diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 38e2b16..4c0ddce 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Mon Jul 22 16:42:52 UTC 2024 - Pedro Monreal + +- Build with no-afalgeng [bsc#1226463] + +------------------------------------------------------------------- +Mon Jul 22 08:30:16 UTC 2024 - Pedro Monreal + +- Security fix: [bsc#1227138, CVE-2024-5535] + * SSL_select_next_proto buffer overread + * Add openssl-CVE-2024-5535.patch + ------------------------------------------------------------------- Tue Jun 18 15:52:49 UTC 2024 - Martin Jambor @@ -7,6 +19,16 @@ Tue Jun 18 15:52:49 UTC 2024 - Martin Jambor (missing include) to allow the package to build with GCC 14. [boo#1225907] +------------------------------------------------------------------- +Thu Jun 6 15:12:10 UTC 2024 - Peter Simons + +- Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free + security vulnerability. Calling the function SSL_free_buffers() + potentially caused memory to be accessed that was previously + freed in some situations and a malicious attacker could attempt + to engineer a stituation where this occurs to facilitate a + denial-of-service attack. [CVE-2024-4741, bsc#1225551] + ------------------------------------------------------------------- Mon May 6 12:11:02 UTC 2024 - Otto Hollmann diff --git a/openssl-1_1.spec b/openssl-1_1.spec index d02c503..4d37aa9 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -196,6 +196,10 @@ Patch116: openssl-Skip_SHA1-test-in-FIPS-mode.patch Patch117: openssl-CVE-2024-0727.patch # PATCH-FIX-UPSTREAM: bsc#1222548 CVE-2024-2511: Unbounded memory growth with session handling in TLSv1.3 Patch118: openssl-CVE-2024-2511.patch +# PATCH-FIX-UPSTREAM bsc#1225551 CVE-2024-4741: use After Free with SSL_free_buffers +Patch119: openssl-CVE-2024-4741.patch +# PATCH-FIX-UPSTREAM: bsc#1227138 CVE-2024-5535: SSL_select_next_proto buffer overread +Patch120: openssl-CVE-2024-5535.patch BuildRequires: jitterentropy-devel >= 3.4.0 BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) @@ -285,6 +289,7 @@ export MACHINE=armv6l ./config \ no-idea \ + no-afalgeng \ enable-rfc3779 \ %ifarch x86_64 aarch64 ppc64le enable-ec_nistp_64_gcc_128 \ diff --git a/openssl-CVE-2024-4741.patch b/openssl-CVE-2024-4741.patch new file mode 100644 index 0000000..c093774 --- /dev/null +++ b/openssl-CVE-2024-4741.patch @@ -0,0 +1,41 @@ +@@ -, +, @@ +--- + ssl/record/methods/tls_common.c | 8 ++++++++ + 1 file changed, 8 insertions(+) +Index: openssl-1.1.1w/ssl/record/ssl3_buffer.c +=================================================================== +--- openssl-1.1.1w.orig/ssl/record/ssl3_buffer.c 2023-09-11 14:08:11.000000000 +0000 ++++ openssl-1.1.1w/ssl/record/ssl3_buffer.c 2024-06-12 07:58:27.817211675 +0000 +@@ -179,5 +179,7 @@ int ssl3_release_read_buffer(SSL *s) + b = RECORD_LAYER_get_rbuf(&s->rlayer); + OPENSSL_free(b->buf); + b->buf = NULL; ++ s->rlayer.packet = NULL; ++ s->rlayer.packet_length = 0; + return 1; + } +Index: openssl-1.1.1w/ssl/record/rec_layer_s3.c +=================================================================== +--- openssl-1.1.1w.orig/ssl/record/rec_layer_s3.c 2023-09-11 14:08:11.000000000 +0000 ++++ openssl-1.1.1w/ssl/record/rec_layer_s3.c 2024-06-12 07:58:27.817211675 +0000 +@@ -17,6 +17,7 @@ + #include "record_local.h" + #include "../packet_local.h" + #include "internal/cryptlib.h" ++#include "internal/cryptlib.h" + + #if defined(OPENSSL_SMALL_FOOTPRINT) || \ + !( defined(AESNI_ASM) && ( \ +@@ -238,6 +239,12 @@ int ssl3_read_n(SSL *s, size_t n, size_t + s->rlayer.packet_length = 0; + /* ... now we can act as if 'extend' was set */ + } ++ if (!ossl_assert(s->rlayer.packet != NULL)) { ++ /* does not happen */ ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, ++ ERR_R_INTERNAL_ERROR); ++ return -1; ++ } + + len = s->rlayer.packet_length; + pkt = rb->buf + align; diff --git a/openssl-CVE-2024-5535.patch b/openssl-CVE-2024-5535.patch new file mode 100644 index 0000000..d78defd --- /dev/null +++ b/openssl-CVE-2024-5535.patch @@ -0,0 +1,234 @@ +From 4ada436a1946cbb24db5ab4ca082b69c1bc10f37 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 31 May 2024 11:14:33 +0100 +Subject: [PATCH] Fix SSL_select_next_proto + +Ensure that the provided client list is non-NULL and starts with a valid +entry. When called from the ALPN callback the client list should already +have been validated by OpenSSL so this should not cause a problem. When +called from the NPN callback the client list is locally configured and +will not have already been validated. Therefore SSL_select_next_proto +should not assume that it is correctly formatted. + +We implement stricter checking of the client protocol list. We also do the +same for the server list while we are about it. + +CVE-2024-5535 + +Reviewed-by: Neil Horman +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/24718) +--- + ssl/ssl_lib.c | 63 ++++++++++++++++++++++++++++++++------------------- + 1 file changed, 40 insertions(+), 23 deletions(-) + +Index: openssl-1.1.1w/ssl/ssl_lib.c +=================================================================== +--- openssl-1.1.1w.orig/ssl/ssl_lib.c ++++ openssl-1.1.1w/ssl/ssl_lib.c +@@ -2761,37 +2761,54 @@ int SSL_select_next_proto(unsigned char + unsigned int server_len, + const unsigned char *client, unsigned int client_len) + { +- unsigned int i, j; +- const unsigned char *result; +- int status = OPENSSL_NPN_UNSUPPORTED; ++ PACKET cpkt, csubpkt, spkt, ssubpkt; ++ ++ if (!PACKET_buf_init(&cpkt, client, client_len) ++ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt) ++ || PACKET_remaining(&csubpkt) == 0) { ++ *out = NULL; ++ *outlen = 0; ++ return OPENSSL_NPN_NO_OVERLAP; ++ } ++ ++ /* ++ * Set the default opportunistic protocol. Will be overwritten if we find ++ * a match. ++ */ ++ *out = (unsigned char *)PACKET_data(&csubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&csubpkt); + + /* + * For each protocol in server preference order, see if we support it. + */ +- for (i = 0; i < server_len;) { +- for (j = 0; j < client_len;) { +- if (server[i] == client[j] && +- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) { +- /* We found a match */ +- result = &server[i]; +- status = OPENSSL_NPN_NEGOTIATED; +- goto found; ++ if (PACKET_buf_init(&spkt, server, server_len)) { ++ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) { ++ if (PACKET_remaining(&ssubpkt) == 0) ++ continue; /* Invalid - ignore it */ ++ if (PACKET_buf_init(&cpkt, client, client_len)) { ++ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) { ++ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt), ++ PACKET_remaining(&ssubpkt))) { ++ /* We found a match */ ++ *out = (unsigned char *)PACKET_data(&ssubpkt); ++ *outlen = (unsigned char)PACKET_remaining(&ssubpkt); ++ return OPENSSL_NPN_NEGOTIATED; ++ } ++ } ++ /* Ignore spurious trailing bytes in the client list */ ++ } else { ++ /* This should never happen */ ++ return OPENSSL_NPN_NO_OVERLAP; + } +- j += client[j]; +- j++; + } +- i += server[i]; +- i++; ++ /* Ignore spurious trailing bytes in the server list */ + } + +- /* There's no overlap between our protocols and the server's list. */ +- result = client; +- status = OPENSSL_NPN_NO_OVERLAP; +- +- found: +- *out = (unsigned char *)result + 1; +- *outlen = result[0]; +- return status; ++ /* ++ * There's no overlap between our protocols and the server's list. We use ++ * the default opportunistic protocol selected earlier ++ */ ++ return OPENSSL_NPN_NO_OVERLAP; + } + + #ifndef OPENSSL_NO_NEXTPROTONEG +Index: openssl-1.1.1w/ssl/statem/extensions_clnt.c +=================================================================== +--- openssl-1.1.1w.orig/ssl/statem/extensions_clnt.c ++++ openssl-1.1.1w/ssl/statem/extensions_clnt.c +@@ -1599,7 +1599,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *p + PACKET_data(pkt), + PACKET_remaining(pkt), + s->ctx->ext.npn_select_cb_arg) != +- SSL_TLSEXT_ERR_OK) { ++ SSL_TLSEXT_ERR_OK ++ || selected_len == 0) { + SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN, + SSL_R_BAD_EXTENSION); + return 0; +@@ -1630,6 +1631,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET * + size_t chainidx) + { + size_t len; ++ PACKET confpkt, protpkt; ++ int valid = 0; + + /* We must have requested it. */ + if (!s->s3->alpn_sent) { +@@ -1650,6 +1653,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET * + SSL_R_BAD_EXTENSION); + return 0; + } ++ ++ /* It must be a protocol that we sent */ ++ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) { ++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ++ ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) { ++ if (PACKET_remaining(&protpkt) != len) ++ continue; ++ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) { ++ /* Valid protocol found */ ++ valid = 1; ++ break; ++ } ++ } ++ ++ if (!valid) { ++ /* The protocol sent from the server does not match one we advertised */ ++ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, ++ SSL_R_BAD_EXTENSION); ++ return 0; ++ } ++ + OPENSSL_free(s->s3->alpn_selected); + s->s3->alpn_selected = OPENSSL_malloc(len); + if (s->s3->alpn_selected == NULL) { +Index: openssl-1.1.1w/doc/man3/SSL_CTX_set_alpn_select_cb.pod +=================================================================== +--- openssl-1.1.1w.orig/doc/man3/SSL_CTX_set_alpn_select_cb.pod ++++ openssl-1.1.1w/doc/man3/SSL_CTX_set_alpn_select_cb.pod +@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_sel + SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to + set the list of protocols available to be negotiated. The B must be in + protocol-list format, described below. The length of B is specified in +-B. ++B. Setting B to 0 clears any existing list of ALPN ++protocols and no ALPN extension will be sent to the server. + + SSL_CTX_set_alpn_select_cb() sets the application callback B used by a + server to select which protocol to use for the incoming connection. When B +@@ -73,9 +74,16 @@ B and B, B, B list that + matches an item in the B, B list is selected, and returned + in B, B. The B value will point into either B or +-B, so it should be copied immediately. If no match is found, the first +-item in B, B is returned in B, B. This +-function can also be used in the NPN callback. ++B, so it should be copied immediately. The client list must include at ++least one valid (nonempty) protocol entry in the list. ++ ++The SSL_select_next_proto() helper function can be useful from either the ALPN ++callback or the NPN callback (described below). If no match is found, the first ++item in B, B is returned in B, B and ++B is returned. This can be useful when implementating ++the NPN callback. In the ALPN case, the value returned in B and B ++must be ignored if B has been returned from ++SSL_select_next_proto(). + + SSL_CTX_set_next_proto_select_cb() sets a callback B that is called when a + client needs to select a protocol from the server's provided list, and a +@@ -85,9 +93,10 @@ must be set to point to the selected pro + The length of the protocol name must be written into B. The + server's advertised protocols are provided in B and B. The + callback can assume that B is syntactically valid. The client must +-select a protocol. It is fatal to the connection if this callback returns +-a value other than B. The B parameter is the pointer +-set via SSL_CTX_set_next_proto_select_cb(). ++select a protocol (although it may be an empty, zero length protocol). It is ++fatal to the connection if this callback returns a value other than ++B or if the zero length protocol is selected. The B ++parameter is the pointer set via SSL_CTX_set_next_proto_select_cb(). + + SSL_CTX_set_next_protos_advertised_cb() sets a callback B that is called + when a TLS server needs a list of supported protocols for Next Protocol +@@ -149,7 +158,8 @@ A match was found and is returned in B, B is returned in +-B, B. ++B, B (or B and 0 in the case where the first entry in ++B is invalid). + + =back + +Index: openssl-1.1.1w/ssl/statem/extensions_srvr.c +=================================================================== +--- openssl-1.1.1w.orig/ssl/statem/extensions_srvr.c ++++ openssl-1.1.1w/ssl/statem/extensions_srvr.c +@@ -1558,9 +1558,10 @@ EXT_RETURN tls_construct_stoc_next_proto + return EXT_RETURN_FAIL; + } + s->s3->npn_seen = 1; ++ return EXT_RETURN_SENT; + } + +- return EXT_RETURN_SENT; ++ return EXT_RETURN_NOT_SENT; + } + #endif +