diff --git a/0101-CVE-2022-4203-nc-match.patch b/0101-CVE-2022-4203-nc-match.patch new file mode 100644 index 0000000..860deac --- /dev/null +++ b/0101-CVE-2022-4203-nc-match.patch @@ -0,0 +1,281 @@ +From c927a3492698c254637da836762f9b1f86cffabc Mon Sep 17 00:00:00 2001 +From: Viktor Dukhovni +Date: Tue, 13 Dec 2022 08:49:13 +0100 +Subject: [PATCH 01/18] Fix type confusion in nc_match_single() + +This function assumes that if the "gen" is an OtherName, then the "base" +is a rfc822Name constraint. This assumption is not true in all cases. +If the end-entity certificate contains an OtherName SAN of any type besides +SmtpUtf8Mailbox and the CA certificate contains a name constraint of +OtherName (of any type), then "nc_email_eai" will be invoked, with the +OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING. + +Reported by Corey Bonnell from Digicert. + +CVE-2022-4203 + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +--- + crypto/x509/v3_ncons.c | 45 +++++++++++++++++++++++++++++------------- + 1 file changed, 31 insertions(+), 14 deletions(-) + +diff --git a/crypto/x509/v3_ncons.c b/crypto/x509/v3_ncons.c +index 70a7e8304e..5101598512 100644 +--- a/crypto/x509/v3_ncons.c ++++ b/crypto/x509/v3_ncons.c +@@ -31,7 +31,8 @@ static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method, + static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); + + static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); +-static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); ++static int nc_match_single(int effective_type, GENERAL_NAME *sub, ++ GENERAL_NAME *gen); + static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); + static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); + static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); +@@ -472,14 +473,17 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + { + GENERAL_SUBTREE *sub; + int i, r, match = 0; ++ int effective_type = gen->type; ++ + /* + * We need to compare not gen->type field but an "effective" type because + * the otherName field may contain EAI email address treated specially + * according to RFC 8398, section 6 + */ +- int effective_type = ((gen->type == GEN_OTHERNAME) && +- (OBJ_obj2nid(gen->d.otherName->type_id) == +- NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type; ++ if (effective_type == GEN_OTHERNAME && ++ (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) { ++ effective_type = GEN_EMAIL; ++ } + + /* + * Permitted subtrees: if any subtrees exist of matching the type at +@@ -488,7 +492,10 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); +- if (effective_type != sub->base->type) ++ if (effective_type != sub->base->type ++ || (effective_type == GEN_OTHERNAME && ++ OBJ_cmp(gen->d.otherName->type_id, ++ sub->base->d.otherName->type_id) != 0)) + continue; + if (!nc_minmax_valid(sub)) + return X509_V_ERR_SUBTREE_MINMAX; +@@ -497,7 +504,7 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + continue; + if (match == 0) + match = 1; +- r = nc_match_single(gen, sub->base); ++ r = nc_match_single(effective_type, gen, sub->base); + if (r == X509_V_OK) + match = 2; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) +@@ -511,12 +518,15 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { + sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); +- if (effective_type != sub->base->type) ++ if (effective_type != sub->base->type ++ || (effective_type == GEN_OTHERNAME && ++ OBJ_cmp(gen->d.otherName->type_id, ++ sub->base->d.otherName->type_id) != 0)) + continue; + if (!nc_minmax_valid(sub)) + return X509_V_ERR_SUBTREE_MINMAX; + +- r = nc_match_single(gen, sub->base); ++ r = nc_match_single(effective_type, gen, sub->base); + if (r == X509_V_OK) + return X509_V_ERR_EXCLUDED_VIOLATION; + else if (r != X509_V_ERR_PERMITTED_VIOLATION) +@@ -528,15 +538,22 @@ static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc) + + } + +-static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) ++static int nc_match_single(int effective_type, GENERAL_NAME *gen, ++ GENERAL_NAME *base) + { + switch (gen->type) { + case GEN_OTHERNAME: +- /* +- * We are here only when we have SmtpUTF8 name, +- * so we match the value of othername with base->d.rfc822Name +- */ +- return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); ++ switch (effective_type) { ++ case GEN_EMAIL: ++ /* ++ * We are here only when we have SmtpUTF8 name, ++ * so we match the value of othername with base->d.rfc822Name ++ */ ++ return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); ++ ++ default: ++ return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; ++ } + + case GEN_DIRNAME: + return nc_dn(gen->d.directoryName, base->d.directoryName); +-- +2.39.1 + +From fe6842f5a5dc2fb66da7fb24bf4343a3aeedd50a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 13 Dec 2022 19:45:09 +0100 +Subject: [PATCH 02/18] Add testcase for nc_match_single type confusion + +Reviewed-by: Paul Dale +Reviewed-by: Hugo Landau +--- + test/certs/bad-othername-cert.pem | 20 ++++++++++++++++++++ + test/certs/nccaothername-cert.pem | 20 ++++++++++++++++++++ + test/certs/nccaothername-key.pem | 28 ++++++++++++++++++++++++++++ + test/certs/setup.sh | 11 +++++++++++ + test/recipes/25-test_verify.t | 5 ++++- + 5 files changed, 83 insertions(+), 1 deletion(-) + create mode 100644 test/certs/bad-othername-cert.pem + create mode 100644 test/certs/nccaothername-cert.pem + create mode 100644 test/certs/nccaothername-key.pem + +diff --git a/test/certs/bad-othername-cert.pem b/test/certs/bad-othername-cert.pem +new file mode 100644 +index 0000000000..cf279de5ea +--- /dev/null ++++ b/test/certs/bad-othername-cert.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 ++IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx ++NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm ++aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt ++JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2 ++kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5 ++Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S ++Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b ++75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7 ++6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf ++BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud ++EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB ++CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru ++t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr ++NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq ++enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O ++vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka ++1AR5KN8h5SYKltSXknjs0pp1w4k49aHl ++-----END CERTIFICATE----- +diff --git a/test/certs/nccaothername-cert.pem b/test/certs/nccaothername-cert.pem +new file mode 100644 +index 0000000000..f9b9b07b80 +--- /dev/null ++++ b/test/certs/nccaothername-cert.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 ++IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD ++DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC ++AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN ++vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H ++d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh ++IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA ++mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB ++gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD ++AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw ++HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g ++HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB ++AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4 ++hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu ++dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR ++2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y ++OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx ++LKQu2Aw2+bOEZ2vUtz0dBhX8 ++-----END CERTIFICATE----- +diff --git a/test/certs/nccaothername-key.pem b/test/certs/nccaothername-key.pem +new file mode 100644 +index 0000000000..d3e300ac2f +--- /dev/null ++++ b/test/certs/nccaothername-key.pem +@@ -0,0 +1,28 @@ ++-----BEGIN PRIVATE KEY----- ++MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp ++w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV ++3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo ++bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls ++k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p ++2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF// ++RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR ++B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF ++dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy ++2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw ++gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq ++uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV ++zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7 ++eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+ ++JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP ++3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX ++8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t ++62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2 ++EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo ++1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc ++RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi ++ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf +++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2 ++ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J ++QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW ++5FtOCFEmwQHTR8lu4c63qfxkEQ== ++-----END PRIVATE KEY----- +diff --git a/test/certs/setup.sh b/test/certs/setup.sh +index b9766aab20..2240cd9df0 100755 +--- a/test/certs/setup.sh ++++ b/test/certs/setup.sh +@@ -388,6 +388,17 @@ REQMASK=MASK:0x800 ./mkcert.sh req badalt7-key "O = Bad NC Test Certificate 7" \ + "email.1 = good@good.org" "email.2 = any@good.com" \ + "IP = 127.0.0.1" "IP = 192.168.0.1" + ++# Certs for CVE-2022-4203 testcase ++ ++NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \ ++ "Test NC CA othername" nccaothername-key nccaothername-cert \ ++ root-key root-cert ++ ++./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \ ++ ./mkcert.sh geneealt bad-othername-key bad-othername-cert \ ++ nccaothername-key nccaothername-cert \ ++ "otherName.1 = SRVName;UTF8STRING:foo@example.org" ++ + # RSA-PSS signatures + # SHA1 + ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ +diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t +index 4613489f57..e6a2bca731 100644 +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -29,7 +29,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 162; ++plan tests => 163; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -402,6 +402,9 @@ ok(!verify("badalt9-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), + "Name constraints nested DNS name excluded"); + ++ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ), ++ "CVE-2022-4203 type confusion test"); ++ + #Check that we get the expected failure return code + with({ exit_checker => sub { return shift == 2; } }, + sub { +-- +2.39.1 + diff --git a/openssl.spec b/openssl.spec index f3e5414..2cb0ba6 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.7 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -155,6 +155,9 @@ Patch91: 0091-FIPS-RSA-encapsulate.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2142517 Patch92: 0092-provider-improvements.patch +# OpenSSL 3.0.8 CVEs +Patch101: 0101-CVE-2022-4203-nc-match.patch + License: ASL 2.0 URL: http://www.openssl.org/ BuildRequires: gcc g++ @@ -484,6 +487,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Wed Feb 08 2023 Dmitry Belyavskiy - 1:3.0.7-5 +- Fixed X.509 Name Constraints Read Buffer Overflow + Resolves: CVE-2022-4203 + * Wed Jan 11 2023 Clemens Lang - 1:3.0.7-4 - Disallow SHAKE in RSA-OAEP decryption in FIPS mode Resolves: rhbz#2142121