diff --git a/openssl/build.sh b/openssl/build.sh index 24a33de..4d5249f 100755 --- a/openssl/build.sh +++ b/openssl/build.sh @@ -7,10 +7,14 @@ # Check the following 4 variables before running the script topdir=openssl version=1.0.2u -pkgver=7 +pkgver=8 source[0]=https://openssl.org/source/$topdir-$version.tar.gz # If there are no patches, simply comment this -#patch[0]= +patch[0]=openssl-1.0.2u-cve-2020-1971.patch +patch[1]=openssl-1.0.2u-cve-2021-23840.patch +patch[2]=openssl-1.0.2u-cve-2021-23841.patch +patch[3]=openssl-1.0.2u-cve-2021-3712.patch +patch[4]=openssl-1.0.2u-cve-2022-0778.patch # Source function library . ${BUILDPKG_SCRIPTS}/buildpkg.functions @@ -24,7 +28,7 @@ shortver=102 pname=openssl${shortver} make_check_target="test" __configure="./Configure" -configure_args=(--prefix=$prefix --openssldir=${prefix}/${_sharedir}/ssl zlib shared) +configure_args=(--prefix=$prefix --openssldir=${prefix}/${_sharedir}/ssl${shortver} zlib shared) if [ "$arch" = "sparc" ]; then configure_args+=(solaris-sparc${gcc_arch}-gcc) else @@ -85,7 +89,6 @@ install() ${__mv} ${stagedir}${prefix}/${_includedir}/{openssl,$pname/openssl} ${__mv} ${stagedir}${prefix}/${_bindir}/{openssl,$pname} ${__rm} -rf ${stagedir}${prefix}/{${_sharedir}/ssl/misc,{${_bindir},${_mandir}/man1}/{CA.pl,c_rehash,*tsget}*} - ${__rm} -f ${stagedir}${prefix}/${_sharedir}/ssl/openssl.cnf ${__rm} -f ${stagedir}${prefix}/${_libdir}/*.so ln -s ../libcrypto.so.${sover} ${stagedir}${prefix}/${_libdir}/${pname}/libcrypto.so ln -s ../libssl.so.${sover} ${stagedir}${prefix}/${_libdir}/${pname}/libssl.so @@ -129,6 +132,7 @@ install() compat openssl 1.0.2p 1 4 compat openssl 1.0.2r 1 5 compat openssl 1.0.2u 1 6 + compat openssl 1.0.2u 1 7 } reg pack diff --git a/openssl/meta/ChangeLog b/openssl/meta/ChangeLog index 8212d35..4da3683 100644 --- a/openssl/meta/ChangeLog +++ b/openssl/meta/ChangeLog @@ -1,5 +1,11 @@ CHANGELOG --------- +* Tue Mar 29 2022 Tom G. Christensen - 1.0.2u-8 +- Relocate ssldir to avoid conflicts +- Forward port CVE fixes from RHEL 7 (openssl 1.0.2k) + - Fixes CVE-2020-1971, CVE-2021-23840, CVE-2021-23841, CVE-2021-3712, + CVE-2022-0778 + * Sat Nov 20 2021 Tom G. Christensen - 1.0.2u-7 - Rebuild as parallel installable with OpenSSL 3.0 - Move utils into their own package diff --git a/openssl/meta/pkgdef b/openssl/meta/pkgdef index 5b5f25d..bb14c18 100644 --- a/openssl/meta/pkgdef +++ b/openssl/meta/pkgdef @@ -9,7 +9,7 @@ files(-,root,bin) default_docs $_libdir/*.so.* $_libdir/engines/*.so -$_sharedir/ssl +$_sharedir/ssl${shortver} [openssl-utils] pkgname="${pkgprefix}osslu" diff --git a/openssl/src/openssl-1.0.2u-cve-2020-1971.patch b/openssl/src/openssl-1.0.2u-cve-2020-1971.patch new file mode 100644 index 0000000..8ae96d7 --- /dev/null +++ b/openssl/src/openssl-1.0.2u-cve-2020-1971.patch @@ -0,0 +1,572 @@ +--- openssl-1.0.2u/crypto/asn1/asn1_err.c.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/asn1/asn1_err.c 2022-04-04 20:54:37.545142000 +0000 +@@ -1,6 +1,6 @@ + /* crypto/asn1/asn1_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2018 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2020 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -103,6 +103,7 @@ + {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"}, ++ {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"}, + {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"}, +@@ -205,6 +206,7 @@ + {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"}, + {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"}, + {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"}, ++ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"}, + {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"}, + {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"}, + {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), +--- openssl-1.0.2u/crypto/asn1/asn1.h.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/asn1/asn1.h 2022-04-04 20:53:46.574728000 +0000 +@@ -1203,6 +1203,7 @@ + # define ASN1_F_ASN1_ITEM_DUP 191 + # define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 + # define ASN1_F_ASN1_ITEM_EX_D2I 120 ++# define ASN1_F_ASN1_ITEM_EX_I2D 231 + # define ASN1_F_ASN1_ITEM_I2D_BIO 192 + # define ASN1_F_ASN1_ITEM_I2D_FP 193 + # define ASN1_F_ASN1_ITEM_PACK 198 +@@ -1302,6 +1303,7 @@ + # define ASN1_R_AUX_ERROR 100 + # define ASN1_R_BAD_CLASS 101 + # define ASN1_R_BAD_OBJECT_HEADER 102 ++# define ASN1_R_BAD_TEMPLATE 230 + # define ASN1_R_BAD_PASSWORD_READ 103 + # define ASN1_R_BAD_TAG 104 + # define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214 +--- openssl-1.0.2u/crypto/asn1/tasn_dec.c.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/asn1/tasn_dec.c 2022-04-04 20:53:46.654737000 +0000 +@@ -223,6 +223,15 @@ + break; + + case ASN1_ITYPE_MSTRING: ++ /* ++ * It never makes sense for multi-strings to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); ++ goto err; ++ } ++ + p = *in; + /* Just read in tag and class */ + ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, +@@ -240,6 +249,7 @@ + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + goto err; + } ++ + /* Check tag matches bit map */ + if (!(ASN1_tag2bit(otag) & it->utype)) { + /* If OPTIONAL, assume this is OK */ +@@ -316,6 +326,15 @@ + goto err; + + case ASN1_ITYPE_CHOICE: ++ /* ++ * It never makes sense for CHOICE types to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); ++ goto err; ++ } ++ + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) + goto auxerr; + if (*pval) { +--- openssl-1.0.2u/crypto/asn1/tasn_enc.c.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/asn1/tasn_enc.c 2022-04-04 20:53:46.724730000 +0000 +@@ -151,9 +151,25 @@ + break; + + case ASN1_ITYPE_MSTRING: ++ /* ++ * It never makes sense for multi-strings to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); ++ return -1; ++ } + return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); + + case ASN1_ITYPE_CHOICE: ++ /* ++ * It never makes sense for CHOICE types to have implicit tagging, so ++ * if tag != -1, then this looks like an error in the template. ++ */ ++ if (tag != -1) { ++ ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); ++ return -1; ++ } + if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) + return 0; + i = asn1_get_choice_selector(pval, it); +--- openssl-1.0.2u/crypto/x509v3/v3_genn.c.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3_genn.c 2022-04-04 20:53:46.824739000 +0000 +@@ -72,8 +72,9 @@ + IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) + + ASN1_SEQUENCE(EDIPARTYNAME) = { +- ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), +- ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) ++ /* DirectoryString is a CHOICE type so use explicit tagging */ ++ ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), ++ ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + } ASN1_SEQUENCE_END(EDIPARTYNAME) + + IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) +@@ -107,6 +108,37 @@ + (char *)a); + } + ++static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) ++{ ++ int res; ++ ++ if (a == NULL || b == NULL) { ++ /* ++ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it ++ * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here ++ */ ++ return -1; ++ } ++ if (a->nameAssigner == NULL && b->nameAssigner != NULL) ++ return -1; ++ if (a->nameAssigner != NULL && b->nameAssigner == NULL) ++ return 1; ++ /* If we get here then both have nameAssigner set, or both unset */ ++ if (a->nameAssigner != NULL) { ++ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); ++ if (res != 0) ++ return res; ++ } ++ /* ++ * partyName is required, so these should never be NULL. We treat it in ++ * the same way as the a == NULL || b == NULL case above ++ */ ++ if (a->partyName == NULL || b->partyName == NULL) ++ return -1; ++ ++ return ASN1_STRING_cmp(a->partyName, b->partyName); ++} ++ + /* Returns 0 if they are equal, != 0 otherwise. */ + int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) + { +@@ -116,8 +148,11 @@ + return -1; + switch (a->type) { + case GEN_X400: ++ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ break; ++ + case GEN_EDIPARTY: +- result = ASN1_TYPE_cmp(a->d.other, b->d.other); ++ result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); + break; + + case GEN_OTHERNAME: +@@ -164,8 +199,11 @@ + { + switch (type) { + case GEN_X400: ++ a->d.x400Address = value; ++ break; ++ + case GEN_EDIPARTY: +- a->d.other = value; ++ a->d.ediPartyName = value; + break; + + case GEN_OTHERNAME: +@@ -199,8 +237,10 @@ + *ptype = a->type; + switch (a->type) { + case GEN_X400: ++ return a->d.x400Address; ++ + case GEN_EDIPARTY: +- return a->d.other; ++ return a->d.ediPartyName; + + case GEN_OTHERNAME: + return a->d.otherName; +--- openssl-1.0.2u/crypto/x509v3/v3nametest.c.cve-2020-1971 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3nametest.c 2022-04-04 20:53:46.894736000 +0000 +@@ -321,6 +321,356 @@ + } + } + ++struct gennamedata { ++ const unsigned char der[22]; ++ size_t derlen; ++} gennames[] = { ++ { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * SEQUENCE {} ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00 ++ }, ++ 21 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * [APPLICATION 0] {} ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00 ++ }, ++ 21 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 } ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * UTF8String { "b" } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * BOOLEAN { TRUE } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff ++ }, ++ 22 ++ }, { ++ /* ++ * [0] { ++ * OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 } ++ * [0] { ++ * BOOLEAN { FALSE } ++ * } ++ * } ++ */ ++ { ++ 0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, ++ 0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00 ++ }, ++ 22 ++ }, { ++ /* [1 PRIMITIVE] { "a" } */ ++ { ++ 0x81, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [1 PRIMITIVE] { "b" } */ ++ { ++ 0x81, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* [2 PRIMITIVE] { "a" } */ ++ { ++ 0x82, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [2 PRIMITIVE] { "b" } */ ++ { ++ 0x82, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* ++ * [4] { ++ * SEQUENCE { ++ * SET { ++ * SEQUENCE { ++ * # commonName ++ * OBJECT_IDENTIFIER { 2.5.4.3 } ++ * UTF8String { "a" } ++ * } ++ * } ++ * } ++ * } ++ */ ++ { ++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 16 ++ }, { ++ /* ++ * [4] { ++ * SEQUENCE { ++ * SET { ++ * SEQUENCE { ++ * # commonName ++ * OBJECT_IDENTIFIER { 2.5.4.3 } ++ * UTF8String { "b" } ++ * } ++ * } ++ * } ++ * } ++ */ ++ { ++ 0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55, ++ 0x04, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 16 ++ }, { ++ /* ++ * [5] { ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 7 ++ }, { ++ /* ++ * [5] { ++ * [1] { ++ * UTF8String { "b" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62 ++ }, ++ 7 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String {} ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61 ++ }, ++ 11 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String { "a" } ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01, ++ 0x61 ++ }, ++ 12 ++ }, { ++ /* ++ * [5] { ++ * [0] { ++ * UTF8String { "b" } ++ * } ++ * [1] { ++ * UTF8String { "a" } ++ * } ++ * } ++ */ ++ { ++ 0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01, ++ 0x61 ++ }, ++ 12 ++ }, { ++ /* [6 PRIMITIVE] { "a" } */ ++ { ++ 0x86, 0x01, 0x61 ++ }, ++ 3 ++ }, { ++ /* [6 PRIMITIVE] { "b" } */ ++ { ++ 0x86, 0x01, 0x62 ++ }, ++ 3 ++ }, { ++ /* [7 PRIMITIVE] { `11111111` } */ ++ { ++ 0x87, 0x04, 0x11, 0x11, 0x11, 0x11 ++ }, ++ 6 ++ }, { ++ /* [7 PRIMITIVE] { `22222222`} */ ++ { ++ 0x87, 0x04, 0x22, 0x22, 0x22, 0x22 ++ }, ++ 6 ++ }, { ++ /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */ ++ { ++ 0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, ++ 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 ++ }, ++ 18 ++ }, { ++ /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */ ++ { ++ 0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, ++ 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 ++ }, ++ 18 ++ }, { ++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */ ++ { ++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, ++ 0xb7, 0x09, 0x02, 0x01 ++ }, ++ 15 ++ }, { ++ /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */ ++ { ++ 0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84, ++ 0xb7, 0x09, 0x02, 0x02 ++ }, ++ 15 ++ } ++}; ++ ++#define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) ++ ++static int test_GENERAL_NAME_cmp(void) ++{ ++ size_t i, j; ++ GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa) ++ * OSSL_NELEM(gennames)); ++ GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb) ++ * OSSL_NELEM(gennames)); ++ int testresult = 0; ++ ++ if (namesa == NULL || namesb == NULL) ++ goto end; ++ ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ const unsigned char *derp = gennames[i].der; ++ ++ /* ++ * We create two versions of each GENERAL_NAME so that we ensure when ++ * we compare them they are always different pointers. ++ */ ++ namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); ++ derp = gennames[i].der; ++ namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen); ++ if (namesa[i] == NULL || namesb[i] == NULL) ++ goto end; ++ } ++ ++ /* Every name should be equal to itself and not equal to any others. */ ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ for (j = 0; j < OSSL_NELEM(gennames); j++) { ++ if (i == j) { ++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) != 0) ++ goto end; ++ } else { ++ if (GENERAL_NAME_cmp(namesa[i], namesb[j]) == 0) ++ goto end; ++ } ++ } ++ } ++ testresult = 1; ++ ++ end: ++ for (i = 0; i < OSSL_NELEM(gennames); i++) { ++ if (namesa != NULL) ++ GENERAL_NAME_free(namesa[i]); ++ if (namesb != NULL) ++ GENERAL_NAME_free(namesb[i]); ++ } ++ OPENSSL_free(namesa); ++ OPENSSL_free(namesb); ++ ++ if (!testresult) ++ fprintf(stderr, "test of GENERAL_NAME_cmp failed\n"); ++ ++ return testresult; ++} ++ ++ ++ + int main(void) + { + const struct set_name_fn *pfn = name_fns; +@@ -342,5 +692,8 @@ + } + ++pfn; + } ++ ++ errors += !test_GENERAL_NAME_cmp(); ++ + return errors > 0 ? 1 : 0; + } diff --git a/openssl/src/openssl-1.0.2u-cve-2021-23840.patch b/openssl/src/openssl-1.0.2u-cve-2021-23840.patch new file mode 100644 index 0000000..f8e4156 --- /dev/null +++ b/openssl/src/openssl-1.0.2u-cve-2021-23840.patch @@ -0,0 +1,94 @@ +--- openssl-1.0.2u/crypto/evp/evp_enc.c.cve-2021-23840 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/evp/evp_enc.c 2022-04-04 21:29:34.804011000 +0000 +@@ -57,6 +57,7 @@ + */ + + #include ++#include + #include "cryptlib.h" + #include + #include +@@ -357,6 +358,18 @@ + return 1; + } else { + j = bl - i; ++ /* ++ * Once we've processed the first j bytes from in, the amount of ++ * data left that is a multiple of the block length is: ++ * (inl - j) & ~(bl - 1) ++ * We must ensure that this amount of data, plus the one block that ++ * we process from ctx->buf does not exceed INT_MAX ++ */ ++ if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) { ++ EVPerr(EVP_F_EVP_ENCRYPTUPDATE, ++ EVP_R_OUTPUT_WOULD_OVERFLOW); ++ return 0; ++ } + memcpy(&(ctx->buf[i]), in, j); + if (!M_do_cipher(ctx, out, ctx->buf, bl)) + return 0; +@@ -482,6 +495,19 @@ + OPENSSL_assert(b <= sizeof(ctx->final)); + + if (ctx->final_used) { ++ /* ++ * final_used is only ever set if buf_len is 0. Therefore the maximum ++ * length output we will ever see from evp_EncryptDecryptUpdate is ++ * the maximum multiple of the block length that is <= inl, or just: ++ * inl & ~(b - 1) ++ * Since final_used has been set then the final output length is: ++ * (inl & ~(b - 1)) + b ++ * This must never exceed INT_MAX ++ */ ++ if ((inl & ~(b - 1)) > INT_MAX - b) { ++ EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW); ++ return 0; ++ } + memcpy(out, ctx->final, b); + out += b; + fix_len = 1; +--- openssl-1.0.2u/crypto/evp/evp_err.c.cve-2021-23840 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/evp/evp_err.c 2022-04-04 21:29:34.874013000 +0000 +@@ -1,6 +1,6 @@ + /* crypto/evp/evp_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2019 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2021 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -94,6 +94,8 @@ + {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, + {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, ++ {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"}, ++ {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, + {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"}, + {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +@@ -215,6 +217,8 @@ + {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), + "operation not supported for this keytype"}, + {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, ++ {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), ++ "output would overflow"}, + {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE), + "pkcs8 unknown broken type"}, + {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, +--- openssl-1.0.2u/crypto/evp/evp.h.cve-2021-23840 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/evp/evp.h 2022-04-04 21:30:38.124534000 +0000 +@@ -1,5 +1,5 @@ + /* crypto/evp/evp.h */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) ++/* Copyright (C) 1995-2021 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written +@@ -1602,6 +1602,7 @@ + # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 + # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 + # define EVP_R_OPERATON_NOT_INITIALIZED 151 ++# define EVP_R_OUTPUT_WOULD_OVERFLOW 184 + # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 + # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 + # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 diff --git a/openssl/src/openssl-1.0.2u-cve-2021-23841.patch b/openssl/src/openssl-1.0.2u-cve-2021-23841.patch new file mode 100644 index 0000000..9c8685a --- /dev/null +++ b/openssl/src/openssl-1.0.2u-cve-2021-23841.patch @@ -0,0 +1,11 @@ +--- openssl-1.0.2u/crypto/x509/x509_cmp.c.cve-2021-23841 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509/x509_cmp.c 2022-04-04 20:58:23.996994000 +0000 +@@ -87,6 +87,8 @@ + + EVP_MD_CTX_init(&ctx); + f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0); ++ if (f == NULL) ++ goto err; + if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) + goto err; + if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f))) diff --git a/openssl/src/openssl-1.0.2u-cve-2021-3712.patch b/openssl/src/openssl-1.0.2u-cve-2021-3712.patch new file mode 100644 index 0000000..353dd8b --- /dev/null +++ b/openssl/src/openssl-1.0.2u-cve-2021-3712.patch @@ -0,0 +1,298 @@ +--- openssl-1.0.2u/crypto/asn1/t_spki.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/asn1/t_spki.c 2022-04-04 20:59:04.817330000 +0000 +@@ -90,7 +90,7 @@ + } + chal = spki->spkac->challenge; + if (chal->length) +- BIO_printf(out, " Challenge String: %s\n", chal->data); ++ BIO_printf(out, " Challenge String: %.*s\n", chal->length, chal->data); + i = OBJ_obj2nid(spki->sig_algor->algorithm); + BIO_printf(out, " Signature Algorithm: %s", + (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); +--- openssl-1.0.2u/crypto/ec/ec_asn1.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/ec/ec_asn1.c 2022-04-04 20:59:04.967334000 +0000 +@@ -867,7 +867,10 @@ + ret->seed_len = params->curve->seed->length; + } + +- if (!params->order || !params->base || !params->base->data) { ++ if (params->order == NULL ++ || params->base == NULL ++ || params->base->data == NULL ++ || params->base->length == 0) { + ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR); + goto err; + } +--- openssl-1.0.2u/crypto/x509v3/v3_cpols.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3_cpols.c 2022-04-04 20:59:05.187339000 +0000 +@@ -423,7 +423,8 @@ + qualinfo = sk_POLICYQUALINFO_value(quals, i); + switch (OBJ_obj2nid(qualinfo->pqualid)) { + case NID_id_qt_cps: +- BIO_printf(out, "%*sCPS: %s\n", indent, "", ++ BIO_printf(out, "%*sCPS: %.*s\n", indent, "", ++ qualinfo->d.cpsuri->length, + qualinfo->d.cpsuri->data); + break; + +@@ -448,7 +449,8 @@ + if (notice->noticeref) { + NOTICEREF *ref; + ref = notice->noticeref; +- BIO_printf(out, "%*sOrganization: %s\n", indent, "", ++ BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", ++ ref->organization->length, + ref->organization->data); + BIO_printf(out, "%*sNumber%s: ", indent, "", + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); +@@ -471,7 +473,8 @@ + BIO_puts(out, "\n"); + } + if (notice->exptext) +- BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", ++ BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "", ++ notice->exptext->length, + notice->exptext->data); + } + +--- openssl-1.0.2u/crypto/x509v3/v3_ncons.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3_ncons.c 2022-04-04 21:09:06.382040000 +0000 +@@ -148,6 +148,27 @@ + return ia5ncasecmp(s1, s2, (size_t)(-1)); + } + ++#define IA5_OFFSET_LEN(ia5base, offset) \ ++ ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data)) ++ ++/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the ++ * starting point to search from ++ */ ++# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start)) ++ ++/* Like memrrchr but for ASN1_IA5STRING */ ++static char *ia5memrchr(ASN1_IA5STRING *str, int c) ++{ ++ int i; ++ ++ for (i = str->length; i > 0 && str->data[i - 1] != c; i--); ++ ++ if (i == 0) ++ return NULL; ++ ++ return (char *)&str->data[i - 1]; ++} ++ + static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) + { +@@ -413,8 +434,12 @@ + char *baseptr = (char *)base->data; + char *dnsptr = (char *)dns->data; + /* Empty matches everything */ +- if (!*baseptr) ++ if (base->length == 0) + return X509_V_OK; ++ ++ if (dns->length < base->length) ++ return X509_V_ERR_PERMITTED_VIOLATION; ++ + /* + * Otherwise can add zero or more components on the left so compare RHS + * and if dns is longer and expect '.' as preceding character. +@@ -425,7 +450,7 @@ + return X509_V_ERR_PERMITTED_VIOLATION; + } + +- if (ia5casecmp(baseptr, dnsptr)) ++ if (ia5ncasecmp(baseptr, dnsptr, base->length)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +@@ -436,16 +461,17 @@ + { + const char *baseptr = (char *)base->data; + const char *emlptr = (char *)eml->data; ++ const char *baseat = ia5memrchr(base, '@'); ++ const char *emlat = ia5memrchr(eml, '@'); ++ size_t basehostlen, emlhostlen; + +- const char *baseat = strchr(baseptr, '@'); +- const char *emlat = strchr(emlptr, '@'); + if (!emlat) + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + /* Special case: inital '.' is RHS match */ +- if (!baseat && (*baseptr == '.')) { ++ if (!baseat && base->length > 0 && (*baseptr == '.')) { + if (eml->length > base->length) { + emlptr += eml->length - base->length; +- if (ia5casecmp(baseptr, emlptr) == 0) ++ if (ia5ncasecmp(baseptr, emlptr, base->length) == 0) + return X509_V_OK; + } + return X509_V_ERR_PERMITTED_VIOLATION; +@@ -465,8 +491,10 @@ + baseptr = baseat + 1; + } + emlptr = emlat + 1; ++ basehostlen = IA5_OFFSET_LEN(base, baseptr); ++ emlhostlen = IA5_OFFSET_LEN(eml, emlptr); + /* Just have hostname left to match: case insensitive */ +- if (ia5casecmp(baseptr, emlptr)) ++ if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen)) + return X509_V_ERR_PERMITTED_VIOLATION; + + return X509_V_OK; +@@ -477,10 +505,13 @@ + { + const char *baseptr = (char *)base->data; + const char *hostptr = (char *)uri->data; +- const char *p = strchr(hostptr, ':'); ++ const char *p = ia5memchr(uri, (char *)uri->data, ':'); + int hostlen; + /* Check for foo:// and skip past it */ +- if (!p || (p[1] != '/') || (p[2] != '/')) ++ if (p == NULL ++ || IA5_OFFSET_LEN(uri, p) < 3 ++ || p[1] != '/' ++ || p[2] != '/') + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + hostptr = p + 3; + +@@ -488,10 +519,10 @@ + + /* Look for a port indicator as end of hostname first */ + +- p = strchr(hostptr, ':'); ++ p = ia5memchr(uri, hostptr, ':'); + /* Otherwise look for trailing slash */ +- if (!p) +- p = strchr(hostptr, '/'); ++ if (p == NULL) ++ p = ia5memchr(uri, hostptr, '/'); + + if (!p) + hostlen = strlen(hostptr); +@@ -502,7 +533,7 @@ + return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX; + + /* Special case: inital '.' is RHS match */ +- if (*baseptr == '.') { ++ if (base->length > 0 && *baseptr == '.') { + if (hostlen > base->length) { + p = hostptr + hostlen - base->length; + if (ia5ncasecmp(p, baseptr, base->length) == 0) +--- openssl-1.0.2u/crypto/x509v3/v3_pci.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3_pci.c 2022-04-04 20:59:05.377335000 +0000 +@@ -68,7 +68,8 @@ + i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage); + BIO_puts(out, "\n"); + if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data) +- BIO_printf(out, "%*sPolicy Text: %s\n", indent, "", ++ BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "", ++ pci->proxyPolicy->policy->length, + pci->proxyPolicy->policy->data); + return 1; + } +--- openssl-1.0.2u/crypto/x509v3/v3_utl.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/x509v3/v3_utl.c 2022-04-04 20:59:05.447340000 +0000 +@@ -609,17 +609,26 @@ + /* First some sanity checks */ + if (email->type != V_ASN1_IA5STRING) + return 1; +- if (!email->data || !email->length) ++ if (email->data == NULL || email->length == 0) ++ return 1; ++ if (memchr(email->data, 0, email->length) != NULL) + return 1; + if (!*sk) + *sk = sk_OPENSSL_STRING_new(sk_strcmp); + if (!*sk) + return 0; ++ ++ emtmp = OPENSSL_strndup((char *)email->data, email->length); ++ if (emtmp == NULL) ++ return 0; ++ + /* Don't add duplicates */ +- if (sk_OPENSSL_STRING_find(*sk, (char *)email->data) != -1) ++ if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) { ++ OPENSSL_free(emtmp); + return 1; +- emtmp = BUF_strdup((char *)email->data); +- if (!emtmp || !sk_OPENSSL_STRING_push(*sk, emtmp)) { ++ } ++ if (!sk_OPENSSL_STRING_push(*sk, emtmp)) { ++ OPENSSL_free(emtmp); /* free on push failure */ + X509_email_free(*sk); + *sk = NULL; + return 0; +--- openssl-1.0.2u/crypto/crypto.h.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/crypto.h 2022-04-04 20:59:04.887339000 +0000 +@@ -380,6 +380,8 @@ + + # define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) + # define OPENSSL_strdup(str) CRYPTO_strdup((str),__FILE__,__LINE__) ++# define OPENSSL_strndup(str, n) \ ++ CRYPTO_strndup((str), n, __FILE__, __LINE__) + # define OPENSSL_realloc(addr,num) \ + CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) + # define OPENSSL_realloc_clean(addr,old_num,num) \ +@@ -393,6 +395,8 @@ + CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) + # define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) + ++size_t OPENSSL_strnlen(const char *str, size_t maxlen); ++ + const char *SSLeay_version(int type); + unsigned long SSLeay(void); + +@@ -533,6 +537,7 @@ + void CRYPTO_free_locked(void *ptr); + void *CRYPTO_malloc(int num, const char *file, int line); + char *CRYPTO_strdup(const char *str, const char *file, int line); ++char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); + void CRYPTO_free(void *ptr); + void *CRYPTO_realloc(void *addr, int num, const char *file, int line); + void *CRYPTO_realloc_clean(void *addr, int old_num, int num, const char *file, +--- openssl-1.0.2u/crypto/mem.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/mem.c 2022-04-04 20:59:05.037333000 +0000 +@@ -364,6 +364,24 @@ + return ret; + } + ++char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line) ++{ ++ size_t maxlen; ++ char *ret; ++ ++ if (str == NULL) ++ return NULL; ++ ++ maxlen = OPENSSL_strnlen(str, s); ++ ++ ret = CRYPTO_malloc(maxlen + 1, file, line); ++ if (ret) { ++ memcpy(ret, str, maxlen); ++ ret[maxlen] = '\0'; ++ } ++ return ret; ++} ++ + void *CRYPTO_realloc(void *str, int num, const char *file, int line) + { + void *ret = NULL; +--- openssl-1.0.2u/crypto/o_str.c.cve-2021-3712 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/o_str.c 2022-04-04 20:59:05.107331000 +0000 +@@ -114,3 +114,12 @@ + + return ret; + } ++ ++size_t OPENSSL_strnlen(const char *str, size_t maxlen) ++{ ++ const char *p; ++ ++ for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ; ++ ++ return p - str; ++} diff --git a/openssl/src/openssl-1.0.2u-cve-2022-0778.patch b/openssl/src/openssl-1.0.2u-cve-2022-0778.patch new file mode 100644 index 0000000..78ef2e1 --- /dev/null +++ b/openssl/src/openssl-1.0.2u-cve-2022-0778.patch @@ -0,0 +1,47 @@ +--- openssl-1.0.2u/crypto/bn/bn_sqrt.c.cve-2022-0778 2019-12-20 14:02:41.000000000 +0000 ++++ openssl-1.0.2u/crypto/bn/bn_sqrt.c 2022-04-04 21:09:50.952408000 +0000 +@@ -64,7 +64,8 @@ + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -350,18 +351,23 @@ + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */