fish/immortalwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl: bump to 3.0.9

Browse Source 
Changes between 3.0.8 and 3.0.9 [30 May 2023]

 * Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
   OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.

   OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
   numeric text form.  For gigantic sub-identifiers, this would take a very
   long time, the time complexity being O(n^2) where n is the size of that
   sub-identifier.  ([CVE-2023-2650])

   To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
   IDENTIFIER to canonical numeric text form if the size of that OBJECT
   IDENTIFIER is 586 bytes or less, and fail otherwise.

   The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
   IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
   most 128 sub-identifiers, and that the maximum value that each sub-
   identifier may have is 2^32-1 (4294967295 decimal).

   For each byte of every sub-identifier, only the 7 lower bits are part of
   the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
   these restrictions may occupy is 32 * 128 / 7, which is approximately 586
   bytes.

   Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5

   *Richard Levitte*

 * Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms which
   happens if the buffer size is 4 mod 5 in 16 byte AES blocks. This can
   trigger a crash of an application using AES-XTS decryption if the memory
   just after the buffer being decrypted is not mapped.
   Thanks to Anton Romanov (Amazon) for discovering the issue.
   ([CVE-2023-1255])

   *Nevine Ebeid*

 * Reworked the Fix for the Timing Oracle in RSA Decryption ([CVE-2022-4304]).
   The previous fix for this timing side channel turned out to cause
   a severe 2-3x performance regression in the typical use case
   compared to 3.0.7. The new fix uses existing constant time
   code paths, and restores the previous performance level while
   fully eliminating all existing timing side channels.
   The fix was developed by Bernd Edlinger with testing support
   by Hubert Kario.

   *Bernd Edlinger*

 * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
   that it does not enable policy checking. Thanks to David Benjamin for
   discovering this issue.
   ([CVE-2023-0466])

   *Tomáš Mráz*

 * Fixed an issue where invalid certificate policies in leaf certificates are
   silently ignored by OpenSSL and other certificate policy checks are skipped
   for that certificate. A malicious CA could use this to deliberately assert
   invalid certificate policies in order to circumvent policy checking on the
   certificate altogether.
   ([CVE-2023-0465])

   *Matt Caswell*

 * Limited the number of nodes created in a policy tree to mitigate
   against CVE-2023-0464.  The default limit is set to 1000 nodes, which
   should be sufficient for most installations.  If required, the limit
   can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
   time define to a desired maximum number of nodes or zero to allow
   unlimited growth.
   ([CVE-2023-0464])

   *Paul Dale*

Removed upstreamed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
This commit is contained in:
Tianling Shen 2023-06-02 13:15:35 +08:00
parent b4192342f1
commit 03e1f2cc2a
No known key found for this signature in database
GPG Key ID: 6850B6345C862176
6 changed files with 15 additions and 296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
package/libs/openssl/Makefile
View File

@ -8,8 +8,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_VERSION:=3.0.8
PKG_RELEASE:=10
PKG_VERSION:=3.0.9
PKG_RELEASE:=1
PKG_BUILD_FLAGS:=no-mips16 gc-sections
PKG_BUILD_PARALLEL:=1
@ -26,7 +26,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
PKG_HASH:=6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e
PKG_HASH:=eb1ab04781474360f77c318ab89d8c5a03abc38e63d65a603cabbf1b00a1dc90
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
@ -154,8 +154,6 @@ add_engine_config() {
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_DEVCRYPTO),add_engine_config devcrypto)
$(if $(CONFIG_OPENSSL_ENGINE_BUILTIN_PADLOCK),add_engine_config padlock)
exit 0
endef
endif

11
package/libs/openssl/patches/106-Configure-fixup-for-octeon.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/Configure
+++ b/Configure
@@ -1423,7 +1423,7 @@ if ($target =~ /^mingw/ && `$config{CC}
}
if ($target =~ /linux.*-mips/ && !$disabled{asm}
- && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+ && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
# minimally required architecture flags for assembly modules
my $value;
$value = '-mips2' if ($target =~ /mips32/);

2
package/libs/openssl/patches/120-strip-cflags-from-binary.patch
View File

@ -10,7 +10,7 @@ Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -113,7 +113,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
@@ -111,7 +111,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
DEPEND[info.o]=buildinf.h
DEPEND[cversion.o]=buildinf.h

207
package/libs/openssl/patches/200-x509-excessive-resource-use-verifying-policy-constra.patch
View File

@ -1,207 +0,0 @@
From 959c59c7a0164117e7f8366466a32bb1f8d77ff1 Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Wed, 8 Mar 2023 15:28:20 +1100
Subject: [PATCH] x509: excessive resource use verifying policy constraints
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit this
vulnerability by creating a malicious certificate chain that triggers
exponential use of computational resources, leading to a denial-of-service
(DoS) attack on affected systems.
Fixes CVE-2023-0464
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20568)
--- a/crypto/x509/pcy_local.h
+++ b/crypto/x509/pcy_local.h
@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
};
struct X509_POLICY_TREE_st {
+ /* The number of nodes in the tree */
+ size_t node_count;
+ /* The maximum number of nodes in the tree */
+ size_t node_maximum;
+
/* This is the tree 'level' data */
X509_POLICY_LEVEL *levels;
int nlevel;
@@ -157,7 +162,8 @@ X509_POLICY_NODE *ossl_policy_tree_find_
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree);
+ X509_POLICY_TREE *tree,
+ int extra_data);
void ossl_policy_node_free(X509_POLICY_NODE *node);
int ossl_policy_node_match(const X509_POLICY_LEVEL *lvl,
const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
--- a/crypto/x509/pcy_node.c
+++ b/crypto/x509/pcy_node.c
@@ -59,10 +59,15 @@ X509_POLICY_NODE *ossl_policy_level_find
X509_POLICY_NODE *ossl_policy_level_add_node(X509_POLICY_LEVEL *level,
X509_POLICY_DATA *data,
X509_POLICY_NODE *parent,
- X509_POLICY_TREE *tree)
+ X509_POLICY_TREE *tree,
+ int extra_data)
{
X509_POLICY_NODE *node;
+ /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */
+ if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+ return NULL;
+
node = OPENSSL_zalloc(sizeof(*node));
if (node == NULL) {
ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
@@ -70,7 +75,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
node->data = data;
node->parent = parent;
- if (level) {
+ if (level != NULL) {
if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
if (level->anyPolicy)
goto node_error;
@@ -90,7 +95,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
}
- if (tree) {
+ if (extra_data) {
if (tree->extra_data == NULL)
tree->extra_data = sk_X509_POLICY_DATA_new_null();
if (tree->extra_data == NULL){
@@ -103,6 +108,7 @@ X509_POLICY_NODE *ossl_policy_level_add_
}
}
+ tree->node_count++;
if (parent)
parent->nchild++;
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -14,6 +14,17 @@
#include "pcy_local.h"
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
static void expected_print(BIO *channel,
X509_POLICY_LEVEL *lev, X509_POLICY_NODE *node,
int indent)
@@ -163,6 +174,9 @@ static int tree_init(X509_POLICY_TREE **
return X509_PCY_TREE_INTERNAL;
}
+ /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+ tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
/*
* http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
*
@@ -180,7 +194,7 @@ static int tree_init(X509_POLICY_TREE **
if ((data = ossl_policy_data_new(NULL,
OBJ_nid2obj(NID_any_policy), 0)) == NULL)
goto bad_tree;
- if (ossl_policy_level_add_node(level, data, NULL, tree) == NULL) {
+ if (ossl_policy_level_add_node(level, data, NULL, tree, 1) == NULL) {
ossl_policy_data_free(data);
goto bad_tree;
}
@@ -239,7 +253,8 @@ static int tree_init(X509_POLICY_TREE **
* Return value: 1 on success, 0 otherwise
*/
static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
- X509_POLICY_DATA *data)
+ X509_POLICY_DATA *data,
+ X509_POLICY_TREE *tree)
{
X509_POLICY_LEVEL *last = curr - 1;
int i, matched = 0;
@@ -249,13 +264,13 @@ static int tree_link_matching_nodes(X509
X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
if (ossl_policy_node_match(last, node, data->valid_policy)) {
- if (ossl_policy_level_add_node(curr, data, node, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, node, tree, 0) == NULL)
return 0;
matched = 1;
}
}
if (!matched && last->anyPolicy) {
- if (ossl_policy_level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+ if (ossl_policy_level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
return 0;
}
return 1;
@@ -268,7 +283,8 @@ static int tree_link_matching_nodes(X509
* Return value: 1 on success, 0 otherwise.
*/
static int tree_link_nodes(X509_POLICY_LEVEL *curr,
- const X509_POLICY_CACHE *cache)
+ const X509_POLICY_CACHE *cache,
+ X509_POLICY_TREE *tree)
{
int i;
@@ -276,7 +292,7 @@ static int tree_link_nodes(X509_POLICY_L
X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
/* Look for matching nodes in previous level */
- if (!tree_link_matching_nodes(curr, data))
+ if (!tree_link_matching_nodes(curr, data, tree))
return 0;
}
return 1;
@@ -307,7 +323,7 @@ static int tree_add_unmatched(X509_POLIC
/* Curr may not have anyPolicy */
data->qualifier_set = cache->anyPolicy->qualifier_set;
data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
- if (ossl_policy_level_add_node(curr, data, node, tree) == NULL) {
+ if (ossl_policy_level_add_node(curr, data, node, tree, 1) == NULL) {
ossl_policy_data_free(data);
return 0;
}
@@ -370,7 +386,7 @@ static int tree_link_any(X509_POLICY_LEV
/* Finally add link to anyPolicy */
if (last->anyPolicy &&
ossl_policy_level_add_node(curr, cache->anyPolicy,
- last->anyPolicy, NULL) == NULL)
+ last->anyPolicy, tree, 0) == NULL)
return 0;
return 1;
}
@@ -553,7 +569,7 @@ static int tree_calculate_user_set(X509_
extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
| POLICY_DATA_FLAG_EXTRA_NODE;
node = ossl_policy_level_add_node(NULL, extra, anyPolicy->parent,
- tree);
+ tree, 1);
}
if (!tree->user_policies) {
tree->user_policies = sk_X509_POLICY_NODE_new_null();
@@ -580,7 +596,7 @@ static int tree_evaluate(X509_POLICY_TRE
for (i = 1; i < tree->nlevel; i++, curr++) {
cache = ossl_policy_cache_set(curr->cert);
- if (!tree_link_nodes(curr, cache))
+ if (!tree_link_nodes(curr, cache, tree))
return X509_PCY_TREE_INTERNAL;
if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)

44
package/libs/openssl/patches/210-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
View File

@ -1,44 +0,0 @@
From 1dd43e0709fece299b15208f36cc7c76209ba0bb Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2023 16:52:55 +0000
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
certs
Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.
Fixes: CVE-2023-0465
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20587)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1654,15 +1654,23 @@ static int check_policy(X509_STORE_CTX *
goto memerr;
/* Invalid or inconsistent extensions */
if (ret == X509_PCY_TREE_INVALID) {
- int i;
+ int i, cbcalled = 0;
/* Locate certificates with bad extensions and notify callback. */
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
X509 *x = sk_X509_value(ctx->chain, i);
+ if ((x->ex_flags & EXFLAG_INVALID_POLICY) != 0)
+ cbcalled = 1;
CB_FAIL_IF((x->ex_flags & EXFLAG_INVALID_POLICY) != 0,
ctx, x, i, X509_V_ERR_INVALID_POLICY_EXTENSION);
}
+ if (!cbcalled) {
+ /* Should not be able to get here */
+ ERR_raise(ERR_LIB_X509, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* The callback ignored the error so we return success */
return 1;
}
if (ret == X509_PCY_TREE_FAILURE) {

39
package/libs/openssl/patches/220-aesv8-armx.pl-Avoid-buffer-overrread-in-AES-XTS-decr.patch
View File

@ -1,39 +0,0 @@
From 02ac9c9420275868472f33b01def01218742b8bb Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 17 Apr 2023 16:51:20 +0200
Subject: [PATCH] aesv8-armx.pl: Avoid buffer overrread in AES-XTS decryption
Original author: Nevine Ebeid (Amazon)
Fixes: CVE-2023-1255
The buffer overread happens on decrypts of 4 mod 5 sizes.
Unless the memory just after the buffer is unmapped this is harmless.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20759)
(cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304)
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index 6a7bf05d1b..bd583e2c89 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -3353,7 +3353,7 @@ $code.=<<___ if ($flavour =~ /64/);
.align 4
.Lxts_dec_tail4x:
add $inp,$inp,#16
- vld1.32 {$dat0},[$inp],#16
+ tst $tailcnt,#0xf
veor $tmp1,$dat1,$tmp0
vst1.8 {$tmp1},[$out],#16
veor $tmp2,$dat2,$tmp2
@@ -3362,6 +3362,8 @@ $code.=<<___ if ($flavour =~ /64/);
veor $tmp4,$dat4,$tmp4
vst1.8 {$tmp3-$tmp4},[$out],#32
+ b.eq .Lxts_dec_abort
+ vld1.32 {$dat0},[$inp],#16
b .Lxts_done
.align 4
.Lxts_outer_dec_tail: