From 1d1d2b5e7afbd13e57be1710c9bdbcb5769e921f4e3ae36615be2bf6197ff821 Mon Sep 17 00:00:00 2001 From: Otto Hollmann Date: Mon, 3 Apr 2023 11:03:23 +0000 Subject: [PATCH] Accepting request 1076892 from home:ohollmann:branches:security:tls-tmp - Security Fix: [CVE-2023-0465, bsc#1209878] * Invalid certificate policies in leaf certificates are silently ignored * Add openssl-CVE-2023-0465.patch - Security Fix: [CVE-2023-0466, bsc#1209873] * Certificate policy check not enabled * Add openssl-CVE-2023-0466.patch OBS-URL: https://build.opensuse.org/request/show/1076892 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=132 --- openssl-1_1.changes | 10 ++ openssl-1_1.spec | 4 + openssl-CVE-2023-0465.patch | 221 ++++++++++++++++++++++++++++++++++++ openssl-CVE-2023-0466.patch | 63 ++++++++++ 4 files changed, 298 insertions(+) create mode 100644 openssl-CVE-2023-0465.patch create mode 100644 openssl-CVE-2023-0466.patch diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 5cfd87d..e82fd99 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Apr 3 07:40:43 UTC 2023 - Otto Hollmann + +- Security Fix: [CVE-2023-0465, bsc#1209878] + * Invalid certificate policies in leaf certificates are silently ignored + * Add openssl-CVE-2023-0465.patch +- Security Fix: [CVE-2023-0466, bsc#1209873] + * Certificate policy check not enabled + * Add openssl-CVE-2023-0466.patch + ------------------------------------------------------------------- Fri Mar 24 15:53:47 UTC 2023 - Otto Hollmann diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 564137e..9cf80ce 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -134,6 +134,10 @@ Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch Patch80: openssl-1_1-openssl-config.patch # PATCH-FIX-UPSTREAM: bsc#1209624, CVE-2023-0464 Excessive Resource Usage Verifying X.509 Policy Constraints Patch81: openssl-CVE-2023-0464.patch +# PATCH-FIX-UPSTREAM: bsc#1209878, CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored +Patch82: openssl-CVE-2023-0465.patch +# PATCH-FIX-UPSTREAM: bsc#1209873, CVE-2023-0466 Certificate policy check not enabled +Patch83: openssl-CVE-2023-0466.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) Requires: libopenssl1_1 = %{version}-%{release} diff --git a/openssl-CVE-2023-0465.patch b/openssl-CVE-2023-0465.patch new file mode 100644 index 0000000..2120cbe --- /dev/null +++ b/openssl-CVE-2023-0465.patch @@ -0,0 +1,221 @@ +From 818e2bc9d10e56659c6c68dee1c6a1fd5026f720 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 7 Mar 2023 15:22:40 +0000 +Subject: [PATCH 1/5] Generate some certificates with the certificatePolicies + extension + +Related-to: CVE-2023-0465 +--- + CHANGES | 9 ++++++++- + NEWS | 3 +++ + crypto/x509/x509_vfy.c | 11 +++++++++-- + test/certs/ca-pol-cert.pem | 19 +++++++++++++++++++ + test/certs/ee-cert-policies-bad.pem | 20 ++++++++++++++++++++ + test/certs/ee-cert-policies.pem | 20 ++++++++++++++++++++ + test/certs/mkcert.sh | 9 +++++++-- + test/certs/setup.sh | 6 ++++++ + test/recipes/25-test_verify.t | 13 ++++++++++++- + 9 files changed, 104 insertions(+), 6 deletions(-) + create mode 100644 test/certs/ca-pol-cert.pem + create mode 100644 test/certs/ee-cert-policies-bad.pem + create mode 100644 test/certs/ee-cert-policies.pem + +--- a/CHANGES ++++ b/CHANGES +@@ -9,12 +9,19 @@ + + Changes between 1.1.1s and 1.1.1t [7 Feb 2023] + ++ *) Fixed an issue where invalid certificate policies in leaf certificates are ++ silently ignored by OpenSSL and other certificate policy checks are skipped ++ for that certificate. A malicious CA could use this to deliberately assert ++ invalid certificate policies in order to circumvent policy checking on the ++ certificate altogether. (CVE-2023-0465) ++ [Matt Caswell] ++ + *) Limited the number of nodes created in a policy tree to mitigate + against CVE-2023-0464. The default limit is set to 1000 nodes, which + should be sufficient for most installations. If required, the limit + can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build + time define to a desired maximum number of nodes or zero to allow +- unlimited growth. ++ unlimited growth. (CVE-2023-0464) + [Paul Dale] + + *) Fixed X.400 address type confusion in X.509 GeneralName. +--- a/NEWS ++++ b/NEWS +@@ -10,6 +10,9 @@ + + Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] + ++ o Fixed handling of invalid certificate policies in leaf certificates ++ (CVE-2023-0465) ++ o Limited the number of nodes created in a policy tree ([CVE-2023-0464]) + o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) + o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215) + o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450) +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX * + } + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + if (!verify_cb_cert(ctx, x, i, + X509_V_ERR_INVALID_POLICY_EXTENSION)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { +--- /dev/null ++++ b/test/certs/ca-pol-cert.pem +@@ -0,0 +1,19 @@ ++-----BEGIN CERTIFICATE----- ++MIIDFzCCAf+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 ++IENBMCAXDTIzMDMwODEyMjMxNloYDzIxMjMwMzA5MTIyMzE2WjANMQswCQYDVQQD ++DAJDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJadpD0ASxxfxsvd ++j9IxsogVzMSGLFziaYuE9KejU9+R479RifvwfBANO62sNWJ19X//9G5UjwWmkiOz ++n1k50DkYsBBA3mJzik6wjt/c58lBIlSEgAgpvDU8ht8w3t20JP9+YqXAeugqFj/W ++l9rFQtsvaWSRywjXVlp5fxuEQelNnXcJEKhsKTNExsBUZebo4/J1BWpklWzA9P0l ++YW5INvDAAwcF1nzlEf0Y6Eot03IMNyg2MTE4hehxjdgCSci8GYnFirE/ojXqqpAc ++ZGh7r2dqWgZUD1Dh+bT2vjrUzj8eTH3GdzI+oljt29102JIUaqj3yzRYkah8FLF9 ++CLNNsUcCAwEAAaN7MHkwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYD ++VR0OBBYEFLQRM/HX4l73U54gIhBPhga/H8leMB8GA1UdIwQYMBaAFI71Ja8em2uE ++PXyAmslTnE1y96NSMBkGA1UdIAQSMBAwDgYMKwYBBAGBgVy8+0cBMA0GCSqGSIb3 ++DQEBCwUAA4IBAQBbE+MO9mewWIUY2kt85yhl0oZtvVxbn9K2Hty59ItwJGRNfzx7 ++Ge7KgawkvNzMOXmj6qf8TpbJnf41ZLWdRyVZBVyIwrAKIVw1VxfGh8aEifHKN97H ++unZkBPcUkAhUJSiC1BOD/euaMYqOi8QwiI702Q6q1NBY1/UKnV/ZIBLecnqfj9vZ ++7T0wKxrwGYBztP4pNcxCmBoD9Dg+Dx3ZElo0WXyO4SOh/BgrsKJHKyhbuTpjrI/g ++DhcINRp6+lIzuFBtJ67+YXnAEspb3lKMk0YL/LXrCNF2scdmNfOPwHi+OKBqt69C ++9FJyWFEMxx2qm/ENE9sbOswgJRnKkaAqHBHx ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/certs/ee-cert-policies-bad.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDTTCCAjWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg ++Fw0yMzAzMDgxMjIzMzJaGA8yMTIzMDMwOTEyMjMzMlowGTEXMBUGA1UEAwwOc2Vy ++dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY ++YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT ++5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l ++Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 ++U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 ++ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn ++iIQPYf55NB9KiR+3AgMBAAGjgakwgaYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H ++mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC ++MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w ++bGUwKQYDVR0gBCIwIDAOBgwrBgEEAYGBXLz7RwEwDgYMKwYBBAGBgVy8+0cBMA0G ++CSqGSIb3DQEBCwUAA4IBAQArwtwNO++7kStcJeMg3ekz2D/m/8UEjTA1rknBjQiQ ++P0FK7tNeRqus9i8PxthNWk+biRayvDzaGIBV7igpDBPfXemDgmW9Adc4MKyiQDfs ++YfkHi3xJKvsK2fQmyCs2InVDaKpVAkNFcgAW8nSOhGliqIxLb0EOLoLNwaktou0N ++XQHmRzY8S7aIr8K9Qo9y/+MLar+PS4h8l6FkLLkTICiFzE4/wje5S3NckAnadRJa ++QpjwM2S6NuA+tYWuOcN//r7BSpW/AZKanYWPzHMrKlqCh+9o7sthPd72+hObG9kx ++wSGdzfStNK1I1zM5LiI08WtXCvR6AfLANTo2x1AYhSxF ++-----END CERTIFICATE----- +--- /dev/null ++++ b/test/certs/ee-cert-policies.pem +@@ -0,0 +1,20 @@ ++-----BEGIN CERTIFICATE----- ++MIIDPTCCAiWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADANMQswCQYDVQQDDAJDQTAg ++Fw0yMzAzMDgxMjIzMjNaGA8yMTIzMDMwOTEyMjMyM1owGTEXMBUGA1UEAwwOc2Vy ++dmVyLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCo/4lY ++YYWu3tssD9Vz++K3qBt6dWAr1H08c3a1rt6TL38kkG3JHPSKOM2fooAWVsu0LLuT ++5Rcf/w3GQ/4xNPgo2HXpo7uIgu+jcuJTYgVFTeAxl++qnRDSWA2eBp4yuxsIVl1l ++Dz9mjsI2oBH/wFk1/Ukc3RxCMwZ4rgQ4I+XndWfTlK1aqUAfrFkQ9QzBZK1KxMY1 ++U7OWaoIbFYvRmavknm+UqtKW5Vf7jJFkijwkFsbSGb6CYBM7YrDtPh2zyvlr3zG5 ++ep5LR2inKcc/SuIiJ7TvkGPX79ByST5brbkb1Ctvhmjd1XMSuEPJ3EEPoqNGT4tn ++iIQPYf55NB9KiR+3AgMBAAGjgZkwgZYwHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4H ++mCKX4XOiMB8GA1UdIwQYMBaAFLQRM/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQC ++MAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1w ++bGUwGQYDVR0gBBIwEDAOBgwrBgEEAYGBXLz7RwEwDQYJKoZIhvcNAQELBQADggEB ++AGbWslmAAdMX3+5ChcnFrX+NqDGoyhb3PTgWdtlQB5qtWdIt4rSxN50OcQxFTX0D ++QOBabSzR0DDKrgfBe4waL19WsdEvR9GyO4M7ASze/A3IEZue9C9k0n7Vq8zDaAZl ++CiR/Zqo9nAOuhKHMgmC/NjUlX7STv5pJVgc4SH8VEKmSRZDmNihaOalUtK5X8/Oa ++dawKxsZcaP5IKnOEPPKjtVNJxBu5CXywJHsO0GcoDEnEx1/NLdFoJ6WFw8NuTyDK ++NGLq2MHEdyKaigHQlptEs9bXyu9McJjzbx0uXj3BenRULASreccFej0L1RU6jDlk ++D3brBn24UISaFRZoB7jsjok= ++-----END CERTIFICATE----- +--- a/test/certs/mkcert.sh ++++ b/test/certs/mkcert.sh +@@ -117,11 +117,12 @@ genca() { + local OPTIND=1 + local purpose= + +- while getopts p: o ++ while getopts p:c: o + do + case $o in + p) purpose="$OPTARG";; +- *) echo "Usage: $0 genca [-p EKU] cn keyname certname cakeyname cacertname" >&2 ++ c) certpol="$OPTARG";; ++ *) echo "Usage: $0 genca [-p EKU][-c policyoid] cn keyname certname cakeyname cacertname" >&2 + return 1;; + esac + done +@@ -142,6 +143,10 @@ genca() { + if [ -n "$NC" ]; then + exts=$(printf "%s\nnameConstraints = %s\n" "$exts" "$NC") + fi ++ if [ -n "$certpol" ]; then ++ exts=$(printf "%s\ncertificatePolicies = %s\n" "$exts" "$certpol") ++ fi ++ + csr=$(req "$key" "CN = $cn") || return 1 + echo "$csr" | + cert "$cert" "$exts" -CA "${cacert}.pem" -CAkey "${cakey}.pem" \ +--- a/test/certs/setup.sh ++++ b/test/certs/setup.sh +@@ -405,3 +405,9 @@ OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed44 + root-ed448-key root-ed448-cert + OPENSSL_SIGALG=ED448 OPENSSL_KEYALG=ed448 ./mkcert.sh genee ed448 \ + server-ed448-key server-ed448-cert root-ed448-key root-ed448-cert ++ ++# certificatePolicies extension ++./mkcert.sh genca -c "1.3.6.1.4.1.16604.998855.1" "CA" ca-key ca-pol-cert root-key root-cert ++./mkcert.sh geneeextra server.example ee-key ee-cert-policies ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1" ++# We can create a cert with a duplicate policy oid - but its actually invalid! ++./mkcert.sh geneeextra server.example ee-key ee-cert-policies-bad ca-key ca-cert "certificatePolicies=1.3.6.1.4.1.16604.998855.1,1.3.6.1.4.1.16604.998855.1" +--- a/test/recipes/25-test_verify.t ++++ b/test/recipes/25-test_verify.t +@@ -27,7 +27,7 @@ sub verify { + run(app([@args])); + } + +-plan tests => 146; ++plan tests => 148; + + # Canonical success + ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), +@@ -409,3 +409,14 @@ SKIP: { + "ED25519 signature"); + + } ++ ++# Certificate Policies ++ok(verify("ee-cert-policies", "sslserver", ["root-cert"], ["ca-pol-cert"], ++ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", ++ "-explicit_policy"), ++ "Certificate policy"); ++ ++ok(!verify("ee-cert-policies-bad", "sslserver", ["root-cert"], ["ca-pol-cert"], ++ "-policy_check", "-policy", "1.3.6.1.4.1.16604.998855.1", ++ "-explicit_policy"), ++ "Bad certificate policy"); diff --git a/openssl-CVE-2023-0466.patch b/openssl-CVE-2023-0466.patch new file mode 100644 index 0000000..8c807e9 --- /dev/null +++ b/openssl-CVE-2023-0466.patch @@ -0,0 +1,63 @@ +From bccf26f7c3b921be8946bfdd1b2de48fea96f90d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 21 Mar 2023 16:15:47 +0100 +Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() + +The function was incorrectly documented as enabling policy checking. + +Fixes: CVE-2023-0466 +--- + CHANGES | 5 +++++ + NEWS | 1 + + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- + 3 files changed, 13 insertions(+), 2 deletions(-) + +--- a/CHANGES ++++ b/CHANGES +@@ -9,6 +9,11 @@ + + Changes between 1.1.1s and 1.1.1t [7 Feb 2023] + ++ *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention ++ that it does not enable policy checking. Thanks to ++ David Benjamin for discovering this issue. (CVE-2023-0466) ++ [Tomas Mraz] ++ + *) Fixed an issue where invalid certificate policies in leaf certificates are + silently ignored by OpenSSL and other certificate policy checks are skipped + for that certificate. A malicious CA could use this to deliberately assert +--- a/NEWS ++++ b/NEWS +@@ -10,6 +10,7 @@ + + Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] + ++ o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) + o Fixed handling of invalid certificate policies in leaf certificates + (CVE-2023-0465) + o Limited the number of nodes created in a policy tree ([CVE-2023-0464]) +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -92,8 +92,9 @@ B. + X509_VERIFY_PARAM_set_time() sets the verification time in B to + B. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B. Any existing +@@ -377,6 +378,10 @@ and has no effect. + + The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.