Upgrade to V3.4.3 (#11)

PowerShell · Mar 21, 2022 · 4d97cd9 · 4d97cd9
1 parent e9e6ea5
commit 4d97cd9
Show file tree

Hide file tree

Showing 33 changed files with 424 additions and 418 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -28,6 +28,11 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+3.4.3 - Security release
+
+	* A malicious certificate can cause an infinite loop.
+	  Reported by and fix from Tavis Ormandy and David Benjamin, Google.
+
 3.4.2 - Security fix
 
 	* In some situations the X.509 verifier would discard an error on an

diff --git a/VERSION b/VERSION
@@ -1,2 +1,2 @@
-3.4.2.0
+3.4.3.0
 
diff --git a/configure b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 3.4.2.
+# Generated by GNU Autoconf 2.69 for libressl 3.4.3.
 #
 #
 # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libressl'
 PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='3.4.2'
-PACKAGE_STRING='libressl 3.4.2'
+PACKAGE_VERSION='3.4.3'
+PACKAGE_STRING='libressl 3.4.3'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1452,7 +1452,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libressl 3.4.2 to adapt to many kinds of systems.
+\`configure' configures libressl 3.4.3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1523,7 +1523,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libressl 3.4.2:";;
+     short | recursive ) echo "Configuration of libressl 3.4.3:";;
    esac
   cat <<\_ACEOF
 
@@ -1641,7 +1641,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libressl configure 3.4.2
+libressl configure 3.4.3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2189,7 +2189,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libressl $as_me 3.4.2, which was
+It was created by libressl $as_me 3.4.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3125,7 +3125,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libressl'
- VERSION='3.4.2'
+ VERSION='3.4.3'
 
 
 cat >>confdefs.h <<_ACEOF
@@ -14949,7 +14949,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libressl $as_me 3.4.2, which was
+This file was extended by libressl $as_me 3.4.3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -15006,7 +15006,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libressl config.status 3.4.2
+libressl config.status 3.4.3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

diff --git a/crypto/aes/aes-masm-x86_64.S b/crypto/aes/aes-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/aes/aes-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/aes/aes-masm-x86_64.S.tmp" 2

diff --git a/crypto/aes/aesni-masm-x86_64.S b/crypto/aes/aesni-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/aes/aesni-masm-x86_64.S.tmp" 2

diff --git a/crypto/aes/aesni-sha1-masm-x86_64.S b/crypto/aes/aesni-sha1-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/aes/aesni-sha1-masm-x86_64.S.tmp" 2

diff --git a/crypto/aes/bsaes-masm-x86_64.S b/crypto/aes/bsaes-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/aes/bsaes-masm-x86_64.S.tmp" 2

diff --git a/crypto/aes/vpaes-masm-x86_64.S b/crypto/aes/vpaes-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/aes/vpaes-masm-x86_64.S.tmp" 2

diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
@@ -351,21 +351,22 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 			goto vrfy;
 		}
 
-
-		/* find smallest  i  such that  b^(2^i) = 1 */
-		i = 1;
-		if (!BN_mod_sqr(t, b, p, ctx))
-			goto end;
-		while (!BN_is_one(t)) {
-			i++;
-			if (i == e) {
-				BNerror(BN_R_NOT_A_SQUARE);
-				goto end;
+		/* Find the smallest i with 0 < i < e such that b^(2^i) = 1. */
+		for (i = 1; i < e; i++) {
+			if (i == 1) {
+				if (!BN_mod_sqr(t, b, p, ctx))
+					goto end;
+			} else {
+				if (!BN_mod_sqr(t, t, p, ctx))
+					goto end;
 			}
-			if (!BN_mod_mul(t, t, t, p, ctx))
-				goto end;
+			if (BN_is_one(t))
+				break;
+		}
+		if (i >= e) {
+			BNerror(BN_R_NOT_A_SQUARE);
+			goto end;
 		}
-
 
 		/* t := y^2^(e - i - 1) */
 		if (!BN_copy(t, y))

diff --git a/crypto/bn/gf2m-masm-x86_64.S b/crypto/bn/gf2m-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/bn/gf2m-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/bn/gf2m-masm-x86_64.S.tmp" 2

diff --git a/crypto/bn/modexp512-masm-x86_64.S b/crypto/bn/modexp512-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/bn/modexp512-masm-x86_64.S.tmp" 2

diff --git a/crypto/bn/mont-masm-x86_64.S b/crypto/bn/mont-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/bn/mont-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/bn/mont-masm-x86_64.S.tmp" 2

diff --git a/crypto/bn/mont5-masm-x86_64.S b/crypto/bn/mont5-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/bn/mont5-masm-x86_64.S.tmp" 2

diff --git a/crypto/camellia/cmll-masm-x86_64.S b/crypto/camellia/cmll-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/camellia/cmll-masm-x86_64.S.tmp" 2

diff --git a/crypto/cpuid-masm-x86_64.S b/crypto/cpuid-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/cpuid-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/cpuid-masm-x86_64.S.tmp" 2

diff --git a/crypto/md5/md5-masm-x86_64.S b/crypto/md5/md5-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/md5/md5-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/md5/md5-masm-x86_64.S.tmp" 2

diff --git a/crypto/modes/ghash-masm-x86_64.S b/crypto/modes/ghash-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/modes/ghash-masm-x86_64.S.tmp" 2

diff --git a/crypto/rc4/rc4-masm-x86_64.S b/crypto/rc4/rc4-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/rc4/rc4-masm-x86_64.S.tmp" 2

diff --git a/crypto/rc4/rc4-md5-masm-x86_64.S b/crypto/rc4/rc4-md5-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/rc4/rc4-md5-masm-x86_64.S.tmp" 2

diff --git a/crypto/sha/sha1-masm-x86_64.S b/crypto/sha/sha1-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/sha/sha1-masm-x86_64.S.tmp" 2

diff --git a/crypto/sha/sha256-masm-x86_64.S b/crypto/sha/sha256-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/sha/sha256-masm-x86_64.S.tmp" 2

diff --git a/crypto/sha/sha512-masm-x86_64.S b/crypto/sha/sha512-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/sha/sha512-masm-x86_64.S.tmp" 2

diff --git a/crypto/whrlpool/wp-masm-x86_64.S b/crypto/whrlpool/wp-masm-x86_64.S
@@ -1,7 +1,7 @@
 ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp"
 ; 1 "<built-in>" 1
 ; 1 "<built-in>" 3
-; 340 "<built-in>" 3
+; 343 "<built-in>" 3
 ; 1 "<command line>" 1
 ; 1 "<built-in>" 2
 ; 1 "crypto/whrlpool/wp-masm-x86_64.S.tmp" 2

diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
@@ -1,11 +1,11 @@
-/* $OpenBSD: opensslv.h,v 1.66 2021/09/15 17:14:26 tb Exp $ */
+/* $OpenBSD$ */
 #ifndef HEADER_OPENSSLV_H
 #define HEADER_OPENSSLV_H
 
 /* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x3040200fL
+#define LIBRESSL_VERSION_NUMBER 0x3040300fL
 /*                                    ^ Patch starts here   */
-#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.4.2"
+#define LIBRESSL_VERSION_TEXT   "LibreSSL 3.4.3"
 
 /* These will never change */
 #define OPENSSL_VERSION_NUMBER	0x20000000L

diff --git a/tests/ocsptest.bat b/tests/ocsptest.bat
@@ -1,12 +1,12 @@
-@echo off
-setlocal enabledelayedexpansion
-REM	ocspocsp_test_bin.bat
-
-set ocsp_test_bin=%1
-set ocsp_test_bin=%ocsp_test_bin:/=\%
-if not exist %ocsp_test_bin% exit /b 1
-
-%ocsp_test_bin% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
-%ocsp_test_bin% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1
-
-endlocal
+@echo off
+setlocal enabledelayedexpansion
+REM	ocspocsp_test_bin.bat
+
+set ocsp_test_bin=%1
+set ocsp_test_bin=%ocsp_test_bin:/=\%
+if not exist %ocsp_test_bin% exit /b 1
+
+%ocsp_test_bin% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
+%ocsp_test_bin% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1
+
+endlocal
diff --git a/tests/pq_test.bat b/tests/pq_test.bat
@@ -1,15 +1,15 @@
-@echo off
-setlocal enabledelayedexpansion
-REM	pq_test.bat
-
-set pq_test_bin=%1
-set pq_test_bin=%pq_test_bin:/=\%
-if not exist %pq_test_bin% exit /b 1
-
-set pq_output=pq_output.txt
-if exist %pq_output% del %pq_output%
-
-%pq_test_bin% > %pq_output%
-fc /b %pq_output% %srcdir%\pq_expected.txt
-
-endlocal
+@echo off
+setlocal enabledelayedexpansion
+REM	pq_test.bat
+
+set pq_test_bin=%1
+set pq_test_bin=%pq_test_bin:/=\%
+if not exist %pq_test_bin% exit /b 1
+
+set pq_output=pq_output.txt
+if exist %pq_output% del %pq_output%
+
+%pq_test_bin% > %pq_output%
+fc /b %pq_output% %srcdir%\pq_expected.txt
+
+endlocal