packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport bugfix patch

Browse Source 
(cherry picked from commit d1e683924ee022b98b64df66902341b6fe40b80c)
This commit is contained in:
steven 2024-06-24 11:44:37 +08:00 committed by openeuler-sync-bot
parent 5ee37513e4
commit de725f6e76
5 changed files with 487 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

126
Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch Normal file
View File

@ -0,0 +1,126 @@
From 9ffd4a34681feb9968719905b366276e7425e2a2 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 29 Nov 2023 11:30:07 +0000
Subject: [PATCH] Add a test for late loading of an ENGINE in TLS
Confirm that using an ENGINE works as expected with TLS even if it is
loaded late (after construction of the SSL_CTX).
(cherry picked from commit a9c97da4910648790387d035afb12963158778fb)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22865)
(cherry picked from commit dda9208cef52670e6c832cbadaa3e08ad535ac30)
---
test/sslapitest.c | 56 +++++++++++++++++++++++++++++++++++------------
1 file changed, 42 insertions(+), 14 deletions(-)
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 2191b297d0..e0274f12f7 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -10128,6 +10128,27 @@ end:
}
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+
+static ENGINE *load_dasync(void)
+{
+ ENGINE *e;
+
+ if (!TEST_ptr(e = ENGINE_by_id("dasync")))
+ return NULL;
+
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ if (!TEST_true(ENGINE_register_ciphers(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ return e;
+}
+
/*
* Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
* support this yet. The only pipeline capable cipher that we have is in the
@@ -10143,6 +10164,8 @@ end:
* Test 4: Client has pipelining enabled, server does not: more data than all
* the available pipelines can take
* Test 5: Client has pipelining enabled, server does not: Maximum size pipeline
+ * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX
+ * is created)
*/
static int test_pipelining(int idx)
{
@@ -10155,25 +10178,28 @@ static int test_pipelining(int idx)
size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5;
size_t expectedreads;
unsigned char *buf = NULL;
- ENGINE *e;
-
- if (!TEST_ptr(e = ENGINE_by_id("dasync")))
- return 0;
+ ENGINE *e = NULL;
- if (!TEST_true(ENGINE_init(e))) {
- ENGINE_free(e);
- return 0;
+ if (idx != 6) {
+ e = load_dasync();
+ if (e == NULL)
+ return 0;
}
- if (!TEST_true(ENGINE_register_ciphers(e)))
- goto end;
-
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), 0,
TLS1_2_VERSION, &sctx, &cctx, cert,
privkey)))
goto end;
+ if (idx == 6) {
+ e = load_dasync();
+ if (e == NULL)
+ goto end;
+ /* Now act like test 0 */
+ idx = 0;
+ }
+
if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
&clientssl, NULL, NULL)))
goto end;
@@ -10309,9 +10335,11 @@ end:
SSL_free(clientssl);
SSL_CTX_free(sctx);
SSL_CTX_free(cctx);
- ENGINE_unregister_ciphers(e);
- ENGINE_finish(e);
- ENGINE_free(e);
+ if (e != NULL) {
+ ENGINE_unregister_ciphers(e);
+ ENGINE_finish(e);
+ ENGINE_free(e);
+ }
OPENSSL_free(buf);
if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH)
OPENSSL_free(msg);
@@ -10684,7 +10712,7 @@ int setup_tests(void)
ADD_ALL_TESTS(test_serverinfo_custom, 4);
#endif
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
- ADD_ALL_TESTS(test_pipelining, 6);
+ ADD_ALL_TESTS(test_pipelining, 7);
#endif
ADD_ALL_TESTS(test_handshake_retry, 16);
ADD_ALL_TESTS(test_multi_resume, 5);
--
2.33.0

42
Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch
View File

@ -1,8 +1,7 @@
From 1359c00e683840154760b7ba9204bad1b13dc074 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 26 Apr 2024 11:05:52 +0100
Subject: [PATCH 4/5] Move the ability to load the dasync engine into
ssltestlib.c
Subject: [PATCH] Move the ability to load the dasync engine into ssltestlib.c
The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
@ -23,7 +22,7 @@ Reviewed-by: Neil Horman <nhorman@openssl.org>
3 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c
index ef4a6177aa..da14f6697d 100644
index ef4a6177aa7dd..da14f6697db16 100644
--- a/test/helpers/ssltestlib.c
+++ b/test/helpers/ssltestlib.c
@@ -7,8 +7,17 @@
@ -73,7 +72,7 @@ index ef4a6177aa..da14f6697d 100644
+#endif
+}
diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h
index 8e9daa5601..2777fb3047 100644
index 8e9daa5601d3e..2777fb3047bef 100644
--- a/test/helpers/ssltestlib.h
+++ b/test/helpers/ssltestlib.h
@@ -59,4 +59,5 @@ typedef struct mempacket_st MEMPACKET;
@ -82,6 +81,35 @@ index 8e9daa5601..2777fb3047 100644
+ENGINE *load_dasync(void);
#endif /* OSSL_TEST_SSLTESTLIB_H */
--
2.33.0
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 28bc94d672fa7..c2ff727513294 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -10299,27 +10299,6 @@ static int test_load_dhfile(void)
}
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
-
-static ENGINE *load_dasync(void)
-{
- ENGINE *e;
-
- if (!TEST_ptr(e = ENGINE_by_id("dasync")))
- return NULL;
-
- if (!TEST_true(ENGINE_init(e))) {
- ENGINE_free(e);
- return NULL;
- }
-
- if (!TEST_true(ENGINE_register_ciphers(e))) {
- ENGINE_free(e);
- return NULL;
- }
-
- return e;
-}
-
/*
* Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
* support this yet. The only pipeline capable cipher that we have is in the

59
Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch Normal file
View File

@ -0,0 +1,59 @@
From 4f41e1b1d0cd545278017099b4ba062ab7a0f470 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 29 Nov 2023 11:45:12 +0000
Subject: [PATCH] Don't attempt to set provider params on an ENGINE based
cipher
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22865)
(cherry picked from commit ed5f9ce63e98da2e7fddd55040c8e9e03f3af975)
---
ssl/s3_enc.c | 6 +++++-
ssl/t1_enc.c | 7 ++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 2ca3f74ae7..ee4f58e75e 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -225,7 +225,11 @@ int ssl3_change_cipher_state(SSL *s, int which)
goto err;
}
- if (EVP_CIPHER_get0_provider(c) != NULL
+ /*
+ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
+ * different to that in c if we have an ENGINE in use
+ */
+ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL
&& !tls_provider_set_tls_params(s, dd, c, m)) {
/* SSLfatal already called */
goto err;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 91238e6457..6cb7baaf7c 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -427,7 +427,12 @@ int tls1_change_cipher_state(SSL *s, int which)
SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
goto err;
}
- if (EVP_CIPHER_get0_provider(c) != NULL
+
+ /*
+ * The cipher we actually ended up using in the EVP_CIPHER_CTX may be
+ * different to that in c if we have an ENGINE in use
+ */
+ if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL
&& !tls_provider_set_tls_params(s, dd, c, m)) {
/* SSLfatal already called */
goto err;
--
2.33.0

255
Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch Normal file
View File

@ -0,0 +1,255 @@
From 5cf554ee9d127a5cf81c09a6dbfe090e86c022b4 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 18 Oct 2023 15:50:30 +0200
Subject: [PATCH] bn: Properly error out if aliasing return value with modulus
Test case amended from code initially written by Bernd Edlinger.
Fixes #21110
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22421)
(cherry picked from commit af0025fc40779cc98c06db7e29936f9d5de8cc9e)
---
crypto/bn/bn_exp.c | 21 ++++++++
crypto/bn/bn_mod.c | 10 ++++
doc/man3/BN_add.pod | 5 ++
doc/man3/BN_mod_inverse.pod | 6 ++-
test/bntest.c | 104 ++++++++++++++++++++++++++++++++++++
5 files changed, 145 insertions(+), 1 deletion(-)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 4e169ae1f9..598a592ca1 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -243,6 +243,14 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
+ if (r == p) {
+ BIGNUM *p_dup = BN_CTX_get(ctx);
+
+ if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
+ goto err;
+ p = p_dup;
+ }
+
if (!BN_one(r))
goto err;
@@ -1317,6 +1325,11 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
return 0;
}
+ if (r == m) {
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+
bits = BN_num_bits(p);
if (bits == 0) {
/* x**0 mod 1, or x**0 mod -1 is still zero. */
@@ -1362,6 +1375,14 @@ int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
wstart = bits - 1; /* The top bit of the window */
wend = 0; /* The bottom bit of the window */
+ if (r == p) {
+ BIGNUM *p_dup = BN_CTX_get(ctx);
+
+ if (p_dup == NULL || BN_copy(p_dup, p) == NULL)
+ goto err;
+ p = p_dup;
+ }
+
if (!BN_one(r))
goto err;
diff --git a/crypto/bn/bn_mod.c b/crypto/bn/bn_mod.c
index 7f5afa25ec..2dda2e3442 100644
--- a/crypto/bn/bn_mod.c
+++ b/crypto/bn/bn_mod.c
@@ -17,6 +17,11 @@ int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
* always holds)
*/
+ if (r == d) {
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+
if (!(BN_mod(r, m, d, ctx)))
return 0;
if (!r->neg)
@@ -186,6 +191,11 @@ int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
const BIGNUM *m)
{
+ if (r == m) {
+ ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+
if (!BN_sub(r, a, b))
return 0;
if (r->neg)
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
index 9561d55431..35cfdd1495 100644
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod
@@ -114,6 +114,11 @@ temporary variables; see L<BN_CTX_new(3)>.
Unless noted otherwise, the result B<BIGNUM> must be different from
the arguments.
+=head1 NOTES
+
+For modular operations such as BN_nnmod() or BN_mod_exp() it is an error
+to use the same B<BIGNUM> object for the modulus as for the output.
+
=head1 RETURN VALUES
The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
diff --git a/doc/man3/BN_mod_inverse.pod b/doc/man3/BN_mod_inverse.pod
index 5dbb5c3cc2..f88e0e63fa 100644
--- a/doc/man3/BN_mod_inverse.pod
+++ b/doc/man3/BN_mod_inverse.pod
@@ -18,7 +18,11 @@ places the result in B<r> (C<(a*r)%n==1>). If B<r> is NULL,
a new B<BIGNUM> is created.
B<ctx> is a previously allocated B<BN_CTX> used for temporary
-variables. B<r> may be the same B<BIGNUM> as B<a> or B<n>.
+variables. B<r> may be the same B<BIGNUM> as B<a>.
+
+=head1 NOTES
+
+It is an error to use the same B<BIGNUM> as B<n>.
=head1 RETURN VALUES
diff --git a/test/bntest.c b/test/bntest.c
index c5894c157b..ee8b692618 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -2927,6 +2927,108 @@ err:
return res;
}
+static int test_mod_inverse(void)
+{
+ int res = 0;
+ char *str = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *r = NULL;
+
+ if (!TEST_true(BN_dec2bn(&a, "5193817943")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&b, "3259122431")))
+ goto err;
+ if (!TEST_ptr(r = BN_new()))
+ goto err;
+ if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_int_eq(strcmp(str, "2609653924"), 0))
+ goto err;
+
+ /* Note that this aliases the result with the modulus. */
+ if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx)))
+ goto err;
+
+ res = 1;
+
+err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(r);
+ OPENSSL_free(str);
+ return res;
+}
+
+static int test_mod_exp_alias(int idx)
+{
+ int res = 0;
+ char *str = NULL;
+ BIGNUM *a = NULL;
+ BIGNUM *b = NULL;
+ BIGNUM *c = NULL;
+ BIGNUM *r = NULL;
+
+ if (!TEST_true(BN_dec2bn(&a, "15")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&b, "10")))
+ goto err;
+ if (!TEST_true(BN_dec2bn(&c, "39")))
+ goto err;
+ if (!TEST_ptr(r = BN_new()))
+ goto err;
+
+ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple
+ : BN_mod_exp_recp)(r, a, b, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+
+ OPENSSL_free(str);
+ str = NULL;
+
+ BN_copy(r, b);
+
+ /* Aliasing with exponent must work. */
+ if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple
+ : BN_mod_exp_recp)(r, a, r, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+
+ OPENSSL_free(str);
+ str = NULL;
+
+ /* Aliasing with modulus should return failure for the simple call. */
+ if (idx == 0) {
+ if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0))
+ goto err;
+ } else {
+ if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1))
+ goto err;
+ if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL))
+ goto err;
+ if (!TEST_str_eq(str, "36"))
+ goto err;
+ }
+
+ res = 1;
+
+err:
+ BN_free(a);
+ BN_free(b);
+ BN_free(c);
+ BN_free(r);
+ OPENSSL_free(str);
+ return res;
+}
+
static int file_test_run(STANZA *s)
{
static const FILETEST filetests[] = {
@@ -3036,6 +3138,8 @@ int setup_tests(void)
ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests));
ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests));
ADD_TEST(test_mod);
+ ADD_TEST(test_mod_inverse);
+ ADD_ALL_TESTS(test_mod_exp_alias, 2);
ADD_TEST(test_modexp_mont5);
ADD_TEST(test_kronecker);
ADD_TEST(test_rand);
--
2.33.0

18
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl
Epoch: 1
Version: 3.0.12
Release: 6
Release: 7
Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay
URL: https://www.openssl.org/
@ -38,11 +38,14 @@ Patch26: backport-Extend-the-multi_resume-test-for-simultaneous-resump.patch
Patch27: backport-Hardening-around-not_resumable-sessions.patch
Patch28: backport-Add-a-test-for-session-cache-overflow.patch
Patch29: backport-CVE-2024-4603-Check-DSA-parameters-for-exce.patch
Patch30: Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch
Patch31: Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch
Patch32: Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch
Patch33: Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch
Patch34: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch
Patch30: Backport-Add-a-test-for-late-loading-of-an-ENGINE-in-TLS.patch
Patch31: Backport-Don-t-attempt-to-set-provider-params-on-an-ENGINE-ba.patch
Patch32: Backport-CVE-2024-4741-Only-free-the-read-buffers-if-we-re-not-using-them.patch
Patch33: Backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-finished-using.patch
Patch34: Backport-CVE-2024-4741-Extend-the-SSL_free_buffers-testing.patch
Patch35: Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch
Patch36: Backport-CVE-2024-4741-Further-extend-the-SSL_free_buffers-testing.patch
Patch37: Backport-bn-Properly-error-out-if-aliasing-return-value-with-.patch
BuildRequires: gcc gcc-c++ perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -243,6 +246,9 @@ make test || :
%ldconfig_scriptlets libs
%changelog
* Mon Jun 24 2024 steven <steven_ygui@163.com> - 1:3.0.12-7
- backport patch
* Mon Jun 3 2024 wangcheng <wangcheng156@huawei.com> - 1:3.0.12-6
- fix CVE-2024-4741