diff -Nru openssl-1.1.1f/debian/changelog openssl-1.1.1f/debian/changelog --- openssl-1.1.1f/debian/changelog 2020-04-03 17:31:00.000000000 +0000 +++ openssl-1.1.1f/debian/changelog 2020-04-20 11:53:50.000000000 +0000 @@ -1,3 +1,18 @@ +openssl (1.1.1f-1ubuntu2) focal; urgency=medium + + * SECURITY UPDATE: Segmentation fault in SSL_check_chain + - debian/patches/CVE-2020-1967-1.patch: add test for CVE-2020-1967 in + test/recipes/70-test_sslsigalgs.t. + - debian/patches/CVE-2020-1967-2.patch: fix NULL dereference in + SSL_check_chain() for TLS 1.3 in ssl/t1_lib.c. + - debian/patches/CVE-2020-1967-3.patch: fix test in + test/recipes/70-test_sslsigalgs.t. + - debian/patches/CVE-2020-1967-4.patch: fix test in + test/recipes/70-test_sslsigalgs.t. + - CVE-2020-1967 + + -- Marc Deslauriers Mon, 20 Apr 2020 07:53:50 -0400 + openssl (1.1.1f-1ubuntu1) focal; urgency=low * Merge from Debian unstable. Remaining changes: diff -Nru openssl-1.1.1f/debian/patches/CVE-2020-1967-1.patch openssl-1.1.1f/debian/patches/CVE-2020-1967-1.patch --- openssl-1.1.1f/debian/patches/CVE-2020-1967-1.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.1f/debian/patches/CVE-2020-1967-1.patch 2020-04-20 11:53:36.000000000 +0000 @@ -0,0 +1,113 @@ +From 540e4c35c534a5a12688beb707fee9e16a6a34fa Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk +Date: Fri, 10 Apr 2020 12:27:28 -0700 +Subject: [PATCH] Add test for CVE-2020-1967 + +Add to test_sslsigalgs a TLSProxy test that injects a +"signature_algorithms_cert" extension that contains an unallocated +codepoint. + +The test currently fails, since s_server segfaults instead of +ignoring the unrecognized value. + +Since "signature_algorithms" and "signature_algorithms_cert" are very +similar, also add the analogous test for "signature_algorithms". +--- + test/recipes/70-test_sslsigalgs.t | 66 ++++++++++++++++++++++++++++++- + 1 file changed, 64 insertions(+), 2 deletions(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index b3339ff59f..1a6390a3e9 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -44,7 +44,9 @@ use constant { + COMPAT_SIGALGS => 6, + SIGALGS_CERT_ALL => 7, + SIGALGS_CERT_PKCS => 8, +- SIGALGS_CERT_INVALID => 9 ++ SIGALGS_CERT_INVALID => 9, ++ UNRECOGNIZED_SIGALGS_CERT => 4, ++ UNRECOGNIZED_SIGALG => 5 + }; + + #Note: Throughout this test we override the default ciphersuites where TLSv1.2 +@@ -53,7 +55,7 @@ use constant { + + #Test 1: Default sig algs should succeed + $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; +-plan tests => 24; ++plan tests => 26; + ok(TLSProxy::Message->success, "Default sigalgs"); + my $testtype; + +@@ -282,6 +284,39 @@ SKIP: { + ok(TLSProxy::Message->fail, "No matching certificate for sigalgs_cert"); + } + ++SKIP: { ++ skip "TLS 1.3 disabled", 2 if disabled("tls1_3"); ++ #Test 25: Send an unrecognized signature_algorithms_cert ++ # We should be able to skip over the unrecognized value and use a ++ # valid one that appears later in the list. ++ $proxy->clear(); ++ $proxy->filter(\&inject_unrecognized_sigalg); ++ $proxy->clientflags("-tls1_3"); ++ # Use -xcert to get SSL_check_chain() to run in the cert_cb. This is ++ # needed to trigger (e.g.) CVE-2020-1967 ++ $proxy->serverflags("" . ++ " -xcert " . srctop_file("test", "certs", "servercert.pem") . ++ " -xkey " . srctop_file("test", "certs", "serverkey.pem") . ++ " -xchain " . srctop_file("test", "certs", "rootcert.pem")); ++ $testtype = UNRECOGNIZED_SIGALGS_CERT; ++ $proxy->start(); ++ ok(TLSProxy::Message->success(), "Unrecognized sigalg_cert in ClientHello"); ++ ++ #Test 26: Send an unrecognized signature_algorithms ++ # We should be able to skip over the unrecognized value and use a ++ # valid one that appears later in the list. ++ $proxy->clear(); ++ $proxy->filter(\&inject_unrecognized_sigalg); ++ $proxy->clientflags("-tls1_3"); ++ $proxy->serverflags("" . ++ " -xcert " . srctop_file("test", "certs", "servercert.pem") . ++ " -xkey " . srctop_file("test", "certs", "serverkey.pem") . ++ " -xchain " . srctop_file("test", "certs", "rootcert.pem")); ++ $testtype = UNRECOGNIZED_SIGALG; ++ $proxy->start(); ++ ok(TLSProxy::Message->success(), "Unrecognized sigalg in ClientHello"); ++} ++ + + + sub sigalgs_filter +@@ -427,3 +462,30 @@ sub modify_cert_verify_sigalg + } + } + } ++ ++sub inject_unrecognized_sigalg ++{ ++ my $proxy = shift; ++ my $type; ++ ++ # We're only interested in the initial ClientHello ++ if ($proxy->flight != 0) { ++ return; ++ } ++ if ($testtype == UNRECOGNIZED_SIGALGS_CERT) { ++ $type = TLSProxy::Message::EXT_SIG_ALGS_CERT; ++ } elsif ($testtype == UNRECOGNIZED_SIGALG) { ++ $type = TLSProxy::Message::EXT_SIG_ALGS; ++ } else { ++ return; ++ } ++ ++ my $ext = pack "C8", ++ 0x00, 0x06, #Extension length ++ 0x18, 0x18, #unallocated ++ 0x04, 0x01, #rsa_pkcs1_sha256 ++ 0x08, 0x04; #rsa_pss_rsae_sha256; ++ my $message = ${$proxy->message_list}[0]; ++ $message->set_extension($type, $ext); ++ $message->repack; ++} diff -Nru openssl-1.1.1f/debian/patches/CVE-2020-1967-2.patch openssl-1.1.1f/debian/patches/CVE-2020-1967-2.patch --- openssl-1.1.1f/debian/patches/CVE-2020-1967-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.1f/debian/patches/CVE-2020-1967-2.patch 2020-04-20 11:53:40.000000000 +0000 @@ -0,0 +1,43 @@ +From fda4b40dacd47859c0760b62572af761e8e5ed74 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk +Date: Fri, 10 Apr 2020 12:27:28 -0700 +Subject: [PATCH] Fix NULL dereference in SSL_check_chain() for TLS 1.3 + +In the tls1_check_sig_alg() helper function, we loop through the list of +"signature_algorithms_cert" values received from the client and attempt +to look up each one in turn in our internal table that maps wire +codepoint to string-form name, digest and/or signature NID, etc., in +order to compare the signature scheme from the peer's list against what +is used to sign the certificates in the certificate chain we're +checking. Unfortunately, when the peer sends a value that we don't +support, the lookup returns NULL, but we unconditionally dereference the +lookup result for the comparison, leading to an application crash +triggerable by an unauthenticated client. + +Since we will not be able to say anything about algorithms we don't +recognize, treat NULL return from lookup as "does not match". + +We currently only apply the "signature_algorithm_cert" checks on TLS 1.3 +connections, so previous TLS versions are unaffected. SSL_check_chain() +is not called directly from libssl, but may be used by the application +inside a callback (e.g., client_hello or cert callback) to verify that a +candidate certificate chain will be acceptable to the client. + +CVE-2020-1967 +--- + ssl/t1_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index a254fd5a05..76b4baa388 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2130,7 +2130,7 @@ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) + sigalg = use_pc_sigalgs + ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]) + : s->shared_sigalgs[i]; +- if (sig_nid == sigalg->sigandhash) ++ if (sigalg != NULL && sig_nid == sigalg->sigandhash) + return 1; + } + return 0; diff -Nru openssl-1.1.1f/debian/patches/CVE-2020-1967-3.patch openssl-1.1.1f/debian/patches/CVE-2020-1967-3.patch --- openssl-1.1.1f/debian/patches/CVE-2020-1967-3.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.1f/debian/patches/CVE-2020-1967-3.patch 2020-04-20 11:53:44.000000000 +0000 @@ -0,0 +1,24 @@ +From f420c25bb7d0c198b4b080fce203f6d707e9c86c Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk +Date: Tue, 14 Apr 2020 08:58:20 -0700 +Subject: [PATCH] fixup! Add test for CVE-2020-1967 + +--- + test/recipes/70-test_sslsigalgs.t | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index 1a6390a3e9..e3bc7b5534 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -45,8 +45,8 @@ use constant { + SIGALGS_CERT_ALL => 7, + SIGALGS_CERT_PKCS => 8, + SIGALGS_CERT_INVALID => 9, +- UNRECOGNIZED_SIGALGS_CERT => 4, +- UNRECOGNIZED_SIGALG => 5 ++ UNRECOGNIZED_SIGALGS_CERT => 10, ++ UNRECOGNIZED_SIGALG => 11 + }; + + #Note: Throughout this test we override the default ciphersuites where TLSv1.2 diff -Nru openssl-1.1.1f/debian/patches/CVE-2020-1967-4.patch openssl-1.1.1f/debian/patches/CVE-2020-1967-4.patch --- openssl-1.1.1f/debian/patches/CVE-2020-1967-4.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-1.1.1f/debian/patches/CVE-2020-1967-4.patch 2020-04-20 11:53:47.000000000 +0000 @@ -0,0 +1,22 @@ +From c3a639fb591815604c512b34b83f0c285bdb6aa3 Mon Sep 17 00:00:00 2001 +From: Benjamin Kaduk +Date: Wed, 15 Apr 2020 14:44:42 -0700 +Subject: [PATCH] fixup! Add test for CVE-2020-1967 + +--- + test/recipes/70-test_sslsigalgs.t | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t +index e3bc7b5534..9ea9d05219 100644 +--- a/test/recipes/70-test_sslsigalgs.t ++++ b/test/recipes/70-test_sslsigalgs.t +@@ -482,7 +482,7 @@ sub inject_unrecognized_sigalg + + my $ext = pack "C8", + 0x00, 0x06, #Extension length +- 0x18, 0x18, #unallocated ++ 0xfe, 0x18, #private use + 0x04, 0x01, #rsa_pkcs1_sha256 + 0x08, 0x04; #rsa_pss_rsae_sha256; + my $message = ${$proxy->message_list}[0]; diff -Nru openssl-1.1.1f/debian/patches/series openssl-1.1.1f/debian/patches/series --- openssl-1.1.1f/debian/patches/series 2020-04-03 17:31:00.000000000 +0000 +++ openssl-1.1.1f/debian/patches/series 2020-04-20 11:53:47.000000000 +0000 @@ -35,3 +35,7 @@ # Ubuntu patches tests-use-seclevel-1.patch tls1.2-min-seclevel2.patch +CVE-2020-1967-1.patch +CVE-2020-1967-2.patch +CVE-2020-1967-3.patch +CVE-2020-1967-4.patch