packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport some patches

Browse Source
This commit is contained in:
wangcheng 2022-11-04 11:48:37 +08:00
parent 4c696367a7
commit 1d96992a14
9 changed files with 484 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-Avoid-potential-memory-leak.patch Normal file
View File

@ -0,0 +1,36 @@
From c02fff5aecd4d002143a0e901f3dde3d14934a18 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon, 7 Mar 2022 17:05:57 +0100
Subject: [PATCH] Avoid potential memory leak
Resolves #17827
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17828)
(cherry picked from commit 175355923046921a689b500f7a72455f7095708f)
---
crypto/x509v3/v3_utl.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index 40d8f31554..83a4bc8a06 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -538,8 +538,11 @@ static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email
return 0;
emtmp = OPENSSL_strndup((char *)email->data, email->length);
- if (emtmp == NULL)
+ if (emtmp == NULL) {
+ X509_email_free(*sk);
+ *sk = NULL;
return 0;
+ }
/* Don't add duplicates */
if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
--
2.17.1

98
backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch Normal file
View File

@ -0,0 +1,98 @@
From 8845aeb3ed528491b9eccba365182f90540e5b95 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Tue, 1 Mar 2022 14:08:12 +0000
Subject: [PATCH] Fix NULL pointer dereference for BN_mod_exp2_mont
This fixes a bug whereby BN_mod_exp2_mont can dereference a NULL pointer
if BIGNUM argument m represents zero.
Regression test added. Fixes #17648. Backport from master to 1.1.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17787)
---
crypto/bn/bn_exp2.c | 2 +-
test/bntest.c | 45 +++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/crypto/bn/bn_exp2.c b/crypto/bn/bn_exp2.c
index e542abe46f..de3e249d78 100644
--- a/crypto/bn/bn_exp2.c
+++ b/crypto/bn/bn_exp2.c
@@ -32,7 +32,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
bn_check_top(p2);
bn_check_top(m);
- if (!(m->d[0] & 1)) {
+ if (!BN_is_odd(m)) {
BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
return 0;
}
diff --git a/test/bntest.c b/test/bntest.c
index bab34ba54b..390dd80073 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -2798,6 +2798,50 @@ static int test_mod_exp_consttime(int i)
return res;
}
+/*
+ * Regression test to ensure BN_mod_exp2_mont fails safely if argument m is
+ * zero.
+ */
+static int test_mod_exp2_mont(void)
+{
+ int res = 0;
+ BIGNUM *exp_result = NULL;
+ BIGNUM *exp_a1 = NULL, *exp_p1 = NULL, *exp_a2 = NULL, *exp_p2 = NULL,
+ *exp_m = NULL;
+
+ if (!TEST_ptr(exp_result = BN_new())
+ || !TEST_ptr(exp_a1 = BN_new())
+ || !TEST_ptr(exp_p1 = BN_new())
+ || !TEST_ptr(exp_a2 = BN_new())
+ || !TEST_ptr(exp_p2 = BN_new())
+ || !TEST_ptr(exp_m = BN_new()))
+ goto err;
+
+ if (!TEST_true(BN_one(exp_a1))
+ || !TEST_true(BN_one(exp_p1))
+ || !TEST_true(BN_one(exp_a2))
+ || !TEST_true(BN_one(exp_p2)))
+ goto err;
+
+ BN_zero(exp_m);
+
+ /* input of 0 is even, so must fail */
+ if (!TEST_int_eq(BN_mod_exp2_mont(exp_result, exp_a1, exp_p1, exp_a2,
+ exp_p2, exp_m, ctx, NULL), 0))
+ goto err;
+
+ res = 1;
+
+err:
+ BN_free(exp_result);
+ BN_free(exp_a1);
+ BN_free(exp_p1);
+ BN_free(exp_a2);
+ BN_free(exp_p2);
+ BN_free(exp_m);
+ return res;
+}
+
static int file_test_run(STANZA *s)
{
static const FILETEST filetests[] = {
@@ -2906,6 +2950,7 @@ int setup_tests(void)
ADD_TEST(test_gcd_prime);
ADD_ALL_TESTS(test_mod_exp, (int)OSSL_NELEM(ModExpTests));
ADD_ALL_TESTS(test_mod_exp_consttime, (int)OSSL_NELEM(ModExpTests));
+ ADD_TEST(test_mod_exp2_mont);
} else {
ADD_ALL_TESTS(run_file_tests, n);
}
--
2.17.1

36
backport-Fix-failure-to-check-result-of-bn_rshift_fixed_top.patch Normal file
View File

@ -0,0 +1,36 @@
From 93ac3b8dd1cc49b27c402278cbe73a1c4ac91f9b Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@openssl.org>
Date: Mon, 4 Apr 2022 12:25:16 +0100
Subject: [PATCH] Fix failure to check result of bn_rshift_fixed_top
Fixes #18010.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18034)
(cherry picked from commit bc6bac8561ead83d6135f376ffcbbb0b657e64fe)
---
crypto/bn/bn_div.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/crypto/bn/bn_div.c b/crypto/bn/bn_div.c
index 0da9f39b31..e2821fb6cd 100644
--- a/crypto/bn/bn_div.c
+++ b/crypto/bn/bn_div.c
@@ -446,8 +446,10 @@ int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
snum->neg = num_neg;
snum->top = div_n;
snum->flags |= BN_FLG_FIXED_TOP;
- if (rm != NULL)
- bn_rshift_fixed_top(rm, snum, norm_shift);
+
+ if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
+ goto err;
+
BN_CTX_end(ctx);
return 1;
err:
--
2.17.1

72
backport-Fix-password_callback-to-handle-short-passwords.patch Normal file
View File

@ -0,0 +1,72 @@
From f4942134815f95845706993c15ca7e4fd6e44627 Mon Sep 17 00:00:00 2001
From: Bernd Edlinger <bernd.edlinger@hotmail.de>
Date: Fri, 7 Jan 2022 10:18:58 +0100
Subject: [PATCH] Fix password_callback to handle short passwords
Fixes #17426
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17439)
---
apps/apps.c | 8 ++++++--
test/recipes/15-test_genrsa.t | 7 ++++++-
2 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index c06241abb9..531fbec551 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -300,9 +300,13 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
int ui_flags = 0;
const char *prompt_info = NULL;
char *prompt;
+ int pw_min_len = PW_MIN_LENGTH;
if (cb_data != NULL && cb_data->prompt_info != NULL)
prompt_info = cb_data->prompt_info;
+ if (cb_data != NULL && cb_data->password != NULL
+ && *(const char*)cb_data->password != '\0')
+ pw_min_len = 1;
prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
if (!prompt) {
BIO_printf(bio_err, "Out of memory\n");
@@ -317,12 +321,12 @@ int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
(void)UI_add_user_data(ui, cb_data);
ok = UI_add_input_string(ui, prompt, ui_flags, buf,
- PW_MIN_LENGTH, bufsiz - 1);
+ pw_min_len, bufsiz - 1);
if (ok >= 0 && verify) {
buff = app_malloc(bufsiz, "password buffer");
ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
- PW_MIN_LENGTH, bufsiz - 1, buf);
+ pw_min_len, bufsiz - 1, buf);
}
if (ok >= 0)
do {
diff --git a/test/recipes/15-test_genrsa.t b/test/recipes/15-test_genrsa.t
index e16a9a4042..c9bc6bdc8a 100644
--- a/test/recipes/15-test_genrsa.t
+++ b/test/recipes/15-test_genrsa.t
@@ -16,7 +16,7 @@ use OpenSSL::Test::Utils;
setup("test_genrsa");
-plan tests => 5;
+plan tests => 7;
# We want to know that an absurdly small number of bits isn't support
is(run(app([ 'openssl', 'genrsa', '-3', '-out', 'genrsatest.pem', '8'])), 0, "genrsa -3 8");
@@ -52,3 +52,8 @@ ok(run(app([ 'openssl', 'genrsa', '-f4', '-out', 'genrsatest.pem', $good ])),
"genrsa -f4 $good");
ok(run(app([ 'openssl', 'rsa', '-check', '-in', 'genrsatest.pem', '-noout' ])),
"rsa -check");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest.pem', '-out', 'genrsatest-enc.pem',
+ '-aes256', '-passout', 'pass:x' ])),
+ "rsa encrypt");
+ok(run(app([ 'openssl', 'rsa', '-in', 'genrsatest-enc.pem', '-passin', 'pass:x' ])),
+ "rsa decrypt");
--
2.17.1

36
backport-Fix-usage-of-SSLfatal.patch Normal file
View File

@ -0,0 +1,36 @@
From 3e8f70c30d84861fcd257a6e280dc49e104eb145 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 30 Mar 2022 14:49:24 +0100
Subject: [PATCH] Fix usage of SSLfatal
A cherry-pick from the master branch incorrectly introduced a usage of
3 argument SSLfatal. In 1.1.1 the function code is also required.
Fixes #17999
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18000)
---
ssl/statem/statem_clnt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index e3aba393f9..2bc5cf5ec3 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1423,7 +1423,8 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
if (s->hello_retry_request != SSL_HRR_NONE) {
- SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+ SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE);
goto err;
}
s->hello_retry_request = SSL_HRR_PENDING;
--
2.17.1

100
backport-Test-processing-of-a-duplicated-HRR.patch Normal file
View File

@ -0,0 +1,100 @@
From f29ec6563ddf81db46c464d14f2bb29a3fa5592f Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 22 Mar 2022 16:33:52 +0100
Subject: [PATCH] Test processing of a duplicated HRR
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit db44b55aaa42141921217183667800425227b658)
---
test/recipes/70-test_tls13hrr.t | 51 +++++++++++++++++++++++++++++++--
1 file changed, 49 insertions(+), 2 deletions(-)
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
index e0b47ed359..411e749971 100644
--- a/test/recipes/70-test_tls13hrr.t
+++ b/test/recipes/70-test_tls13hrr.t
@@ -37,7 +37,8 @@ my $proxy = TLSProxy::Proxy->new(
use constant {
CHANGE_HRR_CIPHERSUITE => 0,
- CHANGE_CH1_CIPHERSUITE => 1
+ CHANGE_CH1_CIPHERSUITE => 1,
+ DUPLICATE_HRR => 2
};
#Test 1: A client should fail if the server changes the ciphersuite between the
@@ -46,7 +47,7 @@ $proxy->filter(\&hrr_filter);
$proxy->serverflags("-curves P-256");
my $testtype = CHANGE_HRR_CIPHERSUITE;
$proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
-plan tests => 2;
+plan tests => 3;
ok(TLSProxy::Message->fail(), "Server ciphersuite changes");
#Test 2: It is an error if the client changes the offered ciphersuites so that
@@ -58,6 +59,19 @@ $testtype = CHANGE_CH1_CIPHERSUITE;
$proxy->start();
ok(TLSProxy::Message->fail(), "Client ciphersuite changes");
+#Test 3: A client should fail with unexpected_message alert if the server
+# sends more than 1 HRR
+my $fatal_alert = 0;
+$proxy->clear();
+if (disabled("ec")) {
+ $proxy->serverflags("-curves ffdhe3072");
+} else {
+ $proxy->serverflags("-curves P-256");
+}
+$testtype = DUPLICATE_HRR;
+$proxy->start();
+ok($fatal_alert, "Server duplicated HRR");
+
sub hrr_filter
{
my $proxy = shift;
@@ -78,6 +92,39 @@ sub hrr_filter
return;
}
+ if ($testtype == DUPLICATE_HRR) {
+ # We're only interested in the HRR
+ # and the unexpected_message alert from client
+ if ($proxy->flight == 4) {
+ $fatal_alert = 1
+ if @{$proxy->record_list}[-1]->is_fatal_alert(0) == 10;
+ return;
+ }
+ if ($proxy->flight != 3) {
+ return;
+ }
+
+ # Find ServerHello record (HRR actually) and insert after that
+ my $i;
+ for ($i = 0; ${$proxy->record_list}[$i]->flight() < 1; $i++) {
+ next;
+ }
+ my $hrr_record = ${$proxy->record_list}[$i];
+ my $dup_hrr = TLSProxy::Record->new(3,
+ $hrr_record->content_type(),
+ $hrr_record->version(),
+ $hrr_record->len(),
+ $hrr_record->sslv2(),
+ $hrr_record->len_real(),
+ $hrr_record->decrypt_len(),
+ $hrr_record->data(),
+ $hrr_record->decrypt_data());
+
+ $i++;
+ splice @{$proxy->record_list}, $i, 0, $dup_hrr;
+ return;
+ }
+
# CHANGE_CH1_CIPHERSUITE
if ($proxy->flight != 0) {
return;
--
2.17.1

58
backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch Normal file
View File

@ -0,0 +1,58 @@
From 999cce6ea7393e1daa40e9994064b2955b24a831 Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Date: Mon, 21 Feb 2022 09:51:54 +0800
Subject: [PATCH] crypto/x509/v3_utl.c: Add missing check for OPENSSL_strndup
Since the potential failure of memory allocation, it
should be better to check the return value of the
OPENSSL_strndup(), like x509v3_add_len_value().
And following the comment of 'if (astrlen < 0)',
return -1 if fails.
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17737)
(cherry picked from commit 366a16263959c0b6599f0b9ec18124d75560c6ef)
---
crypto/x509v3/v3_utl.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index f41c699b5a..40d8f31554 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -828,8 +828,11 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
else if (a->length == (int)blen && !memcmp(a->data, b, blen))
rv = 1;
- if (rv > 0 && peername)
+ if (rv > 0 && peername != NULL) {
*peername = OPENSSL_strndup((char *)a->data, a->length);
+ if (*peername == NULL)
+ return -1;
+ }
} else {
int astrlen;
unsigned char *astr;
@@ -842,8 +845,13 @@ static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
return -1;
}
rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
- if (rv > 0 && peername)
+ if (rv > 0 && peername != NULL) {
*peername = OPENSSL_strndup((char *)astr, astrlen);
+ if (*peername == NULL) {
+ OPENSSL_free(astr);
+ return -1;
+ }
+ }
OPENSSL_free(astr);
}
return rv;
--
2.17.1

36
backport-tls_process_server_hello-Disallow-repeated-HRR.patch Normal file
View File

@ -0,0 +1,36 @@
From fb67978a9eb076b23ddf17f6b95f697ed526c584 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 22 Mar 2022 12:34:07 +0100
Subject: [PATCH] tls_process_server_hello: Disallow repeated HRR
Repeated HRR must be rejected.
Fixes #17934
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17936)
(cherry picked from commit d204a50b898435fbf937316d5693008cebf62eef)
---
ssl/statem/statem_clnt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index d1a3969812..e3aba393f9 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1422,6 +1422,10 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
&& sversion == TLS1_2_VERSION
&& PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
&& memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+ if (s->hello_retry_request != SSL_HRR_NONE) {
+ SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
s->hello_retry_request = SSL_HRR_PENDING;
hrr = 1;
if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
--
2.17.1

13
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl
Epoch: 1
Version: 1.1.1m
Release: 12
Release: 13
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
@ -38,6 +38,14 @@ Patch27: Feature-PKCS7-sign-and-verify-support-SM2-algorithm.patch
Patch28: Backport-SM3-acceleration-with-SM3-hardware-instruction-on-aa.patch
Patch29: Backport-SM4-optimization-for-ARM-by-HW-instruction.patch
Patch30: Feature-SM4-XTS-optimization-for-ARM-by-HW-instruction.patch
Patch31: backport-Fix-failure-to-check-result-of-bn_rshift_fixed_top.patch
Patch32: backport-Test-processing-of-a-duplicated-HRR.patch
Patch33: backport-tls_process_server_hello-Disallow-repeated-HRR.patch
Patch34: backport-Avoid-potential-memory-leak.patch
Patch35: backport-Fix-NULL-pointer-dereference-for-BN_mod_exp2_mont.patch
Patch36: backport-crypto-x509-v3_utl.c-Add-missing-check-for-OPENSSL_s.patch
Patch37: backport-Fix-password_callback-to-handle-short-passwords.patch
Patch38: backport-Fix-usage-of-SSLfatal.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -240,6 +248,9 @@ make test || :
%ldconfig_scriptlets libs
%changelog
* Fri Nov 4 2022 wangcheng<wangcheng156@huawei.com> - 1:1.1.1m-13
- backport some patches
* Wed Nov 2 2022 Xu Yizhou <xuyizhou1@huawei.com> - 1:1.1.1m-12
- SM3 acceleration with SM3 hardware instruction on aarch64
- SM4 optimization for ARM by HW instruction