From 8bc232b14624b7af01801d7940b7dec59b3ae47d Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 23 Mar 2023 15:31:25 +0000
Subject: [PATCH] Updated CHANGES and NEWS for CVE-2023-0465

Also updated the entries for CVE-2023-0464

Related-to: CVE-2023-0465

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20588)
---
 CHANGES | 9 ++++++++-
 NEWS    | 4 +++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 17caf6775bfe..efccf7838e65 100644
--- CHANGES.orig
+++ CHANGES
@@ -9,12 +9,19 @@
 
  Changes between 1.1.1t and 1.1.1u [xx XXX xxxx]
 
+  *) Fixed an issue where invalid certificate policies in leaf certificates are
+     silently ignored by OpenSSL and other certificate policy checks are skipped
+     for that certificate. A malicious CA could use this to deliberately assert
+     invalid certificate policies in order to circumvent policy checking on the
+     certificate altogether. (CVE-2023-0465)
+     [Matt Caswell]
+
   *) Limited the number of nodes created in a policy tree to mitigate
      against CVE-2023-0464.  The default limit is set to 1000 nodes, which
      should be sufficient for most installations.  If required, the limit
      can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build
      time define to a desired maximum number of nodes or zero to allow
-     unlimited growth.
+     unlimited growth. (CVE-2023-0464)
      [Paul Dale]
 
  Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
diff --git a/NEWS b/NEWS
index 8a18516d8609..36a9bb6890bf 100644
--- NEWS.orig
+++ NEWS
@@ -7,7 +7,9 @@
 
   Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [under development]
 
-      o
+      o Fixed handling of invalid certificate policies in leaf certificates
+        (CVE-2023-0465)
+      o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
 
   Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
 
From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 7 Mar 2023 16:52:55 +0000
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
 certs

Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.

Fixes: CVE-2023-0465

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20588)
---
 crypto/x509/x509_vfy.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 925fbb541258..1dfe4f9f31a5 100644
--- crypto/x509/x509_vfy.c.orig
+++ crypto/x509/x509_vfy.c
@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
     }
     /* Invalid or inconsistent extensions */
     if (ret == X509_PCY_TREE_INVALID) {
-        int i;
+        int i, cbcalled = 0;
 
         /* Locate certificates with bad extensions and notify callback. */
-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
             X509 *x = sk_X509_value(ctx->chain, i);
 
             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
                 continue;
+            cbcalled = 1;
             if (!verify_cb_cert(ctx, x, i,
                                 X509_V_ERR_INVALID_POLICY_EXTENSION))
                 return 0;
         }
+        if (!cbcalled) {
+            /* Should not be able to get here */
+            X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /* The callback ignored the error so we return success */
         return 1;
     }
     if (ret == X509_PCY_TREE_FAILURE) {
