diff --git a/backport-Add-missing-header-for-memcmp.patch b/backport-Add-missing-header-for-memcmp.patch new file mode 100644 index 0000000000000000000000000000000000000000..50ed322cc51be41a7ca9bfbda121a2f473574080 --- /dev/null +++ b/backport-Add-missing-header-for-memcmp.patch @@ -0,0 +1,33 @@ +From 60f011f584d80447e86cae1d1bd3ae24bc13235b Mon Sep 17 00:00:00 2001 +From: Gregor Jasny +Date: Tue, 5 Jul 2022 12:57:06 +0200 +Subject: [PATCH] Add missing header for memcmp + +CLA: trivial + +Reviewed-by: Paul Dale +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Todd Short +Reviewed-by: Richard Levitte +(Merged from https://github.com/openssl/openssl/pull/18719) + +(cherry picked from commit f9e578e720bb35228948564192adbe3bc503d5fb) +--- + test/v3ext.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/test/v3ext.c b/test/v3ext.c +index 386135fed8..7a240cd706 100644 +--- a/test/v3ext.c ++++ b/test/v3ext.c +@@ -8,6 +8,7 @@ + */ + + #include ++#include + #include + #include + #include +-- +2.17.1 + diff --git a/backport-Fix-a-crash-in-X509v3_asid_subset.patch b/backport-Fix-a-crash-in-X509v3_asid_subset.patch new file mode 100644 index 0000000000000000000000000000000000000000..3aaa529bf1533962adf2d2e1fed5b986f336a6af --- /dev/null +++ b/backport-Fix-a-crash-in-X509v3_asid_subset.patch @@ -0,0 +1,161 @@ +From 8f078819556da83c15751678c39558a59bc746fc Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 9 Jun 2022 16:57:30 +0100 +Subject: [PATCH] Fix a crash in X509v3_asid_subset() + +If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise +subsets then this will result in a crash. Of note is that rdi will usually +be NULL. + +Reported by Theo Buehler (@botovq) + +Reviewed-by: Tomas Mraz +Reviewed-by: Paul Yang +Reviewed-by: Todd Short +(Merged from https://github.com/openssl/openssl/pull/18514) + +(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82) +--- + crypto/x509v3/v3_asid.c | 31 +++++++++++----- + test/v3ext.c | 78 +++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 100 insertions(+), 9 deletions(-) + +diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c +index ac68572672..9bdc682978 100644 +--- a/crypto/x509v3/v3_asid.c ++++ b/crypto/x509v3/v3_asid.c +@@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child) + */ + int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b) + { +- return (a == NULL || +- a == b || +- (b != NULL && +- !X509v3_asid_inherits(a) && +- !X509v3_asid_inherits(b) && +- asid_contains(b->asnum->u.asIdsOrRanges, +- a->asnum->u.asIdsOrRanges) && +- asid_contains(b->rdi->u.asIdsOrRanges, +- a->rdi->u.asIdsOrRanges))); ++ int subset; ++ ++ if (a == NULL || a == b) ++ return 1; ++ ++ if (b == NULL) ++ return 0; ++ ++ if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b)) ++ return 0; ++ ++ subset = a->asnum == NULL ++ || (b->asnum != NULL ++ && asid_contains(b->asnum->u.asIdsOrRanges, ++ a->asnum->u.asIdsOrRanges)); ++ if (!subset) ++ return 0; ++ ++ return a->rdi == NULL ++ || (b->rdi != NULL ++ && asid_contains(b->rdi->u.asIdsOrRanges, ++ a->rdi->u.asIdsOrRanges)); + } + + /* +diff --git a/test/v3ext.c b/test/v3ext.c +index 14ae49969d..1575e923da 100644 +--- a/test/v3ext.c ++++ b/test/v3ext.c +@@ -37,11 +37,89 @@ end: + return ret; + } + ++static int test_asid(void) ++{ ++ ASN1_INTEGER *val1 = NULL, *val2 = NULL; ++ ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(), ++ *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new(); ++ int testresult = 0; ++ ++ if (!TEST_ptr(asid1) ++ || !TEST_ptr(asid2) ++ || !TEST_ptr(asid3)) ++ goto err; ++ ++ if (!TEST_ptr(val1 = ASN1_INTEGER_new()) ++ || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))) ++ goto err; ++ ++ if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL))) ++ goto err; ++ ++ val1 = NULL; ++ if (!TEST_ptr(val2 = ASN1_INTEGER_new()) ++ || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) ++ goto err; ++ ++ if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL))) ++ goto err; ++ ++ val2 = NULL; ++ if (!TEST_ptr(val1 = ASN1_INTEGER_new()) ++ || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)) ++ || !TEST_ptr(val2 = ASN1_INTEGER_new()) ++ || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497))) ++ goto err; ++ ++ /* ++ * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also ++ * test V3_ASID_RDI if we think it is worth it. ++ */ ++ if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2))) ++ goto err; ++ val1 = val2 = NULL; ++ ++ /* Actual subsets */ ++ if (!TEST_true(X509v3_asid_subset(NULL, NULL)) ++ || !TEST_true(X509v3_asid_subset(NULL, asid1)) ++ || !TEST_true(X509v3_asid_subset(asid1, asid1)) ++ || !TEST_true(X509v3_asid_subset(asid2, asid2)) ++ || !TEST_true(X509v3_asid_subset(asid1, asid3)) ++ || !TEST_true(X509v3_asid_subset(asid2, asid3)) ++ || !TEST_true(X509v3_asid_subset(asid3, asid3)) ++ || !TEST_true(X509v3_asid_subset(asid4, asid1)) ++ || !TEST_true(X509v3_asid_subset(asid4, asid2)) ++ || !TEST_true(X509v3_asid_subset(asid4, asid3))) ++ goto err; ++ ++ /* Not subsets */ ++ if (!TEST_false(X509v3_asid_subset(asid1, NULL)) ++ || !TEST_false(X509v3_asid_subset(asid1, asid2)) ++ || !TEST_false(X509v3_asid_subset(asid2, asid1)) ++ || !TEST_false(X509v3_asid_subset(asid3, asid1)) ++ || !TEST_false(X509v3_asid_subset(asid3, asid2)) ++ || !TEST_false(X509v3_asid_subset(asid1, asid4)) ++ || !TEST_false(X509v3_asid_subset(asid2, asid4)) ++ || !TEST_false(X509v3_asid_subset(asid3, asid4))) ++ goto err; ++ ++ testresult = 1; ++ err: ++ ASN1_INTEGER_free(val1); ++ ASN1_INTEGER_free(val2); ++ ASIdentifiers_free(asid1); ++ ASIdentifiers_free(asid2); ++ ASIdentifiers_free(asid3); ++ ASIdentifiers_free(asid4); ++ return testresult; ++} ++ + int setup_tests(void) + { + if (!TEST_ptr(infile = test_get_argument(0))) + return 0; + + ADD_TEST(test_pathlen); ++ ADD_TEST(test_asid); + return 1; + } +-- +2.17.1 + diff --git a/backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch b/backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch new file mode 100644 index 0000000000000000000000000000000000000000..a0b7d2e3c83cd6bd2bf48e8326cd2af0122b28a6 --- /dev/null +++ b/backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch @@ -0,0 +1,134 @@ +From 6c8879c8bf6030666c851623f93fff03c1266715 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Wed, 22 Jun 2022 17:05:55 +0200 +Subject: [PATCH] Fix a memory leak in EC_GROUP_new_from_ecparameters + +This can be reproduced with my error injection patch. + +The test vector has been validated on the 1.1.1 branch +but the issue is of course identical in all branches. + +$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2 + #0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 + #1 0x402f84 in my_malloc fuzz/test-corpus.c:114 + #2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 + #3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 + #4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 + #5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 + #6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503 + #7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559 + #8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814 + #9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 + #10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 + #11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 + #12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 + #13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 + #14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 + #15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 + #16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 + #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 + #26 0x402afb in testfile fuzz/test-corpus.c:182 + #27 0x402656 in main fuzz/test-corpus.c:226 + #28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + #29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756) + +================================================================= +==12221==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 24 byte(s) in 1 object(s) allocated from: + #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246 + #3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440 + #4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 + #5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 + #6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 + #7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 + #8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 + #9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 + #10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 + #11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 + #12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 + #13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 + #22 0x402afb in testfile fuzz/test-corpus.c:182 + #23 0x402656 in main fuzz/test-corpus.c:226 + #24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +Indirect leak of 56 byte(s) in 1 object(s) allocated from: + #0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280 + #3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304 + #4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454 + #5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618 + #6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935 + #7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966 + #8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184 + #9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119 + #10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165 + #11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124 + #12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46 + #13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 + #14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33 + #23 0x402afb in testfile fuzz/test-corpus.c:182 + #24 0x402656 in main fuzz/test-corpus.c:226 + #25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s). + +Reviewed-by: Tomas Mraz +Reviewed-by: Kurt Roeckx +(Merged from https://github.com/openssl/openssl/pull/18632) +--- + crypto/ec/ec_asn1.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 34de7b2aab..1acbbde3d3 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) + } + + /* extract the order */ +- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) { ++ if (ASN1_INTEGER_to_BN(params->order, a) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +@@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) + if (params->cofactor == NULL) { + BN_free(b); + b = NULL; +- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) { ++ } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB); + goto err; + } +-- +2.17.1 + diff --git a/backport-Fix-a-memory-leak-in-tls13_generate_secret.patch b/backport-Fix-a-memory-leak-in-tls13_generate_secret.patch new file mode 100644 index 0000000000000000000000000000000000000000..2789d555957e90095661031afbaf3d131a292f8f --- /dev/null +++ b/backport-Fix-a-memory-leak-in-tls13_generate_secret.patch @@ -0,0 +1,117 @@ +From a937806043bda5775091844050e8c632a41922ac Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Tue, 5 Jul 2022 20:39:06 +0200 +Subject: [PATCH] Fix a memory leak in tls13_generate_secret + +This was found by my Reproducible Error Injection patch (#18356) + +Due to the exact location of the injected memory +error the sha256 digest is missing, and this causes much later +the memory leak (and a failed assertion) in tls13_generate_secret. + +But the reproduction is a bit challenging, as it requires AESNI +and RDRAND capability. + +OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194 + #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 + #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 + #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 + #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 + #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 + #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 + #6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39 + #7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275 + #8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264 + #9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 + #10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 + #11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677 + #12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611 + #13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190 + #14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 + #15 0x55fb9117e939 in main fuzz/test-corpus.c:194 + #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 + #17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) + + #0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36 + #1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114 + #2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109 + #3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12 + #4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236 + #5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39 + #6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87 + #7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24 + #8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116 + #9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118 + #10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193 + #11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46 + #12 0x55fb9117e939 in main fuzz/test-corpus.c:194 + #13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 + #14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d) + +================================================================= +==1320996==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 80 byte(s) in 1 object(s) allocated from: + #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 + #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144 + #3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 + #4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 + #5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 + #6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 + #7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 + #8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 + #9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 + #10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 + #11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 + #12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 + #13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 + #14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 + #15 0x55fb9117eb92 in main fuzz/test-corpus.c:226 + #16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 + +Indirect leak of 1080 byte(s) in 1 object(s) allocated from: + #0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 + #1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51 + #3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160 + #4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250 + #5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174 + #6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833 + #7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902 + #8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752 + #9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698 + #10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034 + #11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636 + #12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434 + #13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718 + #14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98 + #15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182 + #16 0x55fb9117eb92 in main fuzz/test-corpus.c:226 + #17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308 + +SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s). + +Reviewed-by: Todd Short +Reviewed-by: Shane Lontis +Reviewed-by: Hugo Landau +(Merged from https://github.com/openssl/openssl/pull/18725) +--- + ssl/tls13_enc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c +index b8fb07f210..51ca1050a4 100644 +--- a/ssl/tls13_enc.c ++++ b/ssl/tls13_enc.c +@@ -190,6 +190,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, + if (!ossl_assert(mdleni >= 0)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET, + ERR_R_INTERNAL_ERROR); ++ EVP_PKEY_CTX_free(pctx); + return 0; + } + mdlen = (size_t)mdleni; +-- +2.17.1 + diff --git a/backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch b/backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch new file mode 100644 index 0000000000000000000000000000000000000000..04a597b8d4d1205f21236595755fe5d68a03bb5f --- /dev/null +++ b/backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch @@ -0,0 +1,47 @@ +From 6495cab1c876ad80ce983d848ccaa1dc286a63e1 Mon Sep 17 00:00:00 2001 +From: slontis +Date: Fri, 1 Jul 2022 13:47:11 +1000 +Subject: [PATCH] Fix bn_gcd code to check return value when calling BN_one() + +BN_one() uses the expand function which calls malloc which may fail. +All other places that reference BN_one() check the return value. + +The issue is triggered by a memory allocation failure. +Detected by PR #18355 + +Reviewed-by: Tomas Mraz +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18697) + +(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b) +--- + crypto/bn/bn_gcd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c +index 0941f7b97f..c4b7854e1a 100644 +--- a/crypto/bn/bn_gcd.c ++++ b/crypto/bn/bn_gcd.c +@@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in, + if (R == NULL) + goto err; + +- BN_one(X); ++ if (!BN_one(X)) ++ goto err; + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; +@@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in, + if (R == NULL) + goto err; + +- BN_one(X); ++ if (!BN_one(X)) ++ goto err; + BN_zero(Y); + if (BN_copy(B, a) == NULL) + goto err; +-- +2.17.1 + diff --git a/backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch b/backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch new file mode 100644 index 0000000000000000000000000000000000000000..a8b4d7e3b1c6bf9bdc8f3e2f59a51fec62df41c8 --- /dev/null +++ b/backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch @@ -0,0 +1,36 @@ +From c3efe5c96128d699f0884128ce905906bc28ed34 Mon Sep 17 00:00:00 2001 +From: Allan +Date: Thu, 7 Jul 2022 16:04:09 -0700 +Subject: [PATCH] Fix memory leak in X509V3_add1_i2d when flag is + X509V3_ADD_DELETE + +Fixes #18677 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18698) + +(cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e) +--- + crypto/x509v3/v3_lib.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c +index 97c1cbc20f..d7e7c9a5cb 100644 +--- a/crypto/x509v3/v3_lib.c ++++ b/crypto/x509v3/v3_lib.c +@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, + } + /* If delete, just delete it */ + if (ext_op == X509V3_ADD_DELETE) { +- if (!sk_X509_EXTENSION_delete(*x, extidx)) ++ extmp = sk_X509_EXTENSION_delete(*x, extidx); ++ if (extmp == NULL) + return -1; ++ X509_EXTENSION_free(extmp); + return 1; + } + } else { +-- +2.17.1 + diff --git a/backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch b/backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch new file mode 100644 index 0000000000000000000000000000000000000000..a1235f4baf519ff184d4b09529d7bef4fae7896c --- /dev/null +++ b/backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch @@ -0,0 +1,71 @@ +From a1d80edcf830739131e0567dc03b1e80b7988b1e Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 10 Jun 2022 15:58:58 +0100 +Subject: [PATCH] Fix range_should_be_prefix() to actually return the correct + result + +range_should_be_prefix() was misidentifying whether an IP address range +should in fact be represented as a prefix. This was due to a bug introduced +in commit 42d7d7dd which made this incorrect change: + +- OPENSSL_assert(memcmp(min, max, length) <= 0); ++ if (memcmp(min, max, length) <= 0) ++ return -1; + +This error leads to incorrect DER being encoded/accepted. + +Reported by Theo Buehler (@botovq) + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18524) + +(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae) +(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841) +--- + crypto/x509v3/v3_addr.c | 14 ++++- + test/v3ext.c | 111 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 123 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c +index 4258dbc40c..32f77a2679 100644 +--- a/crypto/x509v3/v3_addr.c ++++ b/crypto/x509v3/v3_addr.c +@@ -13,6 +13,8 @@ + + #include + #include ++#include ++#include + + #include "internal/cryptlib.h" + #include +@@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min, + unsigned char mask; + int i, j; + +- if (memcmp(min, max, length) <= 0) +- return -1; ++ /* ++ * It is the responsibility of the caller to confirm min <= max. We don't ++ * use ossl_assert() here since we have no way of signalling an error from ++ * this function - so we just use a plain assert instead. ++ */ ++ assert(memcmp(min, max, length) <= 0); ++ + for (i = 0; i < length && min[i] == max[i]; i++) ; + for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ; + if (i < j) +@@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result, + IPAddressOrRange *aor; + int i, prefixlen; + ++ if (memcmp(min, max, length) > 0) ++ return 0; ++ + if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) + return make_addressPrefix(result, min, prefixlen); + +-- +2.17.1 + diff --git a/backport-Make-the-DRBG-seed-propagation-thread-safe.patch b/backport-Make-the-DRBG-seed-propagation-thread-safe.patch new file mode 100644 index 0000000000000000000000000000000000000000..6ba2678781ff6881d8796dcbc981b68bcc667c7f --- /dev/null +++ b/backport-Make-the-DRBG-seed-propagation-thread-safe.patch @@ -0,0 +1,77 @@ +From 17098c116d68b3a01fcb688487dccdc0c10b8f63 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sat, 23 Oct 2021 11:58:27 +0200 +Subject: [PATCH] Make the DRBG seed propagation thread safe + +Currently there is a race possible because the reseed_counter +of the master drbg may be incremented after the get_entropy call. +Therefore access the parent's reseed_counter while still holding +the rand_drbg_lock. + +This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/16900) +--- + crypto/rand/drbg_lib.c | 18 ++++-------------- + crypto/rand/rand_lib.c | 6 +++++- + 2 files changed, 9 insertions(+), 15 deletions(-) + +diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c +index 8c7c28c970..0ba20ca326 100644 +--- a/crypto/rand/drbg_lib.c ++++ b/crypto/rand/drbg_lib.c +@@ -354,13 +354,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg, + drbg->state = DRBG_READY; + drbg->generate_counter = 1; + drbg->reseed_time = time(NULL); +- if (drbg->enable_reseed_propagation) { +- if (drbg->parent == NULL) +- tsan_counter(&drbg->reseed_counter); +- else +- tsan_store(&drbg->reseed_counter, +- tsan_load(&drbg->parent->reseed_counter)); +- } ++ if (drbg->enable_reseed_propagation && drbg->parent == NULL) ++ tsan_counter(&drbg->reseed_counter); + + end: + if (entropy != NULL && drbg->cleanup_entropy != NULL) +@@ -444,13 +439,8 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg, + drbg->state = DRBG_READY; + drbg->generate_counter = 1; + drbg->reseed_time = time(NULL); +- if (drbg->enable_reseed_propagation) { +- if (drbg->parent == NULL) +- tsan_counter(&drbg->reseed_counter); +- else +- tsan_store(&drbg->reseed_counter, +- tsan_load(&drbg->parent->reseed_counter)); +- } ++ if (drbg->enable_reseed_propagation && drbg->parent == NULL) ++ tsan_counter(&drbg->reseed_counter); + + end: + if (entropy != NULL && drbg->cleanup_entropy != NULL) +diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c +index 5c72fad8ca..545ab46315 100644 +--- a/crypto/rand/rand_lib.c ++++ b/crypto/rand/rand_lib.c +@@ -172,8 +172,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg, + if (RAND_DRBG_generate(drbg->parent, + buffer, bytes_needed, + prediction_resistance, +- (unsigned char *)&drbg, sizeof(drbg)) != 0) ++ (unsigned char *)&drbg, sizeof(drbg)) != 0) { + bytes = bytes_needed; ++ if (drbg->enable_reseed_propagation) ++ tsan_store(&drbg->reseed_counter, ++ tsan_load(&drbg->parent->reseed_counter)); ++ } + rand_drbg_unlock(drbg->parent); + + rand_pool_add_end(pool, bytes, 8 * bytes); +-- +2.17.1 + diff --git a/backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch b/backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch new file mode 100644 index 0000000000000000000000000000000000000000..214010ecd6d5f8b42855146af1cc3a724009bfa4 --- /dev/null +++ b/backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch @@ -0,0 +1,30 @@ +From 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4 Mon Sep 17 00:00:00 2001 +From: xkernel +Date: Mon, 20 Jun 2022 17:46:39 +0800 +Subject: [PATCH] v3_sxnet: add a check for the return of i2s_ASN1_INTEGER() + +Reviewed-by: Matt Caswell +Reviewed-by: Ben Kaduk +(Merged from https://github.com/openssl/openssl/pull/18608) + +(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9) +--- + crypto/x509v3/v3_sxnet.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c +index 144e8bee84..3c5508f941 100644 +--- a/crypto/x509v3/v3_sxnet.c ++++ b/crypto/x509v3/v3_sxnet.c +@@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, + for (i = 0; i < sk_SXNETID_num(sx->ids); i++) { + id = sk_SXNETID_value(sx->ids, i); + tmp = i2s_ASN1_INTEGER(NULL, id->zone); ++ if (tmp == NULL) ++ return 0; + BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); + OPENSSL_free(tmp); + ASN1_STRING_print(out, id->user); +-- +2.17.1 + diff --git a/openssl.spec b/openssl.spec index bf8b221884cc1f22b15178f3ba73298766ca53c2..463b3cc08d80be146008e7c5531cd0fc1c266669 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 16 +Release: 17 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -50,6 +50,15 @@ Patch39: backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch Patch40: backport-Fix-an-assertion-in-the-DTLS-server-code.patch Patch41: backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch Patch42: backport-Fix-strict-client-chain-check-with-TLS-1.3.patch +Patch43: backport-Fix-a-crash-in-X509v3_asid_subset.patch +Patch44: backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch +Patch45: backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch +Patch46: backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch +Patch47: backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch +Patch48: backport-Add-missing-header-for-memcmp.patch +Patch49: backport-Fix-a-memory-leak-in-tls13_generate_secret.patch +Patch50: backport-Make-the-DRBG-seed-propagation-thread-safe.patch +Patch51: backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -258,6 +267,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Wed Jan 18 2023 steven ygui - 1:1.1.1m-17 +- Backport some upstream patches + * Mon Jan 16 2023 fangxiuning - 1:1.1.1m-16 - Backport some upstream patches