Fix CVE-2020-1971

0088-CVE-2020-1971.patch

@@ -0,0 +1,240 @@
+From f22d7684aed13a9ae9ea6554b7a3e52fdfa4f193 Mon Sep 17 00:00:00 2001
+From: tb <>
+Date: Tue, 8 Dec 2020 15:06:42 +0000
+Subject: [PATCH] Fix a NULL dereference in GENERAL_NAME_cmp()
+
+Comparing two GENERAL_NAME structures containing an EDIPARTYNAME can lead
+to a crash. This enables a denial of service attack for an attacker who can
+control both sides of the comparison.
+
+Issue reported to OpenSSL on Nov 9 by David Benjamin.
+OpenSSL shared the information with us on Dec 1st.
+Fix from Matt Caswell (OpenSSL) with a few small tweaks.
+
+ok jsing
+
+[ mikhailnov: ported to v3.2.0, changed src/lib/libcrypto/x509/x509_genn.c to src/lib/libcrypto/x509v3/v3_genn.c ]
+---
+ src/lib/libcrypto/asn1/asn1.h      |  3 +-
+ src/lib/libcrypto/asn1/asn1_err.c  |  3 +-
+ src/lib/libcrypto/asn1/asn1_lib.c  |  4 ++-
+ src/lib/libcrypto/asn1/tasn_dec.c  | 22 ++++++++++++-
+ src/lib/libcrypto/asn1/tasn_enc.c  | 21 +++++++++++-
+ src/lib/libcrypto/x509v3/v3_genn.c | 52 ++++++++++++++++++++++++++----
+ 6 files changed, 94 insertions(+), 11 deletions(-)
+
+diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
+index 0a8da415fb..76c294ada8 100644
+--- a/src/lib/libcrypto/asn1/asn1.h
++++ b/src/lib/libcrypto/asn1/asn1.h
+@@ -1137,6 +1137,7 @@ void ERR_load_ASN1_strings(void);
+ #define ASN1_R_BAD_OBJECT_HEADER			 102
+ #define ASN1_R_BAD_PASSWORD_READ			 103
+ #define ASN1_R_BAD_TAG					 104
++#define ASN1_R_BAD_TEMPLATE				 230
+ #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 214
+ #define ASN1_R_BN_LIB					 105
+ #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
+index 5cc355084f..e2c56deb5b 100644
+--- a/src/lib/libcrypto/asn1/asn1_err.c
++++ b/src/lib/libcrypto/asn1/asn1_err.c
+@@ -85,6 +85,7 @@ static ERR_STRING_DATA ASN1_str_reasons[] = {
+ 	{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    , "bad object header"},
+ 	{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    , "bad password read"},
+ 	{ERR_REASON(ASN1_R_BAD_TAG)              , "bad tag"},
++	{ERR_REASON(ASN1_R_BAD_TEMPLATE)         , "bad template"},
+ 	{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"},
+ 	{ERR_REASON(ASN1_R_BN_LIB)               , "bn lib"},
+ 	{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
+diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
+index 5dc520c428..d760cccd4d 100644
+--- a/src/lib/libcrypto/asn1/asn1_lib.c
++++ b/src/lib/libcrypto/asn1/asn1_lib.c
+@@ -388,6 +388,8 @@ ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+ {
+ 	int i;
+ 
++	if (a == NULL || b == NULL)
++		return -1;
+ 	i = (a->length - b->length);
+ 	if (i == 0) {
+ 		i = memcmp(a->data, b->data, a->length);
+diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
+index 70dc355ca1..4b08e90404 100644
+--- a/src/lib/libcrypto/asn1/tasn_dec.c
++++ b/src/lib/libcrypto/asn1/tasn_dec.c
+@@ -210,6 +210,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ 		break;
+ 
+ 	case ASN1_ITYPE_MSTRING:
++		/*
++		 * It never makes sense for multi-strings to have implicit
++		 * tagging, so if tag != -1, then this looks like an error in
++		 * the template.
++		 */
++		if (tag != -1) {
++			ASN1error(ASN1_R_BAD_TEMPLATE);
++			goto err;
++		}
++
+ 		p = *in;
+ 		/* Just read in tag and class */
+ 		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+@@ -245,6 +255,16 @@ asn1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ 		    it, tag, aclass, opt, ctx);
+ 
+ 	case ASN1_ITYPE_CHOICE:
++		/*
++		 * It never makes sense for CHOICE types to have implicit
++		 * tagging, so if tag != -1, then this looks like an error in
++		 * the template.
++		 */
++		if (tag != -1) {
++			ASN1error(ASN1_R_BAD_TEMPLATE);
++			goto err;
++		}
++
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 			goto auxerr;
+ 
+diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
+index d103c4d096..5d95f035ef 100644
+--- a/src/lib/libcrypto/asn1/tasn_enc.c
++++ b/src/lib/libcrypto/asn1/tasn_enc.c
+@@ -61,6 +61,7 @@
+ 
+ #include <openssl/asn1.h>
+ #include <openssl/asn1t.h>
++#include <openssl/err.h>
+ #include <openssl/objects.h>
+ 
+ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+@@ -152,9 +153,27 @@ ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
+ 		break;
+ 
+ 	case ASN1_ITYPE_MSTRING:
++		/*
++		 * It never makes sense for multi-strings to have implicit
++		 * tagging, so if tag != -1, then this looks like an error in
++		 * the template.
++		 */
++		if (tag != -1) {
++			ASN1error(ASN1_R_BAD_TEMPLATE);
++			return 0;
++		}
+ 		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+ 
+ 	case ASN1_ITYPE_CHOICE:
++		/*
++		 * It never makes sense for CHOICE types to have implicit
++		 * tagging, so if tag != -1, then this looks like an error in
++		 * the template.
++		 */
++		if (tag != -1) {
++			ASN1error(ASN1_R_BAD_TEMPLATE);
++			return 0;
++		}
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+ 			return 0;
+ 		i = asn1_get_choice_selector(pval, it);
+diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c
+index 848006acf4..dadf6f1e40 100644
+--- a/src/lib/libcrypto/x509v3/v3_genn.c
++++ b/src/lib/libcrypto/x509v3/v3_genn.c
+@@ -117,16 +117,17 @@ OTHERNAME_free(OTHERNAME *a)
+ 	ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it);
+ }
+ 
++/* Uses explicit tagging since DIRECTORYSTRING is a CHOICE type */
+ static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = {
+ 	{
+-		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
++		.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
+ 		.tag = 0,
+ 		.offset = offsetof(EDIPARTYNAME, nameAssigner),
+ 		.field_name = "nameAssigner",
+ 		.item = &DIRECTORYSTRING_it,
+ 	},
+ 	{
+-		.flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
++		.flags = ASN1_TFLG_EXPLICIT,
+ 		.tag = 1,
+ 		.offset = offsetof(EDIPARTYNAME, partyName),
+ 		.field_name = "partyName",
+@@ -324,6 +325,37 @@ GENERAL_NAME_dup(GENERAL_NAME *a)
+ 	return ASN1_item_dup(&GENERAL_NAME_it, a);
+ }
+ 
++static int
++EDIPARTYNAME_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
++{
++	int res;
++
++	/*
++	 * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
++	 * anyway. OTHERNAME_cmp treats NULL != NULL, so we do the same here.
++	 */
++	if (a == NULL || b == NULL)
++		return -1;
++	if (a->nameAssigner == NULL && b->nameAssigner != NULL)
++		return -1;
++	if (a->nameAssigner != NULL && b->nameAssigner == NULL)
++		return 1;
++	/* If we get here, both have nameAssigner set or both unset. */
++	if (a->nameAssigner != NULL) {
++		res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
++		if (res != 0)
++			return res;
++	}
++	/*
++	 * partyName is required, so these should never be NULL. We treat it in
++	 * the same way as the a == NULL || b == NULL case above.
++	 */
++	if (a->partyName == NULL || b->partyName == NULL)
++		return -1;
++
++	return ASN1_STRING_cmp(a->partyName, b->partyName);
++}
++
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int
+ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+@@ -334,8 +366,11 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ 		return -1;
+ 	switch (a->type) {
+ 	case GEN_X400:
++		result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++		break;
++
+ 	case GEN_EDIPARTY:
+-		result = ASN1_TYPE_cmp(a->d.other, b->d.other);
++		result = EDIPARTYNAME_cmp(a->d.ediPartyName, b->d.ediPartyName);
+ 		break;
+ 
+ 	case GEN_OTHERNAME:
+@@ -384,8 +419,11 @@ GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+ {
+ 	switch (type) {
+ 	case GEN_X400:
++		a->d.x400Address = value;
++		break;
++
+ 	case GEN_EDIPARTY:
+-		a->d.other = value;
++		a->d.ediPartyName = value;
+ 		break;
+ 
+ 	case GEN_OTHERNAME:
+@@ -420,8 +458,10 @@ GENERAL_NAME_get0_value(GENERAL_NAME *a, int *ptype)
+ 		*ptype = a->type;
+ 	switch (a->type) {
+ 	case GEN_X400:
++		return a->d.x400Address;
++
+ 	case GEN_EDIPARTY:
+-		return a->d.other;
++		return a->d.ediPartyName;
+ 
+ 	case GEN_OTHERNAME:
+ 		return a->d.otherName;

libressl.spec

@@ -76,7 +76,7 @@
 Summary:		LibreSSL utils and libs coexisting with OpenSSL
 Name:			libressl
 Version:		3.2.0
-Release:		4
+Release:		5
 # The code is distributed under ISC license except of original OpenSSL code
 License:		ISC and BSD-like
 Group:			System/Base
@@ -199,6 +199,9 @@ Patch0084: 0084-ssl-drop-mac_flags-field.patch
 Patch0085: 0085-ssl-support-IV-increments-for-GOST-CTR-OMAC-ciphersu.patch
 Patch0086: 0086-kdftree-add-support-for-TLSTREE-rekeying-algorithm.patch
 Patch0087: 0087-ssl-add-support-for-TLSTREE-rekeying.patch
+# https://www.opennet.ru/opennews/art.shtml?num=54233
+# https://github.com/libressl-portable/openbsd/commit/f22d7684aed13a9ae9ea6554b7a3e52fdfa4f193
+Patch0088: 0088-CVE-2020-1971.patch
 
 # Patches for portable, from lumag@
 # ( for i in *PORTABLE*.patch ; do echo Patch$(echo $i | awk -F '-' '{print $2}'): $i ; done ) | sed -e 's,^Patch0,Patch2,g' | sort -h