!45 fix CVE-2021-23840 CVE-2021-23841 CVE-2022-0778 CVE-2021-3712

From: @gys66 Reviewed-by: @HuaxinLuGitee Signed-off-by: @HuaxinLuGitee
2022-09-20 08:36:04 +00:00 · 2022-09-20 08:36:04 +00:00 · 5ce01dbb01
commit 5ce01dbb01
parent 201467a413 869aa68f1b
7 changed files with 288 additions and 2 deletions
--- a/backport-CVE-2021-23840.patch
+++ b/backport-CVE-2021-23840.patch
@ -0,0 +1,79 @@
+Backport of:
+
+From 6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 2 Feb 2021 17:17:23 +0000
+Subject: [PATCH] Don't overflow the output length in EVP_CipherUpdate calls
+
+CVE-2021-23840
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+---
+ crypto/err/openssl.txt   |  3 ++-
+ crypto/evp/evp_enc.c     | 27 +++++++++++++++++++++++++++
+ crypto/evp/evp_err.c     |  4 +++-
+ include/openssl/evperr.h |  7 +++----
+ 4 files changed, 35 insertions(+), 6 deletions(-)
+
+--- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
+@@ -354,6 +354,19 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ct
+             return 1;
+         } else {
+             j = bl - i;
+
+            /*
+             * Once we've processed the first j bytes from in, the amount of
+             * data left that is a multiple of the block length is:
+             * (inl - j) & ~(bl - 1)
+             * We must ensure that this amount of data, plus the one block that
+             * we process from ctx->buf does not exceed INT_MAX
+             */
+            if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+                EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+                       EVP_R_OUTPUT_WOULD_OVERFLOW);
+                return 0;
+            }
+             memcpy(&(ctx->buf[i]), in, j);
+             if (!M_do_cipher(ctx, out, ctx->buf, bl))
+                 return 0;
+@@ -455,6 +468,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ct
+     OPENSSL_assert(b <= sizeof ctx->final);
+ 
+     if (ctx->final_used) {
+        /*
+         * final_used is only ever set if buf_len is 0. Therefore the maximum
+         * length output we will ever see from evp_EncryptDecryptUpdate is
+         * the maximum multiple of the block length that is <= inl, or just:
+         * inl & ~(b - 1)
+         * Since final_used has been set then the final output length is:
+         * (inl & ~(b - 1)) + b
+         * This must never exceed INT_MAX
+         */
+        if ((inl & ~(b - 1)) > INT_MAX - b) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+            return 0;
+        }
+         memcpy(out, ctx->final, b);
+         out += b;
+         fix_len = 1;
+--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+@@ -215,6 +215,7 @@ static ERR_STRING_DATA EVP_str_reasons[]
+     {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+      "operation not supported for this keytype"},
+     {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
+    {ERR_REASON(EVP_R_OUTPUT_WOULD_OVERFLOW), "output would overflow"},
+     {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
+      "pkcs8 unknown broken type"},
+     {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
+--- a/Cryptlib/Include/openssl/evp.h
+++ b/Cryptlib/Include/openssl/evp.h
+@@ -1509,6 +1509,7 @@ void ERR_load_EVP_strings(void);
+ # define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED              105
+ # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+ # define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW                      184
+ # define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE                  117
+ # define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+ # define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
--- a/backport-CVE-2021-23841.patch
+++ b/backport-CVE-2021-23841.patch
@ -0,0 +1,40 @@
+Backport of:
+
+From 122a19ab48091c657f7cb1fb3af9fc07bd557bbf Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 10 Feb 2021 16:10:36 +0000
+Subject: [PATCH] Fix Null pointer deref in X509_issuer_and_serial_hash()
+
+The OpenSSL public API function X509_issuer_and_serial_hash() attempts
+to create a unique hash value based on the issuer and serial number data
+contained within an X509 certificate. However it fails to correctly
+handle any errors that may occur while parsing the issuer field (which
+might occur if the issuer field is maliciously constructed). This may
+subsequently result in a NULL pointer deref and a crash leading to a
+potential denial of service attack.
+
+The function X509_issuer_and_serial_hash() is never directly called by
+OpenSSL itself so applications are only vulnerable if they use this
+function directly and they use it on certificates that may have been
+obtained from untrusted sources.
+
+CVE-2021-23841
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(cherry picked from commit 8130d654d1de922ea224fa18ee3bc7262edc39c0)
+---
+ crypto/x509/x509_cmp.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
+@@ -87,6 +87,8 @@ unsigned long X509_issuer_and_serial_has
+ 
+     EVP_MD_CTX_init(&ctx);
+     f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
+    if (f == NULL)
+        goto err;
+     if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+         goto err;
+     if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
--- a/backport-CVE-2021-3712.patch
+++ b/backport-CVE-2021-3712.patch
@ -0,0 +1,13 @@
+Index: openssl-1.0.2p/crypto/asn1/t_x509a.c
+===================================================================
+--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
+@@ -104,7 +104,7 @@ int X509_CERT_AUX_print(BIO *out, X509_C
+     } else
+         BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+     if (aux->alias)
+-        BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
+        BIO_printf(out, "%*sAlias: %.*s\n", indent, "", aux->alias->length, aux->alias->data);
+     if (aux->keyid) {
+         BIO_printf(out, "%*sKey Id: ", indent, "");
+         for (i = 0; i < aux->keyid->length; i++)
--- a/backport-CVE-2022-0778.patch
+++ b/backport-CVE-2022-0778.patch
@ -0,0 +1,66 @@
+From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:21 +0100
+Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
+
+The calculation in some cases does not finish for non-prime p.
+
+This fixes CVE-2022-0778.
+
+Based on patch by David Benjamin <davidben@google.com>.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+index 1723d5ded5a..53b0f559855 100644
+--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ /*
+  * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+  * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+- * Theory", algorithm 1.5.1). 'p' must be prime!
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
+ * an incorrect "result" will be returned.
+  */
+ {
+     BIGNUM *ret = in;
+@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+             goto vrfy;
+         }
+ 
+-        /* find smallest  i  such that  b^(2^i) = 1 */
+-        i = 1;
+-        if (!BN_mod_sqr(t, b, p, ctx))
+-            goto end;
+-        while (!BN_is_one(t)) {
+-            i++;
+-            if (i == e) {
+-                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+-                goto end;
+        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
+        for (i = 1; i < e; i++) {
+            if (i == 1) {
+                if (!BN_mod_sqr(t, b, p, ctx))
+                    goto end;
+
+            } else {
+                if (!BN_mod_mul(t, t, t, p, ctx))
+                    goto end;
+             }
+-            if (!BN_mod_mul(t, t, t, p, ctx))
+-                goto end;
+            if (BN_is_one(t))
+                break;
+        }
+        /* If not found, a is not a square or p is not prime. */
+        if (i >= e) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            goto end;
+         }
+ 
+         /* t := y^2^(e - i - 1) */
--- a/backport-make-update-EVP_F_EVP_DECRYPTDECRYPTUPDATE.patch
+++ b/backport-make-update-EVP_F_EVP_DECRYPTDECRYPTUPDATE.patch
@ -0,0 +1,38 @@
+Backport of:
+
+From 4bd0db1feaaf97fbc2bd31f54f1fbdeab80b2b1a Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Sun, 9 Dec 2018 14:20:30 +0100
+Subject: [PATCH] make update
+
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/7852)
+
+(cherry picked from commit f2f734d4f9e34643a1d3e5b79d2447cd643519f8)
+---
+ crypto/err/openssl.txt   | 1 +
+ crypto/evp/evp_err.c     | 2 ++
+ include/openssl/evperr.h | 1 +
+ 3 files changed, 4 insertions(+)
+
+--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+@@ -94,6 +94,7 @@ static ERR_STRING_DATA EVP_str_functs[]
+     {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+     {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
+     {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+    {ERR_FUNC(EVP_F_EVP_ENCRYPTDECRYPTUPDATE), "evp_EncryptDecryptUpdate"},
+     {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+     {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
+     {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+--- a/Cryptlib/Include/openssl/evp.h
+++ b/Cryptlib/Include/openssl/evp.h
+@@ -1398,6 +1398,7 @@ void ERR_load_EVP_strings(void);
+ # define EVP_F_EVP_DECRYPTFINAL_EX                        101
+ # define EVP_F_EVP_DECRYPTUPDATE                          166
+ # define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
+ # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+ # define EVP_F_EVP_ENCRYPTUPDATE                          167
+ # define EVP_F_EVP_MD_CTX_COPY_EX                         110
--- a/backport-make-update-EVP_F_EVP_DECRYPTUPDATE.patch
+++ b/backport-make-update-EVP_F_EVP_DECRYPTUPDATE.patch
@ -0,0 +1,41 @@
+Partial backport of:
+
+From 83151b73a4736bca1797f8edc2b0ad4cf7ac9146 Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Mon, 25 Jul 2016 15:02:26 +0200
+Subject: [PATCH] evp/evp_enc.c: make assert error message more readable and
+ add EVPerr(PARTIALLY_OVERLAPPED)
+
+Reviewed-by: Stephen Henson <steve@openssl.org>
+---
+ crypto/evp/evp_enc.c  | 28 +++++++++++++++++++---------
+ crypto/evp/evp_err.c  |  3 +++
+ include/openssl/evp.h |  3 +++
+ 3 files changed, 25 insertions(+), 9 deletions(-)
+
+--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+@@ -92,8 +92,10 @@ static ERR_STRING_DATA EVP_str_functs[]
+     {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+      "EVP_CIPHER_CTX_set_key_length"},
+     {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_DECRYPTUPDATE), "EVP_DecryptUpdate"},
+     {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+     {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_ENCRYPTUPDATE), "EVP_EncryptUpdate"},
+     {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+     {ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_size"},
+     {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+--- a/Cryptlib/Include/openssl/evp.h
+++ b/Cryptlib/Include/openssl/evp.h
+@@ -1396,8 +1396,10 @@ void ERR_load_EVP_strings(void);
+ # define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+ # define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+ # define EVP_F_EVP_DECRYPTFINAL_EX                        101
+# define EVP_F_EVP_DECRYPTUPDATE                          166
+ # define EVP_F_EVP_DIGESTINIT_EX                          128
+ # define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+# define EVP_F_EVP_ENCRYPTUPDATE                          167
+ # define EVP_F_EVP_MD_CTX_COPY_EX                         110
+ # define EVP_F_EVP_MD_SIZE                                162
+ # define EVP_F_EVP_OPENINIT                               102
--- a/shim.spec
+++ b/shim.spec
@ -22,7 +22,7 @@

 Name:		shim
 Version:	15
-Release:        23
+Release:        24
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:  x86_64 aarch64
 License:	BSD
@ -47,6 +47,12 @@ Patch12:        backport-0001-CVE-2020-1971.patch
 Patch13:        backport-0002-CVE-2020-1971.patch
 Patch14:        backport-0003-CVE-2020-1971.patch
 Patch15:        backport-0004-CVE-2020-1971.patch
+Patch16:        backport-make-update-EVP_F_EVP_DECRYPTUPDATE.patch
+Patch17:        backport-make-update-EVP_F_EVP_DECRYPTDECRYPTUPDATE.patch
+Patch18:        backport-CVE-2021-23840.patch
+Patch19:        backport-CVE-2021-23841.patch
+Patch20:        backport-CVE-2022-0778.patch
+Patch21:        backport-CVE-2021-3712.patch

 BuildRequires:	elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc
 Requires:       dbxtool efi-filesystem mokutil
@ -145,7 +151,10 @@ cd ..
 /usr/src/debug/%{name}-%{version}-%{release}/*

 %changelog
-* Mon Sep 19 09:12:56 PM CST 2022 gaoyusong <gaoyusong2@huawei.com> - 15-23
+* Tue Sep 20 2022 gaoyusong <gaoyusong2@huawei.com> - 15-24
+- fix CVE-2021-23840 CVE-2021-23841 CVE-2022-0778 CVE-2021-3712
+
+* Mon Sep 19 2022 gaoyusong <gaoyusong2@huawei.com> - 15-23
 - fix CVE-2017-3735 CVE-2017-3737 CVE-2018-0732 CVE-2018-0737
  CVE-2018-0739 CVE-2019-1563 CVE-2020-1971