From 546f90ca6dd4f1f91eb625128493ff3dd5f4ff49 Mon Sep 17 00:00:00 2001 From: liuluobin Date: Tue, 26 Oct 2021 15:49:26 +0800 Subject: [PATCH] Patch CVE-2021-3711 and CVE-2021-3712 for openssl --- cmake/external_libs/openssl.cmake | 12 ++- mindspore/lite/CMakeLists.txt | 1 + third_party/patch/openssl/CVE-2021-3711.patch | 81 +++++++++++++++++++ third_party/patch/openssl/CVE-2021-3712.patch | 17 ++++ 4 files changed, 110 insertions(+), 1 deletion(-) create mode 100644 third_party/patch/openssl/CVE-2021-3711.patch create mode 100644 third_party/patch/openssl/CVE-2021-3712.patch diff --git a/cmake/external_libs/openssl.cmake b/cmake/external_libs/openssl.cmake index 470017364d6..ff174ec9afd 100644 --- a/cmake/external_libs/openssl.cmake +++ b/cmake/external_libs/openssl.cmake @@ -5,13 +5,23 @@ else() set(REQ_URL "https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1k.tar.gz") set(MD5 "bdd51a68ad74618dd2519da8e0bcc759") endif() + +if(BUILD_LITE) + set(OPENSSL_PATCH_ROOT ${TOP_DIR}/third_party/patch/openssl) +else() + set(OPENSSL_PATCH_ROOT ${CMAKE_SOURCE_DIR}/third_party/patch/openssl) +endif() + if(${CMAKE_SYSTEM_NAME} MATCHES "Linux") mindspore_add_pkg(openssl VER 1.1.1k LIBS ssl crypto URL ${REQ_URL} MD5 ${MD5} - CONFIGURE_COMMAND ./config no-zlib no-shared) + CONFIGURE_COMMAND ./config no-zlib no-shared + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3711.patch + PATCHES ${OPENSSL_PATCH_ROOT}/CVE-2021-3712.patch + ) include_directories(${openssl_INC}) add_library(mindspore::ssl ALIAS openssl::ssl) add_library(mindspore::crypto ALIAS openssl::crypto) diff --git a/mindspore/lite/CMakeLists.txt b/mindspore/lite/CMakeLists.txt index ff223f9abbf..0366cd4644f 100644 --- a/mindspore/lite/CMakeLists.txt +++ b/mindspore/lite/CMakeLists.txt @@ -446,6 +446,7 @@ if(MSLITE_ENABLE_CONVERTER) include(${TOP_DIR}/cmake/external_libs/eigen.cmake) include(${TOP_DIR}/cmake/external_libs/protobuf.cmake) if(MSLITE_ENABLE_MODEL_ENCRYPTION) + find_package(Patch) include(${TOP_DIR}/cmake/external_libs/openssl.cmake) endif() add_subdirectory(${CMAKE_CURRENT_SOURCE_DIR}/tools/converter) diff --git a/third_party/patch/openssl/CVE-2021-3711.patch b/third_party/patch/openssl/CVE-2021-3711.patch new file mode 100644 index 00000000000..790e10f8807 --- /dev/null +++ b/third_party/patch/openssl/CVE-2021-3711.patch @@ -0,0 +1,81 @@ +diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c +index ef505f6441..1188abfc6b 100644 +--- a/crypto/sm2/sm2_crypt.c ++++ b/crypto/sm2/sm2_crypt.c +@@ -61,29 +61,20 @@ static size_t ec_field_size(const EC_GROUP *group) + return field_size; + } + +-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, +- size_t *pt_size) ++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size) + { +- const size_t field_size = ec_field_size(EC_KEY_get0_group(key)); +- const int md_size = EVP_MD_size(digest); +- size_t overhead; ++ struct SM2_Ciphertext_st *sm2_ctext = NULL; + +- if (md_size < 0) { +- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_DIGEST); +- return 0; +- } +- if (field_size == 0) { +- SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_FIELD); +- return 0; +- } ++ sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size); + +- overhead = 10 + 2 * field_size + (size_t)md_size; +- if (msg_len <= overhead) { ++ if (sm2_ctext == NULL) { + SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING); + return 0; + } + +- *pt_size = msg_len - overhead; ++ *pt_size = sm2_ctext->C2->length; ++ SM2_Ciphertext_free(sm2_ctext); ++ + return 1; + } + +diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c +index b42a14c32f..27025fbf3a 100644 +--- a/crypto/sm2/sm2_pmeth.c ++++ b/crypto/sm2/sm2_pmeth.c +@@ -151,7 +151,7 @@ static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx, + const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md; + + if (out == NULL) { +- if (!sm2_plaintext_size(ec, md, inlen, outlen)) ++ if (!sm2_plaintext_size(in, inlen, outlen)) + return -1; + else + return 1; +diff --git a/include/crypto/sm2.h b/include/crypto/sm2.h +index 76ee80baff..50851a83ce 100644 +--- a/include/crypto/sm2.h ++++ b/include/crypto/sm2.h +@@ -60,8 +60,7 @@ int sm2_verify(const unsigned char *dgst, int dgstlen, + int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, + size_t *ct_size); + +-int sm2_plaintext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len, +- size_t *pt_size); ++int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size); + + int sm2_encrypt(const EC_KEY *key, + const EVP_MD *digest, +diff --git a/test/sm2_internal_test.c b/test/sm2_internal_test.c +index 2bb73947ff..41827bb82f 100644 +--- a/test/sm2_internal_test.c ++++ b/test/sm2_internal_test.c +@@ -185,7 +185,7 @@ static int test_sm2_crypt(const EC_GROUP *group, + if (!TEST_mem_eq(ctext, ctext_len, expected, ctext_len)) + goto done; + +- if (!TEST_true(sm2_plaintext_size(key, digest, ctext_len, &ptext_len)) ++ if (!TEST_true(sm2_plaintext_size(ctext, ctext_len, &ptext_len)) + || !TEST_int_eq(ptext_len, msg_len)) + goto done; + diff --git a/third_party/patch/openssl/CVE-2021-3712.patch b/third_party/patch/openssl/CVE-2021-3712.patch new file mode 100644 index 00000000000..1e07534d00a --- /dev/null +++ b/third_party/patch/openssl/CVE-2021-3712.patch @@ -0,0 +1,17 @@ +diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c +index 7b7c75ce84..e497a25909 100644 +--- a/crypto/ec/ec_asn1.c ++++ b/crypto/ec/ec_asn1.c +@@ -761,7 +761,10 @@ EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params) + ret->seed_len = params->curve->seed->length; + } + +- if (!params->order || !params->base || !params->base->data) { ++ if (params->order == NULL ++ || params->base == NULL ++ || params->base->data == NULL ++ || params->base->length == 0) { + ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR); + goto err; + } +