diff --git a/adapt-openssl-CVE.patch b/adapt-openssl-CVE.patch new file mode 100644 index 0000000000000000000000000000000000000000..31a034f1bf36c1d1d9e3c5212a2ed08da90c5b96 --- /dev/null +++ b/adapt-openssl-CVE.patch @@ -0,0 +1,25 @@ +From d13f8cbc7ec066b04cbe13ef6bf14b2b085fbc35 Mon Sep 17 00:00:00 2001 +From: houmingyong +Date: Sun, 5 Jun 2022 14:44:37 +0800 +Subject: [PATCH] decompress openssl sourece before build + +--- + .../intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +index 7d77b79..43745b8 100755 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/Linux/build_openssl.sh +@@ -54,8 +54,6 @@ mkdir -p $SGXSSL_ROOT/package/lib64/ + + # build openssl modules, clean previous openssl dir if it exist + cd $SGXSSL_ROOT/../openssl_source || exit 1 +-rm -rf $OPENSSL_VERSION +-tar xvf $OPENSSL_VERSION.tar.gz || exit 1 + + # Remove AESBS to support only AESNI and VPAES + sed -i '/BSAES_ASM/d' $OPENSSL_VERSION/Configure +-- +2.23.0 + diff --git a/backport-CVE-2022-0778.patch b/backport-CVE-2022-0778.patch new file mode 100644 index 0000000000000000000000000000000000000000..30c9ecd2f54925066f257ea62b9ae0a436059f0c --- /dev/null +++ b/backport-CVE-2022-0778.patch @@ -0,0 +1,72 @@ +From 4382b4d9446c34d29b12dedf6b93f35215b9dd3b Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:21 +0100 +Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt() + +The calculation in some cases does not finish for non-prime p. + +This fixes CVE-2022-0778. + +Based on patch by David Benjamin . + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell + +Reference: https://github.com/openssl/openssl/commit/3118eb64934499d93db3230748a452351d1d9a65 +Conflict: NA +--- + .../openssl-1.1.1g/crypto/bn/bn_sqrt.c | 30 +++++++++++-------- + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_sqrt.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_sqrt.c +index 1723d5d..53b0f55 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_sqrt.c ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_sqrt.c +@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */ +-- +2.23.0 + diff --git a/backport-CVE-2022-0778_test.patch b/backport-CVE-2022-0778_test.patch new file mode 100644 index 0000000000000000000000000000000000000000..516f0a8a0dad73eb8b9002723bba2b0cdc9081ae --- /dev/null +++ b/backport-CVE-2022-0778_test.patch @@ -0,0 +1,61 @@ +From 6ec7f406d2141b78508b5df91597a61de2ac38ed Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 28 Feb 2022 18:26:35 +0100 +Subject: [PATCH] Add a negative testcase for BN_mod_sqrt + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell + +Reference: https://github.com/openssl/openssl/commit/3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 +Conflict: NA +--- + .../openssl_source/openssl-1.1.1g/test/bntest.c | 11 ++++++++++- + .../test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/bntest.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/bntest.c +index 236501e..08c60a2 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/bntest.c ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/bntest.c +@@ -1685,8 +1685,17 @@ static int file_modsqrt(STANZA *s) + || !TEST_ptr(ret2 = BN_new())) + goto err; + ++ if (BN_is_negative(mod_sqrt)) { ++ /* A negative testcase */ ++ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx))) ++ goto err; ++ ++ st = 1; ++ goto err; ++ } ++ + /* There are two possible answers. */ +- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx)) ++ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx)) + || !TEST_true(BN_sub(ret2, p, ret))) + goto err; + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/recipes/10-test_bn_data/bnmod.txt b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/recipes/10-test_bn_data/bnmod.txt +index 5ea4d03..e28cc6b 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/recipes/10-test_bn_data/bnmod.txt ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/recipes/10-test_bn_data/bnmod.txt +@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f + ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186 + A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81 + P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f ++ ++# Negative testcases for BN_mod_sqrt() ++ ++# This one triggers an infinite loop with unfixed implementation ++# It should just fail. ++ModSqrt = -1 ++A = 20a7ee ++P = 460201 ++ ++ModSqrt = -1 ++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed ++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f +-- +2.23.0 + diff --git a/backport-CVE-2022-1292.patch b/backport-CVE-2022-1292.patch new file mode 100644 index 0000000000000000000000000000000000000000..97ddbdd40b70e723b53277c7072e85082c795b57 --- /dev/null +++ b/backport-CVE-2022-1292.patch @@ -0,0 +1,80 @@ +From 9b495e8d9028ca893019c5b176d913051ea925ac Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 26 Apr 2022 12:40:24 +0200 +Subject: [PATCH] c_rehash: Do not use shell to invoke openssl + +Except on VMS where it is safe. + +This fixes CVE-2022-1292. + +Reviewed-by: Matthias St. Pierre +Reviewed-by: Matt Caswell + +Reference:https://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 +Conflict:NA + +--- + .../openssl-1.1.1g/tools/c_rehash.in | 29 ++++++++++++++++--- + 1 file changed, 25 insertions(+), 4 deletions(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in +index fa7c6c9..83c1cc8 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in +@@ -152,6 +152,23 @@ sub check_file { + return ($is_cert, $is_crl); + } + ++sub compute_hash { ++ my $fh; ++ if ( $^O eq "VMS" ) { ++ # VMS uses the open through shell ++ # The file names are safe there and list form is unsupported ++ if (!open($fh, "-|", join(' ', @_))) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } else { ++ if (!open($fh, "-|", @_)) { ++ print STDERR "Cannot compute hash on '$fname'\n"; ++ return; ++ } ++ } ++ return (<$fh>, <$fh>); ++} + + # Link a certificate to its subject name hash value, each hash is of + # the form . where n is an integer. If the hash value already exists +@@ -161,10 +178,12 @@ sub check_file { + + sub link_hash_cert { + my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`; ++ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; +@@ -202,10 +221,12 @@ sub link_hash_cert { + + sub link_hash_crl { + my $fname = $_[0]; +- $fname =~ s/'/'\\''/g; +- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`; ++ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, ++ "-fingerprint", "-noout", ++ "-in", $fname); + chomp $hash; + chomp $fprint; ++ return if !$hash; + $fprint =~ s/^.*=//; + $fprint =~ tr/://d; + my $suffix = 0; +-- +2.23.0 + diff --git a/backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch b/backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch new file mode 100644 index 0000000000000000000000000000000000000000..c2ea6442589973a2cc527ed806196fd81902844a --- /dev/null +++ b/backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch @@ -0,0 +1,259 @@ +From 9639817dac8bbbaa64d09efad7464ccc405527c7 Mon Sep 17 00:00:00 2001 +From: Daniel Fiala +Date: Sun, 29 May 2022 20:11:24 +0200 +Subject: [PATCH] Fix file operations in c_rehash. + +CVE-2022-2068 + +Reviewed-by: Matt Caswell +Reviewed-by: Richard Levitte + +Reference: https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7 +Conflict: NA +--- + external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in | 216 +++++++++++++++++++++++----------------------- + 1 file changed, 107 insertions(+), 109 deletions(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in +index cfd18f5da1..9d2a6f6db7 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/tools/c_rehash.in +@@ -104,52 +104,78 @@ foreach (@dirlist) { + } + exit($errorcount); + ++sub copy_file { ++ my ($src_fname, $dst_fname) = @_; ++ ++ if (open(my $in, "<", $src_fname)) { ++ if (open(my $out, ">", $dst_fname)) { ++ print $out $_ while (<$in>); ++ close $out; ++ } else { ++ warn "Cannot open $dst_fname for write, $!"; ++ } ++ close $in; ++ } else { ++ warn "Cannot open $src_fname for read, $!"; ++ } ++} ++ + sub hash_dir { +- my %hashlist; +- print "Doing $_[0]\n"; +- chdir $_[0]; +- opendir(DIR, "."); +- my @flist = sort readdir(DIR); +- closedir DIR; +- if ( $removelinks ) { +- # Delete any existing symbolic links +- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { +- if (-l $_) { +- print "unlink $_" if $verbose; +- unlink $_ || warn "Can't unlink $_, $!\n"; +- } +- } +- } +- FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { +- # Check to see if certificates and/or CRLs present. +- my ($cert, $crl) = check_file($fname); +- if (!$cert && !$crl) { +- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; +- next; +- } +- link_hash_cert($fname) if ($cert); +- link_hash_crl($fname) if ($crl); +- } ++ my $dir = shift; ++ my %hashlist; ++ ++ print "Doing $dir\n"; ++ ++ if (!chdir $dir) { ++ print STDERR "WARNING: Cannot chdir to '$dir', $!\n"; ++ return; ++ } ++ ++ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n"; ++ my @flist = sort readdir(DIR); ++ closedir DIR; ++ if ( $removelinks ) { ++ # Delete any existing symbolic links ++ foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) { ++ if (-l $_) { ++ print "unlink $_\n" if $verbose; ++ unlink $_ || warn "Can't unlink $_, $!\n"; ++ } ++ } ++ } ++ FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) { ++ # Check to see if certificates and/or CRLs present. ++ my ($cert, $crl) = check_file($fname); ++ if (!$cert && !$crl) { ++ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; ++ next; ++ } ++ link_hash_cert($fname) if ($cert); ++ link_hash_crl($fname) if ($crl); ++ } ++ ++ chdir $pwd; + } + + sub check_file { +- my ($is_cert, $is_crl) = (0,0); +- my $fname = $_[0]; +- open IN, $fname; +- while() { +- if (/^-----BEGIN (.*)-----/) { +- my $hdr = $1; +- if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { +- $is_cert = 1; +- last if ($is_crl); +- } elsif ($hdr eq "X509 CRL") { +- $is_crl = 1; +- last if ($is_cert); +- } +- } +- } +- close IN; +- return ($is_cert, $is_crl); ++ my ($is_cert, $is_crl) = (0,0); ++ my $fname = $_[0]; ++ ++ open(my $in, "<", $fname); ++ while(<$in>) { ++ if (/^-----BEGIN (.*)-----/) { ++ my $hdr = $1; ++ if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) { ++ $is_cert = 1; ++ last if ($is_crl); ++ } elsif ($hdr eq "X509 CRL") { ++ $is_crl = 1; ++ last if ($is_cert); ++ } ++ } ++ } ++ close $in; ++ return ($is_cert, $is_crl); + } + + sub compute_hash { +@@ -177,76 +203,48 @@ sub compute_hash { + # certificate fingerprints + + sub link_hash_cert { +- my $fname = $_[0]; +- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash, +- "-fingerprint", "-noout", +- "-in", $fname); +- chomp $hash; +- chomp $fprint; +- return if !$hash; +- $fprint =~ s/^.*=//; +- $fprint =~ tr/://d; +- my $suffix = 0; +- # Search for an unused hash filename +- while(exists $hashlist{"$hash.$suffix"}) { +- # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate certificate $fname\n"; +- return; +- } +- $suffix++; +- } +- $hash .= ".$suffix"; +- if ($symlink_exists) { +- print "link $fname -> $hash\n" if $verbose; +- symlink $fname, $hash || warn "Can't symlink, $!"; +- } else { +- print "copy $fname -> $hash\n" if $verbose; +- if (open($in, "<", $fname)) { +- if (open($out,">", $hash)) { +- print $out $_ while (<$in>); +- close $out; +- } else { +- warn "can't open $hash for write, $!"; +- } +- close $in; +- } else { +- warn "can't open $fname for read, $!"; +- } +- } +- $hashlist{$hash} = $fprint; ++ link_hash($_[0], 'cert'); + } + + # Same as above except for a CRL. CRL links are of the form .r + + sub link_hash_crl { +- my $fname = $_[0]; +- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash, +- "-fingerprint", "-noout", +- "-in", $fname); +- chomp $hash; +- chomp $fprint; +- return if !$hash; +- $fprint =~ s/^.*=//; +- $fprint =~ tr/://d; +- my $suffix = 0; +- # Search for an unused hash filename +- while(exists $hashlist{"$hash.r$suffix"}) { +- # Hash matches: if fingerprint matches its a duplicate cert +- if ($hashlist{"$hash.r$suffix"} eq $fprint) { +- print STDERR "WARNING: Skipping duplicate CRL $fname\n"; +- return; +- } +- $suffix++; +- } +- $hash .= ".r$suffix"; +- if ($symlink_exists) { +- print "link $fname -> $hash\n" if $verbose; +- symlink $fname, $hash || warn "Can't symlink, $!"; +- } else { +- print "cp $fname -> $hash\n" if $verbose; +- system ("cp", $fname, $hash); +- warn "Can't copy, $!" if ($? >> 8) != 0; +- } +- $hashlist{$hash} = $fprint; ++ link_hash($_[0], 'crl'); ++} ++ ++sub link_hash { ++ my ($fname, $type) = @_; ++ my $is_cert = $type eq 'cert'; ++ ++ my ($hash, $fprint) = compute_hash($openssl, ++ $is_cert ? "x509" : "crl", ++ $is_cert ? $x509hash : $crlhash, ++ "-fingerprint", "-noout", ++ "-in", $fname); ++ chomp $hash; ++ chomp $fprint; ++ return if !$hash; ++ $fprint =~ s/^.*=//; ++ $fprint =~ tr/://d; ++ my $suffix = 0; ++ # Search for an unused hash filename ++ my $crlmark = $is_cert ? "" : "r"; ++ while(exists $hashlist{"$hash.$crlmark$suffix"}) { ++ # Hash matches: if fingerprint matches its a duplicate cert ++ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) { ++ my $what = $is_cert ? 'certificate' : 'CRL'; ++ print STDERR "WARNING: Skipping duplicate $what $fname\n"; ++ return; ++ } ++ $suffix++; ++ } ++ $hash .= ".$crlmark$suffix"; ++ if ($symlink_exists) { ++ print "link $fname -> $hash\n" if $verbose; ++ symlink $fname, $hash || warn "Can't symlink, $!"; ++ } else { ++ print "copy $fname -> $hash\n" if $verbose; ++ copy_file($fname, $hash); ++ } ++ $hashlist{$hash} = $fprint; + } +-- +2.23.0 diff --git a/backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch b/backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch new file mode 100644 index 0000000000000000000000000000000000000000..d957aeeaa3e2b61f5b90d1ffac7bc48cb56d7566 --- /dev/null +++ b/backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch @@ -0,0 +1,76 @@ +From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001 +From: Alex Chernyakhovsky +Date: Thu, 16 Jun 2022 12:00:22 +1000 +Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path +that performs operations on 6 16-byte blocks concurrently (the +"grandloop") and then proceeds to handle the "short" tail (which can +be anywhere from 0 to 5 blocks) that remain. + +As part of initialization, the assembly initializes $len to the true +length, less 96 bytes and converts it to a pointer so that the $inp +can be compared to it. Each iteration of "grandloop" checks to see if +there's a full 96-byte chunk to process, and if so, continues. Once +this has been exhausted, it falls through to "short", which handles +the remaining zero to five blocks. + +Unfortunately, the jump at the end of "grandloop" had a fencepost +error, doing a `jb` ("jump below") rather than `jbe` (jump below or +equal). This should be `jbe`, as $inp is pointing to the *end* of the +chunk currently being handled. If $inp == $len, that means that +there's a whole 96-byte chunk waiting to be handled. If $inp > $len, +then there's 5 or fewer 16-byte blocks left to be handled, and the +fall-through is intended. + +The net effect of `jb` instead of `jbe` is that the last 16-byte block +of the last 96-byte chunk was completely omitted. The contents of +`out` in this position were never written to. Additionally, since +those bytes were never processed, the authentication tag generated is +also incorrect. + +The same fencepost error, and identical logic, exists in both +aesni_ocb_encrypt and aesni_ocb_decrypt. + +This addresses CVE-2022-2097. + +Co-authored-by: Alejandro SedeƱo +Co-authored-by: David Benjamin + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz + +Reference:https://github.com/openssl/openssl/commit/919925673d6c9cfed3c1085497f5dfbbed5fc431 +Conflict: NA +--- + external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/aes/asm/aesni-x86.pl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/aes/asm/aesni-x86.pl b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/aes/asm/aesni-x86.pl +index fe2b26542a..812758e02e 100644 +--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/aes/asm/aesni-x86.pl ++++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/aes/asm/aesni-x86.pl +@@ -2027,7 +2027,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); + &movdqu (&QWP(-16*2,$out,$inp),$inout4); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); +@@ -2453,7 +2453,7 @@ my ($l_,$block,$i1,$i3,$i5) = ($rounds_,$key_,$rounds,$len,$out); + &pxor ($rndkey1,$inout5); + &movdqu (&QWP(-16*1,$out,$inp),$inout5); + &cmp ($inp,$len); # done yet? +- &jb (&label("grandloop")); ++ &jbe (&label("grandloop")); + + &set_label("short"); + &add ($len,16*6); +-- +2.27.0 + diff --git a/linux-sgx.spec b/linux-sgx.spec index f2fb8a703c62452521e0112adab4ee23d38633e1..ddd24cb86e2ff774ef2ab27abd113effc03be3aa 100644 --- a/linux-sgx.spec +++ b/linux-sgx.spec @@ -1,6 +1,6 @@ Name: linux-sgx Version: 2.11.100 -Release: 10 +Release: 11 Summary: Intel(R) Software Guard Extensions for Linux* OS ExclusiveArch: x86_64 License: BSD-3-Clause @@ -18,6 +18,12 @@ Source9: https://download.01.org/intel-sgx/sgx-dcap/1.8/linux/prebuilt_dc Patch0: 0001-fix-error-for-openeuler-building.patch Patch1: 0001-fix-building-error-for-systemd.patch +Patch2: adapt-openssl-CVE.patch +Patch3: backport-CVE-2022-0778.patch +Patch4: backport-CVE-2022-0778_test.patch +Patch5: backport-CVE-2022-1292.patch +Patch6: backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch +Patch7: backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch BuildRequires: gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl-devel cmake python curl-devel createrepo_c git @@ -250,10 +256,18 @@ Intel(R) Software Guard Extensions Registration Agent Service %%setup -q -D -a 2 -n linux-sgx-sgx_2.11/external/openmp/openmp_code %%setup -q -D -a 3 -n linux-sgx-sgx_2.11/external/dnnl/dnnl %%setup -q -D -a 4 -n linux-sgx-sgx_2.11/external/ippcp_internal/ipp-crypto/ +%%setup -q -D -a 7 -n linux-sgx-sgx_2.11/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/ +%%setup -q -D -a 8 -n linux-sgx-sgx_2.11/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source %%setup -q -D -a 5 -n linux-sgx-sgx_2.11 %%setup -q -D -a 6 -n linux-sgx-sgx_2.11 %%patch0 -p1 %%patch1 -p1 +%%patch2 -p1 +%%patch3 -p1 +%%patch4 -p1 +%%patch5 -p1 +%%patch6 -p1 +%%patch7 -p1 %build cp %{SOURCE7} %{SOURCE8} %{SOURCE9} ./ @@ -919,6 +933,9 @@ fi %files -n sgx-ra-service -f %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service %changelog +* Sat Sep 03 2022 wangyu - 2.11.100-11 +- Fix CVE-2022-2068 CVE-2022-0778 CVE-2022-1292 CVE-2022-2097 + * Wed Sep 8 2021 wangcheng - 2.11.100-10 - rebuild sgxsdk install package