Skip to content

openssl_3_4: init at 3.4.1; openssl_3_3: remove; openssl_3: 3.0.15 -> 3.0.16 #372733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 11, 2025
Merged

openssl_3_4: init at 3.4.1; openssl_3_3: remove; openssl_3: 3.0.15 -> 3.0.16 #372733

merged 3 commits into from
Feb 11, 2025

Conversation

thillux
Copy link
Contributor

@thillux thillux commented Jan 10, 2025
edited
Loading

Updates OpenSSL 3.x latest to 3.4.1

Release notes:
https://github.com/openssl/openssl/blob/openssl-3.4.0/NEWS.md#openssl-34

Security Fixes in 3.4.1:

  • Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. ([CVE-2024-12797])
  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)

Security Fixes in 3.0.16:

  • Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
  • Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

Some significant changes for 3.4.x:

  • Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement TS_VERIFY_CTX_set0_* functions with improved semantics
  • SHAKE-128 and SHAKE-256 implementations have no default digest length anymore. That means these algorithms cannot be used with EVP_DigestFinal/_ex() unless the xoflen param is set before.
  • An empty renegotiate extension will be used in TLS client hellos instead of the empty renegotiation SCSV, for all connections with a minimum TLS version > 1.0.
  • Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and SSL_CTX_flush_sessions() functions in favor of their respective _ex functions which are Y2038-safe on platforms with Y2038-safe time_t

Some new features:

  • Support for directly fetched composite signature algorithms such as RSA-SHA2-256 including new API functions
  • New options -not_before and -not_after for explicit setting start and end dates of certificates created with the req and x509 apps
  • Support for attribute certificates
  • Support for pkeyutl in combination with key encapsulation (e.q. PQC-KEMs): -encap/-decap

Things done

  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
    • sandbox = relaxed
    • sandbox = true
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 25.05 Release Notes (or backporting 24.11 and 25.05 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
  • Fits CONTRIBUTING.md.

Add a 👍 reaction to pull requests you find important.

@thillux thillux marked this pull request as ready for review January 10, 2025 19:54
@thillux thillux mentioned this pull request Jan 10, 2025
Open
13 tasks
@thillux thillux requested a review from mweinelt January 18, 2025 09:56
@siriobalmelli
Copy link
Contributor

Would it be possible to integrate this upstream fix in this PR? openssl/openssl#26469

Currently, openssl is subtly broken on some aarch64-linux like Graviton

@mweinelt
Copy link
Member

mweinelt commented Feb 6, 2025

This patch will be part of the upcoming 3.4.1 release.

@thillux
Copy link
Contributor Author

thillux commented Feb 6, 2025
edited
Loading

@siriobalmelli We probably update this PR to 3.4.1 when released. And do not merge before. I'll mark it as draft accordingly until then. 3.4.1 will only hit unstable/master I guess.

When 3.3.3 is released, it will also be updated for 24.11.

@thillux thillux marked this pull request as draft February 6, 2025 19:09
@thillux thillux changed the title openssl_3_4: init at 3.4.0; openssl_3_3: remove openssl_3_4: init at 3.4.; openssl_3_3: remove Feb 11, 2025
@thillux thillux changed the title openssl_3_4: init at 3.4.; openssl_3_3: remove openssl_3_4: init at 3.4.1; openssl_3_3: remove Feb 11, 2025
@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 11, 2025
@thillux thillux force-pushed the mtheil/openssl_3_4 branch 2 times, most recently from 16e6081 to 9ff84bb Compare February 11, 2025 14:47
@thillux
openssl_3_4: init at 3.4.1; openssl_3_3: remove
c05c515 
Updates OpenSSL 3.x latest to 3.4.1

Security Fixes in 3.4.1:
* Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected. ([CVE-2024-12797])
* Fixed timing side-channel in ECDSA signature computation. ([CVE-2024-13176](https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176))

Release notes:
https://github.com/openssl/openssl/blob/openssl-3.4.0/NEWS.md#openssl-34

Some significant changes:
* Deprecation of TS_VERIFY_CTX_set_* functions and addition of replacement TS_VERIFY_CTX_set0_*
  functions with improved semantics
* SHAKE-128 and SHAKE-256 implementations have no default digest length anymore.
  That means these algorithms cannot be used with EVP_DigestFinal/_ex() unless the xoflen param is set before.
* An empty renegotiate extension will be used in TLS client hellos instead of the empty renegotiation SCSV, for
  all connections with a minimum TLS version > 1.0.
* Deprecation of SSL_SESSION_get_time(), SSL_SESSION_set_time() and SSL_CTX_flush_sessions() functions in favor
  of their respective _ex functions which are Y2038-safe on platforms with Y2038-safe time_t

Some new features:
* Support for directly fetched composite signature algorithms such as RSA-SHA2-256 including new API functions
* New options -not_before and -not_after for explicit setting start and end dates of certificates created with
  the req and x509 apps
* Support for attribute certificates
* Support for pkeyutl in combination with key encapsulation (e.q.
  PQC-KEMs): -encap/-decap

Signed-off-by: Markus Theil <theil.markus@gmail.com>
@thillux
quictls: fix openssl patch paths for 3.4
7a64edd 
Fix paths related to OpenSSL 3.4.x patches.

Signed-off-by: Markus Theil <theil.markus@gmail.com>
@ofborg ofborg bot removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Feb 11, 2025
@thillux thillux marked this pull request as ready for review February 11, 2025 14:50
@thillux thillux changed the title openssl_3_4: init at 3.4.1; openssl_3_3: remove openssl_3_4: init at 3.4.1; openssl_3_3: remove; openssl_3: 3.0.15 -> 3.0.16 Feb 11, 2025
@thillux thillux marked this pull request as draft February 11, 2025 14:55
@thillux
Copy link
Contributor Author

thillux commented Feb 11, 2025

WIP again for 3.0.16

@github-actions github-actions bot added 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. labels Feb 11, 2025
@nix-owners nix-owners bot requested review from Izorkin and gebner February 11, 2025 15:01
@thillux
openssl_3: 3.0.15 -> 3.0.16
9a706ed 
Security Fixes in 3.0.16:

* Fixed timing side-channel in ECDSA signature computation. (CVE-2024-13176)
* Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic curve parameters. (CVE-2024-9143)

Signed-off-by: Markus Theil <theil.markus@gmail.com>
@thillux thillux marked this pull request as ready for review February 11, 2025 15:08
@thillux
Copy link
Contributor Author

thillux commented Feb 11, 2025

3.0.16 also added

@K900 K900 merged commit 9b8d90a into NixOS:staging Feb 11, 2025
32 of 34 checks passed
@ruuda
Copy link
Contributor

ruuda commented Feb 13, 2025

I’m getting a hash mismatch on c05c515:

error: hash mismatch in fixed-output derivation '/nix/store/4r4jwx0w6384b60wx0sbamyfqjdrq6s1-openssl-3.4.1.tar.gz.drv':
         specified: sha256-1LIlJ6ZFrPdrU+REh6jbaHxu7WIdckaJHQJeOLqMllE=
            got:    sha256-ACotazC1i/S+pGxDvdljZar42qbEKHgqpP7uBtoZffM=

@ruuda ruuda mentioned this pull request Feb 13, 2025
Merged
13 tasks
@K900
Copy link
Contributor

K900 commented Feb 13, 2025

Fixed already, update to latest staging-next.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@emilazy emilazy Awaiting requested review from emilazy

@RaitoBezarius RaitoBezarius Awaiting requested review from RaitoBezarius

@ulrikstrid ulrikstrid Awaiting requested review from ulrikstrid

@mweinelt mweinelt Awaiting requested review from mweinelt

@Izorkin Izorkin Awaiting requested review from Izorkin

@gebner gebner Awaiting requested review from gebner

@edolstra edolstra Awaiting requested review from edolstra

@prusnak prusnak Awaiting requested review from prusnak

@adevress adevress Awaiting requested review from adevress

@bjornfor bjornfor Awaiting requested review from bjornfor

@amiloradovsky amiloradovsky Awaiting requested review from amiloradovsky

Assignees
No one assigned
Labels
10.rebuild-darwin: 501+ This PR causes many rebuilds on Darwin and should normally target the staging branches. 10.rebuild-darwin: 5001+ This PR causes many rebuilds on Darwin and must target the staging branches. 10.rebuild-linux: 501+ This PR causes many rebuilds on Linux and should normally target the staging branches. 10.rebuild-linux: 5001+ This PR causes many rebuilds on Linux and must target the staging branches.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@thillux @siriobalmelli @mweinelt @ruuda @K900