rpms/compat-openssl10
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fixed X.400 address type confusion in X.509 General

Browse Source 
RHEL-9699
Resolves: CVE-2023-0286
This commit is contained in:
Petr Hybl 2025-05-02 10:37:43 +02:00
parent 4226e5c221
commit 95790d3a38
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
compat-openssl10.spec
View File

@ -22,7 +22,7 @@
Summary: Compatibility version of the OpenSSL library Summary: Compatibility version of the OpenSSL library
Name: compat-openssl10 Name: compat-openssl10
Version: 1.0.2o Version: 1.0.2o
Release: 4%{?dist} Release: 4%{?dist}.1
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -94,6 +94,7 @@ Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2m-trusted-first-doc.patch Patch82: openssl-1.0.2m-trusted-first-doc.patch
Patch83: openssl-1.0.2o-cve-2022-0778.patch Patch83: openssl-1.0.2o-cve-2022-0778.patch
Patch84: openssl-1.0.2o-update-expired-certificates.patch Patch84: openssl-1.0.2o-update-expired-certificates.patch
Patch85: openssl-1.0.2-cve-2023-0286-X400.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -198,6 +199,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch82 -p1 -b .trusted-first %patch82 -p1 -b .trusted-first
%patch83 -p1 -b .cve-2022-0778 %patch83 -p1 -b .cve-2022-0778
%patch84 -p1 -b .update-expired-certificates %patch84 -p1 -b .update-expired-certificates
%patch85 -p1 -b .cve-2023-0286
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@ -420,6 +422,10 @@ install -m 644 apps/openssl10.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl10.cn
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Tue Apr 29 2025 Petr Hybl <phybl@redhat.com> - 1.1.0.2o-4.1
- Fix CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
Resolves: RHEL-9699
* Wed May 04 2022 Clemens Lang <cllang@redhat.com> - 1:1.0.2o-4 * Wed May 04 2022 Clemens Lang <cllang@redhat.com> - 1:1.0.2o-4
- Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates - Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Resolves: rhbz#2077418 Resolves: rhbz#2077418

30
openssl-1.0.2-cve-2023-0286-X400.patch Normal file
View File

@ -0,0 +1,30 @@
From: Petr Hybl <phybl@redhat.com>
Date: Tue, 29 Apr 2025 17:45:42 +0000
Subject: CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address
diff --git a/crypto/x509v3/v3_genn.c b/crypto/x509v3/v3_genn.c
index 9bb01ee..8cbcbe0 100644
--- a/crypto/x509v3/v3_genn.c
+++ b/crypto/x509v3/v3_genn.c
@@ -116,6 +116,9 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return -1;
switch (a->type) {
case GEN_X400:
+ result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+ break;
+
case GEN_EDIPARTY:
result = ASN1_TYPE_cmp(a->d.other, b->d.other);
break;
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index f5c6156..7328acd 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -190,7 +190,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME *otherName; /* otherName */
ASN1_IA5STRING *rfc822Name;
ASN1_IA5STRING *dNSName;
- ASN1_TYPE *x400Address;
+ ASN1_STRING *x400Address;
X509_NAME *directoryName;
EDIPARTYNAME *ediPartyName;
ASN1_IA5STRING *uniformResourceIdentifier;