diff --git a/Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch b/Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch new file mode 100644 index 0000000000000000000000000000000000000000..61e622a7096f113f697501e655ab6818caf63e2a --- /dev/null +++ b/Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch @@ -0,0 +1,126 @@ +From 9ffd4a34681feb9968719905b366276e7425e2a2 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 29 Nov 2023 11:30:07 +0000 +Subject: [PATCH] Add a test for late loading of an ENGINE in TLS + +Confirm that using an ENGINE works as expected with TLS even if it is +loaded late (after construction of the SSL_CTX). + +(cherry picked from commit a9c97da4910648790387d035afb12963158778fb) + +Reviewed-by: Tomas Mraz +Reviewed-by: Todd Short +(Merged from https://github.com/openssl/openssl/pull/22865) + +(cherry picked from commit dda9208cef52670e6c832cbadaa3e08ad535ac30) +--- + test/sslapitest.c | 56 +++++++++++++++++++++++++++++++++++------------ + 1 file changed, 42 insertions(+), 14 deletions(-) + +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 2191b297d0..e0274f12f7 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -10128,6 +10128,27 @@ end: + } + + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) ++ ++static ENGINE *load_dasync(void) ++{ ++ ENGINE *e; ++ ++ if (!TEST_ptr(e = ENGINE_by_id("dasync"))) ++ return NULL; ++ ++ if (!TEST_true(ENGINE_init(e))) { ++ ENGINE_free(e); ++ return NULL; ++ } ++ ++ if (!TEST_true(ENGINE_register_ciphers(e))) { ++ ENGINE_free(e); ++ return NULL; ++ } ++ ++ return e; ++} ++ + /* + * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not + * support this yet. The only pipeline capable cipher that we have is in the +@@ -10143,6 +10164,8 @@ end: + * Test 4: Client has pipelining enabled, server does not: more data than all + * the available pipelines can take + * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline ++ * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX ++ * is created) + */ + static int test_pipelining(int idx) + { +@@ -10155,25 +10178,28 @@ static int test_pipelining(int idx) + size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5; + size_t expectedreads; + unsigned char *buf = NULL; +- ENGINE *e; +- +- if (!TEST_ptr(e = ENGINE_by_id("dasync"))) +- return 0; ++ ENGINE *e = NULL; + +- if (!TEST_true(ENGINE_init(e))) { +- ENGINE_free(e); +- return 0; ++ if (idx != 6) { ++ e = load_dasync(); ++ if (e == NULL) ++ return 0; + } + +- if (!TEST_true(ENGINE_register_ciphers(e))) +- goto end; +- + if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), + TLS_client_method(), 0, + TLS1_2_VERSION, &sctx, &cctx, cert, + privkey))) + goto end; + ++ if (idx == 6) { ++ e = load_dasync(); ++ if (e == NULL) ++ goto end; ++ /* Now act like test 0 */ ++ idx = 0; ++ } ++ + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; +@@ -10309,9 +10335,11 @@ end: + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); +- ENGINE_unregister_ciphers(e); +- ENGINE_finish(e); +- ENGINE_free(e); ++ if (e != NULL) { ++ ENGINE_unregister_ciphers(e); ++ ENGINE_finish(e); ++ ENGINE_free(e); ++ } + OPENSSL_free(buf); + if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH) + OPENSSL_free(msg); +@@ -10684,7 +10712,7 @@ int setup_tests(void) + ADD_ALL_TESTS(test_serverinfo_custom, 4); + #endif + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +- ADD_ALL_TESTS(test_pipelining, 6); ++ ADD_ALL_TESTS(test_pipelining, 7); + #endif + ADD_ALL_TESTS(test_handshake_retry, 16); + ADD_ALL_TESTS(test_multi_resume, 5); +-- +2.33.0 + diff --git a/Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch b/Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch index 2805821b801705211ec61280f20b3d1812e99c6d..6c4dc8e52798d8cdd16e388a928c5e73bd964c60 100644 --- a/Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch +++ b/Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch @@ -1,8 +1,7 @@ From 1359c00e683840154760b7ba9204bad1b13dc074 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 26 Apr 2024 11:05:52 +0100 -Subject: [PATCH 4/5] Move the ability to load the dasync engine into - ssltestlib.c +Subject: [PATCH] Move the ability to load the dasync engine into ssltestlib.c The sslapitest has a helper function to load the dasync engine which is useful for testing pipelining. We would like to have the same facility @@ -23,7 +22,7 @@ Reviewed-by: Neil Horman 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c -index ef4a6177aa..da14f6697d 100644 +index ef4a6177aa7dd..da14f6697db16 100644 --- a/test/helpers/ssltestlib.c +++ b/test/helpers/ssltestlib.c @@ -7,8 +7,17 @@ @@ -73,7 +72,7 @@ index ef4a6177aa..da14f6697d 100644 +#endif +} diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h -index 8e9daa5601..2777fb3047 100644 +index 8e9daa5601d3e..2777fb3047bef 100644 --- a/test/helpers/ssltestlib.h +++ b/test/helpers/ssltestlib.h @@ -59,4 +59,5 @@ typedef struct mempacket_st MEMPACKET; @@ -82,6 +81,35 @@ index 8e9daa5601..2777fb3047 100644 +ENGINE *load_dasync(void); #endif /* OSSL_TEST_SSLTESTLIB_H */ --- -2.33.0 - +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 28bc94d672fa7..c2ff727513294 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -10299,27 +10299,6 @@ static int test_load_dhfile(void) + } + + #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) +- +-static ENGINE *load_dasync(void) +-{ +- ENGINE *e; +- +- if (!TEST_ptr(e = ENGINE_by_id("dasync"))) +- return NULL; +- +- if (!TEST_true(ENGINE_init(e))) { +- ENGINE_free(e); +- return NULL; +- } +- +- if (!TEST_true(ENGINE_register_ciphers(e))) { +- ENGINE_free(e); +- return NULL; +- } +- +- return e; +-} +- + /* + * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not + * support this yet. The only pipeline capable cipher that we have is in the diff --git a/Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch b/Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ea04a132e33071c83be076799b4120e9f9fbda4 --- /dev/null +++ b/Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch @@ -0,0 +1,59 @@ +From 4f41e1b1d0cd545278017099b4ba062ab7a0f470 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Wed, 29 Nov 2023 11:45:12 +0000 +Subject: [PATCH] Don't attempt to set provider params on an ENGINE based + cipher + +If an ENGINE has been loaded after the SSL_CTX has been created then +the cipher we have cached might be provider based, but the cipher we +actually end up using might not be. Don't try to set provider params on +a cipher that is actually ENGINE based. + +Reviewed-by: Tomas Mraz +Reviewed-by: Todd Short +(Merged from https://github.com/openssl/openssl/pull/22865) + +(cherry picked from commit ed5f9ce63e98da2e7fddd55040c8e9e03f3af975) +--- + ssl/s3_enc.c | 6 +++++- + ssl/t1_enc.c | 7 ++++++- + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c +index 2ca3f74ae7..ee4f58e75e 100644 +--- a/ssl/s3_enc.c ++++ b/ssl/s3_enc.c +@@ -225,7 +225,11 @@ int ssl3_change_cipher_state(SSL *s, int which) + goto err; + } + +- if (EVP_CIPHER_get0_provider(c) != NULL ++ /* ++ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be ++ * different to that in c if we have an ENGINE in use ++ */ ++ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL + && !tls_provider_set_tls_params(s, dd, c, m)) { + /* SSLfatal already called */ + goto err; +diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c +index 91238e6457..6cb7baaf7c 100644 +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -427,7 +427,12 @@ int tls1_change_cipher_state(SSL *s, int which) + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } +- if (EVP_CIPHER_get0_provider(c) != NULL ++ ++ /* ++ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be ++ * different to that in c if we have an ENGINE in use ++ */ ++ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL + && !tls_provider_set_tls_params(s, dd, c, m)) { + /* SSLfatal already called */ + goto err; +-- +2.33.0 + diff --git a/Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch b/Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch new file mode 100644 index 0000000000000000000000000000000000000000..50ffa62b003fc855a851eeffd0711ca705a5a0c6 --- /dev/null +++ b/Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch @@ -0,0 +1,255 @@ +From 5cf554ee9d127a5cf81c09a6dbfe090e86c022b4 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Wed, 18 Oct 2023 15:50:30 +0200 +Subject: [PATCH] bn: Properly error out if aliasing return value with modulus + +Test case amended from code initially written by Bernd Edlinger. + +Fixes #21110 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +(Merged from https://github.com/openssl/openssl/pull/22421) + +(cherry picked from commit af0025fc40779cc98c06db7e29936f9d5de8cc9e) +--- + crypto/bn/bn_exp.c | 21 ++++++++ + crypto/bn/bn_mod.c | 10 ++++ + doc/man3/BN_add.pod | 5 ++ + doc/man3/BN_mod_inverse.pod | 6 ++- + test/bntest.c | 104 ++++++++++++++++++++++++++++++++++++ + 5 files changed, 145 insertions(+), 1 deletion(-) + +diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c +index 4e169ae1f9..598a592ca1 100644 +--- a/crypto/bn/bn_exp.c ++++ b/crypto/bn/bn_exp.c +@@ -243,6 +243,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ + ++ if (r == p) { ++ BIGNUM *p_dup = BN_CTX_get(ctx); ++ ++ if (p_dup == NULL || BN_copy(p_dup, p) == NULL) ++ goto err; ++ p = p_dup; ++ } ++ + if (!BN_one(r)) + goto err; + +@@ -1317,6 +1325,11 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + return 0; + } + ++ if (r == m) { ++ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); ++ return 0; ++ } ++ + bits = BN_num_bits(p); + if (bits == 0) { + /* x**0 mod 1, or x**0 mod -1 is still zero. */ +@@ -1362,6 +1375,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + wstart = bits - 1; /* The top bit of the window */ + wend = 0; /* The bottom bit of the window */ + ++ if (r == p) { ++ BIGNUM *p_dup = BN_CTX_get(ctx); ++ ++ if (p_dup == NULL || BN_copy(p_dup, p) == NULL) ++ goto err; ++ p = p_dup; ++ } ++ + if (!BN_one(r)) + goto err; + +diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c +index 7f5afa25ec..2dda2e3442 100644 +--- a/crypto/bn/bn_mod.c ++++ b/crypto/bn/bn_mod.c +@@ -17,6 +17,11 @@ int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) + * always holds) + */ + ++ if (r == d) { ++ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); ++ return 0; ++ } ++ + if (!(BN_mod(r, m, d, ctx))) + return 0; + if (!r->neg) +@@ -186,6 +191,11 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, + const BIGNUM *m) + { ++ if (r == m) { ++ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); ++ return 0; ++ } ++ + if (!BN_sub(r, a, b)) + return 0; + if (r->neg) +diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod +index 9561d55431..35cfdd1495 100644 +--- a/doc/man3/BN_add.pod ++++ b/doc/man3/BN_add.pod +@@ -114,6 +114,11 @@ temporary variables; see L. + Unless noted otherwise, the result B must be different from + the arguments. + ++=head1 NOTES ++ ++For modular operations such as BN_nnmod() or BN_mod_exp() it is an error ++to use the same B object for the modulus as for the output. ++ + =head1 RETURN VALUES + + The BN_mod_sqrt() returns the result (possibly incorrect if I

is +diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod +index 5dbb5c3cc2..f88e0e63fa 100644 +--- a/doc/man3/BN_mod_inverse.pod ++++ b/doc/man3/BN_mod_inverse.pod +@@ -18,7 +18,11 @@ places the result in B (C<(a*r)%n==1>). If B is NULL, + a new B is created. + + B is a previously allocated B used for temporary +-variables. B may be the same B as B or B. ++variables. B may be the same B as B. ++ ++=head1 NOTES ++ ++It is an error to use the same B as B. + + =head1 RETURN VALUES + +diff --git a/test/bntest.c b/test/bntest.c +index c5894c157b..ee8b692618 100644 +--- a/test/bntest.c ++++ b/test/bntest.c +@@ -2927,6 +2927,108 @@ err: + return res; + } + ++static int test_mod_inverse(void) ++{ ++ int res = 0; ++ char *str = NULL; ++ BIGNUM *a = NULL; ++ BIGNUM *b = NULL; ++ BIGNUM *r = NULL; ++ ++ if (!TEST_true(BN_dec2bn(&a, "5193817943"))) ++ goto err; ++ if (!TEST_true(BN_dec2bn(&b, "3259122431"))) ++ goto err; ++ if (!TEST_ptr(r = BN_new())) ++ goto err; ++ if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r)) ++ goto err; ++ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) ++ goto err; ++ if (!TEST_int_eq(strcmp(str, "2609653924"), 0)) ++ goto err; ++ ++ /* Note that this aliases the result with the modulus. */ ++ if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx))) ++ goto err; ++ ++ res = 1; ++ ++err: ++ BN_free(a); ++ BN_free(b); ++ BN_free(r); ++ OPENSSL_free(str); ++ return res; ++} ++ ++static int test_mod_exp_alias(int idx) ++{ ++ int res = 0; ++ char *str = NULL; ++ BIGNUM *a = NULL; ++ BIGNUM *b = NULL; ++ BIGNUM *c = NULL; ++ BIGNUM *r = NULL; ++ ++ if (!TEST_true(BN_dec2bn(&a, "15"))) ++ goto err; ++ if (!TEST_true(BN_dec2bn(&b, "10"))) ++ goto err; ++ if (!TEST_true(BN_dec2bn(&c, "39"))) ++ goto err; ++ if (!TEST_ptr(r = BN_new())) ++ goto err; ++ ++ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple ++ : BN_mod_exp_recp)(r, a, b, c, ctx), 1)) ++ goto err; ++ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) ++ goto err; ++ if (!TEST_str_eq(str, "36")) ++ goto err; ++ ++ OPENSSL_free(str); ++ str = NULL; ++ ++ BN_copy(r, b); ++ ++ /* Aliasing with exponent must work. */ ++ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple ++ : BN_mod_exp_recp)(r, a, r, c, ctx), 1)) ++ goto err; ++ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) ++ goto err; ++ if (!TEST_str_eq(str, "36")) ++ goto err; ++ ++ OPENSSL_free(str); ++ str = NULL; ++ ++ /* Aliasing with modulus should return failure for the simple call. */ ++ if (idx == 0) { ++ if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0)) ++ goto err; ++ } else { ++ if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1)) ++ goto err; ++ if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL)) ++ goto err; ++ if (!TEST_str_eq(str, "36")) ++ goto err; ++ } ++ ++ res = 1; ++ ++err: ++ BN_free(a); ++ BN_free(b); ++ BN_free(c); ++ BN_free(r); ++ OPENSSL_free(str); ++ return res; ++} ++ + static int file_test_run(STANZA *s) + { + static const FILETEST filetests[] = { +@@ -3036,6 +3138,8 @@ int setup_tests(void) + ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); + ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); + ADD_TEST(test_mod); ++ ADD_TEST(test_mod_inverse); ++ ADD_ALL_TESTS(test_mod_exp_alias, 2); + ADD_TEST(test_modexp_mont5); + ADD_TEST(test_kronecker); + ADD_TEST(test_rand); +-- +2.33.0 + diff --git a/openssl.spec b/openssl.spec index 28159fe4d7233d5103a60279065ca2d6c1a419a9..3187fdddd8928ebe8d5927c56c69edfc25e0ccbe 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 3.0.12 -Release: 6 +Release: 7 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -38,11 +38,14 @@ Patch26: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch Patch27: backport-Hardening-around-not_resumable-sessions.patch Patch28: backport-Add-a-test-for-session-cache-overflow.patch Patch29: backport-CVE-2024-4603-Check-DSA-parameters-for-exce.patch -Patch30: Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch -Patch31: Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch -Patch32: Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch -Patch33: Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch -Patch34: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch +Patch30: Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch +Patch31: Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch +Patch32: Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch +Patch33: Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch +Patch34: Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch +Patch35: Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch +Patch36: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch +Patch37: Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -243,6 +246,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Mon Jun 24 2024 steven - 1:3.0.12-7 +- backport patch + * Mon Jun 3 2024 wangcheng - 1:3.0.12-6 - fix CVE-2024-4741