diff --git a/backport-CVE-2023-0465.patch b/backport-CVE-2023-0465.patch new file mode 100644 index 0000000000000000000000000000000000000000..7479015d9c0a3cce6ca3b049c582a165e90caa9a --- /dev/null +++ b/backport-CVE-2023-0465.patch @@ -0,0 +1,56 @@ +From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in +leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/20588) + +Reference:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95 +Conflict: Context conflict +--- + Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +index 96f306b..a6878fe 100644 +--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c ++++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c +@@ -1768,16 +1768,23 @@ static int check_policy(X509_STORE_CTX *ctx) + * Locate certificates with bad extensions and notify callback. + */ + X509 *x; +- int i; +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ int i, cbcalled = 0; ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; + if (!ctx->verify_cb(0, ctx)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == -2) { +-- +2.33.0 + diff --git a/backport-CVE-2023-2650.patch b/backport-CVE-2023-2650.patch new file mode 100644 index 0000000000000000000000000000000000000000..37798cd27f626a69494e47dfbfc8215afca15203 --- /dev/null +++ b/backport-CVE-2023-2650.patch @@ -0,0 +1,67 @@ +From 423a2bc737a908ad0c77bda470b2b59dc879936b Mon Sep 17 00:00:00 2001 +From: Richard Levitte +Date: Fri, 12 May 2023 10:00:13 +0200 +Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will + translate + +Reference:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b +Conflict:NA + +OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical +numeric text form. For gigantic sub-identifiers, this would take a very +long time, the time complexity being O(n^2) where n is the size of that +sub-identifier. + +To mitigate this, a restriction on the size that OBJ_obj2txt() will +translate to canonical numeric text form is added, based on RFC 2578 +(STD 58), which says this: + +> 3.5. OBJECT IDENTIFIER values +> +> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. +> For the SMIv2, each number in the list is referred to as a sub-identifier, +> there are at most 128 sub-identifiers in a value, and each sub-identifier +> has a maximum value of 2^32-1 (4294967295 decimal). + +Fixes otc/security#96 +Fixes CVE-2023-2650 + +Reviewed-by: Matt Caswell +Reviewed-by: Tomas Mraz +--- + crypto/objects/obj_dat.c | 19 +++++++++++++++++++ + 1 files changed, 50 insertions(+) + +diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c +index 01cde00e98..c0e55197a0 100644 +--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c ++++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c +@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) + first = 1; + bl = NULL; + ++ /* ++ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs: ++ * ++ * > 3.5. OBJECT IDENTIFIER values ++ * > ++ * > An OBJECT IDENTIFIER value is an ordered list of non-negative ++ * > numbers. For the SMIv2, each number in the list is referred to as a ++ * > sub-identifier, there are at most 128 sub-identifiers in a value, ++ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295 ++ * > decimal). ++ * ++ * So a legitimate OID according to this RFC is at most (32 * 128 / 7), ++ * i.e. 586 bytes long. ++ * ++ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 ++ */ ++ if (len > 586) ++ goto err; ++ + while (len > 0) { + l = 0; + use_bn = 0; +-- +2.34.1 + diff --git a/backport-CVE-2024-0727.patch b/backport-CVE-2024-0727.patch new file mode 100644 index 0000000000000000000000000000000000000000..e844d630a1c2db60e383fb9dbf18472c8605c39e --- /dev/null +++ b/backport-CVE-2024-0727.patch @@ -0,0 +1,111 @@ +From f77095c2543ffc1eda06556092de7badac343883 Mon Sep 17 00:00:00 2001 +From: j30031148 +Date: Mon, 19 Feb 2024 14:47:30 +0800 +Subject: [PATCH] CVE-2024-0727 + +Reference:https://gitee.com/openeuler/openssl/commit/09015a582baa980dc04f635504b16fe95dc3790b +Conflict:NA +--- + Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c | 16 ++++++++++++++++ + Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c | 5 +++++ + Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c | 5 +++-- + Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c | 8 ++++++-- + 4 files changed, 30 insertions(+), 4 deletions(-) + +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +index d9f03a3..42a73e0 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c +@@ -171,6 +171,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ ++ if (p7->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); + } + +@@ -226,6 +232,11 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, + { + if (!PKCS7_type_is_encrypted(p7)) + return NULL; ++ ++ if (p7->d.encrypted == NULL) { ++ return NULL; ++ } ++ + return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, + ASN1_ITEM_rptr(PKCS12_SAFEBAGS), + pass, passlen, +@@ -253,6 +264,11 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) + PKCS12_R_CONTENT_TYPE_NOT_DATA); + return NULL; + } ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, PKCS12_R_DECODE_ERROR); ++ return NULL; ++ } ++ + return ASN1_item_unpack(p12->authsafes->d.data, + ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); + } +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +index cbf34da..bda3c28 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c +@@ -80,6 +80,11 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, + return 0; + } + ++ if (p12->authsafes->d.data == NULL) { ++ PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR); ++ return 0; ++ } ++ + salt = p12->mac->salt->data; + saltlen = p12->mac->salt->length; + if (!p12->mac->iter) +diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +index 9e8ebb2..19a855b 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c +@@ -126,8 +126,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass) + bags = PKCS12_unpack_p7data(p7); + } else if (bagnid == NID_pkcs7_encrypted) { + bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); +- if (!alg_get(p7->d.encrypted->enc_data->algorithm, +- &pbe_nid, &pbe_iter, &pbe_saltlen)) ++ if (p7->d.encrypted == NULL ++ || !alg_get(p7->d.encrypted->enc_data->algorithm, ++ &pbe_nid, &pbe_iter, &pbe_saltlen)) + goto err; + } else { + continue; +diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +index 62fb299..e895deb 100644 +--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c ++++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c +@@ -78,10 +78,14 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) + { + STACK_OF(X509_ALGOR) *mdalgs; + int ctype_nid = OBJ_obj2nid(p7->type); +- if (ctype_nid == NID_pkcs7_signed) ++ ++ if (ctype_nid == NID_pkcs7_signed) { ++ if (p7->d.sign == NULL) ++ return 0; + mdalgs = p7->d.sign->md_algs; +- else ++ } else { + mdalgs = NULL; ++ } + + flags ^= SMIME_OLDMIME; + +-- +2.27.0 + diff --git a/shim.spec b/shim.spec index a33dacf4fd4dc922eb47506223530bfaaa2b947f..a9240255c1f4928e95a0a100130dba110b35786f 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.6 -Release: 18 +Release: 19 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -83,6 +83,9 @@ Patch45:backport-CVE-2023-40548-Fix-integer-overflow-on-SBAT-section-.patch Patch46:backport-CVE-2023-40547-avoid-incorrectly-trusting-HTTP-heade.patch Patch47:backport-Further-mitigations-against-CVE-2023-40546-as-a-clas.patch Patch48:backport-CVE-2023-40549-Authenticode-verify-that-the-signatur.patch +Patch49: backport-CVE-2023-2650.patch +Patch50: backport-CVE-2023-0465.patch +Patch51: backport-CVE-2024-0727.patch # Feature for shim SMx support Patch9000:Feature-shim-openssl-add-ec-support.patch @@ -217,6 +220,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Wed Feb 28 2024 zhengxiaoxiao - 15.6-19 +- fix CVE-2023-0465 CVE-2023-2650 CVE-2024-0727 + * Tue Jan 30 2024 zhengxiaoxiao - 15.6-18 - fix CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551