Merge pull request #588 from dongbeiouba/fix/CVE-2024-0727

Fix CVE-2024-0727
Tongsuo-Project · Mar 25, 2024 · ae6c515 · ae6c515
2 parents cd48526 + fb7795a
commit ae6c515
Show file tree

Hide file tree

Showing 40 changed files with 1,015 additions and 103 deletions.
diff --git a/CHANGES b/CHANGES
@@ -8,6 +8,8 @@
 
   *) 修复CVE-2023-6237
 
+  *) 修复CVE-2024-0727
+
   *) 增加SM2两方门限解密算法
 
   *) 增加SM2两方门限签名算法 [with work originated from FullyRobert]

diff --git a/apps/openssl.cnf b/apps/openssl.cnf
@@ -399,3 +399,10 @@ oldcert = $insta::certout # insta.cert.pem
 # Certificate revocation
 cmd = rr
 oldcert = $insta::certout # insta.cert.pem
+
+[pkcs12]
+certBagAttr = cb_attr
+
+# Uncomment this if you need Java compatible PKCS12 files
+[cb_attr]
+#jdkTrustedKeyUsage = anyExtendedKeyUsage
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
@@ -14,6 +14,8 @@
 #include <string.h>
 #include "apps.h"
 #include "progs.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
@@ -53,6 +55,7 @@ void hex_prin(BIO *out, unsigned char *buf, int len);
 static int alg_print(const X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
 static int set_pbe(int *ppbe, const char *str);
+static int jdk_trust(PKCS12_SAFEBAG *bag, void *cbarg);
 
 typedef enum OPTION_choice {
     OPT_COMMON,
@@ -512,6 +515,11 @@ int pkcs12_main(int argc, char **argv)
         EVP_MD *macmd = NULL;
         unsigned char *catmp = NULL;
         int i;
+        CONF *conf = NULL;
+        ASN1_OBJECT *obj = NULL;
+        STACK_OF(CONF_VALUE) *cb_sk = NULL;
+        const char *cb_attr = NULL;
+        const CONF_VALUE *val = NULL;
 
         if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
             BIO_printf(bio_err, "Nothing to export due to -noout or -nocerts and -nokeys\n");
@@ -656,9 +664,30 @@ int pkcs12_main(int argc, char **argv)
         if (!twopass)
             OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
 
-        p12 = PKCS12_create_ex(cpass, name, key, ee_cert, certs,
-                               key_pbe, cert_pbe, iter, -1, keytype,
-                               app_get0_libctx(), app_get0_propq());
+        /* Load the config file */
+        if ((conf = app_load_config(default_config_file)) == NULL)
+            goto export_end;
+        if (!app_load_modules(conf))
+            goto export_end;
+        /* Find the cert bag section */
+        if ((cb_attr = NCONF_get_string(conf, "pkcs12", "certBagAttr")) != NULL) {
+            if ((cb_sk = NCONF_get_section(conf, cb_attr)) != NULL) {
+                for (i = 0; i < sk_CONF_VALUE_num(cb_sk); i++) {
+                    val = sk_CONF_VALUE_value(cb_sk, i);
+                    if (strcmp(val->name, "jdkTrustedKeyUsage") == 0)
+                        obj = OBJ_txt2obj(val->value, 0);
+                }
+            } else {
+                ERR_clear_error();
+            }
+        } else {
+            ERR_clear_error();
+        }
+
+        p12 = PKCS12_create_ex2(cpass, name, key, ee_cert, certs,
+                                key_pbe, cert_pbe, iter, -1, keytype,
+                                app_get0_libctx(), app_get0_propq(),
+                                jdk_trust, (void*)obj);
 
         if (p12 == NULL) {
             BIO_printf(bio_err, "Error creating PKCS12 structure for %s\n",
@@ -695,7 +724,8 @@ int pkcs12_main(int argc, char **argv)
         sk_X509_pop_free(certs, X509_free);
         sk_X509_pop_free(untrusted_certs, X509_free);
         X509_free(ee_cert);
-
+        NCONF_free(conf);
+        ASN1_OBJECT_free(obj);
         ERR_print_errors(bio_err);
         goto end;
 
@@ -825,6 +855,31 @@ int pkcs12_main(int argc, char **argv)
     return ret;
 }
 
+static int jdk_trust(PKCS12_SAFEBAG *bag, void *cbarg)
+{
+    STACK_OF(X509_ATTRIBUTE) *attrs = NULL;
+    X509_ATTRIBUTE *attr = NULL;
+
+    /* Nothing to do */
+    if (cbarg == NULL)
+        return 1;
+
+    /* Get the current attrs */
+    attrs = (STACK_OF(X509_ATTRIBUTE)*)PKCS12_SAFEBAG_get0_attrs(bag);
+
+    /* Create a new attr for the JDK Trusted Usage and add it */
+    attr = X509_ATTRIBUTE_create(NID_oracle_jdk_trustedkeyusage, V_ASN1_OBJECT, (ASN1_OBJECT*)cbarg);
+
+    /* Add the new attr, if attrs is NULL, it'll be initialised */
+    X509at_add1_attr(&attrs, attr);
+
+    /* Set the bag attrs */
+    PKCS12_SAFEBAG_set0_attrs(bag, attrs);
+
+    X509_ATTRIBUTE_free(attr);
+    return 1;
+}
+
 int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
                         int passlen, int options, char *pempass,
                         const EVP_CIPHER *enc)
@@ -1124,6 +1179,8 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 void print_attribute(BIO *out, const ASN1_TYPE *av)
 {
     char *value;
+    const char *ln;
+    char objbuf[80];
 
     switch (av->type) {
     case V_ASN1_BMPSTRING:
@@ -1150,6 +1207,15 @@ void print_attribute(BIO *out, const ASN1_TYPE *av)
         BIO_printf(out, "\n");
         break;
 
+    case V_ASN1_OBJECT:
+        ln = OBJ_nid2ln(OBJ_obj2nid(av->value.object));
+        if (!ln)
+            ln = "";
+        OBJ_obj2txt(objbuf, sizeof(objbuf), av->value.object, 1);
+        BIO_printf(out, "%s (%s)", ln, objbuf);
+        BIO_printf(out, "\n");
+        break;
+
     default:
         BIO_printf(out, "<Unsupported tag %d>\n", av->type);
         break;

diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c
@@ -60,3 +60,16 @@ void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
         ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
     return ret;
 }
+
+void *ASN1_item_unpack_ex(const ASN1_STRING *oct, const ASN1_ITEM *it,
+                          OSSL_LIB_CTX *libctx, const char *propq)
+{
+    const unsigned char *p;
+    void *ret;
+
+    p = oct->data;
+    if ((ret = ASN1_item_d2i_ex(NULL, &p, oct->length, it,\
+                                libctx, propq)) == NULL)
+        ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR);
+    return ret;
+}
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -888,6 +888,7 @@ PEM_R_UNSUPPORTED_CIPHER:113:unsupported cipher
 PEM_R_UNSUPPORTED_ENCRYPTION:114:unsupported encryption
 PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
 PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
+PKCS12_R_CALLBACK_FAILED:115:callback failed
 PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
 PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
 PKCS12_R_DECODE_ERROR:101:decode error

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
@@ -2,15 +2,15 @@
  * WARNING: do not edit!
  * Generated by crypto/objects/obj_dat.pl
  *
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
  * in the file LICENSE in the source distribution or at
  * https://www.openssl.org/source/license.html
  */
 
 /* Serialized OID's */
-static const unsigned char so[6609] = {
+static const unsigned char so[6628] = {
     0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
     0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   13] OBJ_md5 */
@@ -929,9 +929,11 @@ static const unsigned char so[6609] = {
     0x2A,0x81,0x1C,0xCF,0x55,0x01,0x86,0x22,       /* [ 6581] OBJ_zuc_128_eia3 */
     0x2B,0x06,0x01,0x04,0x01,0x82,0xDA,0x4B,0x2C,  /* [ 6589] OBJ_delegation_usage */
     0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,0x03,0x01,  /* [ 6598] OBJ_hmacWithSM3 */
+    0x60,0x86,0x48,0x01,0x86,0xF9,0x66,            /* [ 6608] OBJ_oracle */
+    0x60,0x86,0x48,0x01,0x86,0xF9,0x66,0xAD,0xCA,0x7B,0x01,0x01,  /* [ 6615] OBJ_oracle_jdk_trustedkeyusage */
 };
 
-#define NUM_NID 1258
+#define NUM_NID 1260
 static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"UNDEF", "undefined", NID_undef},
     {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2191,9 +2193,11 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
     {"ZUC-128-EIA3", "zuc-128-eia3", NID_zuc_128_eia3, 8, &so[6581]},
     {"delegationUsage", "X509v3 Delegation Usage", NID_delegation_usage, 9, &so[6589]},
     {"hmacWithSM3", "hmacWithSM3", NID_hmacWithSM3, 10, &so[6598]},
+    {"oracle-organization", "Oracle organization", NID_oracle, 7, &so[6608]},
+    {"oracle-jdk-trustedkeyusage", "Trusted key usage (Oracle)", NID_oracle_jdk_trustedkeyusage, 12, &so[6615]},
 };
 
-#define NUM_SN 1008
+#define NUM_SN 1010
 static const unsigned int sn_objs[NUM_SN] = {
      364,    /* "AD_DVCS" */
      419,    /* "AES-128-CBC" */
@@ -2883,6 +2887,8 @@ static const unsigned int sn_objs[NUM_SN] = {
      139,    /* "nsSGC" */
       77,    /* "nsSslServerName" */
      681,    /* "onBasis" */
+    1259,    /* "oracle-jdk-trustedkeyusage" */
+    1258,    /* "oracle-organization" */
     1089,    /* "organizationIdentifier" */
      491,    /* "organizationalStatus" */
     1141,    /* "oscca" */
@@ -3205,7 +3211,7 @@ static const unsigned int sn_objs[NUM_SN] = {
     1093,    /* "x509ExtAdmission" */
 };
 
-#define NUM_LN 1008
+#define NUM_LN 1010
 static const unsigned int ln_objs[NUM_LN] = {
      363,    /* "AD Time Stamping" */
      405,    /* "ANSI X9.62" */
@@ -3305,6 +3311,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      366,    /* "OCSP Nonce" */
      371,    /* "OCSP Service Locator" */
      180,    /* "OCSP Signing" */
+    1258,    /* "Oracle organization" */
      161,    /* "PBES2" */
       69,    /* "PBKDF2" */
      162,    /* "PBMAC1" */
@@ -3348,6 +3355,7 @@ static const unsigned int ln_objs[NUM_LN] = {
      129,    /* "TLS Web Server Authentication" */
      133,    /* "Time Stamping" */
      375,    /* "Trust Root" */
+    1259,    /* "Trusted key usage (Oracle)" */
     1034,    /* "X25519" */
     1035,    /* "X448" */
       12,    /* "X509" */
@@ -4217,7 +4225,7 @@ static const unsigned int ln_objs[NUM_LN] = {
     1255,    /* "zuc-128-eia3" */
 };
 
-#define NUM_OBJ 924
+#define NUM_OBJ 926
 static const unsigned int obj_objs[NUM_OBJ] = {
        0,    /* OBJ_undef                        0 */
      181,    /* OBJ_iso                          1 */
@@ -4591,6 +4599,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
      508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
       57,    /* OBJ_netscape                     2 16 840 1 113730 */
+    1258,    /* OBJ_oracle                       2 16 840 1 113894 */
      437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
     1133,    /* OBJ_sm4_ecb                      1 2 156 10197 1 104 1 */
     1134,    /* OBJ_sm4_cbc                      1 2 156 10197 1 104 2 */
@@ -5132,6 +5141,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
      955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
      956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
      957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1259,    /* OBJ_oracle_jdk_trustedkeyusage   2 16 840 1 113894 746875 1 1 */
     1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
     1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */
     1161,    /* OBJ_uacurve1                     1 2 804 2 1 1 1 1 3 1 1 2 1 */

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
@@ -1025,3 +1025,5 @@ auth_sm2		1254
 zuc_128_eia3		1255
 delegation_usage		1256
 hmacWithSM3		1257
+oracle		1258
+oracle_jdk_trustedkeyusage		1259
diff --git a/crypto/objects/obj_xref.h b/crypto/objects/obj_xref.h
@@ -2,7 +2,7 @@
  * WARNING: do not edit!
  * Generated by objxref.pl
  *
- * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
@@ -1410,3 +1410,9 @@ dstu4145le 2 9 : uacurve9 : DSTU curve 9
                             : AES-128-SIV  : aes-128-siv
                             : AES-192-SIV  : aes-192-siv
                             : AES-256-SIV  : aes-256-siv
+
+
+!Cname oracle
+joint-iso-itu-t 16 840 1 113894 : oracle-organization : Oracle organization
+# Jdk trustedKeyUsage attribute
+oracle 746875 1 1 : oracle-jdk-trustedkeyusage : Trusted key usage (Oracle)
diff --git a/crypto/pkcs12/p12_add.c b/crypto/pkcs12/p12_add.c
@@ -78,7 +78,15 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
         return NULL;
     }
-    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+
+    if (p7->d.data == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
+    return ASN1_item_unpack_ex(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                               ossl_pkcs7_ctx_get0_libctx(&p7->ctx),
+                               ossl_pkcs7_ctx_get0_propq(&p7->ctx));
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
@@ -150,6 +158,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
 {
     if (!PKCS7_type_is_encrypted(p7))
         return NULL;
+
+    if (p7->d.encrypted == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
     return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,
                                    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
                                    pass, passlen,
@@ -181,15 +195,25 @@ int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
 {
     STACK_OF(PKCS7) *p7s;
+    PKCS7_CTX *p7ctx;
     PKCS7 *p7;
     int i;
 
     if (!PKCS7_type_is_data(p12->authsafes)) {
         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
         return NULL;
     }
-    p7s = ASN1_item_unpack(p12->authsafes->d.data,
-                           ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+
+    if (p12->authsafes->d.data == NULL) {
+        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
+        return NULL;
+    }
+
+    p7ctx = &p12->authsafes->ctx;
+    p7s = ASN1_item_unpack_ex(p12->authsafes->d.data,
+                              ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                              ossl_pkcs7_ctx_get0_libctx(p7ctx),
+                              ossl_pkcs7_ctx_get0_propq(p7ctx));
     if (p7s != NULL) {
         for (i = 0; i < sk_PKCS7_num(p7s); i++) {
             p7 = sk_PKCS7_value(p7s, i);

diff --git a/crypto/pkcs12/p12_asn.c b/crypto/pkcs12/p12_asn.c
@@ -12,6 +12,7 @@
 #include <openssl/asn1t.h>
 #include <openssl/pkcs12.h>
 #include "p12_local.h"
+#include "crypto/pkcs7.h"
 
 /* PKCS#12 ASN1 module */
 
@@ -21,7 +22,21 @@ ASN1_SEQUENCE(PKCS12) = {
         ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
 } ASN1_SEQUENCE_END(PKCS12)
 
-IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(PKCS12, PKCS12, PKCS12)
+
+PKCS12 *PKCS12_new(void)
+{
+    return (PKCS12 *)ASN1_item_new(ASN1_ITEM_rptr(PKCS12));
+}
+
+void PKCS12_free(PKCS12 *p12)
+{
+    if (p12 != NULL && p12->authsafes != NULL) {
+        OPENSSL_free(p12->authsafes->ctx.propq);
+        p12->authsafes->ctx.propq = NULL;
+    }
+    ASN1_item_free((ASN1_VALUE *)p12, ASN1_ITEM_rptr(PKCS12));
+}
 
 ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
         ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),