diff --git a/security/openssl/Makefile b/security/openssl/Makefile index a3da4fe2a89d..bd06e4c9cd84 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,170 +1,170 @@ PORTNAME= openssl PORTVERSION= 1.1.1t -PORTREVISION= 1 +PORTREVISION= 2 PORTEPOCH= 1 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ MAINTAINER= brnrd@FreeBSD.org COMMENT= TLSv1.3 capable SSL and crypto library WWW= https://www.openssl.org/ LICENSE= OpenSSL LICENSE_FILE= ${WRKSRC}/LICENSE CONFLICTS_INSTALL= boringssl libressl libressl-devel openssl3[01] openssl-quictls HAS_CONFIGURE= yes CONFIGURE_SCRIPT= config CONFIGURE_ENV= PERL="${PERL}" CONFIGURE_ARGS= --openssldir=${OPENSSLDIR} \ --prefix=${PREFIX} USES= cpe perl5 USE_PERL5= build TEST_TARGET= test LDFLAGS_i386= -Wl,-znotext MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive CNF_LDFLAGS="${LDFLAGS}" MAKE_ENV+= LIBRPATH="${PREFIX}/lib" GREP_OPTIONS= OPTIONS_GROUP= CIPHERS HASHES OPTIMIZE PROTOCOLS OPTIONS_GROUP_CIPHERS= ARIA DES GOST IDEA SM4 RC2 RC4 RC5 WEAK-SSL-CIPHERS OPTIONS_GROUP_HASHES= MD2 MD4 MDC2 RMD160 SM2 SM3 OPTIONS_GROUP_OPTIMIZE= ASM SSE2 THREADS OPTIONS_DEFINE_i386= I386 OPTIONS_GROUP_PROTOCOLS=NEXTPROTONEG SCTP SSL3 TLS1 TLS1_1 TLS1_2 OPTIONS_DEFINE= ASYNC CRYPTODEV CT KTLS MAN3 RFC3779 SHARED ZLIB OPTIONS_DEFAULT=ASM ASYNC CT GOST DES EC KTLS MAN3 MD4 NEXTPROTONEG RC2 \ RC4 RMD160 SCTP SHARED SSE2 THREADS TLS1 TLS1_1 TLS1_2 OPTIONS_EXCLUDE=${${OSVERSION} < 1300042:?KTLS:} \ ${${OSVERSION} > 1300000:?CRYPTODEV:} OPTIONS_GROUP_OPTIMIZE_amd64= EC .if ${MACHINE_ARCH} == "amd64" OPTIONS_GROUP_OPTIMIZE+= EC .elif ${MACHINE_ARCH} == "mips64el" OPTIONS_GROUP_OPTIMIZE+= EC .endif OPTIONS_SUB= yes ARIA_DESC= ARIA (South Korean standard) ASM_DESC= Assembler code ASYNC_DESC= Asynchronous mode CIPHERS_DESC= Block Cipher Support CRYPTODEV_DESC= /dev/crypto support CT_DESC= Certificate Transparency Support DES_DESC= (Triple) Data Encryption Standard EC_DESC= Optimize NIST elliptic curves GOST_DESC= GOST (Russian standard) HASHES_DESC= Hash Function Support I386_DESC= i386 (instead of i486+) IDEA_DESC= International Data Encryption Algorithm KTLS_DESC= Kernel TLS offload MAN3_DESC= Install API manpages (section 3, 7) MD2_DESC= MD2 (obsolete) MD4_DESC= MD4 (unsafe) MDC2_DESC= MDC-2 (patented, requires DES) NEXTPROTONEG_DESC= Next Protocol Negotiation (SPDY) OPTIMIZE_DESC= Optimizations PROTOCOLS_DESC= Protocol Support RC2_DESC= RC2 (unsafe) RC4_DESC= RC4 (unsafe) RC5_DESC= RC5 (patented) RMD160_DESC= RIPEMD-160 RFC3779_DESC= RFC3779 support (BGP) SCTP_DESC= SCTP (Stream Control Transmission) SHARED_DESC= Build shared libraries SM2_DESC= SM2 Elliptic Curve DH (Chinese standard) SM3_DESC= SM3 256bit (Chinese standard) SM4_DESC= SM4 128bit (Chinese standard) SSE2_DESC= Runtime SSE2 detection SSL3_DESC= SSLv3 (unsafe) TLS1_DESC= TLSv1.0 (requires TLS1_1, TLS1_2) TLS1_1_DESC= TLSv1.1 (requires TLS1_2) TLS1_2_DESC= TLSv1.2 WEAK-SSL-CIPHERS_DESC= Weak cipher support (unsafe) # Upstream default disabled options .for _option in ktls md2 rc5 sctp ssl3 zlib weak-ssl-ciphers ${_option:tu}_CONFIGURE_ON= enable-${_option} .endfor # Upstream default enabled options .for _option in aria asm async ct des gost idea md4 mdc2 nextprotoneg rc2 rc4 \ rfc3779 rmd160 shared sm2 sm3 sm4 sse2 threads tls1 tls1_1 tls1_2 ${_option:tu}_CONFIGURE_OFF= no-${_option} .endfor MDC2_IMPLIES= DES TLS1_IMPLIES= TLS1_1 TLS1_1_IMPLIES= TLS1_2 EC_CONFIGURE_ON= enable-ec_nistp_64_gcc_128 I386_CONFIGURE_ON= 386 KTLS_EXTRA_PATCHES= ${FILESDIR}/extra-patch-ktls MAN3_EXTRA_PATCHES_OFF= ${FILESDIR}/extra-patch-util_process__docs.pl SHARED_MAKE_ENV= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_PLIST_SUB= SHLIBVER=${OPENSSL_SHLIBVER} SHARED_USE= ldconfig=yes SSL3_CONFIGURE_ON+= enable-ssl3-method ZLIB_CONFIGURE_ON= zlib-dynamic .include .if ${PREFIX} == /usr IGNORE= the OpenSSL port can not be installed over the base version .endif .if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300000 && !${PORT_OPTIONS:MCRYPTODEV} CONFIGURE_ARGS+= no-devcryptoeng .endif OPENSSLDIR?= ${PREFIX}/openssl PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} .include "version.mk" .if ${PORT_OPTIONS:MASM} BROKEN_sparc64= option ASM generates illegal instructions .endif post-patch: ${REINPLACE_CMD} \ -e 's|^MANDIR=.*$$|MANDIR=$$(INSTALLTOP)/man|' \ -e 's| install_html_docs$$||' \ -e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \ ${WRKSRC}/Configurations/unix-Makefile.tmpl ${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Configurations/shared-info.pl post-configure: ${REINPLACE_CMD} \ -e 's|SHLIB_VERSION_NUMBER=1.1|SHLIB_VERSION_NUMBER=${OPENSSL_SHLIBVER}|' \ ${WRKSRC}/Makefile ${REINPLACE_CMD} \ -e 's|SHLIB_VERSION_NUMBER "1.1"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \ ${WRKSRC}/include/openssl/opensslv.h post-install-SHARED-on: .for i in libcrypto libssl ${INSTALL_LIB} ${WRKSRC}/$i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib ${LN} -sf $i.so.${OPENSSL_SHLIBVER} ${STAGEDIR}${PREFIX}/lib/$i.so .endfor .for i in capi padlock ${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/engines-1.1/${i}.so .endfor post-install: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl post-install-MAN3-on: ( cd ${STAGEDIR}/${PREFIX} ; ${FIND} man/man3 man/man7 -not -type d ) | \ ${SED} 's/$$/.gz/' >>${TMPPLIST} .include diff --git a/security/openssl/files/patch-CVE-2023-0464 b/security/openssl/files/patch-CVE-2023-0464 index d140070b8c6f..4eec12371299 100644 --- a/security/openssl/files/patch-CVE-2023-0464 +++ b/security/openssl/files/patch-CVE-2023-0464 @@ -1,219 +1,305 @@ From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 8 Mar 2023 15:28:20 +1100 Subject: [PATCH] x509: excessive resource use verifying policy constraints A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Fixes CVE-2023-0464 Reviewed-by: Tomas Mraz Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/20569) --- crypto/x509v3/pcy_local.h | 8 +++++++- crypto/x509v3/pcy_node.c | 12 +++++++++--- crypto/x509v3/pcy_tree.c | 37 +++++++++++++++++++++++++++---------- 3 files changed, 43 insertions(+), 14 deletions(-) diff --git a/crypto/x509v3/pcy_local.h b/crypto/x509v3/pcy_local.h index 5daf78de4585..344aa067659c 100644 --- crypto/x509v3/pcy_local.h.orig +++ crypto/x509v3/pcy_local.h @@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st { }; struct X509_POLICY_TREE_st { + /* The number of nodes in the tree */ + size_t node_count; + /* The maximum number of nodes in the tree */ + size_t node_maximum; + /* This is the tree 'level' data */ X509_POLICY_LEVEL *levels; int nlevel; @@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk, X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, X509_POLICY_DATA *data, X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree); + X509_POLICY_TREE *tree, + int extra_data); void policy_node_free(X509_POLICY_NODE *node); int policy_node_match(const X509_POLICY_LEVEL *lvl, const X509_POLICY_NODE *node, const ASN1_OBJECT *oid); diff --git a/crypto/x509v3/pcy_node.c b/crypto/x509v3/pcy_node.c index e2d7b1532236..d574fb9d665d 100644 --- crypto/x509v3/pcy_node.c.orig +++ crypto/x509v3/pcy_node.c @@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level, X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, X509_POLICY_DATA *data, X509_POLICY_NODE *parent, - X509_POLICY_TREE *tree) + X509_POLICY_TREE *tree, + int extra_data) { X509_POLICY_NODE *node; + /* Verify that the tree isn't too large. This mitigates CVE-2023-0464 */ + if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) + return NULL; + node = OPENSSL_zalloc(sizeof(*node)); if (node == NULL) { X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE); @@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } node->data = data; node->parent = parent; - if (level) { + if (level != NULL) { if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { if (level->anyPolicy) goto node_error; @@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } } - if (tree) { + if (extra_data) { if (tree->extra_data == NULL) tree->extra_data = sk_X509_POLICY_DATA_new_null(); if (tree->extra_data == NULL){ @@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level, } } + tree->node_count++; if (parent) parent->nchild++; diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c index 6e8322cbc5e3..6c7fd3540500 100644 --- crypto/x509v3/pcy_tree.c.orig +++ crypto/x509v3/pcy_tree.c @@ -13,6 +13,18 @@ #include "pcy_local.h" +/* + * If the maximum number of nodes in the policy tree isn't defined, set it to + * a generous default of 1000 nodes. + * + * Defining this to be zero means unlimited policy tree growth which opens the + * door on CVE-2023-0464. + */ + +#ifndef OPENSSL_POLICY_TREE_NODES_MAX +# define OPENSSL_POLICY_TREE_NODES_MAX 1000 +#endif + /* * Enable this to print out the complete policy tree at various point during * evaluation. @@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, return X509_PCY_TREE_INTERNAL; } + /* Limit the growth of the tree to mitigate CVE-2023-0464 */ + tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX; + /* * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3. * @@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, level = tree->levels; if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL) goto bad_tree; - if (level_add_node(level, data, NULL, tree) == NULL) { + if (level_add_node(level, data, NULL, tree, 1) == NULL) { policy_data_free(data); goto bad_tree; } @@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, * Return value: 1 on success, 0 otherwise */ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, - X509_POLICY_DATA *data) + X509_POLICY_DATA *data, + X509_POLICY_TREE *tree) { X509_POLICY_LEVEL *last = curr - 1; int i, matched = 0; @@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i); if (policy_node_match(last, node, data->valid_policy)) { - if (level_add_node(curr, data, node, NULL) == NULL) + if (level_add_node(curr, data, node, tree, 0) == NULL) return 0; matched = 1; } } if (!matched && last->anyPolicy) { - if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL) + if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL) return 0; } return 1; @@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr, * Return value: 1 on success, 0 otherwise. */ static int tree_link_nodes(X509_POLICY_LEVEL *curr, - const X509_POLICY_CACHE *cache) + const X509_POLICY_CACHE *cache, + X509_POLICY_TREE *tree) { int i; @@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr, X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i); /* Look for matching nodes in previous level */ - if (!tree_link_matching_nodes(curr, data)) + if (!tree_link_matching_nodes(curr, data, tree)) return 0; } return 1; @@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr, /* Curr may not have anyPolicy */ data->qualifier_set = cache->anyPolicy->qualifier_set; data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS; - if (level_add_node(curr, data, node, tree) == NULL) { + if (level_add_node(curr, data, node, tree, 1) == NULL) { policy_data_free(data); return 0; } @@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr, } /* Finally add link to anyPolicy */ if (last->anyPolicy && - level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL) + level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL) return 0; return 1; } @@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree, extra->qualifier_set = anyPolicy->data->qualifier_set; extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS | POLICY_DATA_FLAG_EXTRA_NODE; - node = level_add_node(NULL, extra, anyPolicy->parent, tree); + node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1); } if (!tree->user_policies) { tree->user_policies = sk_X509_POLICY_NODE_new_null(); @@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree) for (i = 1; i < tree->nlevel; i++, curr++) { cache = policy_cache_set(curr->cert); - if (!tree_link_nodes(curr, cache)) + if (!tree_link_nodes(curr, cache, tree)) return X509_PCY_TREE_INTERNAL; if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY) +From fd42c9126844f5eefa76872a1ffe5f529f8f75df Mon Sep 17 00:00:00 2001 +From: Richard Levitte +Date: Tue, 7 Feb 2023 14:37:22 +0100 +Subject: [PATCH] Prepare for 1.1.1u-dev + +Reviewed-by: Tomas Mraz +Release: yes +--- + CHANGES | 4 ++++ + NEWS | 4 ++++ + README | 2 +- + include/openssl/opensslv.h | 4 ++-- + 4 files changed, 11 insertions(+), 3 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 1e2d651b7514..f18b08cb0ee2 100644 +--- CHANGES.orig ++++ CHANGES +@@ -7,6 +7,10 @@ + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + ++ Changes between 1.1.1t and 1.1.1u [xx XXX xxxx] ++ ++ *) ++ + Changes between 1.1.1s and 1.1.1t [7 Feb 2023] + + *) Fixed X.400 address type confusion in X.509 GeneralName. +diff --git a/NEWS b/NEWS +index 2724fc4d85ba..8a18516d8609 100644 +--- NEWS.orig ++++ NEWS +@@ -5,6 +5,10 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + ++ Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [under development] ++ ++ o ++ + Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] + + o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) +diff --git a/README b/README +index b2f806be3a44..1957cf1f5515 100644 +--- README.orig ++++ README +@@ -1,5 +1,5 @@ + +- OpenSSL 1.1.1t 7 Feb 2023 ++ OpenSSL 1.1.1u-dev + + Copyright (c) 1998-2022 The OpenSSL Project + Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson +From fa425f20955c7948faed27f69ae4544f89c108ea Mon Sep 17 00:00:00 2001 +From: Pauli +Date: Wed, 15 Mar 2023 14:29:22 +1100 +Subject: [PATCH] changes: note about policy tree size limits and circumvention + +Reviewed-by: Tomas Mraz +Reviewed-by: Shane Lontis +(Merged from https://github.com/openssl/openssl/pull/20569) +--- + CHANGES | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/CHANGES b/CHANGES +index f18b08cb0ee2..17caf6775bfe 100644 +--- CHANGES.orig ++++ CHANGES +@@ -9,7 +9,13 @@ + + Changes between 1.1.1t and 1.1.1u [xx XXX xxxx] + +- *) ++ *) Limited the number of nodes created in a policy tree to mitigate ++ against CVE-2023-0464. The default limit is set to 1000 nodes, which ++ should be sufficient for most installations. If required, the limit ++ can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build ++ time define to a desired maximum number of nodes or zero to allow ++ unlimited growth. ++ [Paul Dale] + + Changes between 1.1.1s and 1.1.1t [7 Feb 2023] + diff --git a/security/openssl/files/patch-CVE-2023-0465 b/security/openssl/files/patch-CVE-2023-0465 new file mode 100644 index 000000000000..db4b01e81287 --- /dev/null +++ b/security/openssl/files/patch-CVE-2023-0465 @@ -0,0 +1,108 @@ +From 8bc232b14624b7af01801d7940b7dec59b3ae47d Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 23 Mar 2023 15:31:25 +0000 +Subject: [PATCH] Updated CHANGES and NEWS for CVE-2023-0465 + +Also updated the entries for CVE-2023-0464 + +Related-to: CVE-2023-0465 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/20588) +--- + CHANGES | 9 ++++++++- + NEWS | 4 +++- + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 17caf6775bfe..efccf7838e65 100644 +--- CHANGES.orig ++++ CHANGES +@@ -9,12 +9,19 @@ + + Changes between 1.1.1t and 1.1.1u [xx XXX xxxx] + ++ *) Fixed an issue where invalid certificate policies in leaf certificates are ++ silently ignored by OpenSSL and other certificate policy checks are skipped ++ for that certificate. A malicious CA could use this to deliberately assert ++ invalid certificate policies in order to circumvent policy checking on the ++ certificate altogether. (CVE-2023-0465) ++ [Matt Caswell] ++ + *) Limited the number of nodes created in a policy tree to mitigate + against CVE-2023-0464. The default limit is set to 1000 nodes, which + should be sufficient for most installations. If required, the limit + can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build + time define to a desired maximum number of nodes or zero to allow +- unlimited growth. ++ unlimited growth. (CVE-2023-0464) + [Paul Dale] + + Changes between 1.1.1s and 1.1.1t [7 Feb 2023] +diff --git a/NEWS b/NEWS +index 8a18516d8609..36a9bb6890bf 100644 +--- NEWS.orig ++++ NEWS +@@ -7,7 +7,9 @@ + + Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [under development] + +- o ++ o Fixed handling of invalid certificate policies in leaf certificates ++ (CVE-2023-0465) ++ o Limited the number of nodes created in a policy tree ([CVE-2023-0464]) + + Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023] + +From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/20588) +--- + crypto/x509/x509_vfy.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 925fbb541258..1dfe4f9f31a5 100644 +--- crypto/x509/x509_vfy.c.orig ++++ crypto/x509/x509_vfy.c +@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx) + } + /* Invalid or inconsistent extensions */ + if (ret == X509_PCY_TREE_INVALID) { +- int i; ++ int i, cbcalled = 0; + + /* Locate certificates with bad extensions and notify callback. */ +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + X509 *x = sk_X509_value(ctx->chain, i); + + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + if (!verify_cb_cert(ctx, x, i, + X509_V_ERR_INVALID_POLICY_EXTENSION)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == X509_PCY_TREE_FAILURE) { diff --git a/security/openssl/files/patch-CVE-2023-0466 b/security/openssl/files/patch-CVE-2023-0466 new file mode 100644 index 000000000000..f3635e6a8066 --- /dev/null +++ b/security/openssl/files/patch-CVE-2023-0466 @@ -0,0 +1,73 @@ +From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 21 Mar 2023 16:15:47 +0100 +Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() + +The function was incorrectly documented as enabling policy checking. + +Fixes: CVE-2023-0466 + +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/20564) +--- + CHANGES | 5 +++++ + NEWS | 1 + + doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- + 3 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/CHANGES b/CHANGES +index efccf7838e65..b19f1429bbb0 100644 +--- CHANGES.orig ++++ CHANGES +@@ -9,6 +9,11 @@ + + Changes between 1.1.1t and 1.1.1u [xx XXX xxxx] + ++ *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention ++ that it does not enable policy checking. Thanks to ++ David Benjamin for discovering this issue. (CVE-2023-0466) ++ [Tomas Mraz] ++ + *) Fixed an issue where invalid certificate policies in leaf certificates are + silently ignored by OpenSSL and other certificate policy checks are skipped + for that certificate. A malicious CA could use this to deliberately assert +diff --git a/NEWS b/NEWS +index 36a9bb6890bf..62615693fab8 100644 +--- NEWS.orig ++++ NEWS +@@ -7,6 +7,7 @@ + + Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [under development] + ++ o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) + o Fixed handling of invalid certificate policies in leaf certificates + (CVE-2023-0465) + o Limited the number of nodes created in a policy tree ([CVE-2023-0464]) +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index f6f304bf7bd0..aa292f9336fc 100644 +--- doc/man3/X509_VERIFY_PARAM_set_flags.pod.orig ++++ doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -92,8 +92,9 @@ B. + X509_VERIFY_PARAM_set_time() sets the verification time in B to + B. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B. Any existing +@@ -377,6 +378,10 @@ and has no effect. + + The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.