diff --git a/backport-Check-password-length-only-when-verify-is-enabled.patch b/backport-Check-password-length-only-when-verify-is-enabled.patch new file mode 100644 index 0000000000000000000000000000000000000000..4196ef1e84f868a10e7514f1098138e1d8a4f6ab --- /dev/null +++ b/backport-Check-password-length-only-when-verify-is-enabled.patch @@ -0,0 +1,30 @@ +From 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3 Mon Sep 17 00:00:00 2001 +From: Daniel Fiala +Date: Wed, 16 Mar 2022 07:42:55 +0100 +Subject: [PATCH] Check password length only when verify is enabled. + +Fixes #16231. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17899) +--- + apps/apps.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/apps/apps.c b/apps/apps.c +index 1a92271595..db5b48e4cf 100644 +--- a/apps/apps.c ++++ b/apps/apps.c +@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) + if (cb_data != NULL && cb_data->password != NULL + && *(const char*)cb_data->password != '\0') + pw_min_len = 1; ++ else if (!verify) ++ pw_min_len = 0; + prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if (!prompt) { + BIO_printf(bio_err, "Out of memory\n"); +-- +2.17.1 + diff --git a/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch b/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch new file mode 100644 index 0000000000000000000000000000000000000000..aa1406f0adabb7f1af40a7a474505b8cee013693 --- /dev/null +++ b/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch @@ -0,0 +1,37 @@ +From ad24941228eafe59fe3807d1659585c4d98eac97 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 13:48:27 +1100 +Subject: [PATCH] Fix Coverity 1201763 uninitialised pointer read + +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17890) + +(cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9) +--- + crypto/bn/bn_exp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c +index 9531acfc3c..451e88ac3c 100644 +--- a/crypto/bn/bn_exp.c ++++ b/crypto/bn/bn_exp.c +@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + return ret; + } + ++ BN_RECP_CTX_init(&recp); ++ + BN_CTX_start(ctx); + aa = BN_CTX_get(ctx); + val[0] = BN_CTX_get(ctx); + if (val[0] == NULL) + goto err; + +- BN_RECP_CTX_init(&recp); + if (m->neg) { + /* ignore sign of 'm' */ + if (!BN_copy(aa, m)) +-- +2.17.1 + diff --git a/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch b/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch new file mode 100644 index 0000000000000000000000000000000000000000..865ffa3b78b30f55f8ec29639b914610f7de35fb --- /dev/null +++ b/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch @@ -0,0 +1,37 @@ +From cd2471cd797ae5a6355814bb14a176af6a7d883f Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 14:21:01 +1100 +Subject: [PATCH] Fix Coverity 1498611 & 1498608: uninitialised read + +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17893) + +(cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267) +--- + ssl/ssl_lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 9c411a3293..7383badce3 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -2084,6 +2084,7 @@ int SSL_shutdown(SSL *s) + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + ++ memset(&args, 0, sizeof(args)); + args.s = s; + args.type = OTHERFUNC; + args.f.func_other = s->method->ssl_shutdown; +@@ -3709,6 +3710,7 @@ int SSL_do_handshake(SSL *s) + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + ++ memset(&args, 0, sizeof(args)); + args.s = s; + + ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); +-- +2.17.1 + diff --git a/backport-Fix-coverity-1498607-uninitialised-value.patch b/backport-Fix-coverity-1498607-uninitialised-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..7fa05993941be68dede01c1f74350a51406bb9fc --- /dev/null +++ b/backport-Fix-coverity-1498607-uninitialised-value.patch @@ -0,0 +1,29 @@ +From 2f1c42553dbaac97d38657cd1ac1209ef4c11e78 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 14:45:44 +1100 +Subject: [PATCH] Fix coverity 1498607: uninitialised value + +Reviewed-by: Tim Hudson +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17897) + +(cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63) +--- + crypto/ec/ecp_nistz256.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c +index 5005249b05..43eab75fa7 100644 +--- a/crypto/ec/ecp_nistz256.c ++++ b/crypto/ec/ecp_nistz256.c +@@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, + return 0; + } + ++ memset(&p, 0, sizeof(p)); + BN_CTX_start(ctx); + + if (scalar) { +-- +2.17.1 + diff --git a/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch b/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch new file mode 100644 index 0000000000000000000000000000000000000000..71df3f04f0dfcbc7f758477c2bc3e9b115a88e79 --- /dev/null +++ b/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch @@ -0,0 +1,62 @@ +From eed53b9addd097a5d39f896b05aa857d6f29b245 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Fri, 11 Mar 2022 08:36:11 +0000 +Subject: [PATCH] Fix integer overflow in evp_EncryptDecryptUpdate + +Fixes #17871. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17872) +--- + crypto/evp/evp_enc.c | 8 +++++--- + crypto/evp/evp_local.h | 2 +- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c +index d835968f25..b8b9d90d36 100644 +--- a/crypto/evp/evp_enc.c ++++ b/crypto/evp/evp_enc.c +@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + # define PTRDIFF_T size_t + #endif + +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) ++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len) + { + PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; + /* +@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int i, j, bl, cmpl = inl; ++ int i, j, bl; ++ size_t cmpl = (size_t)inl; + + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + cmpl = (cmpl + 7) / 8; +@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int fix_len, cmpl = inl; ++ int fix_len; + unsigned int b; ++ size_t cmpl = (size_t)inl; + + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { +diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h +index f1589d6828..cd3c1cf148 100644 +--- a/crypto/evp/evp_local.h ++++ b/crypto/evp/evp_local.h +@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st { + typedef struct evp_pbe_st EVP_PBE_CTL; + DEFINE_STACK_OF(EVP_PBE_CTL) + +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); ++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len); +-- +2.17.1 + diff --git a/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch b/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch new file mode 100644 index 0000000000000000000000000000000000000000..681863a8c82e74b1fef5c9ccbd4b636a3335f006 --- /dev/null +++ b/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch @@ -0,0 +1,80 @@ +From add8c29badb315cb8137655893826562ff12a581 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Thu, 3 Mar 2022 17:27:23 +0000 +Subject: [PATCH] Fix issue where OBJ_nid2obj doesn't always raise an error + +This was previously fixed in 3.0 but not 1.1. + +Fixes #13008. + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +Reviewed-by: Todd Short +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/17808) +--- + crypto/objects/obj_dat.c | 5 +++-- + test/asn1_internal_test.c | 27 +++++++++++++++++++++++++++ + 2 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c +index 46006fe6cf..a501ca104b 100644 +--- a/crypto/objects/obj_dat.c ++++ b/crypto/objects/obj_dat.c +@@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n) + return NULL; + } + return (ASN1_OBJECT *)&(nid_objs[n]); +- } else if (added == NULL) ++ } else if (added == NULL) { ++ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); + return NULL; +- else { ++ } else { + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; +diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c +index 865e058421..caca0cb15e 100644 +--- a/test/asn1_internal_test.c ++++ b/test/asn1_internal_test.c +@@ -107,9 +107,36 @@ static int test_standard_methods(void) + return 0; + } + ++/********************************************************************** ++ * ++ * Regression test for issue where OBJ_nid2obj does not raise ++ * an error when a NID is not registered. ++ * ++ ***/ ++static int test_nid2obj_nonexist(void) ++{ ++ ASN1_OBJECT *obj; ++ unsigned long err; ++ ++ obj = OBJ_nid2obj(INT_MAX); ++ if (!TEST_true(obj == NULL)) ++ return 0; ++ ++ err = ERR_get_error(); ++ ++ if (!TEST_int_eq(ERR_GET_FUNC(err), OBJ_F_OBJ_NID2OBJ)) ++ return 0; ++ ++ if (!TEST_int_eq(ERR_GET_REASON(err), OBJ_R_UNKNOWN_NID)) ++ return 0; ++ ++ return 1; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_tbl_standard); + ADD_TEST(test_standard_methods); ++ ADD_TEST(test_nid2obj_nonexist); + return 1; + } +-- +2.17.1 + diff --git a/backport-Set-protocol-in-init_client.patch b/backport-Set-protocol-in-init_client.patch new file mode 100644 index 0000000000000000000000000000000000000000..e2b38410be92e517cb5f2ecc9b7964a15388b167 --- /dev/null +++ b/backport-Set-protocol-in-init_client.patch @@ -0,0 +1,33 @@ +From 3aeed22c593ae036c2503ac07276768c82fe5782 Mon Sep 17 00:00:00 2001 +From: Todd Short +Date: Tue, 8 Mar 2022 09:36:43 -0500 +Subject: [PATCH] Set protocol in init_client() + +If TCP is being used, protocol = 0 is passed to init_client(), then +protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. + +Reviewed-by: Tomas Mraz +Reviewed-by: Tim Hudson +(Merged from https://github.com/openssl/openssl/pull/17838) + +(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878) +--- + apps/s_socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/s_socket.c b/apps/s_socket.c +index aee366d5f4..a518d56200 100644 +--- a/apps/s_socket.c ++++ b/apps/s_socket.c +@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port, + #endif + + if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), +- protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { ++ BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + continue; +-- +2.17.1 + diff --git a/openssl.spec b/openssl.spec index a03d135b8032eb08dc36f0d6b47dff74a3e63a20..1fce9ab5f0fcc2ca79691266a32aaf6579ce077c 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 13 +Release: 14 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -46,6 +46,13 @@ Patch35: backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch Patch36: backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch Patch37: backport-Fix-password_callback-to-handle-short-passwords.patch Patch38: backport-Fix-usage-of-SSLfatal.patch +Patch39: backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch +Patch40: backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch +Patch41: backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch +Patch42: backport-Fix-coverity-1498607-uninitialised-value.patch +Patch43: backport-Check-password-length-only-when-verify-is-enabled.patch +Patch44: backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch +Patch45: backport-Set-protocol-in-init_client.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -248,6 +255,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Nov 4 2022 wangcheng - 1:1.1.1m-14 +- backport some patches + * Fri Nov 4 2022 wangcheng - 1:1.1.1m-13 - backport some patches