packages/linux-sgx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE

Browse Source
This commit is contained in:
qsw333 2024-02-26 10:57:41 +08:00
parent 92b71d4b9e
commit e424e39795
8 changed files with 724 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch Normal file
View File

@ -0,0 +1,226 @@
From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 8 Mar 2023 15:28:20 +1100
Subject: [PATCH] x509: excessive resource use verifying policy constraints
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Fixes CVE-2023-0464
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20569)
Reference:https://github.com/openssl/openssl/commit/879f7080d7e141f415c79eaa3a8ac4a3dad0348b
Confilts:NA
---
crypto/x509v3/pcy_local.h | 8 +++++++-
crypto/x509v3/pcy_node.c | 12 +++++++++---
crypto/x509v3/pcy_tree.c | 37 +++++++++++++++++++++++++++----------
3 files changed, 43 insertions(+), 14 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_local.h b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_local.h
index 5daf78de45..344aa06765 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_local.h
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_local.h
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
};
struct X509_POLICY_TREE_st {
+ /* The number of nodes in the tree */
+ size_t node_count;
+ /* The maximum number of nodes in the tree */
+ size_t node_maximum;
+
/* This is the tree 'level' data */
X509_POLICY_LEVEL *levels;
int nlevel;
@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
+ X509_POLICY_TREE *tree,
+ int extra_data);
void policy_node_free(X509_POLICY_NODE *node);
int policy_node_match(const X509_POLICY_LEVEL *lvl,
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_node.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_node.c
index e2d7b15322..d574fb9d66 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_node.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_node.c
@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree)
+ X509_POLICY_TREE *tree,
+ int extra_data)
{
X509_POLICY_NODE *node;
+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+ return NULL;
+
node = OPENSSL_zalloc(sizeof(*node));
if (node == NULL) {
X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
}
node->data = data;
node->parent = parent;
- if (level) {
+ if (level != NULL) {
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
if (level->anyPolicy)
goto node_error;
@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
}
}
- if (tree) {
+ if (extra_data) {
if (tree->extra_data == NULL)
tree->extra_data = sk_X509_POLICY_DATA_new_null();
if (tree->extra_data == NULL){
@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
}
}
+ tree->node_count++;
if (parent)
parent->nchild++;
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_tree.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_tree.c
index 6e8322cbc5..6c7fd35405 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_tree.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509v3/pcy_tree.c
@@ -13,6 +13,18 @@
#include "pcy_local.h"
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
/*
* Enable this to print out the complete policy tree at various point during
* evaluation.
@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
return X509_PCY_TREE_INTERNAL;
}
+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
/*
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
*
@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
level = tree->levels;
if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
goto bad_tree;
- if (level_add_node(level, data, NULL, tree) == NULL) {
+ if (level_add_node(level, data, NULL, tree, 1) == NULL) {
policy_data_free(data);
goto bad_tree;
}
@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
* Return value: 1 on success, 0 otherwise
*/
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data)
+ X509_POLICY_DATA *data,
+ X509_POLICY_TREE *tree)
{
X509_POLICY_LEVEL *last = curr - 1;
int i, matched = 0;
@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
if (policy_node_match(last, node, data->valid_policy)) {
- if (level_add_node(curr, data, node, NULL) == NULL)
+ if (level_add_node(curr, data, node, tree, 0) == NULL)
return 0;
matched = 1;
}
}
if (!matched && last->anyPolicy) {
- if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+ if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
return 0;
}
return 1;
@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
* Return value: 1 on success, 0 otherwise.
*/
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache)
+ const X509_POLICY_CACHE *cache,
+ X509_POLICY_TREE *tree)
{
int i;
@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
/* Look for matching nodes in previous level */
- if (!tree_link_matching_nodes(curr, data))
+ if (!tree_link_matching_nodes(curr, data, tree))
return 0;
}
return 1;
@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
/* Curr may not have anyPolicy */
data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (level_add_node(curr, data, node, tree) == NULL) {
+ if (level_add_node(curr, data, node, tree, 1) == NULL) {
policy_data_free(data);
return 0;
}
@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
}
/* Finally add link to anyPolicy */
if (last->anyPolicy &&
- level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+ level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
return 0;
return 1;
}
@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
extra->qualifier_set = anyPolicy->data->qualifier_set;
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
| POLICY_DATA_FLAG_EXTRA_NODE;
- node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+ node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
}
if (!tree->user_policies) {
tree->user_policies = sk_X509_POLICY_NODE_new_null();
@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
for (i = 1; i < tree->nlevel; i++, curr++) {
cache = policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
+ if (!tree_link_nodes(curr, cache, tree))
return X509_PCY_TREE_INTERNAL;
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
--
2.27.0

58
backport-CVE-2023-0465-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch Normal file
View File

@ -0,0 +1,58 @@
From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2023 16:52:55 +0000
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
certs
Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.
Fixes: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20588)
Reference:https://github.com/openssl/openssl/commit/b013765abfa80036dc779dd0e50602c57bb3bf95
Confilts:NA
---
crypto/x509/x509_vfy.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509/x509_vfy.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509/x509_vfy.c
index 925fbb5412..1dfe4f9f31 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509/x509_vfy.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/x509/x509_vfy.c
@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
}
/* Invalid or inconsistent extensions */
if (ret == X509_PCY_TREE_INVALID) {
- int i;
+ int i, cbcalled = 0;
/* Locate certificates with bad extensions and notify callback. */
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
X509 *x = sk_X509_value(ctx->chain, i);
if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
continue;
+ cbcalled = 1;
if (!verify_cb_cert(ctx, x, i,
X509_V_ERR_INVALID_POLICY_EXTENSION))
return 0;
}
+ if (!cbcalled) {
+ /* Should not be able to get here */
+ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* The callback ignored the error so we return success */
return 1;
}
if (ret == X509_PCY_TREE_FAILURE) {
--
2.27.0

50
backport-CVE-2023-0466-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch Normal file
View File

@ -0,0 +1,50 @@
From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 21 Mar 2023 16:15:47 +0100
Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
The function was incorrectly documented as enabling policy checking.
Fixes: CVE-2023-0466
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20564)
Reference:https://github.com/openssl/openssl/commit/0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
Confilts:CHANGES,NEWS
---
doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index f6f304bf7b..aa292f9336 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -92,8 +92,9 @@ B<trust>.
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
B<t>. Normally the current time is used.
-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
-by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
+Contrary to preexisting documentation of this function it does not enable
+policy checking.
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
by default) and sets the acceptable policy set to B<policies>. Any existing
@@ -377,6 +378,10 @@ and has no effect.
The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
+enabling policy checking however the implementation has never done this.
+The documentation was changed to align with the implementation.
+
=head1 COPYRIGHT
Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
--
2.27.0

68
backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch Normal file
View File

@ -0,0 +1,68 @@
From 9e209944b35cf82368071f160a744b6178f9b098 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 12 May 2023 10:00:13 +0200
Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reference:https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
Confilts:CHANGES,NEWS
---
crypto/objects/obj_dat.c | 19 +++++++++++++++++++
1 files changed, 19 insertions(+)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/objects/obj_dat.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/objects/obj_dat.c
index 7e8de727f3..d699915b20 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/objects/obj_dat.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/objects/obj_dat.c
@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
first = 1;
bl = NULL;
+ /*
+ * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+ *
+ * > 3.5. OBJECT IDENTIFIER values
+ * >
+ * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+ * > numbers. For the SMIv2, each number in the list is referred to as a
+ * > sub-identifier, there are at most 128 sub-identifiers in a value,
+ * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+ * > decimal).
+ *
+ * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+ * i.e. 586 bytes long.
+ *
+ * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+ */
+ if (len > 586)
+ goto err;
+
while (len > 0) {
l = 0;
use_bn = 0;
--
2.27.0

115
backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch Normal file
View File

@ -0,0 +1,115 @@
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 6 Jul 2023 16:36:35 +0100
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.
There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.
An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().
CVE-2023-3446
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21452)
Reference:https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528
Confilts:Change the Source File Patch
---
crypto/dh/dh_check.c | 6 ++++++
crypto/dh/dh_err.c | 3 ++-
include/openssl/dh.h | 3 +++
include/openssl/dherr.h | 3 ++-
4 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
index 4ac169e75c..e5f9dd5030 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
BN_CTX *ctx = NULL;
BIGNUM *t1 = NULL, *t2 = NULL;
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
if (!DH_check_params(dh, ret))
return 0;
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
index 7285587b4a..92800d3fcc 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
"dh_builtin_genparams"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
index 3527540cdd..892e31559d 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
@@ -29,6 +29,9 @@ extern "C" {
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
# endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
+# endif
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
index 916b3bed0b..528c819856 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
# define DH_F_COMPUTE_KEY 102
# define DH_F_DHPARAMS_PRINT_FP 101
# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CHECK 126
# define DH_F_DH_CHECK_EX 121
# define DH_F_DH_CHECK_PARAMS_EX 122
# define DH_F_DH_CHECK_PUB_KEY_EX 123
--
2.27.0

62
backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch Normal file
View File

@ -0,0 +1,62 @@
From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 21 Jul 2023 11:39:41 +0200
Subject: [PATCH] DH_check(): Do not try checking q properties if it is
obviously invalid
If |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.
We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.
Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.
Fixes CVE-2023-3817
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21551)
Reference:https://github.com/openssl/openssl/commit/91ddeba0f2269b017dc06c46c993a788974b1aa5
Confilts:Change the Source File Patch
---
crypto/dh/dh_check.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
index 2001d2e7cb..9ae96991eb 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)
int DH_check(const DH *dh, int *ret)
{
- int ok = 0, r;
+ int ok = 0, r, q_good = 0;
BN_CTX *ctx = NULL;
BIGNUM *t1 = NULL, *t2 = NULL;
@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret)
if (t2 == NULL)
goto err;
- if (dh->q) {
+ if (dh->q != NULL) {
+ if (BN_ucmp(dh->p, dh->q) > 0)
+ q_good = 1;
+ else
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ }
+
+ if (q_good) {
if (BN_cmp(dh->g, BN_value_one()) <= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
else if (BN_cmp(dh->g, dh->p) >= 0)
--
2.27.0

134
backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch Normal file
View File

@ -0,0 +1,134 @@
From 58589a46204c0dfca58906d6e66cf610caa11d88 Mon Sep 17 00:00:00 2001
From: lanming1120 <lanming1120@126.com>
Date: Tue, 7 Nov 2023 14:42:28 +0800
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
Signed-off-by: lanming1120 <lanming1120@126.com>
Reference:https://gitee.com/openeuler/openssl/commit/58589a46204c0dfca58906d6e66cf610caa11d88
Confilts:NA
---
crypto/dh/dh_check.c | 13 +++++++++++++
crypto/dh/dh_err.c | 1 +
crypto/dh/dh_key.c | 12 ++++++++++++
crypto/err/openssl.txt | 1 +
include/openssl/dh.h | 5 +++--
include/openssl/dherr.h | 1 +
6 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
index ae1b03bc92..779cfbcd91 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_check.c
@@ -198,6 +198,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
BN_CTX *ctx = NULL;
*ret = 0;
+
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE);
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
+ return 0;
+ }
+
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
+ return 1;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
index 92800d3fcc..b3b1e7a706 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_err.c
@@ -82,6 +82,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
"unable to check generator"},
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_key.c b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_key.c
index 117f2fa883..4c4c4b9874 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_key.c
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/dh/dh_key.c
@@ -109,6 +109,12 @@ static int generate_key(DH *dh)
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
+ if (dh->q != NULL
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
+ return 0;
+ }
+
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
return 0;
@@ -202,6 +208,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
int ret = -1;
int check_result;
+ if (dh->q != NULL
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
+ goto err;
+ }
+
if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
goto err;
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/err/openssl.txt b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/err/openssl.txt
index c111822eac..56d4093ada 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/err/openssl.txt
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/crypto/err/openssl.txt
@@ -2139,6 +2139,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
DH_R_NO_PRIVATE_VALUE:100:no private value
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_Q_TOO_LARGE:130:q too large
DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_Q_VALUE:102:bad q value
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
index 6c6ff3636a..7509f4fc3e 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dh.h
@@ -71,14 +71,15 @@ DECLARE_ASN1_ITEM(DHparams)
/* #define DH_GENERATOR_3 3 */
# define DH_GENERATOR_5 5
-/* DH_check error codes */
+/* DH_check error codes, some of them shared with DH_check_pub_key */
# define DH_CHECK_P_NOT_PRIME 0x01
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
-# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
# define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_MODULUS_TOO_LARGE 0x100
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
diff --git a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
index 528c819856..d66c35aa8e 100644
--- a/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
+++ b/external/dcap_source/QuoteVerification/sgxssl/openssl_source/openssl-1.1.1t/include/openssl/dherr.h
@@ -82,6 +82,7 @@ int ERR_load_DH_strings(void);
# define DH_R_NO_PRIVATE_VALUE 100
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_Q_TOO_LARGE 130
# define DH_R_SHARED_INFO_ERROR 113
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
--
2.27.0

12
linux-sgx.spec
View File

@ -1,6 +1,6 @@
Name: linux-sgx
Version: 2.19
Release: 3
Release: 4
Summary: Intel(R) Software Guard Extensions for Linux* OS
ExclusiveArch: x86_64
License: BSD-3-Clause
@ -32,6 +32,13 @@ Patch3: 0004-adapt-openssl-CVE.patch
Patch4: 0005-DCAP-disabling-the-rpatch-option.patch
Patch5: 0006-fix-build-error.patch
Patch6: 0007-fix-C-17-build-failed.patch
Patch7: backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
Patch8: backport-CVE-2023-0465-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
Patch9: backport-CVE-2023-0466-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
Patch10: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
Patch11: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
Patch12: backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
Patch13: backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
BuildRequires: gcc-c++ protobuf-devel libtool ocaml ocaml-ocamlbuild compat-openssl11-devel cmake python curl-devel createrepo_c git nasm
BuildRequires: protobuf-lite-devel protobuf-c-devel boost-devel
@ -869,6 +876,9 @@ if [ -x /opt/intel/sgx-dcap-pccs/startup.sh ]; then /opt/intel/sgx-dcap-pccs/sta
%files -n libsgx-headers -f %{LINUX_INSTALLER_RPM_DIR}/libsgx-headers/build/list-libsgx-headers
%changelog
* Mon Feb 26 2024 wangqingsan<wangqingsan@huawei.com> - 2.19-4
- fix CVE-2023-0464,CVE-2023-0465,CVE-2023-0466,CVE-2023-2650,CVE-2023-3446,CVE-2023-3817,CVE-2023-5678.
* Sun Feb 25 2024 wangqingsan<wangqingsan@huawei.com> - 2.19-3
- fix build failed.