From 60cdf17f0a24ced43a795eb9e096087f59c9d571 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 19 Jul 2023 19:05:16 +0100 Subject: gentoo auto-resync : 19:07:2023 - 19:05:16 --- dev-libs/Manifest.gz | Bin 97931 -> 97936 bytes dev-libs/libwacom/Manifest | 2 +- dev-libs/libwacom/libwacom-2.7.0.ebuild | 2 +- dev-libs/openssl/Manifest | 6 + .../files/openssl-3.0.9-CVE-2023-2975.patch | 109 ++++++++ .../files/openssl-3.0.9-CVE-2023-3446.patch | 120 +++++++++ .../files/openssl-3.1.1-CVE-2023-2975.patch | 110 ++++++++ .../files/openssl-3.1.1-CVE-2023-3446.patch | 121 +++++++++ dev-libs/openssl/openssl-3.0.9-r2.ebuild | 290 ++++++++++++++++++++ dev-libs/openssl/openssl-3.1.1-r2.ebuild | 293 +++++++++++++++++++++ 10 files changed, 1051 insertions(+), 2 deletions(-) create mode 100644 dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch create mode 100644 dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch create mode 100644 dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch create mode 100644 dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch create mode 100644 dev-libs/openssl/openssl-3.0.9-r2.ebuild create mode 100644 dev-libs/openssl/openssl-3.1.1-r2.ebuild (limited to 'dev-libs') diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz index bfbbc92ca164..018fe4abcd96 100644 Binary files a/dev-libs/Manifest.gz and b/dev-libs/Manifest.gz differ diff --git a/dev-libs/libwacom/Manifest b/dev-libs/libwacom/Manifest index f166b6322590..33d290d90f31 100644 --- a/dev-libs/libwacom/Manifest +++ b/dev-libs/libwacom/Manifest @@ -1,5 +1,5 @@ DIST libwacom-2.6.0.tar.xz 110288 BLAKE2B 321bacccab84f287141257b4c7af12822fca976c335027d399765fdbbb2c59eabcc76f40d4fd83c7cf1cdc88e2c57ccd317b1922ea3dddb98cf2a0847e920ff1 SHA512 aacf234e77bd976de2e2a687294c5ab704dca5a70df01fa2485441029e4faa34bec2824c455642115ae79f5cbbac41d064569e4eb2788655c324b37149009d26 DIST libwacom-2.7.0.tar.xz 111424 BLAKE2B 2cb046a7390c017680a2a67197896b0613fa3b0ca65d388b5d760fba1438c3079786efa77a5b69d26dce7b8813436ca4240500ef00d77e11427fee81df912d64 SHA512 47dd8fc7b82fce88ae9d857bcbecec2e45f2a83e832a5e1f97d5b09f77a2dacd53a470e08e756217fe7c5ef4420fdd8d3e3c37071336f7a3dce522b9fa781583 EBUILD libwacom-2.6.0.ebuild 1507 BLAKE2B f470234baaf9cc8fc33f07881b172745c7fe475c41c15f272df89ffad41b095adfc706caadbe7e6d2ee0e8452100e5fbd28cb45544b56916b4439e67267858a8 SHA512 f4cfc95491539e33b89675f6e5c3dc135e7c4269321d140c69e9856c68e27bec99eba91844e0dcc7eff39b70b4b739daa1109b3041aee5493eb569a1d91de7e3 -EBUILD libwacom-2.7.0.ebuild 1509 BLAKE2B b68718a31006b81ecfe1ce1e55f76b0d22635f4851511bb5a21fb06a4434dd6e05c40ef0d49002220ac61b00cfa608b3f7545218b73efd594a38017d81e1d1fc SHA512 bb7d8261af0ea2d5504e836cb049b8b042eacf1136923ea3adbf5bfcb91ba257e775ed23a2588aa4e64f140e8543ed300323596cd87bfea72c4645da0f301fad +EBUILD libwacom-2.7.0.ebuild 1508 BLAKE2B 53216faa406efcd9a1d6f625cc1658ad328b3987a2acfb0eae319a0b6fe14d94907c0331a2af8ac7e75fe7dad977387cd4f36dbb4e7a48127e03d40bae961e9e SHA512 557a1dffccfb5e1a41ead3e633c6e167f7e1c778bbfc86b1907a0cf3b270b0d4bad95e283a446b4aef99e3f1b68ddcd52cac956884dac105d895f1174a73e5b6 MISC metadata.xml 313 BLAKE2B bee5263fa9309d84996574f86a17a4292e58a7eefc65159ecd0df578ccab24e39f4c050deaaabbcd33e5a86292af6c57c5b2c9eb2c9b6e3caeab86e5633cf3c7 SHA512 b1575775a9f633ffe2124bd5ebef65ab864ae697ed733f50e3028484d2d60ea827e5ac12305d57beedcdbe58d8699bbc7e67cb0c844041c7a56045cb91eae633 diff --git a/dev-libs/libwacom/libwacom-2.7.0.ebuild b/dev-libs/libwacom/libwacom-2.7.0.ebuild index 887db9796a86..92b59cc67085 100644 --- a/dev-libs/libwacom/libwacom-2.7.0.ebuild +++ b/dev-libs/libwacom/libwacom-2.7.0.ebuild @@ -12,7 +12,7 @@ SRC_URI="https://github.com/linuxwacom/${PN}/releases/download/${P}/${P}.tar.xz" LICENSE="MIT" SLOT="0/9" # libwacom SONAME -KEYWORDS="~alpha amd64 arm ~arm64 ~ia64 ~ppc ppc64 ~sparc x86" +KEYWORDS="~alpha amd64 arm ~arm64 ~ia64 ~ppc ppc64 sparc x86" IUSE="doc test" RESTRICT="!test? ( test )" diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 70358e060160..a84ec3a45589 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -2,6 +2,10 @@ AUX gentoo.config-1.0.2 5302 BLAKE2B b699533ed86c48c0d033092b4d901de837a6a495113 AUX gentoo.config-1.0.4 5735 BLAKE2B 3ae435b60aa2c29dde9190c71e6cedf2a2c17ff8e7ae23c2a0c54904a6e06aa498b620979761a4d0f4a6e7331b49f684a952061e59d1d0a3e5bc27a68bed5800 SHA512 351e61a387e8e3890d03d3574926e82555223f9734e2f8365ee24ed7e064c30a6fdb75ad851a149f636803bdafb72b420127eef9cd7a9c1248e17e5317aca378 AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e753cf1a18ee6eac92aca5880c50b33966d8ecb391f7430e1db6ea5a30ee4e3a9d77fb9e5542e864508b01c325011e368165e079a96c SHA512 0badd29ec8cffd95b2b69a4b8f8eecfc9ea0c00a812b298a650ee353e3965147fd2da1f9058d2d51744838f38168257b89aaf317287c55a7b76f16a69c781828 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a +AUX openssl-3.0.9-CVE-2023-2975.patch 4607 BLAKE2B 6f668ab581573b4092a2e1b65f55288a77d48aa62053d6ce088f5e587cdc3ef6687522c36c21016f1095e8b1c036d28e54f1121eab2f13c821a08866930c7b0a SHA512 f070adb3722fa7561039efb149756571ba87d03094ff009a2fec433d5c3f24e99ca26bd67f73fd219c95a8117ca522ced9e501da7657f3e5a43a14727c34c889 +AUX openssl-3.0.9-CVE-2023-3446.patch 4406 BLAKE2B 2ec4d353197bfcdfd953001228e9946436e4fced5d554d3e3b7fe9fc4a64d2f54fc2abbf294b47c37a1fc3a10a313c200d8bf8f100052103080b83144cab927d SHA512 e2e7ff2cddba0fb7bb3909c897aac8403de2accdfef23222371196bbf9d5c608a1b8505ef7ef2f15cb0bd9223d05e7195af4d66f96671c41c07dae0b5454b752 +AUX openssl-3.1.1-CVE-2023-2975.patch 4608 BLAKE2B 0e25fac29905f00f66d85210310783dd9a9e8f3d7e003789481fe27767282d81d28255238ac2b358b5b0460f43ad13a5c877d0650279f56661d5f86710db7eaa SHA512 29496068d5fb7c981e5341a0228bf14bfaf5062f30edcf3856a191d9061a30cb23054e4db6a89e1b6c90493576e747af1044d02b15a22ce386c99b570787d2dc +AUX openssl-3.1.1-CVE-2023-3446.patch 4407 BLAKE2B 78b14b2c6513475f4dadfa74eb6bb51e51b11eea9840a391b7eb29a37b26ebc4b2ed7f731cf029bb4152fbd3c8e684887be885ac79c471bd5d91fb1e60ff461d SHA512 8252fb9e1181517dc331ef241e892ad718a6bbaf381ca18baa1b3a68d8d83a963b90d999a77570a86dfb897b8ca3b6210d91816d49285a2b2404def0df576292 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 @@ -14,5 +18,7 @@ DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28 EBUILD openssl-3.0.9-r1.ebuild 8490 BLAKE2B ba9e5ee5633b3c1bb2b9129142757cff35eaf28183d118a0339c617e520f0c86fca9cd6f4f2696c9bd35c860e10b7e6e56d91d4d43e5e1fdb91a2b0fff8a3afd SHA512 67401d7cbffd2c2b53dcf9e3ac076fa15f4c3051f7d4be1d914220b79d1818eb860e136c96b4a3c742dcd27df8ec21ec52b3658efb91c17732e6e7a6248ddaad +EBUILD openssl-3.0.9-r2.ebuild 8591 BLAKE2B 7764d0f01752438da02c5f55e51bc9f0d181f61a79cc80f386ec353fd9387a20eb6a8165b6b6f09a8ba75e77121297b9eeba182c88ab06704cbcd828d51af652 SHA512 cec79852add25202fabddbc1ade3130dc702ceb4f3a83505600264dbb203b8464e6b8a4c03a9fe0feb26f968c8870f6a997c5d60ff5884945f265471df2d82a4 EBUILD openssl-3.1.1-r1.ebuild 8531 BLAKE2B 67643a995e293072f9c30787d95dd4f67a28a5d96c7e771b94c58df59cc6d1bbedd1c982bf6dfa27394a8285f1d5d854ac49d5c39f86127d52e620fa03a58b7b SHA512 7cbab87a59866ee6dc0f3660ddecf62d149e707ca8ea0c7627c40ceda02260cbe4ca63ff169f88c3070278d8d79be2b117910ef27bff2293dab076853a8667b9 +EBUILD openssl-3.1.1-r2.ebuild 8624 BLAKE2B 09de30addbfc7655aa4897a2d3cd84c400d018fc249fdd45e9aa0a8efa29a58c78f55a458777f7a9939e70e310e806cb3c3e84f52a6c6945ca98ead8a86b386f SHA512 75d2bb956155ea22fce102309cbdc60e1fccfcb8746ea042a88dfcd3f59e295b4cd066177a5e0c7ab4dcab507ec8c1fae5060402e0622d75a4ae6e10a7b8d759 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92 diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch new file mode 100644 index 000000000000..908e57251cb9 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-2975.patch @@ -0,0 +1,109 @@ +https://github.com/openssl/openssl/commit/00e2f5eea29994d19293ec4e8c8775ba73678598 +https://github.com/openssl/openssl/commit/96318a8d21bed334d78797eca5b32790775d5f05 + +From 00e2f5eea29994d19293ec4e8c8775ba73678598 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 4 Jul 2023 17:30:35 +0200 +Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode + +The AES-SIV mode allows for multiple associated data items +authenticated separately with any of these being 0 length. + +The provided implementation ignores such empty associated data +which is incorrect in regards to the RFC 5297 and is also +a security issue because such empty associated data then become +unauthenticated if an application expects to authenticate them. + +Fixes CVE-2023-2975 + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/21384) + +(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) +--- a/providers/implementations/ciphers/cipher_aes_siv.c ++++ b/providers/implementations/ciphers/cipher_aes_siv.c +@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, + if (!ossl_prov_is_running()) + return 0; + +- if (inl == 0) { +- *outl = 0; +- return 1; +- } ++ /* Ignore just empty encryption/decryption call and not AAD. */ ++ if (out != NULL) { ++ if (inl == 0) { ++ if (outl != NULL) ++ *outl = 0; ++ return 1; ++ } + +- if (outsize < inl) { +- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); +- return 0; ++ if (outsize < inl) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); ++ return 0; ++ } + } + + if (ctx->hw->cipher(ctx, out, in, inl) <= 0) + +From 96318a8d21bed334d78797eca5b32790775d5f05 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 4 Jul 2023 17:50:37 +0200 +Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/21384) + +(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc) +--- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt ++++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt +@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93 + Plaintext = 112233445566778899aabbccddee + Ciphertext = 40c02b9690c4dc04daef7f6afe5c + ++Cipher = aes-128-siv ++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Tag = f1c5fdeac1f15a26779c1501f9fb7588 ++Plaintext = 112233445566778899aabbccddee ++Ciphertext = 27e946c669088ab06da58c5c831c ++ ++Cipher = aes-128-siv ++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++AAD = ++Tag = d1022f5b3664e5a4dfaf90f85be6f28a ++Plaintext = 112233445566778899aabbccddee ++Ciphertext = b66cff6b8eca0b79f083b39a0901 ++ + Cipher = aes-128-siv + Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f + AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 +@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f + Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 + Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d + ++Cipher = aes-128-siv ++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f ++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 ++AAD = ++AAD = 09f911029d74e35bd84156c5635688c0 ++Tag = 83ce6593a8fa67eb6fcd2819cedfc011 ++Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 ++Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d ++ ++Cipher = aes-128-siv ++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f ++AAD = ++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 ++AAD = 09f911029d74e35bd84156c5635688c0 ++Tag = 77dd4a44f5a6b41302121ee7f378de25 ++Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 ++Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe ++ + Cipher = aes-192-siv + Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0 + AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 diff --git a/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch new file mode 100644 index 000000000000..1a1be6a8af51 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.0.9-CVE-2023-3446.patch @@ -0,0 +1,120 @@ +https://github.com/openssl/openssl/commit/1fa20cf2f506113c761777127a38bce5068740eb +https://github.com/openssl/openssl/commit/8a62fd996cb1c22383ec75b4155d54dec4a1b0ee + +From 1fa20cf2f506113c761777127a38bce5068740eb Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 6 Jul 2023 16:36:35 +0100 +Subject: [PATCH] Fix DH_check() excessive time with over sized modulus + +The DH_check() function checks numerous aspects of the key or parameters +that have been supplied. Some of those checks use the supplied modulus +value even if it is excessively large. + +There is already a maximum DH modulus size (10,000 bits) over which +OpenSSL will not generate or derive keys. DH_check() will however still +perform various tests for validity on such a large modulus. We introduce a +new maximum (32,768) over which DH_check() will just fail. + +An application that calls DH_check() and supplies a key or parameters +obtained from an untrusted source could be vulnerable to a Denial of +Service attack. + +The function DH_check() is itself called by a number of other OpenSSL +functions. An application calling any of those other functions may +similarly be affected. The other functions affected by this are +DH_check_ex() and EVP_PKEY_param_check(). + +CVE-2023-3446 + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21451) + +(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d) +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret) + if (nid != NID_undef) + return 1; + ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); ++ return 0; ++ } ++ + if (!DH_check_params(dh, ret)) + return 0; + +--- a/include/openssl/dh.h ++++ b/include/openssl/dh.h +@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + # include + + # ifndef OPENSSL_DH_MAX_MODULUS_BITS +-# define OPENSSL_DH_MAX_MODULUS_BITS 10000 ++# define OPENSSL_DH_MAX_MODULUS_BITS 10000 ++# endif ++ ++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS ++# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 + # endif + + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +From 8a62fd996cb1c22383ec75b4155d54dec4a1b0ee Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 7 Jul 2023 14:39:48 +0100 +Subject: [PATCH] Add a test for CVE-2023-3446 + +Confirm that the only errors DH_check() finds with DH parameters with an +excessively long modulus is that the modulus is too large. We should not +be performing time consuming checks using that modulus. + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21451) + +(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b) +--- a/test/dhtest.c ++++ b/test/dhtest.c +@@ -73,7 +73,7 @@ static int dh_test(void) + goto err1; + + /* check fails, because p is way too small */ +- if (!DH_check(dh, &i)) ++ if (!TEST_true(DH_check(dh, &i))) + goto err2; + i ^= DH_MODULUS_TOO_SMALL; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) +@@ -124,6 +124,17 @@ static int dh_test(void) + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); + ++ /* Modulus of size: dh check max modulus bits + 1 */ ++ if (!TEST_true(BN_set_word(p, 1)) ++ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) ++ goto err3; ++ ++ /* ++ * We expect no checks at all for an excessively large modulus ++ */ ++ if (!TEST_false(DH_check(dh, &i))) ++ goto err3; ++ + /* + * II) key generation + */ +@@ -138,7 +149,7 @@ static int dh_test(void) + goto err3; + + /* ... and check whether it is valid */ +- if (!DH_check(a, &i)) ++ if (!TEST_true(DH_check(a, &i))) + goto err3; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch new file mode 100644 index 000000000000..5abf60737dbd --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch @@ -0,0 +1,110 @@ +https://github.com/openssl/openssl/commit/6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc +https://github.com/openssl/openssl/commit/76214c4a8f3374b786811fdfeda3d98690f8faf4 + +From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 4 Jul 2023 17:30:35 +0200 +Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode + +The AES-SIV mode allows for multiple associated data items +authenticated separately with any of these being 0 length. + +The provided implementation ignores such empty associated data +which is incorrect in regards to the RFC 5297 and is also +a security issue because such empty associated data then become +unauthenticated if an application expects to authenticate them. + +Fixes CVE-2023-2975 + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/21384) + +(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) +--- a/providers/implementations/ciphers/cipher_aes_siv.c ++++ b/providers/implementations/ciphers/cipher_aes_siv.c +@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, + if (!ossl_prov_is_running()) + return 0; + +- if (inl == 0) { +- *outl = 0; +- return 1; +- } ++ /* Ignore just empty encryption/decryption call and not AAD. */ ++ if (out != NULL) { ++ if (inl == 0) { ++ if (outl != NULL) ++ *outl = 0; ++ return 1; ++ } + +- if (outsize < inl) { +- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); +- return 0; ++ if (outsize < inl) { ++ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); ++ return 0; ++ } + } + + if (ctx->hw->cipher(ctx, out, in, inl) <= 0) + +From 76214c4a8f3374b786811fdfeda3d98690f8faf4 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 4 Jul 2023 17:50:37 +0200 +Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/21384) + +(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc) +--- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt ++++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt +@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93 + Plaintext = 112233445566778899aabbccddee + Ciphertext = 40c02b9690c4dc04daef7f6afe5c + ++Cipher = aes-128-siv ++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++Tag = f1c5fdeac1f15a26779c1501f9fb7588 ++Plaintext = 112233445566778899aabbccddee ++Ciphertext = 27e946c669088ab06da58c5c831c ++ ++Cipher = aes-128-siv ++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff ++AAD = ++Tag = d1022f5b3664e5a4dfaf90f85be6f28a ++Plaintext = 112233445566778899aabbccddee ++Ciphertext = b66cff6b8eca0b79f083b39a0901 ++ + Cipher = aes-128-siv + Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f + AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 +@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f + Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 + Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d + ++Cipher = aes-128-siv ++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f ++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 ++AAD = ++AAD = 09f911029d74e35bd84156c5635688c0 ++Tag = 83ce6593a8fa67eb6fcd2819cedfc011 ++Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 ++Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d ++ ++Cipher = aes-128-siv ++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f ++AAD = ++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 ++AAD = 09f911029d74e35bd84156c5635688c0 ++Tag = 77dd4a44f5a6b41302121ee7f378de25 ++Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 ++Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe ++ + Cipher = aes-192-siv + Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0 + AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 + diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch new file mode 100644 index 000000000000..781b0c8f48b3 --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch @@ -0,0 +1,121 @@ +https://github.com/openssl/openssl/commit/fc9867c1e03c22ebf56943be205202e576aabf23 +https://github.com/openssl/openssl/commit/4791e79b8803924b28c19af4d4036ad85335110d + +From fc9867c1e03c22ebf56943be205202e576aabf23 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 6 Jul 2023 16:36:35 +0100 +Subject: [PATCH] Fix DH_check() excessive time with over sized modulus + +The DH_check() function checks numerous aspects of the key or parameters +that have been supplied. Some of those checks use the supplied modulus +value even if it is excessively large. + +There is already a maximum DH modulus size (10,000 bits) over which +OpenSSL will not generate or derive keys. DH_check() will however still +perform various tests for validity on such a large modulus. We introduce a +new maximum (32,768) over which DH_check() will just fail. + +An application that calls DH_check() and supplies a key or parameters +obtained from an untrusted source could be vulnerable to a Denial of +Service attack. + +The function DH_check() is itself called by a number of other OpenSSL +functions. An application calling any of those other functions may +similarly be affected. The other functions affected by this are +DH_check_ex() and EVP_PKEY_param_check(). + +CVE-2023-3446 + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21451) + +(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d) +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret) + if (nid != NID_undef) + return 1; + ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); ++ return 0; ++ } ++ + if (!DH_check_params(dh, ret)) + return 0; + +--- a/include/openssl/dh.h ++++ b/include/openssl/dh.h +@@ -92,7 +92,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); + # include + + # ifndef OPENSSL_DH_MAX_MODULUS_BITS +-# define OPENSSL_DH_MAX_MODULUS_BITS 10000 ++# define OPENSSL_DH_MAX_MODULUS_BITS 10000 ++# endif ++ ++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS ++# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 + # endif + + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + +From 4791e79b8803924b28c19af4d4036ad85335110d Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 7 Jul 2023 14:39:48 +0100 +Subject: [PATCH] Add a test for CVE-2023-3446 + +Confirm that the only errors DH_check() finds with DH parameters with an +excessively long modulus is that the modulus is too large. We should not +be performing time consuming checks using that modulus. + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21451) + +(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b) +--- a/test/dhtest.c ++++ b/test/dhtest.c +@@ -73,7 +73,7 @@ static int dh_test(void) + goto err1; + + /* check fails, because p is way too small */ +- if (!DH_check(dh, &i)) ++ if (!TEST_true(DH_check(dh, &i))) + goto err2; + i ^= DH_MODULUS_TOO_SMALL; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) +@@ -124,6 +124,17 @@ static int dh_test(void) + /* We'll have a stale error on the queue from the above test so clear it */ + ERR_clear_error(); + ++ /* Modulus of size: dh check max modulus bits + 1 */ ++ if (!TEST_true(BN_set_word(p, 1)) ++ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) ++ goto err3; ++ ++ /* ++ * We expect no checks at all for an excessively large modulus ++ */ ++ if (!TEST_false(DH_check(dh, &i))) ++ goto err3; ++ + /* + * II) key generation + */ +@@ -138,7 +149,7 @@ static int dh_test(void) + goto err3; + + /* ... and check whether it is valid */ +- if (!DH_check(a, &i)) ++ if (!TEST_true(DH_check(a, &i))) + goto err3; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) + diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild new file mode 100644 index 000000000000..c1c56681758c --- /dev/null +++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild @@ -0,0 +1,290 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs +inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI="mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/3" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2023-2975.patch + "${FILESDIR}"/${P}-CVE-2023-3446.patch +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #895308 + append-atomic-flags + # Configure doesn't respect LIBS + export LDLIBS="${LIBS}" + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi + + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? + + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +} diff --git a/dev-libs/openssl/openssl-3.1.1-r2.ebuild b/dev-libs/openssl/openssl-3.1.1-r2.ebuild new file mode 100644 index 000000000000..cfa017e58411 --- /dev/null +++ b/dev-libs/openssl/openssl-3.1.1-r2.ebuild @@ -0,0 +1,293 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc +inherit edo flag-o-matic linux-info toolchain-funcs +inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig + +DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)" +HOMEPAGE="https://www.openssl.org/" + +MY_P=${P/_/-} + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openssl/openssl.git" + + inherit git-r3 +else + SRC_URI=" + mirror://openssl/source/${MY_P}.tar.gz + verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc ) + " + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +S="${WORKDIR}"/${MY_P} + +LICENSE="Apache-2.0" +SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto +IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers" +RESTRICT="!test? ( test )" + +COMMON_DEPEND=" + !=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] ) +" +BDEPEND=" + >=dev-lang/perl-5 + sctp? ( >=net-misc/lksctp-tools-1.0.12 ) + test? ( + sys-apps/diffutils + sys-devel/bc + sys-process/procps + ) + verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )" + +DEPEND="${COMMON_DEPEND}" +RDEPEND="${COMMON_DEPEND}" +PDEPEND="app-misc/ca-certificates" + +MULTILIB_WRAPPED_HEADERS=( + /usr/include/openssl/configuration.h +) + +PATCHES=( + "${FILESDIR}"/${P}-CVE-2023-2975.patch + "${FILESDIR}"/${P}-CVE-2023-3446.patch +) + +pkg_setup() { + if use ktls ; then + if kernel_is -lt 4 18 ; then + ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!" + else + CONFIG_CHECK="~TLS ~TLS_DEVICE" + ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!" + ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!" + use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER" + + linux-info_pkg_setup + fi + fi + + [[ ${MERGE_TYPE} == binary ]] && return + + # must check in pkg_setup; sysctl doesn't work with userpriv! + if use test && use sctp ; then + # test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel" + # if sctp.auth_enable is not enabled. + local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null) + if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then + die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!" + fi + fi +} + +src_unpack() { + # Can delete this once test fix patch is dropped + if use verify-sig ; then + # Needed for downloaded patch (which is unsigned, which is fine) + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc} + fi + + default +} + +src_prepare() { + # Make sure we only ever touch Makefile.org and avoid patching a file + # that gets blown away anyways by the Configure script in src_configure + rm -f Makefile + + if ! use vanilla ; then + PATCHES+=( + # Add patches which are Gentoo-specific customisations here + ) + fi + + default + + if use test && use sctp && has network-sandbox ${FEATURES} ; then + einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..." + rm test/recipes/80-test_ssl_new.t || die + fi + + # Test fails depending on kernel configuration, bug #699134 + rm test/recipes/30-test_afalg.t || die +} + +src_configure() { + # Keep this in sync with app-misc/c_rehash + SSL_CNF_DIR="/etc/ssl" + + # Quiet out unknown driver argument warnings since openssl + # doesn't have well-split CFLAGS and we're making it even worse + # and 'make depend' uses -Werror for added fun (bug #417795 again) + tc-is-clang && append-flags -Qunused-arguments + + # We really, really need to build OpenSSL w/ strict aliasing disabled. + # It's filled with violations and it *will* result in miscompiled + # code. This has been in the ebuild for > 10 years but even in 2022, + # it's still relevant: + # - https://github.com/llvm/llvm-project/issues/55255 + # - https://github.com/openssl/openssl/issues/18225 + # - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057 + # Don't remove the no strict aliasing bits below! + filter-flags -fstrict-aliasing + append-flags -fno-strict-aliasing + # The OpenSSL developers don't test with LTO right now, it leads to various + # warnings/errors (which may or may not be false positives), it's considered + # unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663. + filter-lto + + append-flags $(test-flags-CC -Wa,--noexecstack) + + # bug #895308 + append-atomic-flags + # Configure doesn't respect LIBS + export LDLIBS="${LIBS}" + + # bug #197996 + unset APPS + # bug #312551 + unset SCRIPTS + # bug #311473 + unset CROSS_COMPILE + + tc-export AR CC CXX RANLIB RC + + multilib-minimal_src_configure +} + +multilib_src_configure() { + use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; } + + local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal") + + # See if our toolchain supports __uint128_t. If so, it's 64bit + # friendly and can use the nicely optimized code paths, bug #460790. + #local ec_nistp_64_gcc_128 + # + # Disable it for now though (bug #469976) + # Do NOT re-enable without substantial discussion first! + # + #echo "__uint128_t i;" > "${T}"/128.c + #if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then + # ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128" + #fi + + local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4") + einfo "Using configuration: ${sslout:-(openssl knows best)}" + + # https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features + local myeconfargs=( + ${sslout} + + $(use cpu_flags_x86_sse2 || echo "no-sse2") + enable-camellia + enable-ec + enable-ec2m + enable-sm2 + enable-srp + $(use elibc_musl && echo "no-async") + enable-idea + enable-mdc2 + enable-rc5 + $(use fips && echo "enable-fips") + $(use_ssl asm) + $(use_ssl ktls) + $(use_ssl rfc3779) + $(use_ssl sctp) + $(use test || echo "no-tests") + $(use_ssl tls-compression zlib) + $(use_ssl weak-ssl-ciphers) + + --prefix="${EPREFIX}"/usr + --openssldir="${EPREFIX}"${SSL_CNF_DIR} + --libdir=$(get_libdir) + + shared + threads + ) + + edo perl "${S}/Configure" "${myeconfargs[@]}" +} + +multilib_src_compile() { + emake build_sw + + if multilib_is_native_abi; then + emake build_docs + fi +} + +multilib_src_test() { + # VFP = show subtests verbosely and show failed tests verbosely + # Normal V=1 would show everything verbosely but this slows things down. + emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test +} + +multilib_src_install() { + emake DESTDIR="${D}" install_sw + if use fips; then + emake DESTDIR="${D}" install_fips + # Regen this in pkg_preinst, bug 900625 + rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die + fi + + if multilib_is_native_abi; then + emake DESTDIR="${D}" install_ssldirs + emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs + fi + + # This is crappy in that the static archives are still built even + # when USE=static-libs. But this is due to a failing in the openssl + # build system: the static archives are built as PIC all the time. + # Only way around this would be to manually configure+compile openssl + # twice; once with shared lib support enabled and once without. + if ! use static-libs ; then + rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die + fi +} + +multilib_src_install_all() { + # openssl installs perl version of c_rehash by default, but + # we provide a shell version via app-misc/c_rehash + rm "${ED}"/usr/bin/c_rehash || die + + dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el + + # Create the certs directory + keepdir ${SSL_CNF_DIR}/certs + + # bug #254521 + dodir /etc/sandbox.d + echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl + + diropts -m0700 + keepdir ${SSL_CNF_DIR}/private +} + +pkg_preinst() { + if use fips; then + # Regen fipsmodule.cnf, bug 900625 + ebegin "Running openssl fipsinstall" + "${ED}/usr/bin/openssl" fipsinstall -quiet \ + -out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \ + -module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so" + eend $? + fi + + preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +} + +pkg_postinst() { + ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)" + openssl rehash "${EROOT}${SSL_CNF_DIR}/certs" + eend $? + + preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \ + /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1) +} -- cgit v1.2.3