From 806643a9592ab61ff6ad4c5125111a5991378823 Mon Sep 17 00:00:00 2001 From: wangcheng Date: Mon, 18 Dec 2023 20:32:52 +0800 Subject: [PATCH] backport some patches --- backport-Fix-EVP_PKEY_asn1_copy.patch | 52 ++++++ ...a-possbile-memleak-in-rsa_pub_encode.patch | 66 +++++++ ...ossible-memleak-in-eckey_priv_encode.patch | 76 ++++++++ ...andling-in-CMS_EncryptedData_encrypt.patch | 170 ++++++++++++++++++ openssl.spec | 9 +- 5 files changed, 372 insertions(+), 1 deletion(-) create mode 100644 backport-Fix-EVP_PKEY_asn1_copy.patch create mode 100644 backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch create mode 100644 backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch create mode 100644 backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch diff --git a/backport-Fix-EVP_PKEY_asn1_copy.patch b/backport-Fix-EVP_PKEY_asn1_copy.patch new file mode 100644 index 0000000..ccfe909 --- /dev/null +++ b/backport-Fix-EVP_PKEY_asn1_copy.patch @@ -0,0 +1,52 @@ +From 47793328424b4d61956eb7c06d601680c233987d Mon Sep 17 00:00:00 2001 +From: hangze +Date: Thu, 3 Aug 2023 03:38:29 +0000 +Subject: [PATCH] Fix EVP_PKEY_asn1_copy + +Add the copy of the omitted ASN1 public key method and +other members. + +Reviewed-by: Bernd Edlinger +Reviewed-by: Dmitry Belyavskiy +(Merged from https://github.com/openssl/openssl/pull/21125) +--- + crypto/asn1/ameth_lib.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c +index 5e8c3ed1d5..228dbef40d 100644 +--- a/crypto/asn1/ameth_lib.c ++++ b/crypto/asn1/ameth_lib.c +@@ -264,6 +264,7 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + + dst->pkey_size = src->pkey_size; + dst->pkey_bits = src->pkey_bits; ++ dst->pkey_security_bits = src->pkey_security_bits; + + dst->param_decode = src->param_decode; + dst->param_encode = src->param_encode; +@@ -271,6 +272,7 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + dst->param_copy = src->param_copy; + dst->param_cmp = src->param_cmp; + dst->param_print = src->param_print; ++ dst->sig_print = src->sig_print; + + dst->pkey_free = src->pkey_free; + dst->pkey_ctrl = src->pkey_ctrl; +@@ -281,6 +283,13 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, + dst->siginf_set = src->siginf_set; + + dst->pkey_check = src->pkey_check; ++ dst->pkey_public_check = src->pkey_public_check; ++ dst->pkey_param_check = src->pkey_param_check; ++ ++ dst->set_priv_key = src->set_priv_key; ++ dst->set_pub_key = src->set_pub_key; ++ dst->get_priv_key = src->get_priv_key; ++ dst->get_pub_key = src->get_pub_key; + + } + +-- +2.33.0 + diff --git a/backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch b/backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch new file mode 100644 index 0000000..a71ea61 --- /dev/null +++ b/backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch @@ -0,0 +1,66 @@ +From b13ef5e90a1d9c73f6c548ab5557a939a09744e0 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Thu, 7 Sep 2023 19:22:25 +0200 +Subject: [PATCH] Fix a possbile memleak in rsa_pub_encode + +That seems to be only an issue for RSA-PSS with parameters. +Spotted by code review, so it looks like there is no test coverage for this. + +Reviewed-by: Tomas Mraz +Reviewed-by: Hugo Landau +(Merged from https://github.com/openssl/openssl/pull/22007) +--- + crypto/rsa/rsa_ameth.c | 5 ++++- + test/recipes/15-test_rsapss.t | 10 +++++++++- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index 2c9c46ea53..63efd93798 100644 +--- a/crypto/rsa/rsa_ameth.c ++++ b/crypto/rsa/rsa_ameth.c +@@ -82,13 +82,16 @@ static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + if (!rsa_param_encode(pkey, &str, &strtype)) + return 0; + penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc); +- if (penclen <= 0) ++ if (penclen <= 0) { ++ ASN1_STRING_free(str); + return 0; ++ } + if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id), + strtype, str, penc, penclen)) + return 1; + + OPENSSL_free(penc); ++ ASN1_STRING_free(str); + return 0; + } + +diff --git a/test/recipes/15-test_rsapss.t b/test/recipes/15-test_rsapss.t +index 65ec6f3d75..61c13b6a49 100644 +--- a/test/recipes/15-test_rsapss.t ++++ b/test/recipes/15-test_rsapss.t +@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils; + + setup("test_rsapss"); + +-plan tests => 5; ++plan tests => 7; + + #using test/testrsa.pem which happens to be a 512 bit RSA + ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', +@@ -47,3 +47,11 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -prverify"); + unlink 'testrsapss.sig'; ++ ++ok(run(app(['openssl', 'genpkey', '-algorithm', 'RSA-PSS', '-pkeyopt', 'rsa_keygen_bits:1024', ++ '-pkeyopt', 'rsa_pss_keygen_md:SHA256', '-pkeyopt', 'rsa_pss_keygen_saltlen:10', ++ '-out', 'testrsapss.pem'])), ++ "openssl genpkey RSA-PSS with pss parameters"); ++ok(run(app(['openssl', 'pkey', '-in', 'testrsapss.pem', '-pubout', '-text'])), ++ "openssl pkey, execute rsa_pub_encode with pss parameters"); ++unlink 'testrsapss.pem'; +-- +2.33.0 + diff --git a/backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch b/backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch new file mode 100644 index 0000000..619c51d --- /dev/null +++ b/backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch @@ -0,0 +1,76 @@ +From 7c51c0e56a0f21912f4504c7a06c21eb4bc43c85 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Thu, 7 Sep 2023 17:38:50 +0200 +Subject: [PATCH] Fix a possible memleak in eckey_priv_encode + +Additionally use OPENSSL_clear_free on the private +key data in case of error. + +Reviewed-by: Tomas Mraz +Reviewed-by: Hugo Landau +(Merged from https://github.com/openssl/openssl/pull/22007) +--- + crypto/ec/ec_ameth.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c +index 5098bd7a66..c48b7cb754 100644 +--- a/crypto/ec/ec_ameth.c ++++ b/crypto/ec/ec_ameth.c +@@ -38,7 +38,6 @@ static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key) + ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); + + if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { +- ASN1_OBJECT_free(asn1obj); + ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID); + return 0; + } +@@ -98,9 +97,7 @@ static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) + ptype, pval, penc, penclen)) + return 1; + err: +- if (ptype == V_ASN1_OBJECT) +- ASN1_OBJECT_free(pval); +- else ++ if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); + OPENSSL_free(penc); + return 0; +@@ -256,24 +253,32 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) + + eplen = i2d_ECPrivateKey(&ec_key, NULL); + if (!eplen) { ++ if (ptype == V_ASN1_SEQUENCE) ++ ASN1_STRING_free(pval); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + return 0; + } + ep = OPENSSL_malloc(eplen); + if (ep == NULL) { ++ if (ptype == V_ASN1_SEQUENCE) ++ ASN1_STRING_free(pval); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); + return 0; + } + p = ep; + if (!i2d_ECPrivateKey(&ec_key, &p)) { +- OPENSSL_free(ep); ++ OPENSSL_clear_free(ep, eplen); ++ if (ptype == V_ASN1_SEQUENCE) ++ ASN1_STRING_free(pval); + ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB); + return 0; + } + + if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, + ptype, pval, ep, eplen)) { +- OPENSSL_free(ep); ++ OPENSSL_clear_free(ep, eplen); ++ if (ptype == V_ASN1_SEQUENCE) ++ ASN1_STRING_free(pval); + return 0; + } + +-- +2.33.0 + diff --git a/backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch b/backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch new file mode 100644 index 0000000..46e79f6 --- /dev/null +++ b/backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch @@ -0,0 +1,170 @@ +From 13dd772f61d149628a768d987828aa6dbc72fb31 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger +Date: Thu, 7 Sep 2023 18:05:44 +0200 +Subject: [PATCH] Fix error handling in CMS_EncryptedData_encrypt + +That caused several memory leaks in case of error. +Also when the CMS object that is created by CMS_EncryptedData_encrypt +is not used in the normal way, but instead just deleted +by CMS_ContentInfo_free some memory was lost. + +Fixes #21985 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/22008) +--- + crypto/cms/cms_asn1.c | 15 +++++++++++++-- + crypto/cms/cms_local.h | 1 + + crypto/cms/cms_sd.c | 14 +++++++++++++- + crypto/cms/cms_smime.c | 3 ++- + test/recipes/80-test_cms.t | 7 +++++++ + 7 files changed, 36 insertions(+), 4 deletions(-) + +diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c +index 08069d72a2..d006ada998 100644 +--- a/crypto/cms/cms_asn1.c ++++ b/crypto/cms/cms_asn1.c +@@ -51,6 +51,7 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, + EVP_PKEY_free(si->pkey); + X509_free(si->signer); + EVP_MD_CTX_free(si->mctx); ++ EVP_PKEY_CTX_free(si->pctx); + } + return 1; + } +@@ -89,11 +90,21 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = { + ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) + } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) + +-ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { ++static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, ++ void *exarg) ++{ ++ CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval; ++ ++ if (operation == ASN1_OP_FREE_POST) ++ OPENSSL_clear_free(ec->key, ec->keylen); ++ return 1; ++} ++ ++ASN1_NDEF_SEQUENCE_cb(CMS_EncryptedContentInfo, cms_ec_cb) = { + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), + ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), + ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) +-} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) ++} ASN1_NDEF_SEQUENCE_END_cb(CMS_EncryptedContentInfo, CMS_EncryptedContentInfo) + + ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { + ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32), +diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h +index a0ce4448f6..b275bddf75 100644 +--- a/crypto/cms/cms_local.h ++++ b/crypto/cms/cms_local.h +@@ -342,6 +342,7 @@ struct CMS_Receipt_st { + + DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) + DECLARE_ASN1_ITEM(CMS_SignerInfo) ++DECLARE_ASN1_ITEM(CMS_EncryptedContentInfo) + DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber) + DECLARE_ASN1_ITEM(CMS_Attributes_Sign) + DECLARE_ASN1_ITEM(CMS_Attributes_Verify) +diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c +index 3f2a782565..708b443704 100644 +--- a/crypto/cms/cms_sd.c ++++ b/crypto/cms/cms_sd.c +@@ -375,6 +375,8 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= + 0) + goto err; ++ else ++ EVP_MD_CTX_set_flags(si->mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + } + + if (!sd->signerInfos) +@@ -600,6 +602,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned int mdlen; + pctx = si->pctx; ++ si->pctx = NULL; + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) + goto err; + siglen = EVP_PKEY_size(si->pkey); +@@ -680,6 +683,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) + EVP_MD_CTX_reset(mctx); + if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) + goto err; ++ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + si->pctx = pctx; + } + +@@ -745,8 +749,13 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) + return -1; + } + mctx = si->mctx; ++ if (si->pctx != NULL) { ++ EVP_PKEY_CTX_free(si->pctx); ++ si->pctx = NULL; ++ } + if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) + goto err; ++ EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX); + + if (!cms_sd_asn1_ctrl(si, 1)) + goto err; +@@ -859,8 +868,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) + if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0) + goto err; + si->pctx = pkctx; +- if (!cms_sd_asn1_ctrl(si, 1)) ++ if (!cms_sd_asn1_ctrl(si, 1)) { ++ si->pctx = NULL; + goto err; ++ } ++ si->pctx = NULL; + r = EVP_PKEY_verify(pkctx, si->signature->data, + si->signature->length, mval, mlen); + if (r <= 0) { +diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c +index 6e7dbc4da1..8f3a9fbaeb 100644 +--- a/crypto/cms/cms_smime.c ++++ b/crypto/cms/cms_smime.c +@@ -211,7 +211,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + if (cms == NULL) + return NULL; + if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) +- return NULL; ++ goto err; + + if (!(flags & CMS_DETACHED)) + CMS_set_detached(cms, 0); +@@ -220,6 +220,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, + || CMS_final(cms, in, NULL, flags)) + return cms; + ++ err: + CMS_ContentInfo_free(cms); + return NULL; + } + +diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t +index adb60e1436..544d4466b5 100644 +--- a/test/recipes/80-test_cms.t ++++ b/test/recipes/80-test_cms.t +@@ -288,6 +288,13 @@ my @smime_cms_tests = ( + "-secretkey", "000102030405060708090A0B0C0D0E0F", "-out", "smtst.txt" ] + ], + ++ [ "encrypted content test streaming PEM format -noout, 128 bit AES key", ++ [ "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM", ++ "-aes128", "-secretkey", "000102030405060708090A0B0C0D0E0F", ++ "-stream", "-noout" ], ++ [ "-help" ] ++ ], ++ + ); + + my @smime_cms_comp_tests = ( +-- +2.33.0 + diff --git a/openssl.spec b/openssl.spec index c8ad6d1..5d5daac 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 29 +Release: 30 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -137,6 +137,10 @@ Patch126: Fix-FIPS-getenv-build-failure.patch Patch127: backport-A-null-pointer-dereference-occurs-when-memory-alloca.patch Patch128: backport-Make-DH_check-set-some-error-bits-in-recently-added-.patch Patch129: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch +Patch130: backport-Fix-a-possbile-memleak-in-rsa_pub_encode.patch +Patch131: backport-Fix-a-possible-memleak-in-eckey_priv_encode.patch +Patch132: backport-Fix-error-handling-in-CMS_EncryptedData_encrypt.patch +Patch133: backport-Fix-EVP_PKEY_asn1_copy.patch Patch1000: 1000-add-sw_64-support-not-upstream-modified-files.patch Patch1001: 1001-add-loongarch64-support-not-upstream-modified-files.patch @@ -348,6 +352,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Mon Dec 18 2023 wangcheng - 1:1.1.1m-30 +- backport some patches + * Tue Nov 14 2023 fangxiuning - 1:1:1.1.1m-29 - fix CVE-2023-5678 -- Gitee