MFH: r494031 r494996

security/openssl111: Update to 1.1.1b

security/openssl111: Security update for CVE-2019-1543

Security:	e56f2f7c-410e-11e9-b95c-b499baebfeaf

Approved by:	ports-secteam (joneum)

4 files changed, 73 insertions, 5 deletions

diff --git a/security/openssl111/Makefile b/security/openssl111/Makefile
index a1c38ec4023e..8ce33ea1ffcd 100644
--- a/security/openssl111/Makefile
+++ b/security/openssl111/Makefile
@@ -2,7 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	openssl
-PORTVERSION=	1.1.1a
+PORTVERSION=	1.1.1b
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.openssl.org/source/ \
 		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
@@ -29,7 +30,6 @@ USE_PERL5=	build
 TEST_TARGET=	test
 
 LDFLAGS_i386=	-Wl,-znotext
-#LDFLAGS=	${LDFLAGS_${ARCH}}
 
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}"
 MAKE_ENV+=	LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
diff --git a/security/openssl111/distinfo b/security/openssl111/distinfo
index 7ca95cd4637a..48293b4b4bd1 100644
--- a/security/openssl111/distinfo
+++ b/security/openssl111/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1542732730
-SHA256 (openssl-1.1.1a.tar.gz) = fc20130f8b7cbd2fb918b2f14e2f429e109c31ddd0fb38fc5d71d9ffed3f9f41
-SIZE (openssl-1.1.1a.tar.gz) = 8350547
+TIMESTAMP = 1551251313
+SHA256 (openssl-1.1.1b.tar.gz) = 5c557b023230413dfb0756f3137a13e6d726838ccd1430888ad15bfb2b43ea4b
+SIZE (openssl-1.1.1b.tar.gz) = 8213737
diff --git a/security/openssl111/files/patch-CVE-2019-1543 b/security/openssl111/files/patch-CVE-2019-1543
new file mode 100644
index 000000000000..243ec34a55ad
--- /dev/null
+++ b/security/openssl111/files/patch-CVE-2019-1543
@@ -0,0 +1,66 @@
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- crypto/evp/e_chacha20_poly1305.c.orig
++++ crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+ 
+ #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+ 
++#define CHACHA20_POLY1305_MAX_IVLEN     12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                            const unsigned char user_key[CHACHA_KEY_SIZE],
+                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+         return 1;
+ 
+     case EVP_CTRL_AEAD_SET_IVLEN:
+-        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+             return 0;
+         actx->nonce_len = arg;
+         return 1;
diff --git a/security/openssl111/pkg-plist b/security/openssl111/pkg-plist
index fd4f8611b801..649c94bfc356 100644
--- a/security/openssl111/pkg-plist
+++ b/security/openssl111/pkg-plist
@@ -2011,6 +2011,8 @@ man/man1/x509.1.gz
 %%MAN3%%man/man3/OPENSSL_INIT_free.3.gz
 %%MAN3%%man/man3/OPENSSL_INIT_new.3.gz
 %%MAN3%%man/man3/OPENSSL_INIT_set_config_appname.3.gz
+%%MAN3%%man/man3/OPENSSL_INIT_set_config_file_flags.3.gz
+%%MAN3%%man/man3/OPENSSL_INIT_set_config_filename.3.gz
 %%MAN3%%man/man3/OPENSSL_LH_COMPFUNC.3.gz
 %%MAN3%%man/man3/OPENSSL_LH_DOALL_FUNC.3.gz
 %%MAN3%%man/man3/OPENSSL_LH_HASHFUNC.3.gz