-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-SA-21:17.openssl                                    Security Advisory
                                                          The FreeBSD Project

Topic:          Multiple vulnerabilities in OpenSSL

Category:       contrib
Module:         openssl
Announced:      2021-08-24
Affects:        FreeBSD 12.2 and FreeBSD 11.4
Corrected:      2021-02-18 23:55:09 UTC (stable/12, 12.2-STABLE)
                2021-08-24 18:32:22 UTC (releng/12.2, 12.2-RELEASE-p10)
                2021-02-19 16:21:03 UTC (stable/11, 11.4-STABLE)
                2021-08-24 18:31:34 UTC (releng/11.4, 11.4-RELEASE-p13)
CVE Name:       CVE-2021-23840, CVE-2021-23841

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.

I.   Background

FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol.  It is
also a general-purpose cryptography library.

II.  Problem Description

This advisory covers two distinct OpenSSL issues:

Calls to EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate()
may overflow the output length argument in some cases where the input
length is close to the maximum permissable length for an integer on the
platform.  In such cases the return value from the function call will be
1 (indicating success), but the output length value will be negative.
[CVE-2021-23840]

The OpenSSL public API function X509_issuer_and_serial_hash() attempts
to create a unique hash value based on the issuer and serial number data
contained within an X509 certificate.  However it fails to correctly
handle any errors that may occur while parsing the issuer field (which
might occur if the issuer field is maliciously constructed).
[CVE-2021-23841]

III. Impact

The integer overflow in EVP_*Update() could cause applications to behave
incorrectly or crash leading to a potential denial of service attack.

The X509_issuer_and_serial_hash() issue may result in a NULL pointer
dereference and a crash leading to a potential denial of service attack.

IV.  Workaround

No workaround is available.

The function X509_issuer_and_serial_hash() is never directly called by
OpenSSL itself so applications are only vulnerable if they use this
function directly and they use it on certificates that may have been
obtained from untrusted sources.

V.   Solution

Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.

Perform one of the following:

1) To update your vulnerable system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

[FreeBSD 12.2]
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch.asc
# gpg --verify openssl.12.patch.asc

[FreeBSD 11.4]
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch
# fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch.asc
# gpg --verify openssl.11.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

Restart all daemons that use the library, or reboot the system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/12/                                                        r369284
releng/12.2/                                                      r370397
stable/11/                                                        r369299
releng/11.4/                                                      r370389
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

<URL:https://www.openssl.org/news/secadv/20210216.txt>

<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23841>

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:17.openssl.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n
5cIngA/9Hncs91cNHSVTuvNvrATmpxpnCyiphivR297oiDKRCOoHxA7W8AAigSQH
gNM8XGZ8aANmoGfh7M86V5Dvlq0qeRn0Pe8cEus53OumEqpbSkMu97ftv7gFkM/S
+uEEoNA+pK/lrupQQ7gAHwWbzaNumJwGXpH/FLh865TjngvI2hFW41TfMxHQvymf
tAIzRdg/QYASnXTXBn56ad0i34v+/Z4Cz6XFJ4bBkqPJpiCvzJPWB37CSxw1D6YM
4w5yBhu7db1VJKLP89/YnRnsB4ryOE5cCGtg086pa2DdacB63XTEgc/m90UtfHYl
Dk6LVr79SqFPDRukNCTBozcwkHr8aKSg1eR4o2vV3yfq5OUhHmCA9FXstyxXPYe+
DjtSG8X9m/XKiz4Eok2EIv3PwBT29M3lVnKG20kvpxoguOUTg4VLtyyDIZxKmNpY
XC3OAmUViDS9iEA8uqKjUEt5YEsNvs6qIKasZHdznST04nuEimIiMUOD57odwL7M
rAeJu4GBPHJqNQsfFPRddjrVimnUtGHFDW5r4JtqPP5sZZCIBplWuMzay875EYCL
amYGuewZhsacUSgUktsFPrM9z8rd24k86IPn3PEIwsVbubDDz40Q1/v1McgquZ0n
boUnhYSRG5qVgOItsikahk1OpQMQhsXDRo6RotGdl90pqdngNjQ=
=T3/+
-----END PGP SIGNATURE-----