Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2021-03-12 13:31:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.2401 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Fri Mar 12 13:31:22 2021 rev:22 rq:877749 version:1.0.2u Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2020-10-15 13:44:54.073164723 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.2401/openssl-1_0_0.changes 2021-03-12 13:31:38.830185079 +0100 @@ -1,0 +2,10 @@ +Wed Mar 3 17:04:01 UTC 2021 - Pedro Monreal <[email protected]> + +- Security fixes: + * Integer overflow in CipherUpdate: Incorrect SSLv2 rollback + protection [bsc#1182333, CVE-2021-23840] + * Null pointer deref in X509_issuer_and_serial_hash() + [bsc#1182331, CVE-2021-23841] +- Add openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch + +------------------------------------------------------------------- New: ---- openssl-CVE-2021-23840.patch openssl-CVE-2021-23841.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.uSmCq8/_old 2021-03-12 13:31:39.774186403 +0100 +++ /var/tmp/diff_new_pack.uSmCq8/_new 2021-03-12 13:31:39.778186409 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssl-1_0_0 # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -91,6 +91,9 @@ Patch78: 0001-Set-FIPS-thread-id-callback.patch Patch79: openssl-CVE-2018-0737-fips.patch Patch80: openssl-One_and_Done.patch +# OpenSSL Security Advisory [16 February 2021] [bsc#1182333,CVE-2021-23840] [bsc#1182331,CVE-2021-23841] +Patch81: openssl-CVE-2021-23840.patch +Patch82: openssl-CVE-2021-23841.patch # steam patches Patch100: openssl-fix-cpuid_setup.patch # compat patches to build with soversion 10 (bsc#1175429) @@ -248,6 +251,8 @@ %patch78 -R -p1 %patch79 -p1 %patch80 -p1 +%patch81 -p1 +%patch82 -p1 # clean up patching leftovers find . -name '*.orig' -delete ++++++ openssl-CVE-2021-23840.patch ++++++ >From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001 From: Matt Caswell <[email protected]> Date: Tue, 2 Feb 2021 17:17:23 +0000 Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls CVE-2021-23840 Reviewed-by: Paul Dale <[email protected]> --- crypto/err/openssl.txt | 3 ++- crypto/evp/evp_enc.c | 27 +++++++++++++++++++++++++++ crypto/evp/evp_err.c | 4 +++- include/openssl/evperr.h | 7 +++---- 4 files changed, 35 insertions(+), 6 deletions(-) Index: openssl-1.0.2u/crypto/evp/evp_enc.c =================================================================== --- openssl-1.0.2u.orig/crypto/evp/evp_enc.c +++ openssl-1.0.2u/crypto/evp/evp_enc.c @@ -57,6 +57,7 @@ */ #include <stdio.h> +#include <limits.h> #include "cryptlib.h" #include <openssl/evp.h> #include <openssl/err.h> @@ -420,6 +421,19 @@ static int evp_EncryptDecryptUpdate(EVP_ return 1; } else { j = bl - i; + + /* + * Once we've processed the first j bytes from in, the amount of + * data left that is a multiple of the block length is: + * (inl - j) & ~(bl - 1) + * We must ensure that this amount of data, plus the one block that + * we process from ctx->buf does not exceed INT_MAX + */ + if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { + EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, + EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(&(ctx->buf[i]), in, j); if (!M_do_cipher(ctx, out, ctx->buf, bl)) return 0; @@ -545,6 +559,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct OPENSSL_assert(b <= sizeof(ctx->final)); if (ctx->final_used) { + /* + * final_used is only ever set if buf_len is 0. Therefore the maximum + * length output we will ever see from evp_EncryptDecryptUpdate is + * the maximum multiple of the block length that is <= inl, or just: + * inl & ~(b - 1) + * Since final_used has been set then the final output length is: + * (inl & ~(b - 1)) + b + * This must never exceed INT_MAX + */ + if ((inl & ~(b - 1)) > INT_MAX - b) { + EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); + return 0; + } memcpy(out, ctx->final, b); out += b; fix_len = 1; Index: openssl-1.0.2u/crypto/evp/evp_err.c =================================================================== --- openssl-1.0.2u.orig/crypto/evp/evp_err.c +++ openssl-1.0.2u/crypto/evp/evp_err.c @@ -94,6 +94,7 @@ static ERR_STRING_DATA EVP_str_functs[] {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTDECRYPTUPDATE), "EVP_EncryptDecryptUpdate"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, @@ -215,6 +216,7 @@ static ERR_STRING_DATA EVP_str_reasons[] {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, + {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"}, {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), "pkcs8 unknown broken type"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, Index: openssl-1.0.2u/crypto/evp/evp.h =================================================================== --- openssl-1.0.2u.orig/crypto/evp/evp.h +++ openssl-1.0.2u/crypto/evp/evp.h @@ -1522,6 +1522,7 @@ void ERR_load_EVP_strings(void); # define EVP_F_EVP_DECRYPTFINAL_EX 101 # define EVP_F_EVP_DECRYPTUPDATE 181 # define EVP_F_EVP_DIGESTINIT_EX 128 +# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE 219 # define EVP_F_EVP_ENCRYPTFINAL_EX 127 # define EVP_F_EVP_ENCRYPTUPDATE 180 # define EVP_F_EVP_MD_CTX_COPY_EX 110 @@ -1633,6 +1634,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 +# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 ++++++ openssl-CVE-2021-23841.patch ++++++ >From 122a19ab48091c657f7cb1fb3af9fc07bd557bbf Mon Sep 17 00:00:00 2001 From: Matt Caswell <[email protected]> Date: Wed, 10 Feb 2021 16:10:36 +0000 Subject: [PATCH] Fix Null pointer deref in X509_issuer_and_serial_hash() The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. CVE-2021-23841 Reviewed-by: Richard Levitte <[email protected]> Reviewed-by: Paul Dale <[email protected]> (cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0) --- crypto/x509/x509_cmp.c | 2 ++ 1 file changed, 2 insertions(+) Index: openssl-1.0.2p/crypto/x509/x509_cmp.c =================================================================== --- openssl-1.0.2p.orig/crypto/x509/x509_cmp.c +++ openssl-1.0.2p/crypto/x509/x509_cmp.c @@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_has EVP_MD_CTX_init(&ctx); f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); + if (f == NULL) + goto err; if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) goto err; if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
