library.c +++ b/src/amisslmaster_library.c @@ -2,7 +2,7 @@ AmiSSL - OpenSSL wrapper for AmigaOS-based systems Copyright (c) 1999-2006 Andrija Antonijevic, Stefan Burstroem. - Copyright (c) 2006-2023 AmiSSL Open Source Team. + Copyright (c) 2006-2024 AmiSSL Open Source Team. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); @@ -244,7 +244,8 @@ LIBPROTO(OpenAmiSSL, struct Library *, REG(a6, UNUSED __BASE_OR_IFACE)) // (https://wiki.openssl.org/index.php/OpenSSL_3.0#Versioning_Scheme) but we must // take care to prevent applications requiring newer API functions from loading // older libraries that do not contain those required entries - if(LibAPIVersion <= AMISSL_V320 && OpenLib(&AmiSSLBase,"320") == NULL) + if(LibAPIVersion <= AMISSL_V321 && OpenLib(&AmiSSLBase,"321") == NULL + && OpenLib(&AmiSSLBase,"320") == NULL) if(LibAPIVersion <= AMISSL_V314 && OpenLib(&AmiSSLBase,"314") == NULL && OpenLib(&AmiSSLBase,"313") == NULL && OpenLib(&AmiSSLBase,"312") == NULL