packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some upstream patches

Browse Source 
Signed-off-by: ExtinctFire <shenyining_00@126.com>
This commit is contained in:
ExtinctFire 2022-11-08 18:56:08 +08:00
parent 0e6b5f9981
commit 18623b10f4
10 changed files with 719 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
backport-Add-missing-header-for-memcmp.patch Normal file
View File

@ -0,0 +1,33 @@
From 60f011f584d80447e86cae1d1bd3ae24bc13235b Mon Sep 17 00:00:00 2001
From: Gregor Jasny <gjasny@googlemail.com>
Date: Tue, 5 Jul 2022 12:57:06 +0200
Subject: [PATCH] Add missing header for memcmp
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18719)
(cherry picked from commit f9e578e720bb35228948564192adbe3bc503d5fb)
---
test/v3ext.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/v3ext.c b/test/v3ext.c
index 386135fed8..7a240cd706 100644
--- a/test/v3ext.c
+++ b/test/v3ext.c
@@ -8,6 +8,7 @@
*/
#include <stdio.h>
+#include <string.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/pem.h>
--
2.17.1

161
backport-Fix-a-crash-in-X509v3_asid_subset.patch Normal file
View File

@ -0,0 +1,161 @@
From 8f078819556da83c15751678c39558a59bc746fc Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 9 Jun 2022 16:57:30 +0100
Subject: [PATCH] Fix a crash in X509v3_asid_subset()
If the asnum or rdi fields are NULL and the ASIdentifiers are otherwise
subsets then this will result in a crash. Of note is that rdi will usually
be NULL.
Reported by Theo Buehler (@botovq)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/18514)
(cherry picked from commit 01fc9b6bce82f0534d6673659a0e59a71f57ee82)
---
crypto/x509v3/v3_asid.c | 31 +++++++++++-----
test/v3ext.c | 78 +++++++++++++++++++++++++++++++++++++++++
2 files changed, 100 insertions(+), 9 deletions(-)
diff --git a/crypto/x509v3/v3_asid.c b/crypto/x509v3/v3_asid.c
index ac68572672..9bdc682978 100644
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@@ -700,15 +700,28 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
*/
int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
{
- return (a == NULL ||
- a == b ||
- (b != NULL &&
- !X509v3_asid_inherits(a) &&
- !X509v3_asid_inherits(b) &&
- asid_contains(b->asnum->u.asIdsOrRanges,
- a->asnum->u.asIdsOrRanges) &&
- asid_contains(b->rdi->u.asIdsOrRanges,
- a->rdi->u.asIdsOrRanges)));
+ int subset;
+
+ if (a == NULL || a == b)
+ return 1;
+
+ if (b == NULL)
+ return 0;
+
+ if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b))
+ return 0;
+
+ subset = a->asnum == NULL
+ || (b->asnum != NULL
+ && asid_contains(b->asnum->u.asIdsOrRanges,
+ a->asnum->u.asIdsOrRanges));
+ if (!subset)
+ return 0;
+
+ return a->rdi == NULL
+ || (b->rdi != NULL
+ && asid_contains(b->rdi->u.asIdsOrRanges,
+ a->rdi->u.asIdsOrRanges));
}
/*
diff --git a/test/v3ext.c b/test/v3ext.c
index 14ae49969d..1575e923da 100644
--- a/test/v3ext.c
+++ b/test/v3ext.c
@@ -37,11 +37,89 @@ end:
return ret;
}
+static int test_asid(void)
+{
+ ASN1_INTEGER *val1 = NULL, *val2 = NULL;
+ ASIdentifiers *asid1 = ASIdentifiers_new(), *asid2 = ASIdentifiers_new(),
+ *asid3 = ASIdentifiers_new(), *asid4 = ASIdentifiers_new();
+ int testresult = 0;
+
+ if (!TEST_ptr(asid1)
+ || !TEST_ptr(asid2)
+ || !TEST_ptr(asid3))
+ goto err;
+
+ if (!TEST_ptr(val1 = ASN1_INTEGER_new())
+ || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496)))
+ goto err;
+
+ if (!TEST_true(X509v3_asid_add_id_or_range(asid1, V3_ASID_ASNUM, val1, NULL)))
+ goto err;
+
+ val1 = NULL;
+ if (!TEST_ptr(val2 = ASN1_INTEGER_new())
+ || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
+ goto err;
+
+ if (!TEST_true(X509v3_asid_add_id_or_range(asid2, V3_ASID_ASNUM, val2, NULL)))
+ goto err;
+
+ val2 = NULL;
+ if (!TEST_ptr(val1 = ASN1_INTEGER_new())
+ || !TEST_true(ASN1_INTEGER_set_int64(val1, 64496))
+ || !TEST_ptr(val2 = ASN1_INTEGER_new())
+ || !TEST_true(ASN1_INTEGER_set_int64(val2, 64497)))
+ goto err;
+
+ /*
+ * Just tests V3_ASID_ASNUM for now. Could be extended at some point to also
+ * test V3_ASID_RDI if we think it is worth it.
+ */
+ if (!TEST_true(X509v3_asid_add_id_or_range(asid3, V3_ASID_ASNUM, val1, val2)))
+ goto err;
+ val1 = val2 = NULL;
+
+ /* Actual subsets */
+ if (!TEST_true(X509v3_asid_subset(NULL, NULL))
+ || !TEST_true(X509v3_asid_subset(NULL, asid1))
+ || !TEST_true(X509v3_asid_subset(asid1, asid1))
+ || !TEST_true(X509v3_asid_subset(asid2, asid2))
+ || !TEST_true(X509v3_asid_subset(asid1, asid3))
+ || !TEST_true(X509v3_asid_subset(asid2, asid3))
+ || !TEST_true(X509v3_asid_subset(asid3, asid3))
+ || !TEST_true(X509v3_asid_subset(asid4, asid1))
+ || !TEST_true(X509v3_asid_subset(asid4, asid2))
+ || !TEST_true(X509v3_asid_subset(asid4, asid3)))
+ goto err;
+
+ /* Not subsets */
+ if (!TEST_false(X509v3_asid_subset(asid1, NULL))
+ || !TEST_false(X509v3_asid_subset(asid1, asid2))
+ || !TEST_false(X509v3_asid_subset(asid2, asid1))
+ || !TEST_false(X509v3_asid_subset(asid3, asid1))
+ || !TEST_false(X509v3_asid_subset(asid3, asid2))
+ || !TEST_false(X509v3_asid_subset(asid1, asid4))
+ || !TEST_false(X509v3_asid_subset(asid2, asid4))
+ || !TEST_false(X509v3_asid_subset(asid3, asid4)))
+ goto err;
+
+ testresult = 1;
+ err:
+ ASN1_INTEGER_free(val1);
+ ASN1_INTEGER_free(val2);
+ ASIdentifiers_free(asid1);
+ ASIdentifiers_free(asid2);
+ ASIdentifiers_free(asid3);
+ ASIdentifiers_free(asid4);
+ return testresult;
+}
+
int setup_tests(void)
{
if (!TEST_ptr(infile = test_get_argument(0)))
return 0;
ADD_TEST(test_pathlen);
+ ADD_TEST(test_asid);
return 1;
}
--
2.17.1

134
backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch Normal file
View File

@ -0,0 +1,134 @@
From 6c8879c8bf6030666c851623f93fff03c1266715 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Wed, 22 Jun 2022 17:05:55 +0200
Subject: [PATCH] Fix a memory leak in EC_GROUP_new_from_ecparameters
This can be reproduced with my error injection patch.
The test vector has been validated on the 1.1.1 branch
but the issue is of course identical in all branches.
$ ERROR_INJECT=1656112173 ../util/shlib_wrap.sh ./x509-test ./corpora/x509/fe543a8d7e09109a9a08114323eefec802ad79e2
#0 0x7fb61945eeba in __sanitizer_print_stack_trace ../../../../gcc-trunk/libsanitizer/asan/asan_stack.cpp:87
#1 0x402f84 in my_malloc fuzz/test-corpus.c:114
#2 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#3 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#4 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#5 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#6 0x7fb618e7aa13 in asn1_string_to_bn crypto/asn1/a_int.c:503
#7 0x7fb618e7aa13 in ASN1_INTEGER_to_BN crypto/asn1/a_int.c:559
#8 0x7fb618fd8e79 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:814
#9 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#10 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#11 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#12 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#13 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#14 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#15 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#16 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#21 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#22 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#23 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#24 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#25 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#26 0x402afb in testfile fuzz/test-corpus.c:182
#27 0x402656 in main fuzz/test-corpus.c:226
#28 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#29 0x402756 (/home/ed/OPC/openssl/fuzz/x509-test+0x402756)
=================================================================
==12221==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef5f11 in BN_new crypto/bn/bn_lib.c:246
#3 0x7fb618ef82f4 in BN_bin2bn crypto/bn/bn_lib.c:440
#4 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#5 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#6 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#7 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#8 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#9 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#10 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#11 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#12 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#13 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#14 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#15 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#16 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#17 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#18 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#19 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#20 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#21 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#22 0x402afb in testfile fuzz/test-corpus.c:182
#23 0x402656 in main fuzz/test-corpus.c:226
#24 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
Indirect leak of 56 byte(s) in 1 object(s) allocated from:
#0 0x7fb61945309f in __interceptor_malloc ../../../../gcc-trunk/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fb619092430 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fb618ef7561 in bn_expand_internal crypto/bn/bn_lib.c:280
#3 0x7fb618ef7561 in bn_expand2 crypto/bn/bn_lib.c:304
#4 0x7fb618ef819d in BN_bin2bn crypto/bn/bn_lib.c:454
#5 0x7fb618fd8933 in EC_GROUP_new_from_ecparameters crypto/ec/ec_asn1.c:618
#6 0x7fb618fd98e8 in EC_GROUP_new_from_ecpkparameters crypto/ec/ec_asn1.c:935
#7 0x7fb618fd9aec in d2i_ECPKParameters crypto/ec/ec_asn1.c:966
#8 0x7fb618fdace9 in d2i_ECParameters crypto/ec/ec_asn1.c:1184
#9 0x7fb618fd1fc7 in eckey_type2param crypto/ec/ec_ameth.c:119
#10 0x7fb618fd57b4 in eckey_pub_decode crypto/ec/ec_ameth.c:165
#11 0x7fb6191a9c62 in x509_pubkey_decode crypto/x509/x_pubkey.c:124
#12 0x7fb6191a9e42 in pubkey_cb crypto/x509/x_pubkey.c:46
#13 0x7fb618eac032 in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:432
#14 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#15 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#16 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#17 0x7fb618eacaf5 in asn1_template_noexp_d2i crypto/asn1/tasn_dec.c:643
#18 0x7fb618ead288 in asn1_template_ex_d2i crypto/asn1/tasn_dec.c:518
#19 0x7fb618eab9ce in asn1_item_embed_d2i crypto/asn1/tasn_dec.c:382
#20 0x7fb618eadd1f in ASN1_item_ex_d2i crypto/asn1/tasn_dec.c:124
#21 0x7fb618eade35 in ASN1_item_d2i crypto/asn1/tasn_dec.c:114
#22 0x40310c in FuzzerTestOneInput fuzz/x509.c:33
#23 0x402afb in testfile fuzz/test-corpus.c:182
#24 0x402656 in main fuzz/test-corpus.c:226
#25 0x7fb618551f44 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
SUMMARY: AddressSanitizer: 80 byte(s) leaked in 2 allocation(s).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/18632)
---
crypto/ec/ec_asn1.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 34de7b2aab..1acbbde3d3 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -794,7 +794,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
}
/* extract the order */
- if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+ if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
@@ -811,7 +811,7 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
if (params->cofactor == NULL) {
BN_free(b);
b = NULL;
- } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+ } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
goto err;
}
--
2.17.1

117
backport-Fix-a-memory-leak-in-tls13_generate_secret.patch Normal file
View File

@ -0,0 +1,117 @@
From a937806043bda5775091844050e8c632a41922ac Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Tue, 5 Jul 2022 20:39:06 +0200
Subject: [PATCH] Fix a memory leak in tls13_generate_secret
This was found by my Reproducible Error Injection patch (#18356)
Due to the exact location of the injected memory
error the sha256 digest is missing, and this causes much later
the memory leak (and a failed assertion) in tls13_generate_secret.
But the reproduction is a bit challenging, as it requires AESNI
and RDRAND capability.
OPENSSL_ia32cap=0x4200000000000000 ERROR_INJECT=1657070330 ../util/shlib_wrap.sh ./client-test ./corpora/client/791afc153e17db072175eeef85385a38d7f6d194
#0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
#6 0x7fceaf9c6b97 in openssl_add_all_digests_int crypto/evp/c_alld.c:39
#7 0x7fceafa0f8ec in ossl_init_add_all_digests crypto/init.c:275
#8 0x7fceafa0f8ec in ossl_init_add_all_digests_ossl_ crypto/init.c:264
#9 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
#10 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
#11 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:677
#12 0x7fceafa1000e in OPENSSL_init_crypto crypto/init.c:611
#13 0x7fceafdad3e8 in OPENSSL_init_ssl ssl/ssl_init.c:190
#14 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
#15 0x55fb9117e939 in main fuzz/test-corpus.c:194
#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
#17 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)
#0 0x7fceaffb7d4f in __sanitizer_print_stack_trace ../../../../src/libsanitizer/asan/asan_stack.cc:36
#1 0x55fb9117f934 in my_malloc fuzz/test-corpus.c:114
#2 0x7fceafa147f3 in OPENSSL_LH_insert crypto/lhash/lhash.c:109
#3 0x7fceafa42639 in lh_OBJ_NAME_insert crypto/objects/obj_local.h:12
#4 0x7fceafa42639 in OBJ_NAME_add crypto/objects/o_names.c:236
#5 0x7fceaf9f7baa in EVP_add_digest crypto/evp/names.c:39
#6 0x7fceafdad328 in ossl_init_ssl_base ssl/ssl_init.c:87
#7 0x7fceafdad328 in ossl_init_ssl_base_ossl_ ssl/ssl_init.c:24
#8 0x7fceaf69b4de in __pthread_once_slow /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_once.c:116
#9 0x7fceafafb27c in CRYPTO_THREAD_run_once crypto/threads_pthread.c:118
#10 0x7fceafdad412 in OPENSSL_init_ssl ssl/ssl_init.c:193
#11 0x55fb9117ee0f in FuzzerInitialize fuzz/client.c:46
#12 0x55fb9117e939 in main fuzz/test-corpus.c:194
#13 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
#14 0x55fb9117ec7d in _start (.../openssl/fuzz/client-test+0x2c7d)
=================================================================
==1320996==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 80 byte(s) in 1 object(s) allocated from:
#0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fceafa03a85 in int_ctx_new crypto/evp/pmeth_lib.c:144
#3 0x7fceafa03a85 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250
#4 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174
#5 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833
#6 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902
#7 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752
#8 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698
#9 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034
#10 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636
#11 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434
#12 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718
#13 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98
#14 0x55fb9117f463 in testfile fuzz/test-corpus.c:182
#15 0x55fb9117eb92 in main fuzz/test-corpus.c:226
#16 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
Indirect leak of 1080 byte(s) in 1 object(s) allocated from:
#0 0x7fceaffaa808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144
#1 0x7fceafa19425 in CRYPTO_zalloc crypto/mem.c:230
#2 0x7fceafa11555 in pkey_hkdf_init crypto/kdf/hkdf.c:51
#3 0x7fceafa03b36 in int_ctx_new crypto/evp/pmeth_lib.c:160
#4 0x7fceafa03b36 in EVP_PKEY_CTX_new_id crypto/evp/pmeth_lib.c:250
#5 0x7fceafe38de5 in tls13_generate_secret ssl/tls13_enc.c:174
#6 0x7fceafd9537f in ssl_derive ssl/s3_lib.c:4833
#7 0x7fceafdde91c in tls_parse_stoc_key_share ssl/statem/extensions_clnt.c:1902
#8 0x7fceafdd4ac1 in tls_parse_all_extensions ssl/statem/extensions.c:752
#9 0x7fceafdf8079 in tls_process_server_hello ssl/statem/statem_clnt.c:1698
#10 0x7fceafe01f87 in ossl_statem_client_process_message ssl/statem/statem_clnt.c:1034
#11 0x7fceafdeec0d in read_state_machine ssl/statem/statem.c:636
#12 0x7fceafdeec0d in state_machine ssl/statem/statem.c:434
#13 0x7fceafdb88d7 in SSL_do_handshake ssl/ssl_lib.c:3718
#14 0x55fb9117f07c in FuzzerTestOneInput fuzz/client.c:98
#15 0x55fb9117f463 in testfile fuzz/test-corpus.c:182
#16 0x55fb9117eb92 in main fuzz/test-corpus.c:226
#17 0x7fceaf4bc082 in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: 1160 byte(s) leaked in 2 allocation(s).
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18725)
---
ssl/tls13_enc.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index b8fb07f210..51ca1050a4 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -190,6 +190,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
if (!ossl_assert(mdleni >= 0)) {
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
ERR_R_INTERNAL_ERROR);
+ EVP_PKEY_CTX_free(pctx);
return 0;
}
mdlen = (size_t)mdleni;
--
2.17.1

47
backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch Normal file
View File

@ -0,0 +1,47 @@
From 6495cab1c876ad80ce983d848ccaa1dc286a63e1 Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Fri, 1 Jul 2022 13:47:11 +1000
Subject: [PATCH] Fix bn_gcd code to check return value when calling BN_one()
BN_one() uses the expand function which calls malloc which may fail.
All other places that reference BN_one() check the return value.
The issue is triggered by a memory allocation failure.
Detected by PR #18355
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18697)
(cherry picked from commit 7fe7cc57af3db1e497877f0329ba17609b2efc8b)
---
crypto/bn/bn_gcd.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/bn/bn_gcd.c b/crypto/bn/bn_gcd.c
index 0941f7b97f..c4b7854e1a 100644
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@@ -47,7 +47,8 @@ BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
@@ -235,7 +236,8 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
if (R == NULL)
goto err;
- BN_one(X);
+ if (!BN_one(X))
+ goto err;
BN_zero(Y);
if (BN_copy(B, a) == NULL)
goto err;
--
2.17.1

36
backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch Normal file
View File

@ -0,0 +1,36 @@
From c3efe5c96128d699f0884128ce905906bc28ed34 Mon Sep 17 00:00:00 2001
From: Allan <allanchang96@gmail.com>
Date: Thu, 7 Jul 2022 16:04:09 -0700
Subject: [PATCH] Fix memory leak in X509V3_add1_i2d when flag is
X509V3_ADD_DELETE
Fixes #18677
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18698)
(cherry picked from commit 4798e0680b112993815098ca21d7d68ff31ebc6e)
---
crypto/x509v3/v3_lib.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c
index 97c1cbc20f..d7e7c9a5cb 100644
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
}
/* If delete, just delete it */
if (ext_op == X509V3_ADD_DELETE) {
- if (!sk_X509_EXTENSION_delete(*x, extidx))
+ extmp = sk_X509_EXTENSION_delete(*x, extidx);
+ if (extmp == NULL)
return -1;
+ X509_EXTENSION_free(extmp);
return 1;
}
} else {
--
2.17.1

71
backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch Normal file
View File

@ -0,0 +1,71 @@
From a1d80edcf830739131e0567dc03b1e80b7988b1e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 10 Jun 2022 15:58:58 +0100
Subject: [PATCH] Fix range_should_be_prefix() to actually return the correct
result
range_should_be_prefix() was misidentifying whether an IP address range
should in fact be represented as a prefix. This was due to a bug introduced
in commit 42d7d7dd which made this incorrect change:
- OPENSSL_assert(memcmp(min, max, length) <= 0);
+ if (memcmp(min, max, length) <= 0)
+ return -1;
This error leads to incorrect DER being encoded/accepted.
Reported by Theo Buehler (@botovq)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18524)
(cherry picked from commit 30532e59f475e0066c030693e4d614311a9e0cae)
(cherry picked from commit 2c6550c6db9b1b69dc24f968b4ceb534edcf4841)
---
crypto/x509v3/v3_addr.c | 14 ++++-
test/v3ext.c | 111 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 123 insertions(+), 2 deletions(-)
diff --git a/crypto/x509v3/v3_addr.c b/crypto/x509v3/v3_addr.c
index 4258dbc40c..32f77a2679 100644
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@@ -13,6 +13,8 @@
#include <stdio.h>
#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
@@ -342,8 +344,13 @@ static int range_should_be_prefix(const unsigned char *min,
unsigned char mask;
int i, j;
- if (memcmp(min, max, length) <= 0)
- return -1;
+ /*
+ * It is the responsibility of the caller to confirm min <= max. We don't
+ * use ossl_assert() here since we have no way of signalling an error from
+ * this function - so we just use a plain assert instead.
+ */
+ assert(memcmp(min, max, length) <= 0);
+
for (i = 0; i < length && min[i] == max[i]; i++) ;
for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
if (i < j)
@@ -426,6 +433,9 @@ static int make_addressRange(IPAddressOrRange **result,
IPAddressOrRange *aor;
int i, prefixlen;
+ if (memcmp(min, max, length) > 0)
+ return 0;
+
if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
return make_addressPrefix(result, min, prefixlen);
--
2.17.1

77
backport-Make-the-DRBG-seed-propagation-thread-safe.patch Normal file
View File

@ -0,0 +1,77 @@
From 17098c116d68b3a01fcb688487dccdc0c10b8f63 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Sat, 23 Oct 2021 11:58:27 +0200
Subject: [PATCH] Make the DRBG seed propagation thread safe
Currently there is a race possible because the reseed_counter
of the master drbg may be incremented after the get_entropy call.
Therefore access the parent's reseed_counter while still holding
the rand_drbg_lock.
This improves commit 958fec77928a28350f6af252ac5e8d0e6e081faa
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16900)
---
crypto/rand/drbg_lib.c | 18 ++++--------------
crypto/rand/rand_lib.c | 6 +++++-
2 files changed, 9 insertions(+), 15 deletions(-)
diff --git a/crypto/rand/drbg_lib.c b/crypto/rand/drbg_lib.c
index 8c7c28c970..0ba20ca326 100644
--- a/crypto/rand/drbg_lib.c
+++ b/crypto/rand/drbg_lib.c
@@ -354,13 +354,8 @@ int RAND_DRBG_instantiate(RAND_DRBG *drbg,
drbg->state = DRBG_READY;
drbg->generate_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->enable_reseed_propagation) {
- if (drbg->parent == NULL)
- tsan_counter(&drbg->reseed_counter);
- else
- tsan_store(&drbg->reseed_counter,
- tsan_load(&drbg->parent->reseed_counter));
- }
+ if (drbg->enable_reseed_propagation && drbg->parent == NULL)
+ tsan_counter(&drbg->reseed_counter);
end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
@@ -444,13 +439,8 @@ int RAND_DRBG_reseed(RAND_DRBG *drbg,
drbg->state = DRBG_READY;
drbg->generate_counter = 1;
drbg->reseed_time = time(NULL);
- if (drbg->enable_reseed_propagation) {
- if (drbg->parent == NULL)
- tsan_counter(&drbg->reseed_counter);
- else
- tsan_store(&drbg->reseed_counter,
- tsan_load(&drbg->parent->reseed_counter));
- }
+ if (drbg->enable_reseed_propagation && drbg->parent == NULL)
+ tsan_counter(&drbg->reseed_counter);
end:
if (entropy != NULL && drbg->cleanup_entropy != NULL)
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 5c72fad8ca..545ab46315 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -172,8 +172,12 @@ size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
if (RAND_DRBG_generate(drbg->parent,
buffer, bytes_needed,
prediction_resistance,
- (unsigned char *)&drbg, sizeof(drbg)) != 0)
+ (unsigned char *)&drbg, sizeof(drbg)) != 0) {
bytes = bytes_needed;
+ if (drbg->enable_reseed_propagation)
+ tsan_store(&drbg->reseed_counter,
+ tsan_load(&drbg->parent->reseed_counter));
+ }
rand_drbg_unlock(drbg->parent);
rand_pool_add_end(pool, bytes, 8 * bytes);
--
2.17.1

30
backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch Normal file
View File

@ -0,0 +1,30 @@
From 7a05fcb1fc276a7ecfe599d45655d4e617c5e2d4 Mon Sep 17 00:00:00 2001
From: xkernel <xkernel.wang@foxmail.com>
Date: Mon, 20 Jun 2022 17:46:39 +0800
Subject: [PATCH] v3_sxnet: add a check for the return of i2s_ASN1_INTEGER()
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/18608)
(cherry picked from commit 9ef1f848a646565d4dd86e56542cf921d4921ad9)
---
crypto/x509v3/v3_sxnet.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/crypto/x509v3/v3_sxnet.c b/crypto/x509v3/v3_sxnet.c
index 144e8bee84..3c5508f941 100644
--- a/crypto/x509v3/v3_sxnet.c
+++ b/crypto/x509v3/v3_sxnet.c
@@ -78,6 +78,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
id = sk_SXNETID_value(sx->ids, i);
tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+ if (tmp == NULL)
+ return 0;
BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
OPENSSL_free(tmp);
ASN1_STRING_print(out, id->user);
--
2.17.1

14
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl
Epoch: 1
Version: 1.1.1m
Release: 16
Release: 17
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
@ -67,6 +67,15 @@ Patch56: backport-Fix-a-DTLS-server-hangup-due-to-TLS13_AD_MISSING_EXT.patch
Patch57: backport-Fix-an-assertion-in-the-DTLS-server-code.patch
Patch58: backport-Fix-a-memory-leak-in-X509_issuer_and_serial_hash.patch
Patch59: backport-Fix-strict-client-chain-check-with-TLS-1.3.patch
Patch60: backport-Fix-a-crash-in-X509v3_asid_subset.patch
Patch61: backport-Fix-a-memory-leak-in-EC_GROUP_new_from_ecparameters.patch
Patch62: backport-Fix-range_should_be_prefix-to-actually-return-the-co.patch
Patch63: backport-v3_sxnet-add-a-check-for-the-return-of-i2s_ASN1_INTE.patch
Patch64: backport-Fix-bn_gcd-code-to-check-return-value-when-calling-B.patch
Patch65: backport-Add-missing-header-for-memcmp.patch
Patch66: backport-Fix-a-memory-leak-in-tls13_generate_secret.patch
Patch67: backport-Make-the-DRBG-seed-propagation-thread-safe.patch
Patch68: backport-Fix-memory-leak-in-X509V3_add1_i2d-when-flag-is-X509.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -269,6 +278,9 @@ make test || :
%ldconfig_scriptlets libs
%changelog
* Mon Nov 7 2022 ExtinctFire<shenyining_00@126.com> - 1:1.1.1m-17
- backport some patches
* Mon Nov 7 2022 steven.ygui<steven_ygui@163.com> - 1:1.1.1m-16
- backport some patches