From f425b9f4269fc3bcaea7ae4df0f5363852e841cf Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Wed, 10 Mar 2021 15:20:07 +0800
Subject: [PATCH] fix CVE-2021-23840 and CVE-2021-23841

(cherry picked from commit 42d8e0f5258e521b754e260ac985990120e85c7b)
---
 CVE-2021-23840.patch | 140 +++++++++++++++++++++++++++++++++++++++++++
 CVE-2021-23841.patch |  43 +++++++++++++
 openssl.spec         |   7 ++-
 3 files changed, 189 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-23840.patch
 create mode 100644 CVE-2021-23841.patch

diff --git a/CVE-2021-23840.patch b/CVE-2021-23840.patch
new file mode 100644
index 0000000..f9f7bee
--- /dev/null
+++ b/CVE-2021-23840.patch
@@ -0,0 +1,140 @@
+From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 2 Feb 2021 17:17:23 +0000
+Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls
+
+CVE-2021-23840
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ crypto/err/openssl.txt   |  3 ++-
+ crypto/evp/evp_enc.c     | 27 +++++++++++++++++++++++++++
+ crypto/evp/evp_err.c     |  4 +++-
+ include/openssl/evperr.h |  7 +++----
+ 4 files changed, 35 insertions(+), 6 deletions(-)
+
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index 815460b..7e17763 100644
+--- a/crypto/err/openssl.txt
++++ b/crypto/err/openssl.txt
+@@ -1,4 +1,4 @@
+-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
++# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ #
+ # Licensed under the OpenSSL license (the "License").  You may not use
+ # this file except in compliance with the License.  You can obtain a copy
+@@ -2283,6 +2283,7 @@ EVP_R_ONLY_ONESHOT_SUPPORTED:177:only oneshot supported
+ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
+ 	operation not supported for this keytype
+ EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
++EVP_R_OUTPUT_WOULD_OVERFLOW:184:output would overflow
+ EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+ EVP_R_PBKDF2_ERROR:181:pbkdf2 error
+ EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index b9b6490..0843caf 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -8,6 +8,7 @@
+  */
+ 
+ #include <stdio.h>
++#include <limits.h>
+ #include <assert.h>
+ #include "internal/cryptlib.h"
+ #include <openssl/evp.h>
+@@ -355,6 +356,19 @@ static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+             return 1;
+         } else {
+             j = bl - i;
++
++            /*
++             * Once we've processed the first j bytes from in, the amount of
++             * data left that is a multiple of the block length is:
++             * (inl - j) & ~(bl - 1)
++             * We must ensure that this amount of data, plus the one block that
++             * we process from ctx->buf does not exceed INT_MAX
++             */
++            if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
++                EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
++                       EVP_R_OUTPUT_WOULD_OVERFLOW);
++                return 0;
++            }
+             memcpy(&(ctx->buf[i]), in, j);
+             inl -= j;
+             in += j;
+@@ -502,6 +516,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+             EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+             return 0;
+         }
++        /*
++         * final_used is only ever set if buf_len is 0. Therefore the maximum
++         * length output we will ever see from evp_EncryptDecryptUpdate is
++         * the maximum multiple of the block length that is <= inl, or just:
++         * inl & ~(b - 1)
++         * Since final_used has been set then the final output length is:
++         * (inl & ~(b - 1)) + b
++         * This must never exceed INT_MAX
++         */
++        if ((inl & ~(b - 1)) > INT_MAX - b) {
++            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
++            return 0;
++        }
+         memcpy(out, ctx->final, b);
+         out += b;
+         fix_len = 1;
+diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
+index 05481d8..32ac012 100644
+--- a/crypto/evp/evp_err.c
++++ b/crypto/evp/evp_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -239,6 +239,8 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
+     "operation not supported for this keytype"},
+     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+     "operaton not initialized"},
++    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
++    "output would overflow"},
+     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+     "partially overlapping buffers"},
+     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
+index d2b26ea..b4ea90a 100644
+--- a/include/openssl/evperr.h
++++ b/include/openssl/evperr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -11,9 +11,7 @@
+ #ifndef HEADER_EVPERR_H
+ # define HEADER_EVPERR_H
+ 
+-# ifndef HEADER_SYMHACKS_H
+-#  include <openssl/symhacks.h>
+-# endif
++# include <openssl/symhacks.h>
+ 
+ # ifdef  __cplusplus
+ extern "C"
+@@ -179,6 +177,7 @@ int ERR_load_EVP_strings(void);
+ # define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
+ # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+ # define EVP_R_OPERATON_NOT_INITIALIZED                   151
++# define EVP_R_OUTPUT_WOULD_OVERFLOW                      184
+ # define EVP_R_PARTIALLY_OVERLAPPING                      162
+ # define EVP_R_PBKDF2_ERROR                               181
+ # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
+-- 
+1.8.3.1
+
diff --git a/CVE-2021-23841.patch b/CVE-2021-23841.patch
new file mode 100644
index 0000000..87cfdf2
--- /dev/null
+++ b/CVE-2021-23841.patch
@@ -0,0 +1,43 @@
+From 122a19ab48091c657f7cb1fb3af9fc07bd557bbf Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 10 Feb 2021 16:10:36 +0000
+Subject: [PATCH] Fix Null pointer deref in X509_issuer_and_serial_hash()
+
+The OpenSSL public API function X509_issuer_and_serial_hash() attempts
+to create a unique hash value based on the issuer and serial number data
+contained within an X509 certificate. However it fails to correctly
+handle any errors that may occur while parsing the issuer field (which
+might occur if the issuer field is maliciously constructed). This may
+subsequently result in a NULL pointer deref and a crash leading to a
+potential denial of service attack.
+
+The function X509_issuer_and_serial_hash() is never directly called by
+OpenSSL itself so applications are only vulnerable if they use this
+function directly and they use it on certificates that may have been
+obtained from untrusted sources.
+
+CVE-2021-23841
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0)
+---
+ crypto/x509/x509_cmp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
+index c9d8933..a964bbf 100644
+--- a/crypto/x509/x509_cmp.c
++++ b/crypto/x509/x509_cmp.c
+@@ -39,6 +39,8 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
+     if (ctx == NULL)
+         goto err;
+     f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
++    if (f == NULL)
++        goto err;
+     if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
+         goto err;
+     if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+-- 
+1.8.3.1
+
diff --git a/openssl.spec b/openssl.spec
index 934ff62..a22a40c 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -2,7 +2,7 @@
 Name:        openssl
 Epoch:       1
 Version:     1.1.1f
-Release:     3
+Release:     4
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
 URL:         https://www.openssl.org/
@@ -17,6 +17,8 @@ Patch6:      CVE-2020-1971-0003-Check-that-multi-strings-CHOICE-types-don-t-use-
 Patch7:      CVE-2020-1971-0004-Complain-if-we-are-attempting-to-encode-with-an-inva.patch
 Patch8:      CVE-2020-1971-0005-Add-a-test-for-GENERAL_NAME_cmp.patch
 Patch9:      CVE-2020-1971-0006-Add-a-test-for-encoding-decoding-using-an-invalid-AS.patch
+Patch10:     CVE-2021-23840.patch
+Patch11:     CVE-2021-23841.patch
 
 BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel
 
@@ -193,6 +195,9 @@ make test || :
 %{_pkgdocdir}/html/
 
 %changelog
+* Wed Mar 10 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-4
+- fix CVE-2021-23840 and CVE-2021-23841
+
 * Mon Jan 19 2021 openEuler Buildteam <buildteam@openeuler.org> - 1:1.1.1f-3
 - fix CVE-2020-1971
 
-- 
Gitee