[openssl/openssl] c927a3: Fix type confusion in nc_match_single()

openssl-machine noreply at github.com
Tue Feb 7 15:58:54 UTC 2023


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: c927a3492698c254637da836762f9b1f86cffabc
      https://github.com/openssl/openssl/commit/c927a3492698c254637da836762f9b1f86cffabc
  Author: Viktor Dukhovni <openssl-users at dukhovni.org>
  Date:   2023-02-02 (Thu, 02 Feb 2023)

  Changed paths:
    M crypto/x509/v3_ncons.c

  Log Message:
  -----------
  Fix type confusion in nc_match_single()

This function assumes that if the "gen" is an OtherName, then the "base"
is a rfc822Name constraint. This assumption is not true in all cases.
If the end-entity certificate contains an OtherName SAN of any type besides
SmtpUtf8Mailbox and the CA certificate contains a name constraint of
OtherName (of any type), then "nc_email_eai" will be invoked, with the
OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING.

Reported by Corey Bonnell from Digicert.

CVE-2022-4203

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a
      https://github.com/openssl/openssl/commit/fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-02 (Thu, 02 Feb 2023)

  Changed paths:
    A test/certs/bad-othername-cert.pem
    A test/certs/nccaothername-cert.pem
    A test/certs/nccaothername-key.pem
    M test/certs/setup.sh
    M test/recipes/25-test_verify.t

  Log Message:
  -----------
  Add testcase for nc_match_single type confusion

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: 8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
      https://github.com/openssl/openssl/commit/8e257b86e5812c6e1cfa9e8e5f5660ac7bed899d
  Author: Dmitry Belyavskiy <beldmit at gmail.com>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/bn/bn_blind.c
    M crypto/bn/bn_local.h
    M crypto/bn/build.info
    A crypto/bn/rsa_sup_mul.c
    M crypto/rsa/rsa_ossl.c
    M include/crypto/bn.h

  Log Message:
  -----------
  Fix Timing Oracle in RSA decryption

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: 63bcf189be73a9cc1264059bed6f57974be74a83
      https://github.com/openssl/openssl/commit/63bcf189be73a9cc1264059bed6f57974be74a83
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/pem/pem_lib.c

  Log Message:
  -----------
  Avoid dangling ptrs in header and data params for PEM_read_bio_ex

In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: cbafa34b5a057794c5c08cd4657038e1f643c1ac
      https://github.com/openssl/openssl/commit/cbafa34b5a057794c5c08cd4657038e1f643c1ac
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/pemtest.c

  Log Message:
  -----------
  Add a test for CVE-2022-4450

Call PEM_read_bio_ex() and expect a failure. There should be no dangling
ptrs and therefore there should be no double free if we free the ptrs on
error.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: 8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
      https://github.com/openssl/openssl/commit/8818064ce3c3c0f1b740a5aaba2a987e75bfbafd
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/asn1/bio_ndef.c

  Log Message:
  -----------
  Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: f596ec8a6f9f5fcfa8e46a73b60f78a609725294
      https://github.com/openssl/openssl/commit/f596ec8a6f9f5fcfa8e46a73b60f78a609725294
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/recipes/80-test_cms.t
    A test/smime-certs/badrsa.pem

  Log Message:
  -----------
  Check CMS failure during BIO setup with -stream is handled correctly

Test for the issue fixed in the previous commit

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: 934a04f0e775309cadbef0aa6b9692e1b12a76c6
      https://github.com/openssl/openssl/commit/934a04f0e775309cadbef0aa6b9692e1b12a76c6
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/pkcs7/pk7_lib.c

  Log Message:
  -----------
  Do not dereference PKCS7 object data if not set

Fixes CVE-2023-0216

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>


  Commit: 67813d8a4d110f4174bbd2fee8a2f15388e324b5
      https://github.com/openssl/openssl/commit/67813d8a4d110f4174bbd2fee8a2f15388e324b5
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/recipes/25-test_pkcs7.t
    A test/recipes/25-test_pkcs7_data/malformed.pkcs7

  Log Message:
  -----------
  Add test for d2i_PKCS7 NULL dereference

Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
Reviewed-by: Paul Dale <pauli at openssl.org>


  Commit: 23985bac83fd50c8e29431009302b5442f985096
      https://github.com/openssl/openssl/commit/23985bac83fd50c8e29431009302b5442f985096
  Author: slontis <shane.lontis at oracle.com>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/ffc/ffc_key_validate.c
    M include/internal/ffc.h
    M test/ffc_internal_test.c

  Log Message:
  -----------
  Fix NULL deference when validating FFC public key.

Fixes CVE-2023-0217

When attempting to do a BN_Copy of params->p there was no NULL check.
Since BN_copy does not check for NULL this is a NULL reference.

As an aside BN_cmp() does do a NULL check, so there are other checks
that fail because a NULL is passed. A more general check for NULL params
has been added for both FFC public and private key validation instead.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: c1b4467a7cc129a74fc5205b80a5c47556b99416
      https://github.com/openssl/openssl/commit/c1b4467a7cc129a74fc5205b80a5c47556b99416
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M providers/implementations/keymgmt/dh_kmgmt.c
    M providers/implementations/keymgmt/dsa_kmgmt.c

  Log Message:
  -----------
  Prevent creating DSA and DH keys without parameters through import

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>


  Commit: fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b
      https://github.com/openssl/openssl/commit/fab4973801bdc11c29c4c8ccf65cf39cbc63ce9b
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/x509/x_pubkey.c
    M include/crypto/x509.h
    M providers/implementations/encode_decode/decode_der2key.c

  Log Message:
  -----------
  Do not create DSA keys without parameters by decoder

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>


  Commit: 7e37185582995b35f885fec9dcc3670af9ffcbef
      https://github.com/openssl/openssl/commit/7e37185582995b35f885fec9dcc3670af9ffcbef
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/recipes/91-test_pkey_check.t
    A test/recipes/91-test_pkey_check_data/dsapub.pem
    A test/recipes/91-test_pkey_check_data/dsapub_noparam.der

  Log Message:
  -----------
  Add test for DSA pubkey without param import and check

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>


  Commit: 2f7530077e0ef79d98718138716bc51ca0cad658
      https://github.com/openssl/openssl/commit/2f7530077e0ef79d98718138716bc51ca0cad658
  Author: Hugo Landau <hlandau at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M CHANGES.md
    M crypto/x509/v3_genn.c
    M include/openssl/x509v3.h.in
    M test/v3nametest.c

  Log Message:
  -----------
  CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (3.0)

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: d3b6dfd70db844c4499bec6ad6601623a565e674
      https://github.com/openssl/openssl/commit/d3b6dfd70db844c4499bec6ad6601623a565e674
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/pkcs7/pk7_doit.c

  Log Message:
  -----------
  pk7_doit.c: Check return of BIO_set_md() calls

These calls invoke EVP_DigestInit() which can fail for digests
with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write()
or EVP_DigestFinal() from BIO_read() will segfault on NULL
dereference. This can be triggered by an attacker providing
PKCS7 data digested with MD4 for example if the legacy provider
is not loaded.

If BIO_set_md() fails the md BIO cannot be used.

CVE-2023-0401

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>


  Commit: a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2
      https://github.com/openssl/openssl/commit/a0f2359613f50b5ca6b74b78bf4b54d7dc925fd2
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/recipes/80-test_cms.t
    A test/recipes/80-test_cms_data/pkcs7-md4.pem

  Log Message:
  -----------
  Add testcase for missing return check of BIO_set_md() calls

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>


  Commit: 071e702aec805ea06d5c8e8bc018b1960bd2efb5
      https://github.com/openssl/openssl/commit/071e702aec805ea06d5c8e8bc018b1960bd2efb5
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add CHANGES.md and NEWS.md entries for the 3.0.8 release

Reviewed-by: Mark J. Cox <mark at awe.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: 2ad9928170768653d19d81881deabc5f9c1665c0
      https://github.com/openssl/openssl/commit/2ad9928170768653d19d81881deabc5f9c1665c0
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M include/crypto/types.h

  Log Message:
  -----------
  Internaly declare the DSA type for no-deprecated builds

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(cherry picked from commit 7a21a1b5fa2dac438892cf3292d1f9c445d870d9)


  Commit: 2a4b68ef01281b03e59d723d82ca547cede2fbd5
      https://github.com/openssl/openssl/commit/2a4b68ef01281b03e59d723d82ca547cede2fbd5
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M .github/workflows/ci.yml
    M Configure
    M apps/pkey.c
    M crypto/asn1/bio_ndef.c
    M crypto/bn/bn_blind.c
    M crypto/bn/bn_exp.c
    M crypto/bn/bn_local.h
    M crypto/bn/bn_mont.c
    M crypto/bn/bn_rand.c
    M crypto/bn/rsaz_exp_x2.c
    M crypto/cmp/cmp_client.c
    M crypto/evp/evp_lib.c
    M crypto/evp/p5_crpt2.c
    M crypto/ffc/ffc_key_validate.c
    M crypto/ffc/ffc_params_generate.c
    M crypto/info.c
    M crypto/mem_sec.c
    M crypto/ocsp/ocsp_ext.c
    M crypto/param_build.c
    M crypto/params.c
    M crypto/pem/pem_lib.c
    M crypto/pkcs7/pk7_doit.c
    M crypto/pkcs7/pk7_lib.c
    M crypto/provider_child.c
    M crypto/rsa/rsa_ossl.c
    M crypto/trace.c
    M crypto/x509/by_dir.c
    M crypto/x509/v3_admis.c
    M crypto/x509/v3_genn.c
    M crypto/x509/v3_ncons.c
    M crypto/x509/x509_txt.c
    M crypto/x509/x_pubkey.c
    M doc/man1/openssl-cmp.pod.in
    M doc/man1/openssl-enc.pod.in
    M doc/man1/openssl-gendsa.pod.in
    M doc/man1/openssl-storeutl.pod.in
    M doc/man3/BIO_read.pod
    M doc/man3/BIO_s_connect.pod
    M doc/man3/BIO_s_datagram.pod
    M doc/man3/DTLSv1_listen.pod
    M doc/man3/EC_GROUP_copy.pod
    M doc/man3/ERR_GET_LIB.pod
    M doc/man3/EVP_DigestInit.pod
    M doc/man3/EVP_DigestSignInit.pod
    M doc/man3/EVP_DigestVerifyInit.pod
    M doc/man3/EVP_EncryptInit.pod
    M doc/man3/EVP_PKEY_CTX_get0_pkey.pod
    M doc/man3/MD5.pod
    M doc/man3/OSSL_CMP_CTX_new.pod
    M doc/man3/OSSL_trace_set_channel.pod
    M doc/man3/X509_STORE_CTX_get_error.pod
    M doc/man3/X509_VERIFY_PARAM_set_flags.pod
    M doc/man3/d2i_X509.pod
    M doc/man7/EVP_KDF-SS.pod
    M doc/man7/EVP_PKEY-RSA.pod
    M doc/man7/migration_guide.pod
    M doc/man7/property.pod
    M engines/asm/e_padlock-x86.pl
    M engines/asm/e_padlock-x86_64.pl
    M include/crypto/bn.h
    M include/crypto/types.h
    M include/crypto/x509.h
    M include/internal/ffc.h
    M include/openssl/trace.h
    M include/openssl/x509v3.h.in
    M providers/implementations/ciphers/cipher_chacha20_poly1305.c
    M providers/implementations/ciphers/cipher_chacha20_poly1305.h
    M providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c
    M providers/implementations/encode_decode/decode_der2key.c
    M providers/implementations/kdfs/sskdf.c
    M providers/implementations/keymgmt/dh_kmgmt.c
    M providers/implementations/keymgmt/dsa_kmgmt.c
    M providers/implementations/keymgmt/ec_kmgmt.c
    M ssl/record/ssl3_buffer.c
    M ssl/record/ssl3_record.c
    M test/cmp_asn_test.c
    M test/cmp_client_test.c
    M test/cmp_hdr_test.c
    M test/evp_kdf_test.c
    M test/exptest.c
    M test/ffc_internal_test.c
    M test/param_build_test.c
    M test/pemtest.c
    M test/property_test.c
    M test/recipes/25-test_pkcs7.t
    M test/recipes/25-test_verify.t
    M test/recipes/30-test_evp_data/evpciph_chacha.txt
    M test/recipes/80-test_cms.t
    M test/recipes/90-test_traceapi.t
    M test/recipes/91-test_pkey_check.t
    M test/sslapitest.c
    M test/trace_api_test.c
    M test/v3nametest.c

  Log Message:
  -----------
  Update copyright year


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 8c0eaeaf7c6af01cdbbe6051adde7d7a323092ba
      https://github.com/openssl/openssl/commit/8c0eaeaf7c6af01cdbbe6051adde7d7a323092ba
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M providers/fips-sources.checksums
    M providers/fips.checksum
    M providers/fips.module.sources
    M util/libcrypto.num

  Log Message:
  -----------
  make update


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 31157bc0b46e04227b8468d3e6915e4d0332777c
      https://github.com/openssl/openssl/commit/31157bc0b46e04227b8468d3e6915e4d0332777c
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M VERSION.dat

  Log Message:
  -----------
  Prepare for release of 3.0.8


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 2389cdc9f74268a0d5164a998929ffe50102c0eb
      https://github.com/openssl/openssl/commit/2389cdc9f74268a0d5164a998929ffe50102c0eb
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md
    M VERSION.dat

  Log Message:
  -----------
  Prepare for 3.0.9


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: d8329fff972ab003531adb256123f794043960a1
      https://github.com/openssl/openssl/commit/d8329fff972ab003531adb256123f794043960a1
  Author: Viktor Dukhovni <openssl-users at dukhovni.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M util/perl/OpenSSL/Ordinals.pm

  Log Message:
  -----------
  Fix typo in Ordinals.pm from PR #14074

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb at siemens.com>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20201)

(cherry picked from commit 77c8d6d703efd1d935b5c2603fd31f4b15b1214d)


Compare: https://github.com/openssl/openssl/compare/98d7c6e05f44...d8329fff972a


More information about the openssl-commits mailing list