botan: patch CVE-2022-43705

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-43705 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-10-05 14:38:47 +02:00
parent bf9fc50ccc
commit 6c5e7ee581
5 changed files with 207 additions and 1 deletions
@@ -0,0 +1,31 @@
+From 6eb071078e35a6a29e3a27fb91d9449b25f1bbcc Mon Sep 17 00:00:00 2001
+From: Rene Meusel <rene.meusel@rohde-schwarz.com>
+Date: Wed, 21 Sep 2022 14:00:26 +0200
+Subject: [PATCH] add Certificate_Store_In_Memory c'tor that takes a vector of
+ certs
+
+CVE: CVE-2022-43705
+Upstream-Status: Backport [https://github.com/randombit/botan/commit/5d8d9fbf75c8b814ea609161bee525d520f5cb57]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/x509/certstor.h | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/lib/x509/certstor.h b/src/lib/x509/certstor.h
+index 6901589..165c414 100644
+--- a/src/lib/x509/certstor.h
+++ b/src/lib/x509/certstor.h
+@@ -95,6 +95,12 @@ class BOTAN_PUBLIC_API(2,0) Certificate_Store_In_Memory final : public Certifica
+       */
+       explicit Certificate_Store_In_Memory(const X509_Certificate& cert);
+ 
+      /**
+      * Adds given certificate list to the store.
+      */
+      explicit Certificate_Store_In_Memory(std::vector<std::shared_ptr<const X509_Certificate>> certs)
+         : m_certs(std::move(certs)) {}
+
+       /**
+       * Create an empty store.
+       */
@@ -0,0 +1,36 @@
+From 48947029f72e2091dfbaaa5e3576d98eb7d6c34e Mon Sep 17 00:00:00 2001
+From: Rene Meusel <rene.meusel@rohde-schwarz.com>
+Date: Tue, 20 Sep 2022 17:20:52 +0200
+Subject: [PATCH] FIX: intermediates can sign their own OCSP responses
+
+Before it was possible that intermediates signed their
+own OCSP responses. I.e a compromised intermediate
+certificate allowed the attacker to sign OCSP responses
+for this very certificate.
+
+CVE: CVE-2022-43705
+Upstream-Status: Backport [https://github.com/randombit/botan/commit/1829ef9d89614da1eacdf511356bdf98a970f5f5]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/x509/x509path.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
+index b5cdc27..37de6d8 100644
+--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
+@@ -234,7 +234,12 @@ PKIX::check_ocsp(const std::vector<std::shared_ptr<const X509_Certificate>>& cer
+          {
+          try
+             {
+-            Certificate_Status_Code ocsp_signature_status = ocsp_responses.at(i)->check_signature(trusted_certstores, cert_path);
+            // When verifying intermediate certificates we need to truncate the
+            // cert_path so that the intermediate under investigation becomes the
+            // last certificate in the chain.
+            auto ocsp_cert_path = cert_path;
+            ocsp_cert_path.erase(ocsp_cert_path.begin(), ocsp_cert_path.begin()+i);
+            Certificate_Status_Code ocsp_signature_status = ocsp_responses.at(i)->check_signature(trusted_certstores, ocsp_cert_path);
+ 
+             if(ocsp_signature_status == Certificate_Status_Code::OCSP_SIGNATURE_OK)
+                {
@@ -0,0 +1,106 @@
+From 3f8c9705168518c9b436c23e6d13796d683e5391 Mon Sep 17 00:00:00 2001
+From: Rene Meusel <rene.meusel@rohde-schwarz.com>
+Date: Wed, 21 Sep 2022 14:14:02 +0200
+Subject: [PATCH] FIX: missing validation of authority of delegation responder
+ cert
+
+When a responder does not sign their responses with the same CA that
+issued the certificate in question, they typically add their
+'delegation certificate' as a stapled certificate path to the response.
+So far, these delegation certificates were not checked for their
+legitimate authority to sign responses for the CA.
+
+CVE: CVE-2022-43705
+Upstream-Status: Backport [https://github.com/randombit/botan/commit/991b0159282781f2d5c06ff42a9ff00ee563e96b]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/x509/ocsp.cpp | 68 ++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 67 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/x509/ocsp.cpp b/src/lib/x509/ocsp.cpp
+index 1ca8232..fc952f6 100644
+--- a/src/lib/x509/ocsp.cpp
+++ b/src/lib/x509/ocsp.cpp
+@@ -241,7 +241,6 @@ Certificate_Status_Code Response::check_signature(const std::vector<Certificate_
+       {
+       for(size_t i = 0; i < m_certs.size(); ++i)
+          {
+-         // Check all CA certificates in the (assumed validated) EE cert path
+          if(!m_signer_name.empty() && m_certs[i].subject_dn() == m_signer_name)
+             {
+             signing_cert = std::make_shared<const X509_Certificate>(m_certs[i]);
+@@ -254,6 +253,73 @@ Certificate_Status_Code Response::check_signature(const std::vector<Certificate_
+             break;
+             }
+          }
+
+      // RFC 6960 4.2.2.2
+      //    OCSP signing delegation SHALL be designated by the inclusion of
+      //    id-kp-OCSPSigning in an extended key usage certificate extension
+      //    included in the OCSP response signer's certificate. This certificate
+      //    MUST be issued directly by the CA that is identified in the request.
+      //
+      //    The CA SHOULD use the same issuing key to issue a delegation
+      //    certificate as that used to sign the certificate being checked for
+      //    revocation.  Systems relying on OCSP responses MUST recognize a
+      //    delegation certificate as being issued by the CA that issued the
+      //    certificate in question only if the delegation certificate and the
+      //    certificate being checked for revocation were signed by the same key.
+      //
+      // I.e. it is safe to assume that the certificate's issuer also signed the
+      // responder's certificate.
+      //
+      // Note: The 'SHOULD' in the second paragraph above allows for backward
+      //       compatibility to RFC 2560 that is "strongly discouraged". This
+      //       implementation explicitly _does not_ implement this backward
+      //       compatibility.
+      if(signing_cert)
+         {
+         const auto issuer =
+            Certificate_Store_In_Memory(ee_cert_path)
+               .find_cert(signing_cert->issuer_dn(), signing_cert->authority_key_id());
+
+         // User did not provide the certificate path to verify the delegation
+         if(!issuer)
+            {
+            return Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND;
+            }
+
+         if(!issuer->is_CA_cert())
+            {
+            return Certificate_Status_Code::OCSP_ISSUER_NOT_FOUND;
+            }
+
+         // Sub-optimal fix for a vulnerability found in Botan 2.19.2 and older.
+         //
+         // This certificate validation is incomplete. Missing checks:
+         //  * validity check against the reference time
+         //  * revocation status check of the responder certificate
+         //  * certificate extension validations
+         //  * ... potentially more
+         //
+         // A more comprehensive validation will be introduced with Botan 3.0
+         try
+            {
+            const auto issuer_pubkey = issuer->load_subject_public_key();
+            const auto sig = signing_cert->verify_signature(*issuer_pubkey);
+
+            if(sig != Certificate_Status_Code::VERIFIED)
+               {
+               return Certificate_Status_Code::OCSP_SIGNATURE_ERROR;
+               }
+
+            if(!signing_cert->has_ex_constraint(OID::from_string("PKIX.OCSPSigning")))
+               {
+               return Certificate_Status_Code::OCSP_RESPONSE_MISSING_KEYUSAGE;
+               }
+            }
+         catch(const Exception& ex)
+            {
+            return Certificate_Status_Code::OCSP_SIGNATURE_ERROR;
+            }
+         }
+       }
+ 
+    if(!signing_cert)
@@ -0,0 +1,28 @@
+From 18e7dc2e81429e1ac4e69cbe0b530bf707d38d94 Mon Sep 17 00:00:00 2001
+From: Rene Meusel <rene.meusel@rohde-schwarz.com>
+Date: Thu, 3 Nov 2022 09:27:20 +0100
+Subject: [PATCH] review comments
+
+CVE: CVE-2022-43705
+Upstream-Status: Backport [https://github.com/randombit/botan/commit/a33689613127f319c0047fb96f092de16e7cb350]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ src/lib/x509/x509path.cpp    |  3 +--
+ src/tests/test_x509_path.cpp | 12 +++++-------
+ 2 files changed, 6 insertions(+), 9 deletions(-)
+
+diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
+index 37de6d8..6f3159a 100644
+--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
+@@ -237,8 +237,7 @@ PKIX::check_ocsp(const std::vector<std::shared_ptr<const X509_Certificate>>& cer
+             // When verifying intermediate certificates we need to truncate the
+             // cert_path so that the intermediate under investigation becomes the
+             // last certificate in the chain.
+-            auto ocsp_cert_path = cert_path;
+-            ocsp_cert_path.erase(ocsp_cert_path.begin(), ocsp_cert_path.begin()+i);
+            std::vector<std::shared_ptr<const X509_Certificate>> ocsp_cert_path(cert_path.begin() + i, cert_path.end());
+             Certificate_Status_Code ocsp_signature_status = ocsp_responses.at(i)->check_signature(trusted_certstores, ocsp_cert_path);
+ 
+             if(ocsp_signature_status == Certificate_Status_Code::OCSP_SIGNATURE_OK)
@@ -4,7 +4,12 @@ LICENSE = "BSD-2-Clause"
 LIC_FILES_CHKSUM = "file://license.txt;md5=f4ce98476c07c34e1793daa036960fad"
 SECTION = "libs"

-SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz"
+SRC_URI = "https://botan.randombit.net/releases/Botan-${PV}.tar.xz \
+           file://0001-add-Certificate_Store_In_Memory-c-tor-that-takes-a-v.patch \
+           file://0002-FIX-intermediates-can-sign-their-own-OCSP-responses.patch \
+           file://0003-FIX-missing-validation-of-authority-of-delegation-re.patch \
+           file://0004-review-comments.patch \
+           "
 SRC_URI[sha256sum] = "e26e00cfefda64082afdd540d3c537924f645d6a674afed2cd171005deff5560"

 S = "${WORKDIR}/Botan-${PV}"