Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory
checked in at 2023-02-14 16:44:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old)
and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.27156 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0"
Tue Feb 14 16:44:43 2023 rev:30 rq:1063738 version:1.0.2u
Changes:
--------
--- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes
2023-01-03 15:04:28.366197281 +0100
+++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.27156/openssl-1_0_0.changes
2023-02-14 16:44:56.402270903 +0100
@@ -1,0 +2,20 @@
+Tue Feb 7 09:54:43 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com>
+
+- Security Fix: [bsc#1207533, CVE-2023-0286]
+ * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
+ for x400Address
+ * Add openssl-CVE-2023-0286.patch
+- Security Fix: [bsc#1207536, CVE-2023-0215]
+ * Use-after-free following BIO_new_NDEF()
+ * Add patches:
+ - openssl-CVE-2023-0215-1of4.patch
+ - openssl-CVE-2023-0215-3of4.patch
+ - openssl-CVE-2023-0215-4of4.patch
+- Security Fix: [bsc#1207534, CVE-2022-4304]
+ * Timing Oracle in RSA Decryption
+ * Add openssl-CVE-2022-4304.patch
+- Security Fix: [bsc#1179491, CVE-2020-1971]
+ * Fix EDIPARTYNAME NULL pointer dereference
+ * Add openssl-CVE-2020-1971.patch
+
+-------------------------------------------------------------------
New:
----
openssl-CVE-2020-1971.patch
openssl-CVE-2022-4304.patch
openssl-CVE-2023-0215-1of4.patch
openssl-CVE-2023-0215-3of4.patch
openssl-CVE-2023-0215-4of4.patch
openssl-CVE-2023-0286.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl-1_0_0.spec ++++++
--- /var/tmp/diff_new_pack.DeO0M0/_old 2023-02-14 16:45:04.074316436 +0100
+++ /var/tmp/diff_new_pack.DeO0M0/_new 2023-02-14 16:45:04.082316484 +0100
@@ -107,6 +107,17 @@
Patch89: openssl-1_0_0-paramgen-default_to_rfc7919.patch
# PATCH-FIX-UPSTREAM bsc#1201627 Update further expiring certificates that
affect tests
Patch90: openssl-Update-further-expiring-certificates.patch
+# PATCH-FIX-UPSTREAM bsc#1179491 CVE-2020-1971 EDIPARTYNAME NULL pointer
de-reference
+Patch91: openssl-CVE-2020-1971.patch
+#PATCH-FIX-UPSTREAM bsc#1207534 CVE-2022-4304 Timing Oracle in RSA Decryption
+Patch92: openssl-CVE-2022-4304.patch
+#PATCH-FIX-UPSTREAM bsc#1207536 CVE-2023-0215 Use-after-free following
BIO_new_NDEF()
+Patch93: openssl-CVE-2023-0215-1of4.patch
+#Patch openssl-CVE-2023-0215-2of4.patch because this type of tests are not
present
+Patch94: openssl-CVE-2023-0215-3of4.patch
+Patch95: openssl-CVE-2023-0215-4of4.patch
+#PATCH-FIX-UPSTREAM bsc#1207533 CVE-2023-0286 Address type confusion related
to X.400 address processing
+Patch96: openssl-CVE-2023-0286.patch
# steam patches
Patch100: openssl-fix-cpuid_setup.patch
# compat patches to build with soversion 10 (bsc#1175429)
@@ -275,6 +286,12 @@
%patch88 -p1
%patch89 -p1
%patch90 -p1
+%patch91 -p1
+%patch92 -p1
+%patch93 -p1
+%patch94 -p1
+%patch95 -p1
+%patch96 -p1
# clean up patching leftovers
find . -name '*.orig' -delete
++++++ openssl-CVE-2020-1971.patch ++++++
Index: openssl-1.0.2j/crypto/asn1/asn1_err.c
===================================================================
--- openssl-1.0.2j.orig/crypto/asn1/asn1_err.c 2020-12-08 12:34:35.960709593
+0100
+++ openssl-1.0.2j/crypto/asn1/asn1_err.c 2020-12-08 12:35:35.289053678
+0100
@@ -86,6 +86,7 @@ static ERR_STRING_DATA ASN1_str_functs[]
{ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
{ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
{ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+ {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_I2D), "ASN1_item_ex_i2d"},
{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
{ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
@@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[
{ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
{ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+ {ERR_REASON(ASN1_R_BAD_TEMPLATE), "bad template"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
Index: openssl-1.0.2j/crypto/asn1/tasn_dec.c
===================================================================
--- openssl-1.0.2j.orig/crypto/asn1/tasn_dec.c 2020-12-08 12:34:35.960709593
+0100
+++ openssl-1.0.2j/crypto/asn1/tasn_dec.c 2020-12-08 12:43:44.835892875
+0100
@@ -223,6 +223,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
break;
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
p = *in;
/* Just read in tag and class */
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
@@ -316,6 +325,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE *
goto err;
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
if (*pval) {
Index: openssl-1.0.2j/crypto/asn1/tasn_enc.c
===================================================================
--- openssl-1.0.2j.orig/crypto/asn1/tasn_enc.c 2020-12-08 12:34:35.960709593
+0100
+++ openssl-1.0.2j/crypto/asn1/tasn_enc.c 2020-12-08 12:48:07.949418869
+0100
@@ -151,9 +151,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval,
break;
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+ return -1;
+ }
return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit tagging, so
+ * if tag != -1, then this looks like an error in the template.
+ */
+ if (tag != -1) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+ return -1;
+ }
if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
return 0;
i = asn1_get_choice_selector(pval, it);
Index: openssl-1.0.2j/crypto/x509v3/v3_genn.c
===================================================================
--- openssl-1.0.2j.orig/crypto/x509v3/v3_genn.c 2020-12-08 12:34:22.712632764
+0100
+++ openssl-1.0.2j/crypto/x509v3/v3_genn.c 2020-12-08 12:34:35.960709593
+0100
@@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = {
IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
ASN1_SEQUENCE(EDIPARTYNAME) = {
- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+ /* DirectoryString is a CHOICE type so use explicit tagging */
+ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
} ASN1_SEQUENCE_END(EDIPARTYNAME)
IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
@@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N
(char *)a);
}
+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+ int res;
+
+ if (a == NULL || b == NULL) {
+ /*
+ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
+ */
+ return -1;
+ }
+ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+ return -1;
+ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+ return 1;
+ /* If we get here then both have nameAssigner set, or both unset */
+ if (a->nameAssigner != NULL) {
+ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+ if (res != 0)
+ return res;
+ }
+ /*
+ * partyName is required, so these should never be NULL. We treat it in
+ * the same way as the a == NULL || b == NULL case above
+ */
+ if (a->partyName == NULL || b->partyName == NULL)
+ return -1;
+
+ return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
/* Returns 0 if they are equal, != 0 otherwise. */
int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
{
@@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
return -1;
switch (a->type) {
case GEN_X400:
+ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ break;
+
case GEN_EDIPARTY:
- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
break;
case GEN_OTHERNAME:
@@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM
{
switch (type) {
case GEN_X400:
+ a->d.x400Address = value;
+ break;
+
case GEN_EDIPARTY:
- a->d.other = value;
+ a->d.ediPartyName = value;
break;
case GEN_OTHERNAME:
@@ -199,8 +237,10 @@ void *GENERAL_NAME_get0_value(GENERAL_NA
*ptype = a->type;
switch (a->type) {
case GEN_X400:
+ return a->d.x400Address;
+
case GEN_EDIPARTY:
- return a->d.other;
+ return a->d.ediPartyName;
case GEN_OTHERNAME:
return a->d.otherName;
Index: openssl-1.0.2j/crypto/asn1/asn1.h
===================================================================
--- openssl-1.0.2j.orig/crypto/asn1/asn1.h 2020-12-08 12:34:35.964709617
+0100
+++ openssl-1.0.2j/crypto/asn1/asn1.h 2020-12-08 12:45:43.844583097 +0100
@@ -1201,6 +1201,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_F_ASN1_ITEM_D2I_FP 206
# define ASN1_F_ASN1_ITEM_DUP 191
# define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
+# define ASN1_F_ASN1_ITEM_EX_I2D 144
# define ASN1_F_ASN1_ITEM_EX_D2I 120
# define ASN1_F_ASN1_ITEM_I2D_BIO 192
# define ASN1_F_ASN1_ITEM_I2D_FP 193
@@ -1298,6 +1299,7 @@ void ERR_load_ASN1_strings(void);
# define ASN1_R_AUX_ERROR 100
# define ASN1_R_BAD_CLASS 101
# define ASN1_R_BAD_OBJECT_HEADER 102
+# define ASN1_R_BAD_TEMPLATE 230
# define ASN1_R_BAD_PASSWORD_READ 103
# define ASN1_R_BAD_TAG 104
# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
++++++ openssl-CVE-2022-4304.patch ++++++
++++ 866 lines (skipped)
++++++ openssl-CVE-2023-0215-1of4.patch ++++++
commit 847b1cd5fcf2a9098871f5832a50845670c3885e
Author: Matt Caswell <m...@openssl.org>
Date: Wed Dec 14 16:18:14 2022 +0000
Fix a UAF resulting from a bug in BIO_new_NDEF
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.
Based on an original patch by Viktor Dukhovni.
Thanks to Octavio Galland for reporting this issue.
---
crypto/asn1/bio_ndef.c | 52 +++++++++++++++++++++++++++++--------------------
1 file changed, 31 insertions(+), 21 deletions(-)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -95,6 +95,12 @@ static int ndef_suffix(BIO *b, unsigned
static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
void *parg);
+/*
+ * On success, the returned BIO owns the input BIO as part of its BIO chain.
+ * On failure, NULL is returned and the input BIO is owned by the caller.
+ *
+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
+ */
BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
{
NDEF_SUPPORT *ndef_aux = NULL;
@@ -106,48 +112,52 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
return NULL;
}
- ndef_aux = OPENSSL_malloc(sizeof(NDEF_SUPPORT));
asn_bio = BIO_new(BIO_f_asn1());
-
- /* ASN1 bio needs to be next to output BIO */
-
- out = BIO_push(asn_bio, out);
-
- if (!ndef_aux || !asn_bio || !out)
- goto err;
+ if (asn_bio == NULL)
+ return NULL;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+ /* ASN1 bio needs to be next to output BIO */
+ if (BIO_push(asn_bio, out) == NULL) {
+ BIO_free(asn_bio);
+ return NULL;
+ }
+
/*
- * Now let callback prepend any digest, cipher etc BIOs ASN1 structure
- * needs.
+ * Now let the callback prepend any digest, cipher, etc., that the BIO's
+ * ASN1 structure needs.
*/
- sarg.out = out;
+ sarg.out = asn_bio;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
- goto err;
+ /*
+ * On error, restore input BIO to head of its BIO chain.
+ *
+ * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
+ * middle of some partially built, but not returned BIO chain.
+ */
+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0
+ || (ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux))) == NULL) {
+ /* Assumed head of BIO chain with "out" as immediate successor */
+ (void)BIO_pop(asn_bio);
+ BIO_free(asn_bio);
+ return NULL;
+ }
ndef_aux->val = val;
ndef_aux->it = it;
ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary;
- ndef_aux->out = out;
+ ndef_aux->out = asn_bio;
ndef_aux->derbuf = NULL;
BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
return sarg.ndef_bio;
-
- err:
- if (asn_bio)
- BIO_free(asn_bio);
- if (ndef_aux)
- OPENSSL_free(ndef_aux);
- return NULL;
}
static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
++++++ openssl-CVE-2023-0215-3of4.patch ++++++
commit 6c051d7769ef19d12f00723dff8b5615c501ddfa
Author: Matt Caswell <m...@openssl.org>
Date: Fri Jan 27 13:49:32 2023 +0000
squash! Fix a UAF resulting from a bug in BIO_new_NDEF
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.
Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.
Thanks to Octavio Galland for reporting this issue.
---
crypto/asn1/bio_ndef.c | 43 +++++++++++++++++++++++--------------------
1 file changed, 23 insertions(+), 20 deletions(-)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -107,57 +107,60 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
BIO *asn_bio = NULL;
const ASN1_AUX *aux = it->funcs;
ASN1_STREAM_ARG sarg;
+ BIO *pop_bio = NULL;
if (!aux || !aux->asn1_cb) {
ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
return NULL;
}
+ ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux));
asn_bio = BIO_new(BIO_f_asn1());
- if (asn_bio == NULL)
- return NULL;
+ if (ndef_aux == NULL || asn_bio == NULL)
+ goto err;
+
+ /* ASN1 bio needs to be next to output BIO */
+ out = BIO_push(asn_bio, out);
+ if (out == NULL)
+ goto err;
+ pop_bio = asn_bio;
BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
- /* ASN1 bio needs to be next to output BIO */
- if (BIO_push(asn_bio, out) == NULL) {
- BIO_free(asn_bio);
- return NULL;
- }
-
/*
* Now let the callback prepend any digest, cipher, etc., that the BIO's
* ASN1 structure needs.
*/
- sarg.out = asn_bio;
+ sarg.out = out;
sarg.ndef_bio = NULL;
sarg.boundary = NULL;
/*
- * On error, restore input BIO to head of its BIO chain.
- *
* The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
* middle of some partially built, but not returned BIO chain.
*/
- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0
- || (ndef_aux = OPENSSL_malloc(sizeof(*ndef_aux))) == NULL) {
- /* Assumed head of BIO chain with "out" as immediate successor */
- (void)BIO_pop(asn_bio);
- BIO_free(asn_bio);
- return NULL;
- }
+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+ goto err;
ndef_aux->val = val;
ndef_aux->it = it;
ndef_aux->ndef_bio = sarg.ndef_bio;
ndef_aux->boundary = sarg.boundary;
- ndef_aux->out = asn_bio;
+ ndef_aux->out = out;
ndef_aux->derbuf = NULL;
- BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+ if (BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
+ goto err;
return sarg.ndef_bio;
+
+ err:
+ /* BIO_pop() is NULL safe */
+ (void)BIO_pop(pop_bio);
+ BIO_free(asn_bio);
+ OPENSSL_free(ndef_aux);
+ return NULL;
}
static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
++++++ openssl-CVE-2023-0215-4of4.patch ++++++
commit 0cbc68d3107e2b54a64606a857e0044637b01255
Author: Matt Caswell <m...@openssl.org>
Date: Tue Jan 31 11:54:18 2023 +0000
fixup! Fix a UAF resulting from a bug in BIO_new_NDEF
---
crypto/asn1/bio_ndef.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
--- a/crypto/asn1/bio_ndef.c
+++ b/crypto/asn1/bio_ndef.c
@@ -124,8 +124,10 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
goto err;
pop_bio = asn_bio;
- BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
- BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+ if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
+ || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
+ || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
+ goto err;
/*
* Now let the callback prepend any digest, cipher, etc., that the BIO's
@@ -140,8 +142,19 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
* The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
* middle of some partially built, but not returned BIO chain.
*/
- if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+ if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
+ /*
+ * ndef_aux is now owned by asn_bio so we must not free it in the err
+ * clean up block
+ */
+ ndef_aux = NULL;
goto err;
+ }
+
+ /*
+ * We must not fail now because the callback has prepended additional
+ * BIOs to the chain
+ */
ndef_aux->val = val;
ndef_aux->it = it;
@@ -150,9 +163,6 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *
ndef_aux->out = out;
ndef_aux->derbuf = NULL;
- if (BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
- goto err;
-
return sarg.ndef_bio;
err:
++++++ openssl-CVE-2023-0286.patch ++++++
commit a72082b1fd459bc6355c0d6e0ac5f28a34ae73b0
Author: Hugo Landau <hlan...@openssl.org>
Date: Tue Jan 17 17:45:42 2023 +0000
CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)
---
CHANGES | 18 ++++++++++++++++++
crypto/x509v3/v3_genn.c | 2 +-
crypto/x509v3/x509v3.h | 2 +-
3 files changed, 20 insertions(+), 2 deletions(-)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,24 @@
Changes between 1.0.2o and 1.0.2p [14 Aug 2018]
+ *) Fixed a type confusion vulnerability relating to X.400 address processing
+ inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+ but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+ vulnerability may allow an attacker who can provide a certificate chain
and
+ CRL (neither of which need have a valid signature) to pass arbitrary
+ pointers to a memcmp call, creating a possible read primitive, subject to
+ some constraints. Refer to the advisory for more information. Thanks to
+ David Benjamin for discovering this issue. (CVE-2023-0286)
+
+ This issue has been fixed by changing the public header file definition of
+ GENERAL_NAME so that x400Address reflects the implementation. It was not
+ possible for any existing application to successfully use the existing
+ definition; however, if any application references the x400Address field
+ (e.g. in dead code), note that the type of this field has changed. There
is
+ no ABI change.
+
+ [Hugo Landau]
+
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -148,7 +148,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE
return -1;
switch (a->type) {
case GEN_X400:
- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
break;
case GEN_EDIPARTY:
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -190,7 +190,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;
