fix CVE-2023-0465 CVE-2023-2650 CVE-2024-0727

2024-02-28 10:49:07 +08:00 · 2024-02-28 10:49:07 +08:00 · b08eeb318f
commit b08eeb318f
parent 60eb19a199
4 changed files with 241 additions and 1 deletions
--- a/backport-CVE-2023-0465.patch
+++ b/backport-CVE-2023-0465.patch
@ -0,0 +1,56 @@
+From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in
+leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20588)
+
+Reference:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95
+Conflict: Context conflict
+---
+ Cryptlib/OpenSSL/crypto/x509/x509_vfy.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+index 96f306b..a6878fe 100644
+--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+@@ -1768,16 +1768,23 @@ static int check_policy(X509_STORE_CTX *ctx)
+          * Locate certificates with bad extensions and notify callback.
+          */
+         X509 *x;
+-        int i;
+-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+        int i, cbcalled = 0;
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+             x = sk_X509_value(ctx->chain, i);
+             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                 continue;
+	    cbcalled = 1;
+             ctx->current_cert = x;
+             ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
+             if (!ctx->verify_cb(0, ctx))
+                 return 0;
+         }
+        if (!cbcalled) {
+            /* Should not be able to get here */
+            X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /* The callback ignored the error so we return success */
+         return 1;
+     }
+     if (ret == -2) {
+-- 
+2.33.0
+
--- a/backport-CVE-2023-2650.patch
+++ b/backport-CVE-2023-2650.patch
@ -0,0 +1,67 @@
+From 423a2bc737a908ad0c77bda470b2b59dc879936b Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 12 May 2023 10:00:13 +0200
+Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
+ translate
+
+Reference:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b
+Conflict:NA
+
+OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+numeric text form.  For gigantic sub-identifiers, this would take a very
+long time, the time complexity being O(n^2) where n is the size of that
+sub-identifier.
+
+To mitigate this, a restriction on the size that OBJ_obj2txt() will
+translate to canonical numeric text form is added, based on RFC 2578
+(STD 58), which says this:
+
+> 3.5. OBJECT IDENTIFIER values
+>
+> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
+> For the SMIv2, each number in the list is referred to as a sub-identifier,
+> there are at most 128 sub-identifiers in a value, and each sub-identifier
+> has a maximum value of 2^32-1 (4294967295 decimal).
+
+Fixes otc/security#96
+Fixes CVE-2023-2650
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ crypto/objects/obj_dat.c | 19 +++++++++++++++++++
+ 1 files changed, 50 insertions(+)
+
+diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
+index 01cde00e98..c0e55197a0 100644
+--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+     first = 1;
+     bl = NULL;
+ 
+    /*
+     * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+     *
+     * > 3.5. OBJECT IDENTIFIER values
+     * >
+     * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+     * > numbers. For the SMIv2, each number in the list is referred to as a
+     * > sub-identifier, there are at most 128 sub-identifiers in a value,
+     * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+     * > decimal).
+     *
+     * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+     * i.e. 586 bytes long.
+     *
+     * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+     */
+    if (len > 586)
+        goto err;
+
+     while (len > 0) {
+         l = 0;
+         use_bn = 0;
+-- 
+2.34.1
+
--- a/backport-CVE-2024-0727.patch
+++ b/backport-CVE-2024-0727.patch
@ -0,0 +1,111 @@
+From f77095c2543ffc1eda06556092de7badac343883 Mon Sep 17 00:00:00 2001
+From: j30031148 <jinlun@huawei.com>
+Date: Mon, 19 Feb 2024 14:47:30 +0800
+Subject: [PATCH] CVE-2024-0727
+
+Reference:https://gitee.com/openeuler/openssl/commit/09015a582baa980dc04f635504b16fe95dc3790b
+Conflict:NA
+---
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c  | 16 ++++++++++++++++
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c |  5 +++++
+ Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c |  5 +++--
+ Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c  |  8 ++++++--
+ 4 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+index d9f03a3..42a73e0 100644
+--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+@@ -171,6 +171,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+                   PKCS12_R_CONTENT_TYPE_NOT_DATA);
+         return NULL;
+     }
+
+    if (p7->d.data == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
+     return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+ }
+ 
+@@ -226,6 +232,11 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+ {
+     if (!PKCS7_type_is_encrypted(p7))
+         return NULL;
+
+    if (p7->d.encrypted == NULL) {
+        return NULL;
+    }
+
+     return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                    pass, passlen,
+@@ -253,6 +264,11 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
+                   PKCS12_R_CONTENT_TYPE_NOT_DATA);
+         return NULL;
+     }
+    if (p12->authsafes->d.data == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
+     return ASN1_item_unpack(p12->authsafes->d.data,
+                             ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+index cbf34da..bda3c28 100644
+--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+@@ -80,6 +80,11 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+         return 0;
+     }
+ 
+    if (p12->authsafes->d.data == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
+
+     salt = p12->mac->salt->data;
+     saltlen = p12->mac->salt->length;
+     if (!p12->mac->iter)
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+index 9e8ebb2..19a855b 100644
+--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+@@ -126,8 +126,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+             bags = PKCS12_unpack_p7data(p7);
+         } else if (bagnid == NID_pkcs7_encrypted) {
+             bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+-            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+-                         &pbe_nid, &pbe_iter, &pbe_saltlen))
+            if (p7->d.encrypted == NULL
+                    || !alg_get(p7->d.encrypted->enc_data->algorithm,
+                                &pbe_nid, &pbe_iter, &pbe_saltlen))
+                 goto err;
+         } else {
+             continue;
+diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+index 62fb299..e895deb 100644
+--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+@@ -78,10 +78,14 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+ {
+     STACK_OF(X509_ALGOR) *mdalgs;
+     int ctype_nid = OBJ_obj2nid(p7->type);
+-    if (ctype_nid == NID_pkcs7_signed)
+
+    if (ctype_nid == NID_pkcs7_signed) {
+        if (p7->d.sign == NULL)
+            return 0;
+         mdalgs = p7->d.sign->md_algs;
+-    else
+    } else {
+         mdalgs = NULL;
+    }
+ 
+     flags ^= SMIME_OLDMIME;
+ 
+-- 
+2.27.0
+
--- a/shim.spec
+++ b/shim.spec
@ -25,7 +25,7 @@

 Name:	   	   shim
 Version:	   15.6
-Release:	   18
+Release:	   19
 Summary:	   First-stage UEFI bootloader
 ExclusiveArch:     x86_64 aarch64
 License:	   BSD
@ -83,6 +83,9 @@ Patch45:backport-CVE-2023-40548-Fix-integer-overflow-on-SBAT-section-.patch
 Patch46:backport-CVE-2023-40547-avoid-incorrectly-trusting-HTTP-heade.patch
 Patch47:backport-Further-mitigations-against-CVE-2023-40546-as-a-clas.patch
 Patch48:backport-CVE-2023-40549-Authenticode-verify-that-the-signatur.patch
+Patch49: backport-CVE-2023-2650.patch
+Patch50: backport-CVE-2023-0465.patch
+Patch51: backport-CVE-2024-0727.patch

 # Feature for shim SMx support
 Patch9000:Feature-shim-openssl-add-ec-support.patch
@ -217,6 +220,9 @@ make test
 /usr/src/debug/%{name}-%{version}-%{release}/*

 %changelog
+* Wed Feb 28 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 15.6-19
+- fix CVE-2023-0465 CVE-2023-2650 CVE-2024-0727
+
 * Tue Jan 30 2024 zhengxiaoxiao <zhengxiaoxiao2@huawei.com> - 15.6-18
 - fix CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551