Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> openssl-CVE-2020-1971.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File openssl-CVE-2020-1971.patch of Package openssl1
Index: openssl-1.0.1g/crypto/asn1/asn1_err.c =================================================================== --- openssl-1.0.1g.orig/crypto/asn1/asn1_err.c 2020-12-08 13:01:23.106030428 +0100 +++ openssl-1.0.1g/crypto/asn1/asn1_err.c 2020-12-08 13:02:11.946313686 +0100 @@ -86,6 +86,7 @@ static ERR_STRING_DATA ASN1_str_functs[] {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"}, {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"}, {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"}, +{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_I2D), "ASN1_item_ex_i2d"}, {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"}, {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"}, {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"}, @@ -202,6 +203,7 @@ static ERR_STRING_DATA ASN1_str_reasons[ {ERR_REASON(ASN1_R_AUX_ERROR) ,"aux error"}, {ERR_REASON(ASN1_R_BAD_CLASS) ,"bad class"}, {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) ,"bad object header"}, +{ERR_REASON(ASN1_R_BAD_TEMPLATE), "bad template"}, {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) ,"bad password read"}, {ERR_REASON(ASN1_R_BAD_TAG) ,"bad tag"}, {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"}, Index: openssl-1.0.1g/crypto/asn1/tasn_dec.c =================================================================== --- openssl-1.0.1g.orig/crypto/asn1/tasn_dec.c 2020-12-08 13:01:23.106030428 +0100 +++ openssl-1.0.1g/crypto/asn1/tasn_dec.c 2020-12-08 13:03:48.082871250 +0100 @@ -215,6 +215,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + p = *in; /* Just read in tag and class */ ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, @@ -323,6 +332,15 @@ static int asn1_item_ex_d2i(ASN1_VALUE * case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_BAD_TEMPLATE); + goto err; + } + if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) goto auxerr; Index: openssl-1.0.1g/crypto/asn1/tasn_enc.c =================================================================== --- openssl-1.0.1g.orig/crypto/asn1/tasn_enc.c 2020-12-08 13:01:23.106030428 +0100 +++ openssl-1.0.1g/crypto/asn1/tasn_enc.c 2020-12-08 13:04:31.443122726 +0100 @@ -155,9 +155,25 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, break; case ASN1_ITYPE_MSTRING: + /* + * It never makes sense for multi-strings to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); case ASN1_ITYPE_CHOICE: + /* + * It never makes sense for CHOICE types to have implicit tagging, so + * if tag != -1, then this looks like an error in the template. + */ + if (tag != -1) { + ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + return -1; + } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; i = asn1_get_choice_selector(pval, it); Index: openssl-1.0.1g/crypto/x509v3/v3_genn.c =================================================================== --- openssl-1.0.1g.orig/crypto/x509v3/v3_genn.c 2020-12-08 13:01:23.106030428 +0100 +++ openssl-1.0.1g/crypto/x509v3/v3_genn.c 2020-12-08 13:12:42.446045171 +0100 @@ -72,8 +72,9 @@ ASN1_SEQUENCE(OTHERNAME) = { IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) ASN1_SEQUENCE(EDIPARTYNAME) = { - ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), - ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) + /* DirectoryString is a CHOICE type so use explicit tagging */ + ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), + ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) } ASN1_SEQUENCE_END(EDIPARTYNAME) IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) @@ -107,6 +108,37 @@ GENERAL_NAME *GENERAL_NAME_dup(GENERAL_N (char *) a); } +static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b) +{ + int res; + + if (a == NULL || b == NULL) { + /* + * Shouldn't be possible in a valid GENERAL_NAME, but we handle it + * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here + */ + return -1; + } + if (a->nameAssigner == NULL && b->nameAssigner != NULL) + return -1; + if (a->nameAssigner != NULL && b->nameAssigner == NULL) + return 1; + /* If we get here then both have nameAssigner set, or both unset */ + if (a->nameAssigner != NULL) { + res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner); + if (res != 0) + return res; + } + /* + * partyName is required, so these should never be NULL. We treat it in + * the same way as the a == NULL || b == NULL case above + */ + if (a->partyName == NULL || b->partyName == NULL) + return -1; + + return ASN1_STRING_cmp(a->partyName, b->partyName); +} + /* Returns 0 if they are equal, != 0 otherwise. */ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) { @@ -116,8 +148,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GE switch(a->type) { case GEN_X400: + result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + break; + case GEN_EDIPARTY: - result = ASN1_TYPE_cmp(a->d.other, b->d.other); + result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName); break; case GEN_OTHERNAME: @@ -164,8 +199,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAM switch(type) { case GEN_X400: + a->d.x400Address = value; + break; + case GEN_EDIPARTY: - a->d.other = value; + a->d.ediPartyName = value; break; case GEN_OTHERNAME: @@ -200,8 +238,9 @@ void *GENERAL_NAME_get0_value(GENERAL_NA switch(a->type) { case GEN_X400: + return a->d.x400Address; case GEN_EDIPARTY: - return a->d.other; + return a->d.ediPartyName; case GEN_OTHERNAME: return a->d.otherName; Index: openssl-1.0.1g/crypto/asn1/asn1.h =================================================================== --- openssl-1.0.1g.orig/crypto/asn1/asn1.h 2020-12-08 13:01:23.106030428 +0100 +++ openssl-1.0.1g/crypto/asn1/asn1.h 2020-12-08 13:13:46.942431670 +0100 @@ -1187,6 +1187,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_F_ASN1_INTEGER_TO_BN 119 #define ASN1_F_ASN1_ITEM_D2I_FP 206 #define ASN1_F_ASN1_ITEM_DUP 191 +# define ASN1_F_ASN1_ITEM_EX_I2D 144 #define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121 #define ASN1_F_ASN1_ITEM_EX_D2I 120 #define ASN1_F_ASN1_ITEM_I2D_BIO 192 @@ -1285,6 +1286,7 @@ void ERR_load_ASN1_strings(void); #define ASN1_R_AUX_ERROR 100 #define ASN1_R_BAD_CLASS 101 #define ASN1_R_BAD_OBJECT_HEADER 102 +# define ASN1_R_BAD_TEMPLATE 230 #define ASN1_R_BAD_PASSWORD_READ 103 #define ASN1_R_BAD_TAG 104 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214