OpenSSL 1.1.1o

Source commit: eef56bf8b9e83e19bdc810612506e9452d07e244

libs/openssl/CHANGES

@@ -7,6 +7,19 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
+ Changes between 1.1.1n and 1.1.1o [3 May 2022]
+
+  *) Fixed a bug in the c_rehash script which was not properly sanitising shell
+    metacharacters to prevent command injection.  This script is distributed by
+    some operating systems in a manner where it is automatically executed.  On
+    such operating systems, an attacker could execute arbitrary commands with the
+    privileges of the script.
+
+    Use of the c_rehash script is considered obsolete and should be replaced
+    by the OpenSSL rehash command line tool.
+    (CVE-2022-1292)
+    [Tomáš Mráz]
+
  Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
 
   *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever

libs/openssl/NEWS

@@ -5,10 +5,15 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
+
+      o Fixed a bug in the c_rehash script which was not properly sanitising
+        shell metacharacters to prevent command injection (CVE-2022-1292)
+
   Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
 
       o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
-        forever for non-prime moduli ([CVE-2022-0778])
+        forever for non-prime moduli (CVE-2022-0778)
 
   Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
 

libs/openssl/README

@@ -1,7 +1,7 @@
 
- OpenSSL 1.1.1n 15 Mar 2022
+ OpenSSL 1.1.1o 3 May 2022
 
- Copyright (c) 1998-2021 The OpenSSL Project
+ Copyright (c) 1998-2022 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
  All rights reserved.
 

libs/openssl/apps/apps.c

@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
         if (cb_data != NULL && cb_data->password != NULL
                 && *(const char*)cb_data->password != '\0')
             pw_min_len = 1;
+        else if (!verify)
+            pw_min_len = 0;
         prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
         if (!prompt) {
             BIO_printf(bio_err, "Out of memory\n");

libs/openssl/apps/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -590,6 +590,8 @@ int x509_main(int argc, char **argv)
         xca = load_cert(CAfile, CAformat, "CA Certificate");
         if (xca == NULL)
             goto end;
+        if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+            goto end;
     }
 
     out = bio_open_default(outfile, 'w', outformat);
@@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges
         goto end;
     }
 
-    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
-        goto end;
     if (!X509_set_serialNumber(x, bs))
         goto end;
 

libs/openssl/crypto/bn/bn_div.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
     snum->neg = num_neg;
     snum->top = div_n;
     snum->flags |= BN_FLG_FIXED_TOP;
-    if (rm != NULL)
-        bn_rshift_fixed_top(rm, snum, norm_shift);
+
+    if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
+        goto err;
+
     BN_CTX_end(ctx);
     return 1;
  err:

libs/openssl/crypto/bn/bn_exp.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
         return ret;
     }
 
+    BN_RECP_CTX_init(&recp);
+
     BN_CTX_start(ctx);
     aa = BN_CTX_get(ctx);
     val[0] = BN_CTX_get(ctx);
     if (val[0] == NULL)
         goto err;
 
-    BN_RECP_CTX_init(&recp);
     if (m->neg) {
         /* ignore sign of 'm' */
         if (!BN_copy(aa, m))

libs/openssl/crypto/ec/curve448/curve448.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2015-2016 Cryptography Research, Inc.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -577,6 +577,7 @@ static int recode_wnaf(struct smvt_control *control,
             int32_t delta = odd & mask;
 
             assert(position >= 0);
+            assert(pos < 32);       /* can't fail since current & 0xFFFF != 0 */
             if (odd & (1 << (table_bits + 1)))
                 delta -= (1 << (table_bits + 1));
             current -= delta * (1 << pos);

libs/openssl/crypto/ec/ecp_nistz256.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
  * Copyright (c) 2015, CloudFlare, Inc.
  *
@@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
         return 0;
     }
 
+    memset(&p, 0, sizeof(p));
     BN_CTX_start(ctx);
 
     if (scalar) {

libs/openssl/crypto/engine/eng_dyn.c

@@ -393,6 +393,26 @@ static int int_load(dynamic_data_ctx *ctx)
     return 0;
 }
 
+/*
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 3.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_get_base_id is exported
+ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
+ * in openssl 1.1.x.  Therefore we take the presence of that symbol
+ * as an indication that the engine will be incompatible.
+ */
+static int using_libcrypto_3(dynamic_data_ctx *ctx)
+{
+    int ret;
+
+    ERR_set_mark();
+    ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL;
+    ERR_pop_to_mark();
+
+    return ret;
+}
+
 static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 {
     ENGINE cpy;
@@ -442,18 +462,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
         /*
          * We fail if the version checker veto'd the load *or* if it is
          * deferring to us (by returning its version) and we think it is too
-         * old.
-         * Unfortunately the version checker does not distinguish between
-         * engines built for openssl 1.1.x and openssl 3.x, but loading
-         * an engine that is built for openssl 3.x will cause a fatal
-         * error.  Detect such engines, since EVP_PKEY_get_base_id is exported
-         * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
-         * in openssl 1.1.x.  Therefore we take the presence of that symbol
-         * as an indication that the engine will be incompatible.
+         * old. Also fail if this is engine for openssl 3.x.
          */
-        if (vcheck_res < OSSL_DYNAMIC_OLDEST
-                || DSO_bind_func(ctx->dynamic_dso,
-                                 "EVP_PKEY_get_base_id") != NULL) {
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) {
             /* Fail */
             ctx->bind_engine = NULL;
             ctx->v_check = NULL;

libs/openssl/crypto/err/err.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,9 @@
 #include "internal/constant_time.h"
 #include "e_os.h"
 
+#ifndef OPENSSL_NO_ERR
 static int err_load_strings(const ERR_STRING_DATA *str);
+#endif
 
 static void ERR_STATE_free(ERR_STATE *s);
 #ifndef OPENSSL_NO_ERR
@@ -76,9 +78,9 @@ static ERR_STRING_DATA ERR_str_functs[] = {
     {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
     {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
     {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
-# ifdef OPENSSL_SYS_WINDOWS
+#ifdef OPENSSL_SYS_WINDOWS
     {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
-# endif
+#endif
     {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
     {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
     {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
@@ -141,21 +143,26 @@ static int set_err_thread_local;
 static CRYPTO_THREAD_LOCAL err_thread_local;
 
 static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
-static CRYPTO_RWLOCK *err_string_lock;
+static CRYPTO_RWLOCK *err_string_lock = NULL;
 
+#ifndef OPENSSL_NO_ERR
 static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+#endif
 
 /*
  * The internal state
  */
 
+#ifndef OPENSSL_NO_ERR
 static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+#endif
 static int int_err_library_number = ERR_LIB_USER;
 
 static unsigned long get_error_values(int inc, int top, const char **file,
                                       int *line, const char **data,
                                       int *flags);
 
+#ifndef OPENSSL_NO_ERR
 static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
 {
     unsigned long ret, l;
@@ -184,7 +191,6 @@ static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
     return p;
 }
 
-#ifndef OPENSSL_NO_ERR
 /* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
 # define SPACE_SYS_STR_REASONS 8 * 1024
 # define NUM_SYS_STR_REASONS 127
@@ -299,6 +305,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
     err_string_lock = CRYPTO_THREAD_lock_new();
     if (err_string_lock == NULL)
         return 0;
+#ifndef OPENSSL_NO_ERR
     int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
                                             err_string_data_cmp);
     if (int_error_hash == NULL) {
@@ -306,6 +313,7 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
         err_string_lock = NULL;
         return 0;
     }
+#endif
     return 1;
 }
 
@@ -315,10 +323,13 @@ void err_cleanup(void)
         CRYPTO_THREAD_cleanup_local(&err_thread_local);
     CRYPTO_THREAD_lock_free(err_string_lock);
     err_string_lock = NULL;
+#ifndef OPENSSL_NO_ERR
     lh_ERR_STRING_DATA_free(int_error_hash);
     int_error_hash = NULL;
+#endif
 }
 
+#ifndef OPENSSL_NO_ERR
 /*
  * Legacy; pack in the library.
  */
@@ -342,6 +353,7 @@ static int err_load_strings(const ERR_STRING_DATA *str)
     CRYPTO_THREAD_unlock(err_string_lock);
     return 1;
 }
+#endif
 
 int ERR_load_ERR_strings(void)
 {
@@ -360,24 +372,31 @@ int ERR_load_ERR_strings(void)
 
 int ERR_load_strings(int lib, ERR_STRING_DATA *str)
 {
+#ifndef OPENSSL_NO_ERR
     if (ERR_load_ERR_strings() == 0)
         return 0;
 
     err_patch(lib, str);
     err_load_strings(str);
+#endif
+
     return 1;
 }
 
 int ERR_load_strings_const(const ERR_STRING_DATA *str)
 {
+#ifndef OPENSSL_NO_ERR
     if (ERR_load_ERR_strings() == 0)
         return 0;
     err_load_strings(str);
+#endif
+
     return 1;
 }
 
 int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
 {
+#ifndef OPENSSL_NO_ERR
     if (!RUN_ONCE(&err_string_init, do_err_strings_init))
         return 0;
 
@@ -389,14 +408,14 @@ int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
     for (; str->error; str++)
         (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
     CRYPTO_THREAD_unlock(err_string_lock);
+#endif
 
     return 1;
 }
 
 void err_free_strings_int(void)
 {
-    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
-        return;
+    /* obsolete */
 }
 
 /********************************************************/
@@ -636,6 +655,7 @@ char *ERR_error_string(unsigned long e, char *ret)
 
 const char *ERR_lib_error_string(unsigned long e)
 {
+#ifndef OPENSSL_NO_ERR
     ERR_STRING_DATA d, *p;
     unsigned long l;
 
@@ -647,10 +667,14 @@ const char *ERR_lib_error_string(unsigned long e)
     d.error = ERR_PACK(l, 0, 0);
     p = int_err_get_item(&d);
     return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
 }
 
 const char *ERR_func_error_string(unsigned long e)
 {
+#ifndef OPENSSL_NO_ERR
     ERR_STRING_DATA d, *p;
     unsigned long l, f;
 
@@ -663,10 +687,14 @@ const char *ERR_func_error_string(unsigned long e)
     d.error = ERR_PACK(l, f, 0);
     p = int_err_get_item(&d);
     return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
 }
 
 const char *ERR_reason_error_string(unsigned long e)
 {
+#ifndef OPENSSL_NO_ERR
     ERR_STRING_DATA d, *p = NULL;
     unsigned long l, r;
 
@@ -683,6 +711,9 @@ const char *ERR_reason_error_string(unsigned long e)
         p = int_err_get_item(&d);
     }
     return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
 }
 
 void err_delete_thread_state(void)

libs/openssl/crypto/evp/evp_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 # define PTRDIFF_T size_t
 #endif
 
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len)
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
 {
     PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
     /*
@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
                                     unsigned char *out, int *outl,
                                     const unsigned char *in, int inl)
 {
-    int i, j, bl, cmpl = inl;
+    int i, j, bl;
+    size_t cmpl = (size_t)inl;
 
     if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
         cmpl = (cmpl + 7) / 8;
@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                       const unsigned char *in, int inl)
 {
-    int fix_len, cmpl = inl;
+    int fix_len;
     unsigned int b;
+    size_t cmpl = (size_t)inl;
 
     /* Prevent accidental use of encryption context when decrypting */
     if (ctx->encrypt) {

libs/openssl/crypto/evp/evp_local.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st {
 typedef struct evp_pbe_st EVP_PBE_CTL;
 DEFINE_STACK_OF(EVP_PBE_CTL)
 
-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len);
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len);

libs/openssl/crypto/init.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -211,7 +211,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
 }
 
 static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
-static int load_crypto_strings_inited = 0;
+
 DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
 {
     int ret = 1;
@@ -225,7 +225,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
                     "err_load_crypto_strings_int()\n");
 # endif
     ret = err_load_crypto_strings_int();
-    load_crypto_strings_inited = 1;
 #endif
     return ret;
 }
@@ -549,14 +548,6 @@ void OPENSSL_cleanup(void)
         async_deinit();
     }
 
-    if (load_crypto_strings_inited) {
-#ifdef OPENSSL_INIT_DEBUG
-        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
-                        "err_free_strings_int()\n");
-#endif
-        err_free_strings_int();
-    }
-
     key = destructor_key.value;
     destructor_key.sane = -1;
     CRYPTO_THREAD_cleanup_local(&key);

libs/openssl/crypto/s390x_arch.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,6 +47,9 @@ struct OPENSSL_s390xcap_st {
     unsigned long long kma[2];
 };
 
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
 extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
 
 /* convert facility bit number or function code to bit mask */

libs/openssl/crypto/s390xcap.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2010-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,6 +26,9 @@ void OPENSSL_vx_probe(void);
 
 struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
 
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
 void OPENSSL_cpuid_setup(void)
 {
     sigset_t oset;

libs/openssl/doc/fingerprints.txt

@@ -22,3 +22,13 @@ pub   2048R/0E604491 2013-04-30
       Key fingerprint = 8657 ABB2 60F0 56B1 E519 0839 D9C4 D26D 0E60 4491
 uid                  Matt Caswell <[email protected]>
 uid                  Matt Caswell <[email protected]>
+
+pub   rsa4096 2021-02-14
+      B7C1 C143 60F3 53A3 6862  E4D5 231C 84CD DCC6 9C45
+uid                  Paul Dale <[email protected]>
+
+pub   rsa4096 2021-07-16
+      A21F AB74 B008 8AA3 6115  2586 B8EF 1A6B A9DA 2D5C
+uid                  Tomáš Mráz <[email protected]>
+uid                  Tomáš Mráz <[email protected]>
+uid                  Tomáš Mráz <[email protected]>

libs/openssl/doc/man3/SSL_CTX_set_timeout.pod

@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
 All currently supported protocols have the same default timeout value
 of 300 seconds.
 
+This timeout value is used as the ticket lifetime hint for stateless session
+tickets. It is also used as the timeout value within the ticket itself.
+
+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
+seconds).
+
+For TLSv1.2, tickets generated during an initial handshake use the value
+as specified. Tickets generated during a resumed handshake have a value
+of 0 for the ticket lifetime hint.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_timeout() returns the previously set timeout value.
@@ -58,7 +68,7 @@ L<SSL_get_default_timeout(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/include/openssl/opensslv.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x101010efL
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1n  15 Mar 2022"
+# define OPENSSL_VERSION_NUMBER  0x101010ffL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1o  3 May 2022"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)

libs/openssl/ssl/s3_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }

libs/openssl/ssl/ssl_init.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -116,7 +116,7 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
 }
 
 static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
-static int ssl_strings_inited = 0;
+
 DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
 {
     /*
@@ -129,7 +129,6 @@ DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
             "ERR_load_SSL_strings()\n");
 # endif
     ERR_load_SSL_strings();
-    ssl_strings_inited = 1;
 #endif
     return 1;
 }
@@ -157,20 +156,6 @@ static void ssl_library_stop(void)
         ssl_comp_free_compression_methods_int();
 #endif
     }
-
-    if (ssl_strings_inited) {
-#ifdef OPENSSL_INIT_DEBUG
-        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
-                "err_free_strings_int()\n");
-#endif
-        /*
-         * If both crypto and ssl error strings are inited we will end up
-         * calling err_free_strings_int() twice - but that's ok. The second
-         * time will be a no-op. It's easier to do that than to try and track
-         * between the two libraries whether they have both been inited.
-         */
-        err_free_strings_int();
-    }
 }
 
 /*

libs/openssl/ssl/ssl_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -2084,6 +2084,7 @@ int SSL_shutdown(SSL *s)
         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
             struct ssl_async_args args;
 
+            memset(&args, 0, sizeof(args));
             args.s = s;
             args.type = OTHERFUNC;
             args.f.func_other = s->method->ssl_shutdown;
@@ -3709,6 +3710,7 @@ int SSL_do_handshake(SSL *s)
         if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
             struct ssl_async_args args;
 
+            memset(&args, 0, sizeof(args));
             args.s = s;
 
             ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);

libs/openssl/ssl/ssl_txt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -130,11 +130,11 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
     }
 #endif
     if (x->time != 0L) {
-        if (BIO_printf(bp, "\n    Start Time: %ld", x->time) <= 0)
+        if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
             goto err;
     }
     if (x->timeout != 0L) {
-        if (BIO_printf(bp, "\n    Timeout   : %ld (sec)", x->timeout) <= 0)
+        if (BIO_printf(bp, "\n    Timeout   : %lld (sec)", (long long)x->timeout) <= 0)
             goto err;
     }
     if (BIO_puts(bp, "\n") <= 0)

libs/openssl/ssl/statem/statem_clnt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -1422,6 +1422,11 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
             && sversion == TLS1_2_VERSION
             && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
             && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+        if (s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
         s->hello_retry_request = SSL_HRR_PENDING;
         hrr = 1;
         if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {

libs/openssl/ssl/statem/statem_dtls.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -218,8 +218,8 @@ int dtls1_do_write(SSL *s, int type)
         else
             len = s->init_num;
 
-        if (len > s->max_send_fragment)
-            len = s->max_send_fragment;
+        if (len > ssl_get_max_send_fragment(s))
+            len = ssl_get_max_send_fragment(s);
 
         /*
          * XDTLS: this function is too long.  split out the CCS part
@@ -241,7 +241,7 @@ int dtls1_do_write(SSL *s, int type)
 
         ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
                                 &written);
-        if (ret < 0) {
+        if (ret <= 0) {
             /*
              * might need to update MTU here, but we don't know which
              * previous packet caused the failure -- so can't really

libs/openssl/ssl/statem/statem_srvr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
 static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
                                  unsigned char *tick_nonce)
 {
+    uint32_t timeout = (uint32_t)s->session->timeout;
+
     /*
-     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
-     * unspecified for resumed session (for simplicity).
+     * Ticket lifetime hint:
      * In TLSv1.3 we reset the "time" field above, and always specify the
-     * timeout.
+     * timeout, limited to a 1 week period per RFC8446.
+     * For TLSv1.2 this is advisory only and we leave this unspecified for
+     * resumed session (for simplicity).
      */
-    if (!WPACKET_put_bytes_u32(pkt,
-                               (s->hit && !SSL_IS_TLS13(s))
-                               ? 0 : s->session->timeout)) {
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+
+    if (SSL_IS_TLS13(s)) {
+        if (s->session->timeout > ONE_WEEK_SEC)
+            timeout = ONE_WEEK_SEC;
+    } else if (s->hit)
+        timeout = 0;
+
+    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
                  ERR_R_INTERNAL_ERROR);
         return 0;

libs/openssl/ssl/t1_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
@@ -672,6 +672,8 @@ int tls1_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }

libs/openssl/test/dtls_mtu_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -185,12 +185,58 @@ static int run_mtu_tests(void)
 
  end:
     SSL_CTX_free(ctx);
-    bio_s_mempacket_test_free();
     return ret;
 }
 
+static int test_server_mtu_larger_than_max_fragment_length(void)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *srvr_ssl = NULL, *clnt_ssl = NULL;
+    int rv = 0;
+
+    if (!TEST_ptr(ctx = SSL_CTX_new(DTLS_method())))
+        goto end;
+
+    SSL_CTX_set_psk_server_callback(ctx, srvr_psk_callback);
+    SSL_CTX_set_psk_client_callback(ctx, clnt_psk_callback);
+
+#ifndef OPENSSL_NO_DH
+    if (!TEST_true(SSL_CTX_set_dh_auto(ctx, 1)))
+        goto end;
+#endif
+
+    if (!TEST_true(create_ssl_objects(ctx, ctx, &srvr_ssl, &clnt_ssl,
+                                      NULL, NULL)))
+        goto end;
+
+    SSL_set_options(srvr_ssl, SSL_OP_NO_QUERY_MTU);
+    if (!TEST_true(DTLS_set_link_mtu(srvr_ssl, 1500)))
+        goto end;
+
+    SSL_set_tlsext_max_fragment_length(clnt_ssl,
+                                       TLSEXT_max_fragment_length_512);
+
+    if (!TEST_true(create_ssl_connection(srvr_ssl, clnt_ssl,
+                                         SSL_ERROR_NONE)))
+        goto end;
+
+    rv = 1;
+
+ end:
+    SSL_free(clnt_ssl);
+    SSL_free(srvr_ssl);
+    SSL_CTX_free(ctx);
+    return rv;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(run_mtu_tests);
+    ADD_TEST(test_server_mtu_larger_than_max_fragment_length);
     return 1;
 }
+
+void cleanup_tests(void)
+{
+    bio_s_mempacket_test_free();
+}

libs/openssl/test/recipes/70-test_tls13hrr.t

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -37,7 +37,8 @@ my $proxy = TLSProxy::Proxy->new(
 
 use constant {
     CHANGE_HRR_CIPHERSUITE => 0,
-    CHANGE_CH1_CIPHERSUITE => 1
+    CHANGE_CH1_CIPHERSUITE => 1,
+    DUPLICATE_HRR => 2
 };
 
 #Test 1: A client should fail if the server changes the ciphersuite between the
@@ -46,7 +47,7 @@ $proxy->filter(\&hrr_filter);
 $proxy->serverflags("-curves P-256");
 my $testtype = CHANGE_HRR_CIPHERSUITE;
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 2;
+plan tests => 3;
 ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
 
 #Test 2: It is an error if the client changes the offered ciphersuites so that
@@ -58,6 +59,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE;
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Client ciphersuite changes");
 
+#Test 3: A client should fail with unexpected_message alert if the server
+#        sends more than 1 HRR
+my $fatal_alert = 0;
+$proxy->clear();
+if (disabled("ec")) {
+    $proxy->serverflags("-curves ffdhe3072");
+} else {
+    $proxy->serverflags("-curves P-256");
+}
+$testtype = DUPLICATE_HRR;
+$proxy->start();
+ok($fatal_alert, "Server duplicated HRR");
+
 sub hrr_filter
 {
     my $proxy = shift;
@@ -78,6 +92,39 @@ sub hrr_filter
         return;
     }
 
+    if ($testtype == DUPLICATE_HRR) {
+        # We're only interested in the HRR
+        # and the unexpected_message alert from client
+        if ($proxy->flight == 4) {
+            $fatal_alert = 1
+                if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10;
+            return;
+        }
+        if ($proxy->flight != 3) {
+            return;
+        }
+
+        # Find ServerHello record (HRR actually) and insert after that
+        my $i;
+        for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+            next;
+        }
+        my $hrr_record = ${$proxy->record_list}[$i];
+        my $dup_hrr = TLSProxy::Record->new(3,
+            $hrr_record->content_type(),
+            $hrr_record->version(),
+            $hrr_record->len(),
+            $hrr_record->sslv2(),
+            $hrr_record->len_real(),
+            $hrr_record->decrypt_len(),
+            $hrr_record->data(),
+            $hrr_record->decrypt_data());
+
+        $i++;
+        splice @{$proxy->record_list}, $i, 0, $dup_hrr;
+        return;
+    }
+
     # CHANGE_CH1_CIPHERSUITE
     if ($proxy->flight != 0) {
         return;

libs/openssl/test/recipes/95-test_external_pyca_data/cryptography.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
@@ -12,6 +12,7 @@
 # OpenSSL external testing using the Python Cryptography module
 #
 set -e
+set -x
 
 O_EXE=`pwd`/$BLDTOP/apps
 O_BINC=`pwd`/$BLDTOP/include
@@ -35,30 +36,29 @@ echo "------------------------------------------------------------------"
 cd $SRCTOP
 
 # Create a python virtual env and activate
-rm -rf venv-pycrypto
-virtualenv venv-pycrypto
-. ./venv-pycrypto/bin/activate
+rm -rf venv-cryptography
+python -m venv venv-cryptography
+. ./venv-cryptography/bin/activate
 
 cd pyca-cryptography
 
 pip install .[test]
+pip install -e vectors
 
 echo "------------------------------------------------------------------"
 echo "Building cryptography"
 echo "------------------------------------------------------------------"
-python ./setup.py clean
-
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py build
+CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install .
 
 echo "------------------------------------------------------------------"
 echo "Running tests"
 echo "------------------------------------------------------------------"
 
-CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" python ./setup.py test
+CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof
 
 cd ../
 deactivate
-rm -rf venv-pycrypto
+rm -rf venv-cryptography
 
 exit 0
 

libs/openssl/test/ssl-tests/10-resumption.conf

@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 65
+num_tests = 68
 
 test-0 = 0-resumption
 test-1 = 1-resumption
@@ -67,6 +67,9 @@ test-61 = 61-resumption
 test-62 = 62-resumption
 test-63 = 63-resumption
 test-64 = 64-resumption-with-hrr
+test-65 = 65-resumption-when-mfl-ext-is-missing
+test-66 = 66-resumption-when-mfl-ext-is-different
+test-67 = 67-resumption-when-mfl-ext-is-correct
 # ===========================================================
 
 [0-resumption]
@@ -2437,3 +2440,119 @@ Method = TLS
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[65-resumption-when-mfl-ext-is-missing]
+ssl_conf = 65-resumption-when-mfl-ext-is-missing-ssl
+
+[65-resumption-when-mfl-ext-is-missing-ssl]
+server = 65-resumption-when-mfl-ext-is-missing-server
+client = 65-resumption-when-mfl-ext-is-missing-client
+resume-server = 65-resumption-when-mfl-ext-is-missing-server
+resume-client = 65-resumption-when-mfl-ext-is-missing-resume-client
+
+[65-resumption-when-mfl-ext-is-missing-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[65-resumption-when-mfl-ext-is-missing-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[65-resumption-when-mfl-ext-is-missing-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-65]
+ExpectedResult = ServerFail
+HandshakeMode = Resume
+ResumptionExpected = No
+client = 65-resumption-when-mfl-ext-is-missing-client-extra
+
+[65-resumption-when-mfl-ext-is-missing-client-extra]
+MaxFragmentLenExt = 512
+
+
+# ===========================================================
+
+[66-resumption-when-mfl-ext-is-different]
+ssl_conf = 66-resumption-when-mfl-ext-is-different-ssl
+
+[66-resumption-when-mfl-ext-is-different-ssl]
+server = 66-resumption-when-mfl-ext-is-different-server
+client = 66-resumption-when-mfl-ext-is-different-client
+resume-server = 66-resumption-when-mfl-ext-is-different-server
+resume-client = 66-resumption-when-mfl-ext-is-different-resume-client
+
+[66-resumption-when-mfl-ext-is-different-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[66-resumption-when-mfl-ext-is-different-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[66-resumption-when-mfl-ext-is-different-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-66]
+ExpectedResult = ServerFail
+HandshakeMode = Resume
+ResumptionExpected = No
+client = 66-resumption-when-mfl-ext-is-different-client-extra
+resume-client = 66-resumption-when-mfl-ext-is-different-resume-client-extra
+
+[66-resumption-when-mfl-ext-is-different-client-extra]
+MaxFragmentLenExt = 512
+
+[66-resumption-when-mfl-ext-is-different-resume-client-extra]
+MaxFragmentLenExt = 1024
+
+
+# ===========================================================
+
+[67-resumption-when-mfl-ext-is-correct]
+ssl_conf = 67-resumption-when-mfl-ext-is-correct-ssl
+
+[67-resumption-when-mfl-ext-is-correct-ssl]
+server = 67-resumption-when-mfl-ext-is-correct-server
+client = 67-resumption-when-mfl-ext-is-correct-client
+resume-server = 67-resumption-when-mfl-ext-is-correct-server
+resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client
+
+[67-resumption-when-mfl-ext-is-correct-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[67-resumption-when-mfl-ext-is-correct-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[67-resumption-when-mfl-ext-is-correct-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-67]
+ExpectedResult = Success
+HandshakeMode = Resume
+ResumptionExpected = Yes
+client = 67-resumption-when-mfl-ext-is-correct-client-extra
+resume-client = 67-resumption-when-mfl-ext-is-correct-resume-client-extra
+
+[67-resumption-when-mfl-ext-is-correct-client-extra]
+MaxFragmentLenExt = 512
+
+[67-resumption-when-mfl-ext-is-correct-resume-client-extra]
+MaxFragmentLenExt = 512
+
+

libs/openssl/test/ssl-tests/11-dtls_resumption.conf

@@ -1,6 +1,6 @@
 # Generated with generate_ssl_tests.pl
 
-num_tests = 16
+num_tests = 19
 
 test-0 = 0-resumption
 test-1 = 1-resumption
@@ -18,6 +18,9 @@ test-12 = 12-resumption
 test-13 = 13-resumption
 test-14 = 14-resumption
 test-15 = 15-resumption
+test-16 = 16-resumption-when-mfl-ext-is-missing
+test-17 = 17-resumption-when-mfl-ext-is-different
+test-18 = 18-resumption-when-mfl-ext-is-correct
 # ===========================================================
 
 [0-resumption]
@@ -618,3 +621,122 @@ Method = DTLS
 ResumptionExpected = Yes
 
 
+# ===========================================================
+
+[16-resumption-when-mfl-ext-is-missing]
+ssl_conf = 16-resumption-when-mfl-ext-is-missing-ssl
+
+[16-resumption-when-mfl-ext-is-missing-ssl]
+server = 16-resumption-when-mfl-ext-is-missing-server
+client = 16-resumption-when-mfl-ext-is-missing-client
+resume-server = 16-resumption-when-mfl-ext-is-missing-server
+resume-client = 16-resumption-when-mfl-ext-is-missing-resume-client
+
+[16-resumption-when-mfl-ext-is-missing-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[16-resumption-when-mfl-ext-is-missing-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[16-resumption-when-mfl-ext-is-missing-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-16]
+ExpectedResult = ServerFail
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+client = 16-resumption-when-mfl-ext-is-missing-client-extra
+
+[16-resumption-when-mfl-ext-is-missing-client-extra]
+MaxFragmentLenExt = 512
+
+
+# ===========================================================
+
+[17-resumption-when-mfl-ext-is-different]
+ssl_conf = 17-resumption-when-mfl-ext-is-different-ssl
+
+[17-resumption-when-mfl-ext-is-different-ssl]
+server = 17-resumption-when-mfl-ext-is-different-server
+client = 17-resumption-when-mfl-ext-is-different-client
+resume-server = 17-resumption-when-mfl-ext-is-different-server
+resume-client = 17-resumption-when-mfl-ext-is-different-resume-client
+
+[17-resumption-when-mfl-ext-is-different-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[17-resumption-when-mfl-ext-is-different-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[17-resumption-when-mfl-ext-is-different-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-17]
+ExpectedResult = ServerFail
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = No
+client = 17-resumption-when-mfl-ext-is-different-client-extra
+resume-client = 17-resumption-when-mfl-ext-is-different-resume-client-extra
+
+[17-resumption-when-mfl-ext-is-different-client-extra]
+MaxFragmentLenExt = 512
+
+[17-resumption-when-mfl-ext-is-different-resume-client-extra]
+MaxFragmentLenExt = 1024
+
+
+# ===========================================================
+
+[18-resumption-when-mfl-ext-is-correct]
+ssl_conf = 18-resumption-when-mfl-ext-is-correct-ssl
+
+[18-resumption-when-mfl-ext-is-correct-ssl]
+server = 18-resumption-when-mfl-ext-is-correct-server
+client = 18-resumption-when-mfl-ext-is-correct-client
+resume-server = 18-resumption-when-mfl-ext-is-correct-server
+resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client
+
+[18-resumption-when-mfl-ext-is-correct-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[18-resumption-when-mfl-ext-is-correct-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[18-resumption-when-mfl-ext-is-correct-resume-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-18]
+ExpectedResult = Success
+HandshakeMode = Resume
+Method = DTLS
+ResumptionExpected = Yes
+client = 18-resumption-when-mfl-ext-is-correct-client-extra
+resume-client = 18-resumption-when-mfl-ext-is-correct-resume-client-extra
+
+[18-resumption-when-mfl-ext-is-correct-client-extra]
+MaxFragmentLenExt = 512
+
+[18-resumption-when-mfl-ext-is-correct-resume-client-extra]
+MaxFragmentLenExt = 512
+
+

libs/openssl/test/ssl-tests/protocol_version.pm

@@ -1,5 +1,5 @@
 # -*- mode: perl; -*-
-# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -265,6 +265,69 @@ sub generate_resumption_tests {
         };
     }
 
+    push @client_tests, {
+        "name" => "resumption-when-mfl-ext-is-missing",
+        "server" => {
+        },
+        "client" => {
+            "extra" => {
+                "MaxFragmentLenExt" => 512,
+            },
+        },
+        "resume_client" => {
+        },
+        "test" => {
+            "Method" => $method,
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail",
+        }
+    };
+
+    push @client_tests, {
+        "name" => "resumption-when-mfl-ext-is-different",
+        "server" => {
+        },
+        "client" => {
+            "extra" => {
+                "MaxFragmentLenExt" => 512,
+            },
+        },
+        "resume_client" => {
+            "extra" => {
+                "MaxFragmentLenExt" => 1024,
+            },
+        },
+        "test" => {
+            "Method" => $method,
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "No",
+            "ExpectedResult" => "ServerFail",
+        }
+    };
+
+    push @client_tests, {
+        "name" => "resumption-when-mfl-ext-is-correct",
+        "server" => {
+        },
+        "client" => {
+            "extra" => {
+                "MaxFragmentLenExt" => 512,
+            },
+        },
+        "resume_client" => {
+            "extra" => {
+                "MaxFragmentLenExt" => 512,
+            },
+        },
+        "test" => {
+            "Method" => $method,
+            "HandshakeMode" => "Resume",
+            "ResumptionExpected" => "Yes",
+            "ExpectedResult" => "Success",
+        }
+    };
+
     return (@server_tests, @client_tests);
 }
 

libs/openssl/test/sslapitest.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -6734,6 +6734,69 @@ end:
     SSL_CTX_free(cctx);
     return testresult;
 }
+
+/*
+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
+ * 0 = TLSv1.2
+ * 1 = TLSv1.3
+ */
+static int test_ticket_lifetime(int idx)
+{
+    SSL_CTX *cctx = NULL, *sctx = NULL;
+    SSL *clientssl = NULL, *serverssl = NULL;
+    int testresult = 0;
+    int version = TLS1_3_VERSION;
+
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
+
+    if (idx == 0) {
+#ifdef OPENSSL_NO_TLS1_2
+        TEST_info("Skipping: TLS 1.2 is disabled.");
+        return 1;
+#else
+        version = TLS1_2_VERSION;
+#endif
+    }
+
+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
+                                       TLS_client_method(), version, version,
+                                       &sctx, &cctx, cert, privkey)))
+        goto end;
+
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
+                                      &clientssl, NULL, NULL)))
+        goto end;
+
+    /*
+     * Set the timeout to be more than 1 week
+     * make sure the returned value is the default
+     */
+    if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
+                      SSL_get_default_timeout(serverssl)))
+        goto end;
+
+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
+        goto end;
+
+    if (idx == 0) {
+        /* TLSv1.2 uses the set value */
+        if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
+            goto end;
+    } else {
+        /* TLSv1.3 uses the limited value */
+        if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
+            goto end;
+    }
+    testresult = 1;
+
+end:
+    SSL_free(serverssl);
+    SSL_free(clientssl);
+    SSL_CTX_free(sctx);
+    SSL_CTX_free(cctx);
+    return testresult;
+}
 #endif
 /*
  * Test that setting an ALPN does not violate RFC
@@ -6973,6 +7036,7 @@ int setup_tests(void)
 #endif
 #ifndef OPENSSL_NO_TLS1_3
     ADD_TEST(test_sni_tls13);
+    ADD_ALL_TESTS(test_ticket_lifetime, 2);
 #endif
     ADD_TEST(test_set_alpn);
     ADD_TEST(test_inherit_verify_param);

libs/openssl/tools/c_rehash.in

@@ -1,7 +1,7 @@
 #!{- $config{HASHBANGPERL} -}
 
 # {- join("\n# ", @autowarntext) -}
-# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -152,6 +152,23 @@ sub check_file {
 	return ($is_cert, $is_crl);
 }
 
+sub compute_hash {
+    my $fh;
+    if ( $^O eq "VMS" ) {
+        # VMS uses the open through shell
+        # The file names are safe there and list form is unsupported
+        if (!open($fh, "-|", join(' ', @_))) {
+            print STDERR "Cannot compute hash on '$fname'\n";
+            return;
+        }
+    } else {
+        if (!open($fh, "-|", @_)) {
+            print STDERR "Cannot compute hash on '$fname'\n";
+            return;
+        }
+    }
+    return (<$fh>, <$fh>);
+}
 
 # Link a certificate to its subject name hash value, each hash is of
 # the form <hash>.<n> where n is an integer. If the hash value already exists
@@ -161,10 +178,12 @@ sub check_file {
 
 sub link_hash_cert {
 		my $fname = $_[0];
-		$fname =~ s/\"/\\\"/g;
-		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
+						   "-fingerprint", "-noout",
+						   "-in", $fname);
 		chomp $hash;
 		chomp $fprint;
+		return if !$hash;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;
@@ -202,10 +221,12 @@ sub link_hash_cert {
 
 sub link_hash_crl {
 		my $fname = $_[0];
-		$fname =~ s/'/'\\''/g;
-		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+						   "-fingerprint", "-noout",
+						   "-in", $fname);
 		chomp $hash;
 		chomp $fprint;
+		return if !$hash;
 		$fprint =~ s/^.*=//;
 		$fprint =~ tr/://d;
 		my $suffix = 0;