diff --git a/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch b/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch new file mode 100644 index 0000000..cd7ee4c --- /dev/null +++ b/SOURCES/openssl-pkcs11-0.4.10-fix-memory-leak.patch @@ -0,0 +1,105 @@ +From 66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782 Mon Sep 17 00:00:00 2001 +From: Michal Trojnara +Date: Fri, 28 Feb 2020 05:42:47 +0100 +Subject: [PATCH] Revert "fix use-after-free on PKCS11_pkey_meths." + +This reverts commit e64496a198d4d2eb0310a22dc21be8b81367d319. + +Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/66ebbaac74a1f6f1960ea1049eb8e75ebbdf9782] +--- + src/p11_pkey.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/p11_pkey.c b/src/p11_pkey.c +index 8df45abd..4ed98f65 100644 +--- a/src/p11_pkey.c ++++ b/src/p11_pkey.c +@@ -673,8 +673,8 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, + EVP_PKEY_EC, + 0 + }; +- EVP_PKEY_METHOD *pkey_method_rsa = NULL; +- EVP_PKEY_METHOD *pkey_method_ec = NULL; ++ static EVP_PKEY_METHOD *pkey_method_rsa = NULL; ++ static EVP_PKEY_METHOD *pkey_method_ec = NULL; + + (void)e; /* squash the unused parameter warning */ + /* all PKCS#11 engines currently share the same pkey_meths */ +@@ -687,14 +687,16 @@ int PKCS11_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth, + /* get the EVP_PKEY_METHOD */ + switch (nid) { + case EVP_PKEY_RSA: +- pkey_method_rsa = pkcs11_pkey_method_rsa(); ++ if (!pkey_method_rsa) ++ pkey_method_rsa = pkcs11_pkey_method_rsa(); + if (pkey_method_rsa == NULL) + return 0; + *pmeth = pkey_method_rsa; + return 1; /* success */ + #ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: +- pkey_method_ec = pkcs11_pkey_method_ec(); ++ if (!pkey_method_ec) ++ pkey_method_ec = pkcs11_pkey_method_ec(); + if (pkey_method_ec == NULL) + return 0; + *pmeth = pkey_method_ec; + +From 5aa56b4ac45655aab20bd49bb918e649875b0f4d Mon Sep 17 00:00:00 2001 +From: Michal Trojnara +Date: Fri, 28 Feb 2020 07:09:42 +0100 +Subject: [PATCH] Disable EVP_PKEY_FLAG_DYNAMIC + +Fixes #328 + +Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/5aa56b4ac45655aab20bd49bb918e649875b0f4d] +--- + src/p11_pkey.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/src/p11_pkey.c b/src/p11_pkey.c +index 4ed98f65..4e0956bf 100644 +--- a/src/p11_pkey.c ++++ b/src/p11_pkey.c +@@ -36,7 +36,6 @@ static int (*orig_pkey_ec_sign) (EVP_PKEY_CTX *ctx, + const unsigned char *tbs, size_t tbslen); + #endif /* OPENSSL_NO_EC */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + struct evp_pkey_method_st { + int pkey_id; + int flags; +@@ -75,6 +74,9 @@ struct evp_pkey_method_st { + int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); + int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); + } /* EVP_PKEY_METHOD */ ; ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#define EVP_PKEY_FLAG_DYNAMIC 1 + #endif + + #if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) +@@ -516,6 +518,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_rsa() + new_meth = EVP_PKEY_meth_new(EVP_PKEY_RSA, + EVP_PKEY_FLAG_AUTOARGLEN); + ++#ifdef EVP_PKEY_FLAG_DYNAMIC ++ /* do not allow OpenSSL to free this object */ ++ new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC; ++#endif ++ + EVP_PKEY_meth_copy(new_meth, orig_meth); + + EVP_PKEY_meth_set_sign(new_meth, +@@ -655,6 +662,11 @@ static EVP_PKEY_METHOD *pkcs11_pkey_method_ec() + new_meth = EVP_PKEY_meth_new(EVP_PKEY_EC, + EVP_PKEY_FLAG_AUTOARGLEN); + ++#ifdef EVP_PKEY_FLAG_DYNAMIC ++ /* do not allow OpenSSL to free this object */ ++ new_meth->flags &= ~EVP_PKEY_FLAG_DYNAMIC; ++#endif ++ + EVP_PKEY_meth_copy(new_meth, orig_meth); + + EVP_PKEY_meth_set_sign(new_meth, diff --git a/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch b/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch new file mode 100644 index 0000000..cbe81a4 --- /dev/null +++ b/SOURCES/openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch @@ -0,0 +1,38 @@ +From d2f900a51de27f2d9229b0ae785c02ac272bd525 Mon Sep 17 00:00:00 2001 +From: Mateusz Kwiatkowski +Date: Thu, 10 Sep 2020 15:47:41 +0200 +Subject: [PATCH] Fix potential leak in RSA method + +Upstream-Status: Backport [https://github.com/OpenSC/libp11/commit/5caa2779762c3d760f33b70cd9e1f70f15f3ea57] +--- + src/p11_rsa.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/p11_rsa.c b/src/p11_rsa.c +index 221513c7..b6beef0b 100644 +--- a/src/p11_rsa.c ++++ b/src/p11_rsa.c +@@ -352,6 +352,11 @@ int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth)) + return meth->rsa_priv_dec; + } + ++static int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa) ++{ ++ return meth->finish; ++} ++ + #endif + + static int pkcs11_rsa_priv_dec_method(int flen, const unsigned char *from, +@@ -383,6 +388,11 @@ static int pkcs11_rsa_priv_enc_method(int flen, const unsigned char *from, + static int pkcs11_rsa_free_method(RSA *rsa) + { + RSA_set_ex_data(rsa, rsa_ex_index, NULL); ++ int (*orig_rsa_free_method)(RSA *rsa) = ++ RSA_meth_get_finish(RSA_get_default_method()); ++ if (orig_rsa_free_method) { ++ return orig_rsa_free_method(rsa); ++ } + return 1; + } + diff --git a/SPECS/openssl-pkcs11.spec b/SPECS/openssl-pkcs11.spec index d16f40d..8c094f5 100644 --- a/SPECS/openssl-pkcs11.spec +++ b/SPECS/openssl-pkcs11.spec @@ -1,5 +1,5 @@ Version: 0.4.10 -Release: 2%{?dist} +Release: 3%{?dist} # Define the directory where the OpenSSL engines are installed %global enginesdir %{_libdir}/engines-1.1 @@ -14,6 +14,8 @@ Source0: https://github.com/OpenSC/libp11/releases/download/libp11-%{vers Patch0: openssl-pkcs11-0.4.10-small-bug-fixes.patch Patch1: openssl-pkcs11-0.4.10-search-objects-in-all-matching-tokens.patch Patch2: openssl-pkcs11-0.4.10-set-rsa-fips-method-flag.patch +Patch3: openssl-pkcs11-0.4.10-fix-memory-leak.patch +Patch4: openssl-pkcs11-0.4.10-fix-potential-leak-in-rsa-method.patch BuildRequires: autoconf automake libtool BuildRequires: openssl-devel @@ -113,6 +115,10 @@ make check %{?_smp_mflags} || if [ $? -ne 0 ]; then cat tests/*.log; exit 1; fi; %endif %changelog +* Mon Jan 09 2023 Clemens Lang - 0.4.10-3 +- Fix memory leak in PKCS11_pkey_meths (#2097690) +- Fix memory leak in RSA method (#2097690) + * Thu Nov 28 2019 Anderson Sasaki - 0.4.10-2 - Set RSA_FLAG_FIPS_METHOD for RSA methods (#1777892)