From 57199048c5036c2631003e5fd0d3dae7feb62289 Mon Sep 17 00:00:00 2001 From: wangcheng Date: Mon, 27 Nov 2023 16:19:24 +0800 Subject: [PATCH] backport some upstream patches --- ...for-empty-supported-groups-extension.patch | 157 ++++++++++++++++++ ...d-length-only-when-verify-is-enabled.patch | 30 ++++ ...-an-empty-supported-groups-extension.patch | 54 ++++++ ...y-1201763-uninitialised-pointer-read.patch | 37 +++++ ...y-1498611-1498608-uninitialised-read.patch | 37 +++++ ...t-Fix-a-crash-in-asn1_item_embed_new.patch | 93 +++++++++++ ...x-a-crash-in-ssl_security_cert_chain.patch | 88 ++++++++++ ...Fix-a-memory-leak-in-crl_set_issuers.patch | 118 +++++++++++++ ...emory-leak-in-ec_key_simple_oct2priv.patch | 61 +++++++ ...coverity-1498607-uninitialised-value.patch | 29 ++++ ...overflow-in-evp_EncryptDecryptUpdate.patch | 62 +++++++ ...OBJ_nid2obj-doesn-t-always-raise-an-.patch | 80 +++++++++ ...-the-cacheline-is-32-bytes-in-CBC_MA.patch | 61 +++++++ ...haviour-in-EC_GROUP_new_from_ecparam.patch | 41 +++++ backport-Set-protocol-in-init_client.patch | 33 ++++ ...me_hint-may-exceed-1-week-in-TLSv1.3.patch | 156 +++++++++++++++++ ...e-actual-issuer-name-if-a-CA-is-used.patch | 39 +++++ openssl.spec | 20 ++- 18 files changed, 1195 insertions(+), 1 deletion(-) create mode 100644 backport-Add-test-for-empty-supported-groups-extension.patch create mode 100644 backport-Check-password-length-only-when-verify-is-enabled.patch create mode 100644 backport-Do-not-send-an-empty-supported-groups-extension.patch create mode 100644 backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch create mode 100644 backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch create mode 100644 backport-Fix-a-crash-in-asn1_item_embed_new.patch create mode 100644 backport-Fix-a-crash-in-ssl_security_cert_chain.patch create mode 100644 backport-Fix-a-memory-leak-in-crl_set_issuers.patch create mode 100644 backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch create mode 100644 backport-Fix-coverity-1498607-uninitialised-value.patch create mode 100644 backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch create mode 100644 backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch create mode 100644 backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch create mode 100644 backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch create mode 100644 backport-Set-protocol-in-init_client.patch create mode 100644 backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch create mode 100644 backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch diff --git a/backport-Add-test-for-empty-supported-groups-extension.patch b/backport-Add-test-for-empty-supported-groups-extension.patch new file mode 100644 index 0000000..5e11878 --- /dev/null +++ b/backport-Add-test-for-empty-supported-groups-extension.patch @@ -0,0 +1,157 @@ +From c7d6c08290b67cbeef2b4f636f04788ea405520a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 29 Apr 2022 17:02:19 +0200 +Subject: [PATCH] Add test for empty supported-groups extension + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18213) +--- + test/recipes/80-test_ssl_new.t | 4 +- + test/ssl-tests/16-certstatus.conf | 0 + test/ssl-tests/30-supported-groups.conf | 54 ++++++++++++++++++++++ + test/ssl-tests/30-supported-groups.conf.in | 45 ++++++++++++++++++ + 4 files changed, 102 insertions(+), 1 deletion(-) + delete mode 100644 test/ssl-tests/16-certstatus.conf + create mode 100644 test/ssl-tests/30-supported-groups.conf + create mode 100644 test/ssl-tests/30-supported-groups.conf.in + +diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t +index 81d8f59a70..fa62b30850 100644 +--- a/test/recipes/80-test_ssl_new.t ++++ b/test/recipes/80-test_ssl_new.t +@@ -28,7 +28,7 @@ map { s/\^// } @conf_files if $^O eq "VMS"; + + # We hard-code the number of tests to double-check that the globbing above + # finds all files as expected. +-plan tests => 29; # = scalar @conf_srcs ++plan tests => 30; # = scalar @conf_srcs + + # Some test results depend on the configuration of enabled protocols. We only + # verify generated sources in the default configuration. +@@ -70,6 +70,8 @@ my %conf_dependent_tests = ( + "25-cipher.conf" => disabled("poly1305") || disabled("chacha"), + "27-ticket-appdata.conf" => !$is_default_tls, + "28-seclevel.conf" => disabled("tls1_2") || $no_ec, ++ "30-supported-groups.conf" => disabled("tls1_2") || disabled("tls1_3") ++ || $no_ec || $no_ec2m + ); + + # Add your test here if it should be skipped for some compile-time +diff --git a/test/ssl-tests/16-certstatus.conf b/test/ssl-tests/16-certstatus.conf +deleted file mode 100644 +index e69de29bb2..0000000000 +diff --git a/test/ssl-tests/30-supported-groups.conf b/test/ssl-tests/30-supported-groups.conf +new file mode 100644 +index 0000000000..4280db7114 +--- /dev/null ++++ b/test/ssl-tests/30-supported-groups.conf +@@ -0,0 +1,54 @@ ++# Generated with generate_ssl_tests.pl ++ ++num_tests = 2 ++ ++test-0 = 0-Just a sanity test case ++test-1 = 1-Pass with empty groups with TLS1.2 ++# =========================================================== ++ ++[0-Just a sanity test case] ++ssl_conf = 0-Just a sanity test case-ssl ++ ++[0-Just a sanity test case-ssl] ++server = 0-Just a sanity test case-server ++client = 0-Just a sanity test case-client ++ ++[0-Just a sanity test case-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[0-Just a sanity test case-client] ++CipherString = DEFAULT ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-0] ++ExpectedResult = Success ++ ++ ++# =========================================================== ++ ++[1-Pass with empty groups with TLS1.2] ++ssl_conf = 1-Pass with empty groups with TLS1.2-ssl ++ ++[1-Pass with empty groups with TLS1.2-ssl] ++server = 1-Pass with empty groups with TLS1.2-server ++client = 1-Pass with empty groups with TLS1.2-client ++ ++[1-Pass with empty groups with TLS1.2-server] ++Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem ++CipherString = DEFAULT ++PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem ++ ++[1-Pass with empty groups with TLS1.2-client] ++CipherString = DEFAULT ++Groups = sect163k1 ++MaxProtocol = TLSv1.2 ++VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem ++VerifyMode = Peer ++ ++[test-1] ++ExpectedResult = Success ++ ++ +diff --git a/test/ssl-tests/30-supported-groups.conf.in b/test/ssl-tests/30-supported-groups.conf.in +new file mode 100644 +index 0000000000..438a07a11f +--- /dev/null ++++ b/test/ssl-tests/30-supported-groups.conf.in +@@ -0,0 +1,45 @@ ++# -*- mode: perl; -*- ++# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. ++# ++# Licensed under the OpenSSL license (the "License"). You may not use ++# this file except in compliance with the License. You can obtain a copy ++# in the file LICENSE in the source distribution or at ++# https://www.openssl.org/source/license.html ++ ++ ++## SSL test configurations ++ ++package ssltests; ++use OpenSSL::Test::Utils; ++ ++our @tests = ( ++ { ++ name => "Just a sanity test case", ++ server => { }, ++ client => { }, ++ test => { "ExpectedResult" => "Success" }, ++ }, ++); ++ ++our @tests_tls1_3 = ( ++ { ++ name => "Fail empty groups with TLS1.3", ++ server => { }, ++ client => { "Groups" => "sect163k1" }, ++ test => { "ExpectedResult" => "ClientFail" }, ++ }, ++); ++ ++our @tests_tls1_2 = ( ++ { ++ name => "Pass with empty groups with TLS1.2", ++ server => { }, ++ client => { "Groups" => "sect163k1", ++ "MaxProtocol" => "TLSv1.2" }, ++ test => { "ExpectedResult" => "Success" }, ++ }, ++); ++ ++push @tests, @tests_tls1_3 unless disabled("tls1_3") ++ || !disabled("ec2m") || disabled("ec"); ++push @tests, @tests_tls1_2 unless disabled("tls1_2") || disabled("ec"); +-- +2.17.1 + diff --git a/backport-Check-password-length-only-when-verify-is-enabled.patch b/backport-Check-password-length-only-when-verify-is-enabled.patch new file mode 100644 index 0000000..4196ef1 --- /dev/null +++ b/backport-Check-password-length-only-when-verify-is-enabled.patch @@ -0,0 +1,30 @@ +From 0a9bb445893b4a98ad1588aef2d14c29e6c4c5e3 Mon Sep 17 00:00:00 2001 +From: Daniel Fiala +Date: Wed, 16 Mar 2022 07:42:55 +0100 +Subject: [PATCH] Check password length only when verify is enabled. + +Fixes #16231. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17899) +--- + apps/apps.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/apps/apps.c b/apps/apps.c +index 1a92271595..db5b48e4cf 100644 +--- a/apps/apps.c ++++ b/apps/apps.c +@@ -307,6 +307,8 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp) + if (cb_data != NULL && cb_data->password != NULL + && *(const char*)cb_data->password != '\0') + pw_min_len = 1; ++ else if (!verify) ++ pw_min_len = 0; + prompt = UI_construct_prompt(ui, "pass phrase", prompt_info); + if (!prompt) { + BIO_printf(bio_err, "Out of memory\n"); +-- +2.17.1 + diff --git a/backport-Do-not-send-an-empty-supported-groups-extension.patch b/backport-Do-not-send-an-empty-supported-groups-extension.patch new file mode 100644 index 0000000..527ffab --- /dev/null +++ b/backport-Do-not-send-an-empty-supported-groups-extension.patch @@ -0,0 +1,54 @@ +From bd164884f258d99ca876f6cdcdf9bd0dcceee6ad Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 29 Apr 2022 16:36:36 +0200 +Subject: [PATCH] Do not send an empty supported groups extension + +This allows handshake to proceed if the maximum TLS version enabled is <1.3 + +Fixes #13583 + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18213) +--- + CHANGES | 24 ++++++++++++++---------- + ssl/statem/extensions_clnt.c | 16 +++++++++++++++- + 2 files changed, 29 insertions(+), 11 deletions(-) + +diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c +index 9d38ac23b5..036a9b3c48 100644 +--- a/ssl/statem/extensions_clnt.c ++++ b/ssl/statem/extensions_clnt.c +@@ -118,6 +118,8 @@ static int use_ecc(SSL *s) + int i, end, ret = 0; + unsigned long alg_k, alg_a; + STACK_OF(SSL_CIPHER) *cipher_stack = NULL; ++ const uint16_t *pgroups = NULL; ++ size_t num_groups, j; + + /* See if we support any ECC ciphersuites */ + if (s->version == SSL3_VERSION) +@@ -139,7 +141,19 @@ static int use_ecc(SSL *s) + } + + sk_SSL_CIPHER_free(cipher_stack); +- return ret; ++ if (!ret) ++ return 0; ++ ++ /* Check we have at least one EC supported group */ ++ tls1_get_supported_groups(s, &pgroups, &num_groups); ++ for (j = 0; j < num_groups; j++) { ++ uint16_t ctmp = pgroups[j]; ++ ++ if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) ++ return 1; ++ } ++ ++ return 0; + } + + EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt, +-- +2.17.1 + diff --git a/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch b/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch new file mode 100644 index 0000000..aa1406f --- /dev/null +++ b/backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch @@ -0,0 +1,37 @@ +From ad24941228eafe59fe3807d1659585c4d98eac97 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 13:48:27 +1100 +Subject: [PATCH] Fix Coverity 1201763 uninitialised pointer read + +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17890) + +(cherry picked from commit a0238b7ed87998c48b1c92bad7fa82dcbba507f9) +--- + crypto/bn/bn_exp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c +index 9531acfc3c..451e88ac3c 100644 +--- a/crypto/bn/bn_exp.c ++++ b/crypto/bn/bn_exp.c +@@ -188,13 +188,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + return ret; + } + ++ BN_RECP_CTX_init(&recp); ++ + BN_CTX_start(ctx); + aa = BN_CTX_get(ctx); + val[0] = BN_CTX_get(ctx); + if (val[0] == NULL) + goto err; + +- BN_RECP_CTX_init(&recp); + if (m->neg) { + /* ignore sign of 'm' */ + if (!BN_copy(aa, m)) +-- +2.17.1 + diff --git a/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch b/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch new file mode 100644 index 0000000..865ffa3 --- /dev/null +++ b/backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch @@ -0,0 +1,37 @@ +From cd2471cd797ae5a6355814bb14a176af6a7d883f Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 14:21:01 +1100 +Subject: [PATCH] Fix Coverity 1498611 & 1498608: uninitialised read + +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17893) + +(cherry picked from commit 09134f183f76539aa1294adfef10fcc694e90267) +--- + ssl/ssl_lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index 9c411a3293..7383badce3 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -2084,6 +2084,7 @@ int SSL_shutdown(SSL *s) + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + ++ memset(&args, 0, sizeof(args)); + args.s = s; + args.type = OTHERFUNC; + args.f.func_other = s->method->ssl_shutdown; +@@ -3709,6 +3710,7 @@ int SSL_do_handshake(SSL *s) + if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) { + struct ssl_async_args args; + ++ memset(&args, 0, sizeof(args)); + args.s = s; + + ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern); +-- +2.17.1 + diff --git a/backport-Fix-a-crash-in-asn1_item_embed_new.patch b/backport-Fix-a-crash-in-asn1_item_embed_new.patch new file mode 100644 index 0000000..45a3582 --- /dev/null +++ b/backport-Fix-a-crash-in-asn1_item_embed_new.patch @@ -0,0 +1,93 @@ +From 8e60f41d064786f95440e4c56660ffe9777783d7 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Fri, 20 May 2022 08:02:47 +0200 +Subject: [PATCH] Fix a crash in asn1_item_embed_new + +This happens usually if an template object is created +and there is an out of memory error before the ASN1_OP_NEW_POST +method is called, but asn1_item_embed_free calls now the +ASN1_OP_FREE_POST which may crash because the object is not +properly initialized. Apparently that is only an issue with +the ASN1_OP_FREE_POST handling of crypot/x509/x_crl.c, which +ought to be tolerant to incomplete initialized objects. + +The error can be reproduced with the reproducible error injection patch: + +$ ERROR_INJECT=1652890550 ../util/shlib_wrap.sh ./asn1-test ./corpora/asn1/0ff17293911f54d1538b9896563a4048d67d9ee4 + #0 0x7faae9dbeeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 + #1 0x408dc4 in my_malloc fuzz/test-corpus.c:114 + #2 0x7faae99f2430 in CRYPTO_zalloc crypto/mem.c:230 + #3 0x7faae97f09e5 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 + #4 0x7faae98118f7 in asn1_primitive_new crypto/asn1/tasn_new.c:318 + #5 0x7faae9812401 in asn1_item_embed_new crypto/asn1/tasn_new.c:78 + #6 0x7faae9812401 in asn1_template_new crypto/asn1/tasn_new.c:240 + #7 0x7faae9812315 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 + #8 0x7faae9812315 in asn1_template_new crypto/asn1/tasn_new.c:240 + #9 0x7faae9812a54 in asn1_item_embed_new crypto/asn1/tasn_new.c:137 + #10 0x7faae9812a54 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 + #11 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 + #12 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 + #13 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #14 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #15 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #16 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 + #17 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #18 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #19 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #20 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 + #21 0x40893b in testfile fuzz/test-corpus.c:182 + #22 0x406b86 in main fuzz/test-corpus.c:226 + #23 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +AddressSanitizer:DEADLYSIGNAL +================================================================= +==1194==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000010 (pc 0x7faae9b0625f bp 0x7fffffe41a00 sp 0x7fffffe41920 T0) +==1194==The signal is caused by a READ memory access. +==1194==Hint: address points to the zero page. + #0 0x7faae9b0625f in crl_cb crypto/x509/x_crl.c:258 + #1 0x7faae9811255 in asn1_item_embed_free crypto/asn1/tasn_fre.c:113 + #2 0x7faae9812a65 in asn1_item_embed_new crypto/asn1/tasn_new.c:150 + #3 0x7faae9812a65 in ASN1_item_ex_new crypto/asn1/tasn_new.c:39 + #4 0x7faae980be51 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:325 + #5 0x7faae980c813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 + #6 0x7faae980d288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #7 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #8 0x7faae980caf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #9 0x7faae980d7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 + #10 0x7faae980b9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #11 0x7faae980dd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #12 0x7faae980de35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #13 0x40712c in FuzzerTestOneInput fuzz/asn1.c:301 + #14 0x40893b in testfile fuzz/test-corpus.c:182 + #15 0x406b86 in main fuzz/test-corpus.c:226 + #16 0x7faae8eb1f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +AddressSanitizer can not provide additional info. +SUMMARY: AddressSanitizer: SEGV crypto/x509/x_crl.c:258 in crl_cb +==1194==ABORTING + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18360) + +(cherry picked from commit 557825acd622f98fc21423aba092e374db84f483) +--- + crypto/x509/x_crl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c +index c9762f9e23..9af39a45fc 100644 +--- a/crypto/x509/x_crl.c ++++ b/crypto/x509/x_crl.c +@@ -255,7 +255,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + break; + + case ASN1_OP_FREE_POST: +- if (crl->meth->crl_free) { ++ if (crl->meth != NULL && crl->meth->crl_free != NULL) { + if (!crl->meth->crl_free(crl)) + return 0; + } +-- +2.17.1 + diff --git a/backport-Fix-a-crash-in-ssl_security_cert_chain.patch b/backport-Fix-a-crash-in-ssl_security_cert_chain.patch new file mode 100644 index 0000000..234a783 --- /dev/null +++ b/backport-Fix-a-crash-in-ssl_security_cert_chain.patch @@ -0,0 +1,88 @@ +From 4a28f8451fbc1848fd2d1b99203a7c75876123f6 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sun, 22 May 2022 20:12:56 +0200 +Subject: [PATCH] Fix a crash in ssl_security_cert_chain + +Prior to the crash there is an out of memory error +in X509_verify_cert which makes the chain NULL or +empty. The error is ignored by ssl_add_cert_chain, +and ssl_security_cert_chain crashes due to the +unchecked null pointer. + +This is reproducible with my error injection patch. + +The test vector has been validated on the 1.1.1 branch +but the issue is of course identical in all branches. + +$ ERROR_INJECT=1652848273 ../util/shlib_wrap.sh ./server-test ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8# ./corpora/server/47c8e933c4ec66fa3c309422283dfe0f31aafae8 + #0 0x7f3a8f766eba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 + #1 0x403ba4 in my_malloc fuzz/test-corpus.c:114 + #2 0x7f3a8f39a430 in CRYPTO_zalloc crypto/mem.c:230 + #3 0x7f3a8f46bd3b in sk_reserve crypto/stack/stack.c:180 + #4 0x7f3a8f46bd3b in OPENSSL_sk_insert crypto/stack/stack.c:242 + #5 0x7f3a8f4a4fd8 in sk_X509_push include/openssl/x509.h:99 + #6 0x7f3a8f4a4fd8 in X509_verify_cert crypto/x509/x509_vfy.c:286 + #7 0x7f3a8fed726e in ssl_add_cert_chain ssl/statem/statem_lib.c:959 + #8 0x7f3a8fed726e in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 + #9 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 + #10 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 + #11 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 + #12 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 + #13 0x403202 in FuzzerTestOneInput fuzz/server.c:740 + #14 0x40371b in testfile fuzz/test-corpus.c:182 + #15 0x402856 in main fuzz/test-corpus.c:226 + #16 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + #17 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) + +AddressSanitizer:DEADLYSIGNAL +================================================================= +==8400==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000158 (pc 0x7f3a8f4d822f bp 0x7ffc39b76190 sp 0x7ffc39b760a0 T0) +==8400==The signal is caused by a READ memory access. +==8400==Hint: address points to the zero page. + #0 0x7f3a8f4d822f in x509v3_cache_extensions crypto/x509v3/v3_purp.c:386 + #1 0x7f3a8f4d9d3a in X509_check_purpose crypto/x509v3/v3_purp.c:84 + #2 0x7f3a8f4da02a in X509_get_extension_flags crypto/x509v3/v3_purp.c:921 + #3 0x7f3a8feff7d2 in ssl_security_cert_sig ssl/t1_lib.c:2518 + #4 0x7f3a8feff7d2 in ssl_security_cert ssl/t1_lib.c:2542 + #5 0x7f3a8feffa03 in ssl_security_cert_chain ssl/t1_lib.c:2562 + #6 0x7f3a8fed728d in ssl_add_cert_chain ssl/statem/statem_lib.c:963 + #7 0x7f3a8fed728d in ssl3_output_cert_chain ssl/statem/statem_lib.c:1015 + #8 0x7f3a8fee1c50 in tls_construct_server_certificate ssl/statem/statem_srvr.c:3812 + #9 0x7f3a8feb8b0a in write_state_machine ssl/statem/statem.c:843 + #10 0x7f3a8feb8b0a in state_machine ssl/statem/statem.c:443 + #11 0x7f3a8fe84b3f in SSL_do_handshake ssl/ssl_lib.c:3718 + #12 0x403202 in FuzzerTestOneInput fuzz/server.c:740 + #13 0x40371b in testfile fuzz/test-corpus.c:182 + #14 0x402856 in main fuzz/test-corpus.c:226 + #15 0x7f3a8e859f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + #16 0x402936 (/home/ed/OPC/openssl/fuzz/server-test+0x402936) + +AddressSanitizer can not provide additional info. +SUMMARY: AddressSanitizer: SEGV crypto/x509v3/v3_purp.c:386 in x509v3_cache_extensions +==8400==ABORTING + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18376) + +(cherry picked from commit dc0ef292f7df4ce0c49c64b47726a6768f9ac044) +--- + ssl/t1_lib.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index b1d3add187..4de4623a49 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2555,6 +2555,8 @@ int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy) + int rv, start_idx, i; + if (x == NULL) { + x = sk_X509_value(sk, 0); ++ if (x == NULL) ++ return ERR_R_INTERNAL_ERROR; + start_idx = 1; + } else + start_idx = 0; +-- +2.17.1 + diff --git a/backport-Fix-a-memory-leak-in-crl_set_issuers.patch b/backport-Fix-a-memory-leak-in-crl_set_issuers.patch new file mode 100644 index 0000000..803b727 --- /dev/null +++ b/backport-Fix-a-memory-leak-in-crl_set_issuers.patch @@ -0,0 +1,118 @@ +From 8754fa5f60ac4fdb5127f2eded9c7bbe0651c880 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Sat, 21 May 2022 07:50:46 +0200 +Subject: [PATCH] Fix a memory leak in crl_set_issuers + +This can be reproduced with my error injection patch. + +The test vector has been validated on the 1.1.1 branch +but the issue is of course identical in all branches. + +$ ERROR_INJECT=1653520461 ../util/shlib_wrap.sh ./cms-test ./corpora/cms/3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1 +log file: cms-3eff1d2f1232bd66d5635db2c3f9e7f23830dfd1-32454-test.out +ERROR_INJECT=1653520461 + #0 0x7fd5d8b8eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87 + #1 0x402fc4 in my_realloc fuzz/test-corpus.c:129 + #2 0x7fd5d8893c49 in sk_reserve crypto/stack/stack.c:198 + #3 0x7fd5d8893c49 in OPENSSL_sk_insert crypto/stack/stack.c:242 + #4 0x7fd5d88d6d7f in sk_GENERAL_NAMES_push include/openssl/x509v3.h:168 + #5 0x7fd5d88d6d7f in crl_set_issuers crypto/x509/x_crl.c:111 + #6 0x7fd5d88d6d7f in crl_cb crypto/x509/x_crl.c:246 + #7 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 + #8 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #9 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #10 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 + #11 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 + #12 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #13 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #14 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 + #15 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #16 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #17 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #18 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 + #19 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #20 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #21 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #22 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 + #23 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 + #24 0x402bbb in testfile fuzz/test-corpus.c:182 + #25 0x402626 in main fuzz/test-corpus.c:226 + #26 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + #27 0x402706 (/home/ed/OPC/openssl/fuzz/cms-test+0x402706) + +================================================================= +==29625==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 32 byte(s) in 1 object(s) allocated from: + #0 0x7fd5d8b8309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fd5d87c2430 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fd5d889501f in OPENSSL_sk_new_reserve crypto/stack/stack.c:209 + #3 0x7fd5d85dcbc3 in sk_ASN1_VALUE_new_null include/openssl/asn1t.h:928 + #4 0x7fd5d85dcbc3 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:577 + #5 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #6 0x7fd5d85db104 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:178 + #7 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #8 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #9 0x7fd5d88f86d9 in X509V3_EXT_d2i crypto/x509v3/v3_lib.c:142 + #10 0x7fd5d88d6d3c in crl_set_issuers crypto/x509/x_crl.c:97 + #11 0x7fd5d88d6d3c in crl_cb crypto/x509/x_crl.c:246 + #12 0x7fd5d85dc032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432 + #13 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #14 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #15 0x7fd5d85db2b5 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:259 + #16 0x7fd5d85dc813 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:611 + #17 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #18 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #19 0x7fd5d85dca28 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:633 + #20 0x7fd5d85dd288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518 + #21 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #22 0x7fd5d85dcaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643 + #23 0x7fd5d85dd7d3 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:494 + #24 0x7fd5d85db9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382 + #25 0x7fd5d85ddd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124 + #26 0x7fd5d85dde35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114 + #27 0x7fd5d85a77e0 in ASN1_item_d2i_bio crypto/asn1/a_d2i_fp.c:69 + #28 0x402845 in FuzzerTestOneInput fuzz/cms.c:43 + #29 0x402bbb in testfile fuzz/test-corpus.c:182 + #30 0x402626 in main fuzz/test-corpus.c:226 + #31 0x7fd5d7c81f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18391) + +(cherry picked from commit e9007e09792e3735d4973743634ff55d354fc7d8) +--- + crypto/x509/x_crl.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/crypto/x509/x_crl.c b/crypto/x509/x_crl.c +index 9af39a45fc..a4e4a415de 100644 +--- a/crypto/x509/x_crl.c ++++ b/crypto/x509/x_crl.c +@@ -103,13 +103,17 @@ static int crl_set_issuers(X509_CRL *crl) + + if (gtmp) { + gens = gtmp; +- if (!crl->issuers) { ++ if (crl->issuers == NULL) { + crl->issuers = sk_GENERAL_NAMES_new_null(); +- if (!crl->issuers) ++ if (crl->issuers == NULL) { ++ GENERAL_NAMES_free(gtmp); + return 0; ++ } + } +- if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) ++ if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) { ++ GENERAL_NAMES_free(gtmp); + return 0; ++ } + } + rev->issuer = gens; + +-- +2.17.1 + diff --git a/backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch b/backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch new file mode 100644 index 0000000..a209f0e --- /dev/null +++ b/backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch @@ -0,0 +1,61 @@ +From 8e1ece20cdb4a584be5311370256c4e813c09826 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Fri, 20 May 2022 16:15:44 +0200 +Subject: [PATCH] Fix a memory leak in ec_key_simple_oct2priv + +This is reproducible with my error injection patch: + +$ ERROR_INJECT=1652710284 ../util/shlib_wrap.sh ./server-test ./corpora/server/4e48da8aecce6b9b58e8e4dbbf0523e6d2dd56dc +140587884632000:error:03078041:bignum routines:bn_expand_internal:malloc failure:crypto/bn/bn_lib.c:282: +140587884632000:error:10103003:elliptic curve routines:ec_key_simple_oct2priv:BN lib:crypto/ec/ec_key.c:662: +140587884632000:error:100DE08E:elliptic curve routines:old_ec_priv_decode:decode error:crypto/ec/ec_ameth.c:464: +140587884632000:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149: +140587884632000:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=X509_ALGOR +140587884632000:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:646:Field=pkeyalg, Type=PKCS8_PRIV_KEY_INFO +140587884632000:error:0907B00D:PEM routines:PEM_read_bio_PrivateKey:ASN1 lib:crypto/pem/pem_pkey.c:88: + +================================================================= +==19676==ERROR: LeakSanitizer: detected memory leaks + +Direct leak of 24 byte(s) in 1 object(s) allocated from: + #0 0x7fdd2a6bb09f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69 + #1 0x7fdd2a2fa430 in CRYPTO_zalloc crypto/mem.c:230 + #2 0x7fdd2a15df11 in BN_new crypto/bn/bn_lib.c:246 + #3 0x7fdd2a15df88 in BN_secure_new crypto/bn/bn_lib.c:257 + #4 0x7fdd2a247390 in ec_key_simple_oct2priv crypto/ec/ec_key.c:655 + #5 0x7fdd2a241fc5 in d2i_ECPrivateKey crypto/ec/ec_asn1.c:1030 + #6 0x7fdd2a23dac5 in old_ec_priv_decode crypto/ec/ec_ameth.c:463 + #7 0x7fdd2a109db7 in d2i_PrivateKey crypto/asn1/d2i_pr.c:46 + #8 0x7fdd2a33ab16 in PEM_read_bio_PrivateKey crypto/pem/pem_pkey.c:84 + #9 0x7fdd2a3330b6 in PEM_read_bio_ECPrivateKey crypto/pem/pem_all.c:151 + #10 0x402dba in FuzzerTestOneInput fuzz/server.c:592 + #11 0x40370b in testfile fuzz/test-corpus.c:182 + #12 0x402846 in main fuzz/test-corpus.c:226 + #13 0x7fdd297b9f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44) + +SUMMARY: AddressSanitizer: 24 byte(s) leaked in 1 allocation(s). + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/18361) +--- + crypto/ec/ec_key.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c +index 23efbd015c..27d5a43b5f 100644 +--- a/crypto/ec/ec_key.c ++++ b/crypto/ec/ec_key.c +@@ -657,8 +657,7 @@ int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len) + ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE); + return 0; + } +- eckey->priv_key = BN_bin2bn(buf, len, eckey->priv_key); +- if (eckey->priv_key == NULL) { ++ if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) { + ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB); + return 0; + } +-- +2.17.1 + diff --git a/backport-Fix-coverity-1498607-uninitialised-value.patch b/backport-Fix-coverity-1498607-uninitialised-value.patch new file mode 100644 index 0000000..7fa0599 --- /dev/null +++ b/backport-Fix-coverity-1498607-uninitialised-value.patch @@ -0,0 +1,29 @@ +From 2f1c42553dbaac97d38657cd1ac1209ef4c11e78 Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 16 Mar 2022 14:45:44 +1100 +Subject: [PATCH] Fix coverity 1498607: uninitialised value + +Reviewed-by: Tim Hudson +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17897) + +(cherry picked from commit 70cd9a51911e9a4e2f24e29ddd84fa9fcb778b63) +--- + crypto/ec/ecp_nistz256.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/ec/ecp_nistz256.c b/crypto/ec/ecp_nistz256.c +index 5005249b05..43eab75fa7 100644 +--- a/crypto/ec/ecp_nistz256.c ++++ b/crypto/ec/ecp_nistz256.c +@@ -973,6 +973,7 @@ __owur static int ecp_nistz256_points_mul(const EC_GROUP *group, + return 0; + } + ++ memset(&p, 0, sizeof(p)); + BN_CTX_start(ctx); + + if (scalar) { +-- +2.17.1 + diff --git a/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch b/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch new file mode 100644 index 0000000..71df3f0 --- /dev/null +++ b/backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch @@ -0,0 +1,62 @@ +From eed53b9addd097a5d39f896b05aa857d6f29b245 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Fri, 11 Mar 2022 08:36:11 +0000 +Subject: [PATCH] Fix integer overflow in evp_EncryptDecryptUpdate + +Fixes #17871. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/17872) +--- + crypto/evp/evp_enc.c | 8 +++++--- + crypto/evp/evp_local.h | 2 +- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c +index d835968f25..b8b9d90d36 100644 +--- a/crypto/evp/evp_enc.c ++++ b/crypto/evp/evp_enc.c +@@ -281,7 +281,7 @@ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, + # define PTRDIFF_T size_t + #endif + +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len) ++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len) + { + PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2; + /* +@@ -299,7 +299,8 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int i, j, bl, cmpl = inl; ++ int i, j, bl; ++ size_t cmpl = (size_t)inl; + + if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) + cmpl = (cmpl + 7) / 8; +@@ -464,8 +465,9 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) + int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, + const unsigned char *in, int inl) + { +- int fix_len, cmpl = inl; ++ int fix_len; + unsigned int b; ++ size_t cmpl = (size_t)inl; + + /* Prevent accidental use of encryption context when decrypting */ + if (ctx->encrypt) { +diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h +index f1589d6828..cd3c1cf148 100644 +--- a/crypto/evp/evp_local.h ++++ b/crypto/evp/evp_local.h +@@ -65,4 +65,4 @@ struct evp_Encode_Ctx_st { + typedef struct evp_pbe_st EVP_PBE_CTL; + DEFINE_STACK_OF(EVP_PBE_CTL) + +-int is_partially_overlapping(const void *ptr1, const void *ptr2, int len); ++int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len); +-- +2.17.1 + diff --git a/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch b/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch new file mode 100644 index 0000000..681863a --- /dev/null +++ b/backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch @@ -0,0 +1,80 @@ +From add8c29badb315cb8137655893826562ff12a581 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Thu, 3 Mar 2022 17:27:23 +0000 +Subject: [PATCH] Fix issue where OBJ_nid2obj doesn't always raise an error + +This was previously fixed in 3.0 but not 1.1. + +Fixes #13008. + +Reviewed-by: Tomas Mraz +Reviewed-by: Matt Caswell +Reviewed-by: Todd Short +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/17808) +--- + crypto/objects/obj_dat.c | 5 +++-- + test/asn1_internal_test.c | 27 +++++++++++++++++++++++++++ + 2 files changed, 30 insertions(+), 2 deletions(-) + +diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c +index 46006fe6cf..a501ca104b 100644 +--- a/crypto/objects/obj_dat.c ++++ b/crypto/objects/obj_dat.c +@@ -228,9 +228,10 @@ ASN1_OBJECT *OBJ_nid2obj(int n) + return NULL; + } + return (ASN1_OBJECT *)&(nid_objs[n]); +- } else if (added == NULL) ++ } else if (added == NULL) { ++ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); + return NULL; +- else { ++ } else { + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; +diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c +index 865e058421..caca0cb15e 100644 +--- a/test/asn1_internal_test.c ++++ b/test/asn1_internal_test.c +@@ -107,9 +107,36 @@ static int test_standard_methods(void) + return 0; + } + ++/********************************************************************** ++ * ++ * Regression test for issue where OBJ_nid2obj does not raise ++ * an error when a NID is not registered. ++ * ++ ***/ ++static int test_nid2obj_nonexist(void) ++{ ++ ASN1_OBJECT *obj; ++ unsigned long err; ++ ++ obj = OBJ_nid2obj(INT_MAX); ++ if (!TEST_true(obj == NULL)) ++ return 0; ++ ++ err = ERR_get_error(); ++ ++ if (!TEST_int_eq(ERR_GET_FUNC(err), OBJ_F_OBJ_NID2OBJ)) ++ return 0; ++ ++ if (!TEST_int_eq(ERR_GET_REASON(err), OBJ_R_UNKNOWN_NID)) ++ return 0; ++ ++ return 1; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_tbl_standard); + ADD_TEST(test_standard_methods); ++ ADD_TEST(test_nid2obj_nonexist); + return 1; + } +-- +2.17.1 + diff --git a/backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch b/backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch new file mode 100644 index 0000000..f631983 --- /dev/null +++ b/backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch @@ -0,0 +1,61 @@ +From 6ef91d8153e04a2302bff11b29caf7e888b62fe8 Mon Sep 17 00:00:00 2001 +From: basavesh +Date: Tue, 5 Apr 2022 17:49:09 +0200 +Subject: [PATCH] Fix leakage when the cacheline is 32-bytes in + CBC_MAC_ROTATE_IN_PLACE + +rotated_mac is a 64-byte aligned buffer of size 64 and rotate_offset is secret. +Consider a weaker leakage model(CL) where only cacheline base address is leaked, +i.e address/32 for 32-byte cacheline(CL32). + +Previous code used to perform two loads + 1. rotated_mac[rotate_offset ^ 32] and + 2. rotated_mac[rotate_offset++] +which would leak 2q + 1, 2q for 0 <= rotate_offset < 32 +and 2q, 2q + 1 for 32 <= rotate_offset < 64 + +The proposed fix performs load operations which will always leak 2q, 2q + 1 and +selects the appropriate value in constant-time. + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18050) +--- + ssl/record/ssl3_record.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c +index f158544789..69f1a64cb3 100644 +--- a/ssl/record/ssl3_record.c ++++ b/ssl/record/ssl3_record.c +@@ -1532,6 +1532,7 @@ int ssl3_cbc_copy_mac(unsigned char *out, + #if defined(CBC_MAC_ROTATE_IN_PLACE) + unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE]; + unsigned char *rotated_mac; ++ char aux1, aux2, aux3, mask; + #else + unsigned char rotated_mac[EVP_MAX_MD_SIZE]; + #endif +@@ -1581,9 +1582,16 @@ int ssl3_cbc_copy_mac(unsigned char *out, + #if defined(CBC_MAC_ROTATE_IN_PLACE) + j = 0; + for (i = 0; i < md_size; i++) { +- /* in case cache-line is 32 bytes, touch second line */ +- ((volatile unsigned char *)rotated_mac)[rotate_offset ^ 32]; +- out[j++] = rotated_mac[rotate_offset++]; ++ /* ++ * in case cache-line is 32 bytes, ++ * load from both lines and select appropriately ++ */ ++ aux1 = rotated_mac[rotate_offset & ~32]; ++ aux2 = rotated_mac[rotate_offset | 32]; ++ mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset); ++ aux3 = constant_time_select_8(mask, aux1, aux2); ++ out[j++] = aux3; ++ rotate_offset++; + rotate_offset &= constant_time_lt_s(rotate_offset, md_size); + } + #else +-- +2.17.1 + diff --git a/backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch b/backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch new file mode 100644 index 0000000..072a737 --- /dev/null +++ b/backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch @@ -0,0 +1,41 @@ +From e4b84b7514e5cbcbfc80e31b4ce609c7584e14bb Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Fri, 20 May 2022 16:54:41 +0200 +Subject: [PATCH] Fix undefined behaviour in EC_GROUP_new_from_ecparameters + +This happens for instance with +fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a +and causes the OPENSSL_malloc below to choke on the +zero length allocation request. + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18363) +--- + crypto/ec/ec_asn1.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 4335b3da1a..ad9a54dc50 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -751,6 +751,16 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) + + /* extract seed (optional) */ + if (params->curve->seed != NULL) { ++ /* ++ * This happens for instance with ++ * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a ++ * and causes the OPENSSL_malloc below to choke on the ++ * zero length allocation request. ++ */ ++ if (params->curve->seed->length == 0) { ++ ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); ++ goto err; ++ } + OPENSSL_free(ret->seed); + if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE); +-- +2.17.1 + diff --git a/backport-Set-protocol-in-init_client.patch b/backport-Set-protocol-in-init_client.patch new file mode 100644 index 0000000..e2b3841 --- /dev/null +++ b/backport-Set-protocol-in-init_client.patch @@ -0,0 +1,33 @@ +From 3aeed22c593ae036c2503ac07276768c82fe5782 Mon Sep 17 00:00:00 2001 +From: Todd Short +Date: Tue, 8 Mar 2022 09:36:43 -0500 +Subject: [PATCH] Set protocol in init_client() + +If TCP is being used, protocol = 0 is passed to init_client(), then +protocol == IPPROTO_TCP fails when attempting to set BIO_SOCK_NODELAY. + +Reviewed-by: Tomas Mraz +Reviewed-by: Tim Hudson +(Merged from https://github.com/openssl/openssl/pull/17838) + +(cherry picked from commit 54b6755702309487ea860e1cc3e60ccef4cf7878) +--- + apps/s_socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/apps/s_socket.c b/apps/s_socket.c +index aee366d5f4..a518d56200 100644 +--- a/apps/s_socket.c ++++ b/apps/s_socket.c +@@ -147,7 +147,7 @@ int init_client(int *sock, const char *host, const char *port, + #endif + + if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai), +- protocol == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { ++ BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) { + BIO_closesocket(*sock); + *sock = INVALID_SOCKET; + continue; +-- +2.17.1 + diff --git a/backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch b/backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch new file mode 100644 index 0000000..e437535 --- /dev/null +++ b/backport-ticket_lifetime_hint-may-exceed-1-week-in-TLSv1.3.patch @@ -0,0 +1,156 @@ +From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001 +From: Todd Short +Date: Wed, 23 Mar 2022 18:55:10 -0400 +Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3 + +For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446 + +Fixes #17948 + +Reviewed-by: Tomas Mraz +Reviewed-by: Tim Hudson +(Merged from https://github.com/openssl/openssl/pull/17952) + +(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492) +--- + doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++ + ssl/statem/statem_srvr.c | 21 ++++++++---- + test/sslapitest.c | 59 ++++++++++++++++++++++++++++++++ + 3 files changed, 84 insertions(+), 6 deletions(-) + +diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod +index c32585e45f..54592654ff 100644 +--- a/doc/man3/SSL_CTX_set_timeout.pod ++++ b/doc/man3/SSL_CTX_set_timeout.pod +@@ -42,6 +42,16 @@ basis, see L. + All currently supported protocols have the same default timeout value + of 300 seconds. + ++This timeout value is used as the ticket lifetime hint for stateless session ++tickets. It is also used as the timeout value within the ticket itself. ++ ++For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800 ++seconds). ++ ++For TLSv1.2, tickets generated during an initial handshake use the value ++as specified. Tickets generated during a resumed handshake have a value ++of 0 for the ticket lifetime hint. ++ + =head1 RETURN VALUES + + SSL_CTX_set_timeout() returns the previously set timeout value. +diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c +index d701c46b43..79cfd1d835 100644 +--- a/ssl/statem/statem_srvr.c ++++ b/ssl/statem/statem_srvr.c +@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt) + static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add, + unsigned char *tick_nonce) + { ++ uint32_t timeout = (uint32_t)s->session->timeout; ++ + /* +- * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this +- * unspecified for resumed session (for simplicity). ++ * Ticket lifetime hint: + * In TLSv1.3 we reset the "time" field above, and always specify the +- * timeout. ++ * timeout, limited to a 1 week period per RFC8446. ++ * For TLSv1.2 this is advisory only and we leave this unspecified for ++ * resumed session (for simplicity). + */ +- if (!WPACKET_put_bytes_u32(pkt, +- (s->hit && !SSL_IS_TLS13(s)) +- ? 0 : s->session->timeout)) { ++#define ONE_WEEK_SEC (7 * 24 * 60 * 60) ++ ++ if (SSL_IS_TLS13(s)) { ++ if (s->session->timeout > ONE_WEEK_SEC) ++ timeout = ONE_WEEK_SEC; ++ } else if (s->hit) ++ timeout = 0; ++ ++ if (!WPACKET_put_bytes_u32(pkt, timeout)) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL, + ERR_R_INTERNAL_ERROR); + return 0; +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 21322ceec5..09a732f577 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -6734,6 +6734,64 @@ end: + SSL_CTX_free(cctx); + return testresult; + } ++ ++/* ++ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week ++ * 0 = TLSv1.2 ++ * 1 = TLSv1.3 ++ */ ++static int test_ticket_lifetime(int idx) ++{ ++ SSL_CTX *cctx = NULL, *sctx = NULL; ++ SSL *clientssl = NULL, *serverssl = NULL; ++ int testresult = 0; ++ int version = TLS1_3_VERSION; ++ ++#define ONE_WEEK_SEC (7 * 24 * 60 * 60) ++#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC) ++ ++ if (idx == 0) { ++ version = TLS1_2_VERSION; ++ } ++ ++ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), ++ TLS_client_method(), version, version, ++ &sctx, &cctx, cert, privkey))) ++ goto end; ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, ++ &clientssl, NULL, NULL))) ++ goto end; ++ ++ /* ++ * Set the timeout to be more than 1 week ++ * make sure the returned value is the default ++ */ ++ if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC), ++ SSL_get_default_timeout(serverssl))) ++ goto end; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) ++ goto end; ++ ++ if (idx == 0) { ++ /* TLSv1.2 uses the set value */ ++ if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC)) ++ goto end; ++ } else { ++ /* TLSv1.3 uses the limited value */ ++ if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC)) ++ goto end; ++ } ++ testresult = 1; ++ ++end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ return testresult; ++} + #endif + /* + * Test that setting an ALPN does not violate RFC +@@ -6973,6 +7031,7 @@ int setup_tests(void) + #endif + #ifndef OPENSSL_NO_TLS1_3 + ADD_TEST(test_sni_tls13); ++ ADD_ALL_TESTS(test_ticket_lifetime, 2); + #endif + ADD_TEST(test_set_alpn); + ADD_TEST(test_inherit_verify_param); +-- +2.17.1 + diff --git a/backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch b/backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch new file mode 100644 index 0000000..1773689 --- /dev/null +++ b/backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch @@ -0,0 +1,39 @@ +From 91db522f31981b3fafdec4120de1027e8bc4d792 Mon Sep 17 00:00:00 2001 +From: Daniel Fiala +Date: Mon, 18 Apr 2022 11:30:13 +0200 +Subject: [PATCH] x509: use actual issuer name if a CA is used + +Fixes openssl#16080. + +Reviewed-by: Ben Kaduk +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/18129) +--- + apps/x509.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/apps/x509.c b/apps/x509.c +index 1043eba0c8..2329d9b2d4 100644 +--- a/apps/x509.c ++++ b/apps/x509.c +@@ -590,6 +590,8 @@ int x509_main(int argc, char **argv) + xca = load_cert(CAfile, CAformat, "CA Certificate"); + if (xca == NULL) + goto end; ++ if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) ++ goto end; + } + + out = bio_open_default(outfile, 'w', outformat); +@@ -987,8 +989,6 @@ static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *diges + goto end; + } + +- if (!X509_set_issuer_name(x, X509_get_subject_name(xca))) +- goto end; + if (!X509_set_serialNumber(x, bs)) + goto end; + +-- +2.17.1 + diff --git a/openssl.spec b/openssl.spec index 6cffe0b..ebf0dce 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1f -Release: 29 +Release: 30 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay and GPLv2+ URL: https://www.openssl.org/ @@ -115,6 +115,21 @@ Patch104: backport-CVE-2023-3817-testcase.patch Patch105: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch Patch106: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch Patch107: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch +Patch108: backport-Fix-integer-overflow-in-evp_EncryptDecryptUpdate.patch +Patch109: backport-Fix-Coverity-1201763-uninitialised-pointer-read.patch +Patch110: backport-Fix-Coverity-1498611-1498608-uninitialised-read.patch +Patch111: backport-Fix-coverity-1498607-uninitialised-value.patch +Patch112: backport-Fix-issue-where-OBJ_nid2obj-doesn-t-always-raise-an-.patch +Patch113: backport-Set-protocol-in-init_client.patch +Patch114: backport-Fix-a-crash-in-ssl_security_cert_chain.patch +Patch115: backport-Fix-undefined-behaviour-in-EC_GROUP_new_from_ecparam.patch +Patch116: backport-Fix-a-memory-leak-in-ec_key_simple_oct2priv.patch +Patch117: backport-Fix-a-crash-in-asn1_item_embed_new.patch +Patch118: backport-Fix-leakage-when-the-cacheline-is-32-bytes-in-CBC_MA.patch +Patch119: backport-Add-test-for-empty-supported-groups-extension.patch +Patch120: backport-Do-not-send-an-empty-supported-groups-extension.patch +Patch121: backport-x509-use-actual-issuer-name-if-a-CA-is-used.patch +Patch122: backport-Fix-a-memory-leak-in-crl_set_issuers.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -298,6 +313,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Mon Nov 27 2023 wangcheng - 1:1.1.1f-30 +- backport some upstream patches + * Tue Nov 14 2023 fangxiuning - 1:1.1.1f-29 - fix CVE-2023-5678 -- Gitee