8000 deps: upgrade openssl sources to openssl-3.5.4 · nodejs/node@81b3009 · GitHub
[go: up one dir, main page]
Skip to content

Commit 81b3009

Browse files
nodejs-github-bottargos
nodejs-github-bot
authored and
targos
committed
deps: upgrade openssl sources to openssl-3.5.4
PR-URL: #60101 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Filip Skokan <panva.ip@gmail.com> Reviewed-By: Richard Lau <richard.lau@ibm.com>
1 parent 705686b commit 81b3009

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
Expand file tree

65 files changed

+365
-227
lines changed

deps/openssl/openssl/CHANGES.md

Lines changed: 69 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,72 @@ OpenSSL Releases
2828
OpenSSL 3.5
2929
-----------
3030

31+
### Changes between 3.5.3 and 3.5.4 [30 Sep 2025]
32+
33+
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap
34+
35+
Issue summary: An application trying to decrypt CMS messages encrypted using
36+
password based encryption can trigger an out-of-bounds read and write.
37+
38+
Impact summary: This out-of-bounds read may trigger a crash which leads to
39+
Denial of Service for an application. The out-of-bounds write can cause
40+
a memory corruption which can have various consequences including
41+
a Denial of Service or Execution of attacker-supplied code.
42+
43+
The issue was reported by Stanislav Fort (Aisle Research).
44+
45+
([CVE-2025-9230])
46+
47+
*Viktor Dukhovni*
48+
49+
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM
50+
51+
Issue summary: A timing side-channel which could potentially allow remote
52+
recovery of the private key exists in the SM2 algorithm implementation on
53+
64 bit ARM platforms.
54+
55+
Impact summary: A timing side-channel in SM2 signature computations on
56+
64 bit ARM platforms could allow recovering the private key by an attacker.
57+
58+
The issue was reported by Stanislav Fort (Aisle Research).
59+
60+
([CVE-2025-9231])
61+
62+
*Stanislav Fort and Tomáš Mráz*
63+
64+
* Fix Out-of-bounds read in HTTP client no_proxy handling
65+
66+
Issue summary: An application using the OpenSSL HTTP client API functions
67+
may trigger an out-of-bounds read if the "no_proxy" environment variable is
68+
set and the host portion of the authority component of the HTTP URL is an
69+
IPv6 address.
70+
71+
Impact summary: An out-of-bounds read can trigger a crash which leads to
72+
Denial of Service for an application.
73+
74+
The issue was reported by Stanislav Fort (Aisle Research).
75+
76+
([CVE-2025-9232])
77+
78+
*Stanislav Fort*
79+
80+
* The FIPS provider no longer performs a PCT on key import for ECX keys
81+
(that was introduced in 3.5.2), following the latest update
82+
on that requirement in FIPS 140-3 IG 10.3.A additional comment 1.
83+
84+
*Eugene Syromiatnikov*
85+
86+
* Fixed the length of the ASN.1 sequence for the SM3 digests of RSA-encrypted
87+
signatures.
88+
89+
*Xiao Lou Dong Feng*
90+
91+
* Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
92+
builds, as it broke some exiting applications that relied on the previous
93+
3.x semantics, as documented in `OpenSSL_version(3)`.
94+
95+
*Richard Levitte*
96+
3197
### Changes between 3.5.2 and 3.5.3 [16 Sep 2025]
3298

3399
* Avoided a potential race condition introduced in 3.5.1, where
@@ -21284,6 +21350,9 @@ ndif
2128421350

2128521351
<!-- Links -->
2128621352

21353+
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
21354+
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
21355+
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
2128721356
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
2128821357
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2128921358
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

deps/openssl/openssl/NEWS.md

Lines changed: 35 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -23,19 +23,46 @@ OpenSSL Releases
2323
OpenSSL 3.5
2424
-----------
2525

26+
### Major changes between OpenSSL 3.5.3 and OpenSSL 3.5.4 [30 Sep 2025]
27+
28+
OpenSSL 3.5.4 is a security patch release. The most severe CVE fixed in this
29+
release is Moderate.
30+
31+
This release incorporates the following bug fixes and mitigations:
32+
33+
* Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
34+
([CVE-2025-9230])
35+
36+
* Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
37+
([CVE-2025-9231])
38+
39+
* Fix Out-of-bounds read in HTTP client no_proxy handling.
40+
([CVE-2025-9232])
41+
42+
* Reverted the synthesised `OPENSSL_VERSION_NUMBER` change for the release
43+
builds, as it broke some exiting applications that relied on the previous
44+
3.x semantics, as documented in `OpenSSL_version(3)`.
45+
2646
### Major changes between OpenSSL 3.5.2 and OpenSSL 3.5.3 [16 Sep 2025]
2747

28-
* Added FIPS 140-3 PCT on DH key generation.
48+
OpenSSL 3.5.3 is a bug fix release.
49+
50+
This release incorporates the following bug fixes and mitigations:
2951

30-
*Nikola Pajkovsky*
52+
* Added FIPS 140-3 PCT on DH key generation.
3153

3254
* Fixed the synthesised `OPENSSL_VERSION_NUMBER`.
3355

34-
*Richard Levitte*
56+
* Removed PCT on key import in the FIPS provider as it is not required by
57+
the standard.
3558

3659
### Major changes between OpenSSL 3.5.1 and OpenSSL 3.5.2 [5 Aug 2025]
3760

38-
* none
61+
OpenSSL 3.5.2 is a bug fix release.
62+
63+
This release incorporates the following bug fixes and mitigations:
64+
65+
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
3966

4067
### Major changes between OpenSSL 3.5.0 and OpenSSL 3.5.1 [1 Jul 2025]
4168

@@ -45,7 +72,7 @@ release is Low.
4572
This release incorporates the following bug fixes and mitigations:
4673

4774
* Fix x509 application adds trusted use instead of rejected use.
48-
([CVE-2025-4575])
75+
([CVE-2025-4575])
4976

5077
### Major changes between OpenSSL 3.4 and OpenSSL 3.5.0 [8 Apr 2025]
5178

@@ -1913,6 +1940,9 @@ OpenSSL 0.9.x
19131940
* Support for various new platforms
19141941

19151942
<!-- Links -->
1943+
[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
1944+
[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
1945+
[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
19161946
[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
19171947
[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
19181948
[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143

deps/openssl/openssl/VERSION.dat

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
MAJOR=3
22
MINOR=5
3-
PATCH=3
3+
PATCH=4
44
PRE_RELEASE_TAG=
55
BUILD_METADATA=
6-
RELEASE_DATE="16 Sep 2025"
6+
RELEASE_DATE="30 Sep 2025"
77
SHLIB_VERSION=3

deps/openssl/openssl/apps/storeutl.c

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -331,14 +331,22 @@ int storeutl_main(int argc, char *argv[])
331331
static int indent_printf(int indent, BIO *bio, const char *format, ...)
332332
{
333333
va_list args;
334-
int ret;
334+
int ret, vret;
335+
336+
ret = BIO_printf(bio, "%*s", indent, "");
337+
if (ret < 0)
338+
return ret;
335339

336340
va_start(args, format);
341+
vret = BIO_vprintf(bio, format, args);
342+
va_end(args);
337343

338-
ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
344+
if (vret < 0)
345+
return vret;
346+
if (vret > INT_MAX - ret)
347+
return INT_MAX;
339348

340-
va_end(args);
341-
return ret;
349+
return ret + vret;
342350
}
343351

344352
static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,

deps/openssl/openssl/crypto/bio/bss_file.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -287,7 +287,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
287287
if (fp == NULL) {
288288
ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
289289
"calling fopen(%s, %s)",
290-
ptr, p);
290+
(const char *)ptr, p);
291291
ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB);
292292
ret = 0;
293293
break;

deps/openssl/openssl/crypto/cms/cms_pwri.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
242242
/* Check byte failure */
243243
goto err;
244244
}
245-
if (inlen < (size_t)(tmp[0] - 4)) {
245+
if (inlen < 4 + (size_t)tmp[0]) {
246246
/* Invalid length value */
247247
goto err;
248248
}

deps/openssl/openssl/crypto/ec/ecp_sm2p256.c

Lines changed: 4 additions & 99 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
2+
* Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
33
*
44
* Licensed under the Apache License 2.0 (the "License"). You may not use
55
* this file except in compliance with the License. You can obtain a copy
@@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
5656
0xffffffffffffffff, 0xffffffff00000000,
5757
0xffffffffffffffff, 0xfffffffeffffffff
5858
};
59-
ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
60-
0x53bbf40939d54123, 0x7203df6b21c6052b,
61-
0xffffffffffffffff, 0xfffffffeffffffff
62-
};
6359

6460
ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};
6561

@@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out,
177173
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p);
178174
}
179175

180-
/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */
181-
static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
182-
const BN_ULONG* in) {
183-
BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord,
184-
def_ord);
185-
}
186-
187176
/* Point double: R <- P + P */
188177
static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
189178
{
@@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator)
454443
}
455444
#endif
456445

457-
/*
458-
* Convert Jacobian coordinate point into affine coordinate (x,y)
459-
*/
460-
static int ecp_sm2p256_get_affine(const EC_GROUP *group,
461-
const EC_POINT *point,
462-
BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
463-
{
464-
ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
465-
ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
466-
ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
467-
ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
468-
ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
469-
ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
470-
ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};
471-
472-
if (EC_POINT_is_at_infinity(group, point)) {
473-
ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
474-
return 0;
475-
}
476-
477-
if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0
478-
|| ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0
479-
|| ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) {
480-
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
481-
return 0;
482-
}
483-
484-
ecp_sm2p256_mod_inverse(z_inv3, point_z);
485-
ecp_sm2p256_sqr(z_inv2, z_inv3);
486-
487-
if (x != NULL) {
488-
ecp_sm2p256_mul(x_aff, point_x, z_inv2);
489-
if (!bn_set_words(x, x_aff, P256_LIMBS))
490-
return 0;
491-
}
492-
493-
if (y != NULL) {
494-
ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2);
495-
ecp_sm2p256_mul(y_aff, point_y, z_inv3);
496-
if (!bn_set_words(y, y_aff, P256_LIMBS))
497-
return 0;
498-
}
499-
500-
return 1;
501-
}
502-
503446
/* r = sum(scalar[i]*point[i]) */
504447
static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
505448
P256_POINT *r,
@@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
689632
return 1;
690633
}
691634

692-
static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
693-
const BIGNUM *x, BN_CTX *ctx)
694-
{
695-
int ret = 0;
696-
ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
697-
ALIGN32 BN_ULONG out[P256_LIMBS] = {0};
698-
699-
if (bn_wexpand(r, P256_LIMBS) == NULL) {
700-
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
701-
goto err;
702-
}
703-
704-
if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
705-
BIGNUM *tmp;
706-
707-
if ((tmp = BN_CTX_get(ctx)) == NULL
708-
|| !BN_nnmod(tmp, x, group->order, ctx)) {
709-
ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
710-
goto err;
711-
}
712-
x = tmp;
713-
}
714-
715-
if (!ecp_sm2p256_bignum_field_elem(t, x)) {
716-
ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
717-
goto err;
718-
}
719-
720-
ecp_sm2p256_mod_ord_inverse(out, t);
721-
722-
if (!bn_set_words(r, out, P256_LIMBS))
723-
goto err;
724-
725-
ret = 1;
726-
err:
727-
return ret;
728-
}
729-
730635
const EC_METHOD *EC_GFp_sm2p256_method(void)
731636
{
732637
static const EC_METHOD ret = {
@@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
747652
ossl_ec_GFp_simple_point_copy,
748653
ossl_ec_GFp_simple_point_set_to_infinity,
749654
ossl_ec_GFp_simple_point_set_affine_coordinates,
750-
ecp_sm2p256_get_affine,
655+
ossl_ec_GFp_simple_point_get_affine_coordinates,
751656
0, 0, 0,
752657
ossl_ec_GFp_simple_add,
753658
ossl_ec_GFp_simple_dbl,
@@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
763668
ecp_sm2p256_field_mul,
764669
ecp_sm2p256_field_sqr,
765670
0 /* field_div */,
766-
0 /* field_inv */,
671+
ossl_ec_GFp_simple_field_inv,
767672
0 /* field_encode */,
768673
0 /* field_decode */,
769674
0 /* field_set_to_one */,
@@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
779684
ossl_ecdsa_simple_sign_setup,
780685
ossl_ecdsa_simple_sign_sig,
781686
ossl_ecdsa_simple_verify_sig,
782-
ecp_sm2p256_inv_mod_ord,
687+
0, /* use constant‑time fallback for inverse mod order */
783688
0, /* blind_coordinates */
784689
0, /* ladder_pre */
785690
0, /* ladder_step */

0 commit comments

Comments
 (0)
0