mirror/openwrt
1
0
Fork 1
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2025-12-10 08:44:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

openssl: Update to version 3.0.18
Some checks failed
Build all core packages / Build all core packages for selected target (push) Has been cancelled
Details

Browse source 
OpenSSL 3.0.18 is a security patch release. The most severe CVE fixed in this
release is Moderate.

This release incorporates the following bug fixes and mitigations:

 * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap. (CVE-2025-9230)

 * Fix Out-of-bounds read in HTTP client no_proxy handling. (CVE-2025-9232)

The removed patch is included upstream:
c0d968f0ac

Link: https://github.com/openwrt/openwrt/pull/20312
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6e068b7052)
This commit is contained in:
Hauke Mehrtens 2025-10-05 19:43:22 +02:00 committed by Martin Schiller
parent a25c76d8c7
commit b6d7048c8b
2 changed files with 3 additions and 130 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
package/libs/openssl/Makefile
View file

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=openssl PKG_NAME:=openssl
PKG_VERSION:=3.0.17 PKG_VERSION:=3.0.18
PKG_RELEASE:=3 PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
PKG_BUILD_PARALLEL:=1 PKG_BUILD_PARALLEL:=1
@ -21,7 +21,7 @@ PKG_SOURCE_URL:= \
https://www.openssl.org/source/old/$(PKG_BASE)/ \ https://www.openssl.org/source/old/$(PKG_BASE)/ \
https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/ https://github.com/openssl/openssl/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
PKG_HASH:=dfdd77e4ea1b57ff3a6dbde6b0bdc3f31db5ac99e7fdd4eaf9e1fbb6ec2db8ce PKG_HASH:=d80c34f5cf902dccf1f1b5df5ebb86d0392e37049e5d73df1b3abae72e4ffe8b
PKG_LICENSE:=Apache-2.0 PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE.txt PKG_LICENSE_FILES:=LICENSE.txt

127
package/libs/openssl/patches/0001-Don-t-keep-the-store-open-in-by_store_ctrl_ex.patch
View file

@ -1,127 +0,0 @@
From c0d968f0ac56ad507ab0101e537e7d530e9f0448 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 7 Aug 2025 17:50:17 +0100
Subject: [PATCH] Don't keep the store open in by_store_ctrl_ex
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Previously #27529 made a change to `by_store_ctrl_ex` in order to open
the OSSL_STORE early. The reason given in that PR is:
"This way, we can call OSSL_STORE_open_ex() in by_store_ctrl_ex(), and
get to see possible errors when the URI is loaded"
That PR then kept the store open until cache_objects is called and then
reused it. Unfortunately by the time cache_objects() is called we could be
in a multi-threaded scenario where the X509_STORE is being shared by
multiple threads. We then get a race condition where multiple threads are
all using (and ultimately closing) the same `OSSL_STORE_CTX`.
The purpose of keeping the `OSSL_STORE` object between by_store_ctrl_ex()
and `cache_objects` is presumably an optimisation to avoid having to open
the store twice. But this does not work because of the above issue.
We just take the hit and open it again.
Fixes #28171
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28385)
---
crypto/x509/by_store.c | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
--- a/crypto/x509/by_store.c
+++ b/crypto/x509/by_store.c
@@ -17,7 +17,6 @@ typedef struct cached_store_st {
char *uri;
OSSL_LIB_CTX *libctx;
char *propq;
- OSSL_STORE_CTX *ctx;
} CACHED_STORE;
DEFINE_STACK_OF(CACHED_STORE)
@@ -27,14 +26,12 @@ static int cache_objects(X509_LOOKUP *lc
const OSSL_STORE_SEARCH *criterion, int depth)
{
int ok = 0;
- OSSL_STORE_CTX *ctx = store->ctx;
+ OSSL_STORE_CTX *ctx;
X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
- if (ctx == NULL
- && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
- NULL, NULL, NULL, NULL, NULL)) == NULL)
+ if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+ NULL, NULL, NULL, NULL, NULL)) == NULL)
return 0;
- store->ctx = ctx;
/*
* We try to set the criterion, but don't care if it was valid or not.
@@ -79,7 +76,6 @@ static int cache_objects(X509_LOOKUP *lc
substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
substore.libctx = store->libctx;
substore.propq = store->propq;
- substore.ctx = NULL;
ok = cache_objects(lctx, &substore, criterion, depth - 1);
}
} else {
@@ -105,7 +101,6 @@ static int cache_objects(X509_LOOKUP *lc
break;
}
OSSL_STORE_close(ctx);
- store->ctx = NULL;
return ok;
}
@@ -114,7 +109,6 @@ static int cache_objects(X509_LOOKUP *lc
static void free_store(CACHED_STORE *store)
{
if (store != NULL) {
- OSSL_STORE_close(store->ctx);
OPENSSL_free(store->uri);
OPENSSL_free(store->propq);
OPENSSL_free(store);
@@ -148,6 +142,7 @@ static int by_store_ctrl_ex(X509_LOOKUP
{
STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
+ OSSL_STORE_CTX *sctx;
if (store == NULL) {
return 0;
@@ -157,14 +152,20 @@ static int by_store_ctrl_ex(X509_LOOKUP
store->libctx = libctx;
if (propq != NULL)
store->propq = OPENSSL_strdup(propq);
- store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
- NULL, NULL, NULL);
- if (store->ctx == NULL
+ /*
+ * We open this to check for errors now - so we can report those
+ * errors early.
+ */
+ sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+ NULL, NULL, NULL);
+ if (sctx == NULL
|| (propq != NULL && store->propq == NULL)
|| store->uri == NULL) {
+ OSSL_STORE_close(sctx);
free_store(store);
return use_default;
}
+ OSSL_STORE_close(sctx);
if (stores == NULL) {
stores = sk_CACHED_STORE_new_null();
@@ -184,7 +185,6 @@ static int by_store_ctrl_ex(X509_LOOKUP
store.uri = (char *)argp;
store.libctx = libctx;
store.propq = (char *)propq;
- store.ctx = NULL;
return cache_objects(ctx, &store, NULL, 0);
}
default: