diff --git a/SOURCES/openssl-1.0.2k-cve-2023-0286-X400.patch b/SOURCES/openssl-1.0.2k-cve-2023-0286-X400.patch new file mode 100644 index 0000000..fa4681a --- /dev/null +++ b/SOURCES/openssl-1.0.2k-cve-2023-0286-X400.patch @@ -0,0 +1,63 @@ +From 2f7530077e0ef79d98718138716bc51ca0cad658 Mon Sep 17 00:00:00 2001 +From: Hugo Landau +Date: Tue, 17 Jan 2023 17:45:42 +0000 +Subject: [PATCH 14/18] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address + (3.0) + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +--- + CHANGES.md | 19 +++++++++++++++++++ + crypto/x509/v3_genn.c | 2 +- + include/openssl/x509v3.h.in | 2 +- + test/v3nametest.c | 8 ++++++++ + 4 files changed, 29 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/v3_genn.c b/crypto/x509/v3_genn.c +index c0a7166cd0..1741c2d2f6 100644 +--- a/crypto/x509v3/v3_genn.c ++++ b/crypto/x509v3/v3_genn.c +@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b) + return -1; + switch (a->type) { + case GEN_X400: +- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address); + break; + + case GEN_EDIPARTY: +diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h +index d00a66a343..c087e3cf92 100644 +--- a/crypto/x509v3/x509v3.h ++++ b/crypto/x509v3/x509v3.h +@@ -154,7 +154,7 @@ typedef struct GENERAL_NAME_st { + OTHERNAME *otherName; /* otherName */ + ASN1_IA5STRING *rfc822Name; + ASN1_IA5STRING *dNSName; +- ASN1_TYPE *x400Address; ++ ASN1_STRING *x400Address; + X509_NAME *directoryName; + EDIPARTYNAME *ediPartyName; + ASN1_IA5STRING *uniformResourceIdentifier; +diff --git a/crypto/x509v3/v3nametest.c b/crypto/x509v3/v3nametest.c +index 6d2e2f8e27..0341995dde 100644 +--- a/crypto/x509v3/v3nametest.c ++++ b/crypto/x509v3/v3nametest.c +@@ -644,6 +644,14 @@ static struct gennamedata { + 0xb7, 0x09, 0x02, 0x02 + }, + 15 ++ }, { ++ /* ++ * Regression test for CVE-2023-0286. ++ */ ++ { ++ 0xa3, 0x00 ++ }, ++ 2 + } + }; + +-- +2.39.1 + diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 3c55950..490910d 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2k -Release: 25%{?dist} +Release: 26%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -115,6 +115,7 @@ Patch113: openssl-1.0.2k-cve-2021-23840.patch Patch114: openssl-1.0.2k-cve-2021-23841.patch Patch115: openssl-1.0.2k-cve-2021-3712.patch Patch116: openssl-1.0.2k-cve-2022-0778.patch +Patch117: openssl-1.0.2k-cve-2023-0286-X400.patch License: OpenSSL Group: System Environment/Libraries @@ -262,6 +263,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch114 -p1 -b .null-hash-deref %patch115 -p1 -b .read-buff %patch116 -p1 -b .cve-2022-0778 +%patch117 -p1 -b .cve-2023-0286 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -561,6 +563,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Fri Mar 10 2023 Dmitry Belyavskiy - 1:1.0.2k-26 +- Fixes CVE-2023-0286 X.400 address type confusion in X.509 GeneralName +- Resolves: rhbz#2176790 + * Wed Mar 23 2022 Dmitry Belyavskiy - 1:1.0.2k-25 - Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Related: rhbz#2067160