Merge pull request #593 from dongbeiouba/fix84/cve34

Fix coverity issues and CVEs, cherry-pick from master

.github/workflows/ci.yml

@@ -113,7 +113,11 @@ jobs:
   non-caching:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
     - name: make
@@ -124,7 +128,11 @@ jobs:
   address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-bn-method enable-delegated-credential -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -135,7 +143,11 @@ jobs:
   ntls_address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -146,7 +158,11 @@ jobs:
   memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-delegated-credential enable-bn-method && perl configdata.pm --dump
@@ -158,7 +174,11 @@ jobs:
   ntls_memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls && perl configdata.pm --dump
@@ -170,7 +190,11 @@ jobs:
   threads_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
     - name: make
@@ -268,7 +292,11 @@ jobs:
   EC_POINTs_api_test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Adjust ASLR for sanitizer
+        run: |
+          sudo cat /proc/sys/vm/mmap_rnd_bits
+          sudo sysctl -w vm.mmap_rnd_bits=28
       - name: config
         run: ./config --strict-warnings --debug --api=1.1.1 enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic no-fips enable-engine enable-dynamic-engine no-deprecated && perl configdata.pm --dump
       - name: make

.github/workflows/fuzz-checker.yml

@@ -45,8 +45,11 @@ jobs:
       run: |
         sudo apt-get update
         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
-    - uses: actions/checkout@v2
-
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: |
         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \

.github/workflows/run-checker-merge.yml

@@ -29,7 +29,11 @@ jobs:
         ]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
     - name: config dump

CHANGES

@@ -4,6 +4,12 @@
 
  Changes between 8.4.0 and 8.4.1 [xx XXX xxxx]
 
+  *) 修复CVE-2024-0727
+
+  *) 修复CVE-2023-6237
+
+  *) 修复CVE-2023-6129
+
   *) 修复TLS1.3中X25519握手失败问题
 
  Changes between 8.3.0 and 8.4.0 [15 Dec 2023]

apps/openssl.cnf

@@ -388,3 +388,10 @@ oldcert = $insta::certout # insta.cert.pem
 # Certificate revocation
 cmd = rr
 oldcert = $insta::certout # insta.cert.pem
+
+[pkcs12]
+certBagAttr = cb_attr
+
+# Uncomment this if you need Java compatible PKCS12 files
+[cb_attr]
+#jdkTrustedKeyUsage = anyExtendedKeyUsage

apps/pkcs12.c

@@ -14,6 +14,8 @@
 #include <string.h>
 #include "apps.h"
 #include "progs.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
@@ -53,6 +55,7 @@ void hex_prin(BIO *out, unsigned char *buf, int len);
 static int alg_print(const X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
 static int set_pbe(int *ppbe, const char *str);
+static int jdk_trust(PKCS12_SAFEBAG *bag, void *cbarg);
 
 typedef enum OPTION_choice {
     OPT_COMMON,
@@ -512,6 +515,11 @@ int pkcs12_main(int argc, char **argv)
         EVP_MD *macmd = NULL;
         unsigned char *catmp = NULL;
         int i;
+        CONF *conf = NULL;
+        ASN1_OBJECT *obj = NULL;
+        STACK_OF(CONF_VALUE) *cb_sk = NULL;
+        const char *cb_attr = NULL;
+        const CONF_VALUE *val = NULL;
 
         if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
             BIO_printf(bio_err, "Nothing to export due to -noout or -nocerts and -nokeys\n");
@@ -656,9 +664,30 @@ int pkcs12_main(int argc, char **argv)
         if (!twopass)
             OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
 
-        p12 = PKCS12_create_ex(cpass, name, key, ee_cert, certs,
-                               key_pbe, cert_pbe, iter, -1, keytype,
-                               app_get0_libctx(), app_get0_propq());
+        /* Load the config file */
+        if ((conf = app_load_config(default_config_file)) == NULL)
+            goto export_end;
+        if (!app_load_modules(conf))
+            goto export_end;
+        /* Find the cert bag section */
+        if ((cb_attr = NCONF_get_string(conf, "pkcs12", "certBagAttr")) != NULL) {
+            if ((cb_sk = NCONF_get_section(conf, cb_attr)) != NULL) {
+                for (i = 0; i < sk_CONF_VALUE_num(cb_sk); i++) {
+                    val = sk_CONF_VALUE_value(cb_sk, i);
+                    if (strcmp(val->name, "jdkTrustedKeyUsage") == 0)
+                        obj = OBJ_txt2obj(val->value, 0);
+                }
+            } else {
+                ERR_clear_error();
+            }
+        } else {
+            ERR_clear_error();
+        }
+
+        p12 = PKCS12_create_ex2(cpass, name, key, ee_cert, certs,
+                                key_pbe, cert_pbe, iter, -1, keytype,
+                                app_get0_libctx(), app_get0_propq(),
+                                jdk_trust, (void*)obj);
 
         if (p12 == NULL) {
             BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n",
@@ -695,7 +724,8 @@ int pkcs12_main(int argc, char **argv)
         sk_X509_pop_free(certs, X509_free);
         sk_X509_pop_free(untrusted_certs, X509_free);
         X509_free(ee_cert);
-
+        NCONF_free(conf);
+        ASN1_OBJECT_free(obj);
         ERR_print_errors(bio_err);
         goto end;
 
@@ -825,6 +855,31 @@ int pkcs12_main(int argc, char **argv)
     return ret;
 }
 
+static int jdk_trust(PKCS12_SAFEBAG *bag, void *cbarg)
+{
+    STACK_OF(X509_ATTRIBUTE) *attrs = NULL;
+    X509_ATTRIBUTE *attr = NULL;
+
+    /* Nothing to do */
+    if (cbarg == NULL)
+        return 1;
+
+    /* Get the current attrs */
+    attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
+
+    /* Create a new attr for the JDK Trusted Usage and add it */
+    attr = X509_ATTRIBUTE_create(NID_oracle_jdk_trustedkeyusage, V_ASN1_OBJECT, (ASN1_OBJECT*)cbarg);
+
+    /* Add the new attr, if attrs is NULL, it'll be initialised */
+    X509at_add1_attr(&attrs, attr);
+
+    /* Set the bag attrs */
+    PKCS12_SAFEBAG_set0_attrs(bag, attrs);
+
+    X509_ATTRIBUTE_free(attr);
+    return 1;
+}
+
 int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
                         int passlen, int options, char *pempass,
                         const EVP_CIPHER *enc)
@@ -1124,6 +1179,8 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 void print_attribute(BIO *out, const ASN1_TYPE *av)
 {
     char *value;
+    const char *ln;
+    char objbuf[80];
 
     switch (av->type) {
     case V_ASN1_BMPSTRING:
@@ -1150,6 +1207,15 @@ void print_attribute(BIO *out, const ASN1_TYPE *av)
         BIO_printf(out, "\n");
         break;
 
+    case V_ASN1_OBJECT:
+        ln = OBJ_nid2ln(OBJ_obj2nid(av->value.object));
+        if (!ln)
+            ln = "";
+        OBJ_obj2txt(objbuf, sizeof(objbuf), av->value.object, 1);
+        BIO_printf(out, "%s (%s)", ln, objbuf);
+        BIO_printf(out, "\n");
+        break;
+
     default:
         BIO_printf(out, "<Unsupported tag %d>\n", av->type);
         break;

crypto/asn1/asn_pack.c

@@ -60,3 +60,16 @@ void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
         ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
     return ret;
 }
+
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq)
+{
+    const unsigned char *p;
+    void *ret;
+
+    p = oct->data;
+    if ((ret = ASN1_item_d2i_ex(NULL, &p, oct->length, it,\
+                                libctx, propq)) == NULL)
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
+    return ret;
+}

crypto/dh/dh_check.c

@@ -282,22 +282,43 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
     two_powN = BN_new();
     if (two_powN == NULL)
         return 0;
-    if (dh->params.q == NULL)
-        goto err;
-    upper = dh->params.q;
+
+    if (dh->params.q != NULL) {
+        upper = dh->params.q;
+#ifndef FIPS_MODULE
+    } else if (dh->params.p != NULL) {
+        /*
+         * We do not have q so we just check the key is within some
+         * reasonable range, or the number of bits is equal to dh->length.
+         */
+        int length = dh->length;
+
+        if (length == 0) {
+            length = BN_num_bits(dh->params.p) - 1;
+            if (BN_num_bits(priv_key) <= length
+                && BN_num_bits(priv_key) > 1)
+                ok = 1;
+        } else if (BN_num_bits(priv_key) == length) {
+            ok = 1;
+        }
+        goto end;
+#endif
+    } else {
+        goto end;
+    }
 
     /* Is it from an approved Safe prime group ?*/
     if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
         if (!BN_lshift(two_powN, BN_value_one(), dh->length))
-            goto err;
+            goto end;
         if (BN_cmp(two_powN, dh->params.q) < 0)
             upper = two_powN;
     }
     if (!ossl_ffc_validate_private_key(upper, priv_key, ret))
-        goto err;
+        goto end;
 
     ok = 1;
-err:
+end:
     BN_free(two_powN);
     return ok;
 }

crypto/ec/ec_elgamal_crypt.c

@@ -50,7 +50,7 @@ EC_ELGAMAL_CTX *EC_ELGAMAL_CTX_new(EC_KEY *key, const EC_POINT *h, int32_t flag)
 
         if (h != NULL) {
             if (!(ctx->h = EC_POINT_dup(h, key->group)))
-                return 0;
+                goto err;
         } else {
             ctx->h = EC_POINT_new(key->group);
             if (ctx->h == NULL) {

crypto/ec/ecp_nistp521.c

@@ -2148,8 +2148,10 @@ int ossl_ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
     generator = EC_POINT_new(group);
     if (generator == NULL)
         goto err;
-    BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
-    BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
+    if (BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x) == NULL)
+        goto err;
+    if (BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y) == NULL)
+        goto err;
     if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
         goto err;
     if ((pre = nistp521_pre_comp_new()) == NULL)

crypto/err/openssl.txt

@@ -888,6 +888,7 @@ PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
 PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
 PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
 PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
+PKCS12_R_CALLBACK_FAILED:115:callback failed
 PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
 PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
 PKCS12_R_DECODE_ERROR:101:decode error