Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,11 +1,13 @@
|
|||||||
diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
|
diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
|
||||||
--- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100
|
--- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100
|
||||||
+++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200
|
+++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200
|
||||||
@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
|
@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori
|
||||||
#ifndef OPENSSL_NO_SRP
|
#ifndef OPENSSL_NO_SRP
|
||||||
static int init_srp(SSL *s, unsigned int context);
|
static int init_srp(SSL *s, unsigned int context);
|
||||||
#endif
|
#endif
|
||||||
|
+#ifndef OPENSSL_NO_EC
|
||||||
+static int init_ec_point_formats(SSL *s, unsigned int context);
|
+static int init_ec_point_formats(SSL *s, unsigned int context);
|
||||||
|
+#endif
|
||||||
static int init_etm(SSL *s, unsigned int context);
|
static int init_etm(SSL *s, unsigned int context);
|
||||||
static int init_ems(SSL *s, unsigned int context);
|
static int init_ems(SSL *s, unsigned int context);
|
||||||
static int final_ems(SSL *s, unsigned int context, int sent);
|
static int final_ems(SSL *s, unsigned int context, int sent);
|
||||||
@ -18,10 +20,11 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
|
|||||||
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
|
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
|
||||||
final_ec_pt_formats
|
final_ec_pt_formats
|
||||||
},
|
},
|
||||||
@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
|
@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
+#ifndef OPENSSL_NO_EC
|
||||||
+static int init_ec_point_formats(SSL *s, unsigned int context)
|
+static int init_ec_point_formats(SSL *s, unsigned int context)
|
||||||
+{
|
+{
|
||||||
+ OPENSSL_free(s->ext.peer_ecpointformats);
|
+ OPENSSL_free(s->ext.peer_ecpointformats);
|
||||||
@ -30,6 +33,7 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
|
|||||||
+
|
+
|
||||||
+ return 1;
|
+ return 1;
|
||||||
+}
|
+}
|
||||||
|
+#endif
|
||||||
+
|
+
|
||||||
static int init_etm(SSL *s, unsigned int context)
|
static int init_etm(SSL *s, unsigned int context)
|
||||||
{
|
{
|
||||||
|
@ -1,127 +0,0 @@
|
|||||||
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Thu, 6 Jul 2023 16:36:35 +0100
|
|
||||||
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
|
|
||||||
|
|
||||||
The DH_check() function checks numerous aspects of the key or parameters
|
|
||||||
that have been supplied. Some of those checks use the supplied modulus
|
|
||||||
value even if it is excessively large.
|
|
||||||
|
|
||||||
There is already a maximum DH modulus size (10,000 bits) over which
|
|
||||||
OpenSSL will not generate or derive keys. DH_check() will however still
|
|
||||||
perform various tests for validity on such a large modulus. We introduce a
|
|
||||||
new maximum (32,768) over which DH_check() will just fail.
|
|
||||||
|
|
||||||
An application that calls DH_check() and supplies a key or parameters
|
|
||||||
obtained from an untrusted source could be vulnerable to a Denial of
|
|
||||||
Service attack.
|
|
||||||
|
|
||||||
The function DH_check() is itself called by a number of other OpenSSL
|
|
||||||
functions. An application calling any of those other functions may
|
|
||||||
similarly be affected. The other functions affected by this are
|
|
||||||
DH_check_ex() and EVP_PKEY_param_check().
|
|
||||||
|
|
||||||
CVE-2023-3446
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
|
||||||
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/21452)
|
|
||||||
|
|
||||||
Upstream-Status: Backport [8780a896543a654e757db1b9396383f9d8095528]
|
|
||||||
---
|
|
||||||
crypto/dh/dh_check.c | 6 ++++++
|
|
||||||
crypto/dh/dh_err.c | 3 ++-
|
|
||||||
crypto/err/openssl.txt | 3 ++-
|
|
||||||
include/openssl/dh.h | 3 +++
|
|
||||||
include/openssl/dherr.h | 3 ++-
|
|
||||||
5 files changed, 15 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
|
||||||
index 4ac169e75c..e5f9dd5030 100644
|
|
||||||
--- a/crypto/dh/dh_check.c
|
|
||||||
+++ b/crypto/dh/dh_check.c
|
|
||||||
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
|
||||||
|
|
||||||
+ /* Don't do any checks at all with an excessively large modulus */
|
|
||||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
|
||||||
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (!DH_check_params(dh, ret))
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
|
||||||
index 7285587b4a..92800d3fcc 100644
|
|
||||||
--- a/crypto/dh/dh_err.c
|
|
||||||
+++ b/crypto/dh/dh_err.c
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
|
||||||
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
|
||||||
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
|
|
||||||
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
|
|
||||||
"dh_builtin_genparams"},
|
|
||||||
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
|
|
||||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
|
||||||
index 9f91a4a811..c0a3cd720b 100644
|
|
||||||
--- a/crypto/err/openssl.txt
|
|
||||||
+++ b/crypto/err/openssl.txt
|
|
||||||
@@ -402,6 +402,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
|
|
||||||
DH_F_COMPUTE_KEY:102:compute_key
|
|
||||||
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
|
|
||||||
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
|
|
||||||
+DH_F_DH_CHECK:126:DH_check
|
|
||||||
DH_F_DH_CHECK_EX:121:DH_check_ex
|
|
||||||
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
|
|
||||||
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
|
|
||||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
|
||||||
index 3527540cdd..892e31559d 100644
|
|
||||||
--- a/include/openssl/dh.h
|
|
||||||
+++ b/include/openssl/dh.h
|
|
||||||
@@ -29,6 +29,9 @@ extern "C" {
|
|
||||||
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
|
||||||
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
|
||||||
# endif
|
|
||||||
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
|
|
||||||
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
|
|
||||||
+# endif
|
|
||||||
|
|
||||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
|
||||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
|
|
||||||
|
|
||||||
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
|
||||||
index 916b3bed0b..528c819856 100644
|
|
||||||
--- a/include/openssl/dherr.h
|
|
||||||
+++ b/include/openssl/dherr.h
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/*
|
|
||||||
* Generated by util/mkerr.pl DO NOT EDIT
|
|
||||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|
||||||
*
|
|
||||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
|
||||||
* this file except in compliance with the License. You can obtain a copy
|
|
||||||
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
|
|
||||||
# define DH_F_COMPUTE_KEY 102
|
|
||||||
# define DH_F_DHPARAMS_PRINT_FP 101
|
|
||||||
# define DH_F_DH_BUILTIN_GENPARAMS 106
|
|
||||||
+# define DH_F_DH_CHECK 126
|
|
||||||
# define DH_F_DH_CHECK_EX 121
|
|
||||||
# define DH_F_DH_CHECK_PARAMS_EX 122
|
|
||||||
# define DH_F_DH_CHECK_PUB_KEY_EX 123
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,60 +0,0 @@
|
|||||||
From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Date: Fri, 21 Jul 2023 11:39:41 +0200
|
|
||||||
Subject: [PATCH] DH_check(): Do not try checking q properties if it is
|
|
||||||
obviously invalid
|
|
||||||
|
|
||||||
If |q| >= |p| then the q value is obviously wrong as q
|
|
||||||
is supposed to be a prime divisor of p-1.
|
|
||||||
|
|
||||||
We check if p is overly large so this added test implies that
|
|
||||||
q is not large either when performing subsequent tests using that
|
|
||||||
q value.
|
|
||||||
|
|
||||||
Otherwise if it is too large these additional checks of the q value
|
|
||||||
such as the primality test can then trigger DoS by doing overly long
|
|
||||||
computations.
|
|
||||||
|
|
||||||
Fixes CVE-2023-3817
|
|
||||||
|
|
||||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/21551)
|
|
||||||
|
|
||||||
Upstream-Status: Backport [91ddeba0f2269b017dc06c46c993a788974b1aa5]
|
|
||||||
---
|
|
||||||
crypto/dh/dh_check.c | 11 +++++++++--
|
|
||||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
|
||||||
index 2001d2e7cb..9ae96991eb 100644
|
|
||||||
--- a/crypto/dh/dh_check.c
|
|
||||||
+++ b/crypto/dh/dh_check.c
|
|
||||||
@@ -105,7 +105,7 @@ int DH_check_ex(const DH *dh)
|
|
||||||
/* Note: according to documentation - this only checks the params */
|
|
||||||
int DH_check(const DH *dh, int *ret)
|
|
||||||
{
|
|
||||||
- int ok = 0, r;
|
|
||||||
+ int ok = 0, r, q_good = 0;
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
|
||||||
|
|
||||||
@@ -130,7 +130,14 @@ int DH_check(const DH *dh, int *ret)
|
|
||||||
if (t2 == NULL)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
- if (dh->q) {
|
|
||||||
+ if (dh->q != NULL) {
|
|
||||||
+ if (BN_ucmp(dh->p, dh->q) > 0)
|
|
||||||
+ q_good = 1;
|
|
||||||
+ else
|
|
||||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (q_good) {
|
|
||||||
if (BN_cmp(dh->g, BN_value_one()) <= 0)
|
|
||||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
|
||||||
else if (BN_cmp(dh->g, dh->p) >= 0)
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,154 +0,0 @@
|
|||||||
From 0814467cc1b6a2839877277d3efa69cdd4582dd7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Richard Levitte <levitte@openssl.org>
|
|
||||||
Date: Fri, 20 Oct 2023 09:18:19 +0200
|
|
||||||
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
|
|
||||||
|
|
||||||
We already check for an excessively large P in DH_generate_key(), but not in
|
|
||||||
DH_check_pub_key(), and none of them check for an excessively large Q.
|
|
||||||
|
|
||||||
This change adds all the missing excessive size checks of P and Q.
|
|
||||||
|
|
||||||
It's to be noted that behaviours surrounding excessively sized P and Q
|
|
||||||
differ. DH_check() raises an error on the excessively sized P, but only
|
|
||||||
sets a flag for the excessively sized Q. This behaviour is mimicked in
|
|
||||||
DH_check_pub_key().
|
|
||||||
|
|
||||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
|
||||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
||||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
|
||||||
(Merged from https://github.com/openssl/openssl/pull/22518)
|
|
||||||
|
|
||||||
(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
|
|
||||||
Backported-by: Clemens Lang <cllang@redhat.com>
|
|
||||||
---
|
|
||||||
crypto/dh/dh_check.c | 17 +++++++++++++++++
|
|
||||||
crypto/dh/dh_err.c | 1 +
|
|
||||||
crypto/dh/dh_key.c | 10 ++++++++++
|
|
||||||
crypto/err/openssl.txt | 1 +
|
|
||||||
include/openssl/dh.h | 6 ++++--
|
|
||||||
include/openssl/dherr.h | 1 +
|
|
||||||
6 files changed, 34 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
|
||||||
index ae1b03bc92..424a3bb4cd 100644
|
|
||||||
--- a/crypto/dh/dh_check.c
|
|
||||||
+++ b/crypto/dh/dh_check.c
|
|
||||||
@@ -198,10 +198,27 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
|
||||||
BN_CTX *ctx = NULL;
|
|
||||||
|
|
||||||
*ret = 0;
|
|
||||||
+
|
|
||||||
ctx = BN_CTX_new();
|
|
||||||
if (ctx == NULL)
|
|
||||||
goto err;
|
|
||||||
BN_CTX_start(ctx);
|
|
||||||
+
|
|
||||||
+ /* Don't do any checks at all with an excessively large modulus */
|
|
||||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
|
||||||
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
|
||||||
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
|
|
||||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
|
|
||||||
+ /* This may look strange here, but returning 1 after setting ret is
|
|
||||||
+ * correct. See also the behavior of the pub_key^q == 1 mod p check
|
|
||||||
+ * further down, which behaves in the same way. */
|
|
||||||
+ ok = 1;
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
tmp = BN_CTX_get(ctx);
|
|
||||||
if (tmp == NULL || !BN_set_word(tmp, 1))
|
|
||||||
goto err;
|
|
||||||
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
|
||||||
index 92800d3fcc..b3b1e7a706 100644
|
|
||||||
--- a/crypto/dh/dh_err.c
|
|
||||||
+++ b/crypto/dh/dh_err.c
|
|
||||||
@@ -87,6 +87,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
|
|
||||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
|
||||||
"parameter encoding error"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
|
||||||
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
|
|
||||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
|
|
||||||
"unable to check generator"},
|
|
||||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
|
||||||
index 117f2fa883..9f5e6f6d4c 100644
|
|
||||||
--- a/crypto/dh/dh_key.c
|
|
||||||
+++ b/crypto/dh/dh_key.c
|
|
||||||
@@ -140,6 +140,11 @@ static int generate_key(DH *dh)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
||||||
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
ctx = BN_CTX_new();
|
|
||||||
if (ctx == NULL)
|
|
||||||
goto err;
|
|
||||||
@@ -250,6 +255,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
|
||||||
DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
|
|
||||||
goto err;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
|
||||||
+ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
|
|
||||||
+ goto err;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
#ifdef OPENSSL_FIPS
|
|
||||||
if (FIPS_mode()
|
|
||||||
&& (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
|
|
||||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
|
||||||
index c0a3cd720b..5e0ff47516 100644
|
|
||||||
--- a/crypto/err/openssl.txt
|
|
||||||
+++ b/crypto/err/openssl.txt
|
|
||||||
@@ -2151,6 +2151,7 @@DH_R_NO_PARAMETERS_SET:107:no parameters set
|
|
||||||
DH_R_NO_PRIVATE_VALUE:100:no private value
|
|
||||||
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
|
||||||
DH_R_PEER_KEY_ERROR:111:peer key error
|
|
||||||
+DH_R_Q_TOO_LARGE:130:q too large
|
|
||||||
DH_R_SHARED_INFO_ERROR:113:shared info error
|
|
||||||
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
|
|
||||||
DSA_R_BAD_Q_VALUE:102:bad q value
|
|
||||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
|
||||||
index 6c6ff3636a..b7df43b44f 100644
|
|
||||||
--- a/include/openssl/dh.h
|
|
||||||
+++ b/include/openssl/dh.h
|
|
||||||
@@ -72,14 +72,16 @@ DECLARE_ASN1_ITEM(DHparams)
|
|
||||||
/* #define DH_GENERATOR_3 3 */
|
|
||||||
# define DH_GENERATOR_5 5
|
|
||||||
|
|
||||||
-/* DH_check error codes */
|
|
||||||
+/* DH_check error codes, some of them shared with DH_check_pub_key */
|
|
||||||
# define DH_CHECK_P_NOT_PRIME 0x01
|
|
||||||
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
|
|
||||||
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
|
|
||||||
# define DH_NOT_SUITABLE_GENERATOR 0x08
|
|
||||||
# define DH_CHECK_Q_NOT_PRIME 0x10
|
|
||||||
-# define DH_CHECK_INVALID_Q_VALUE 0x20
|
|
||||||
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
|
|
||||||
# define DH_CHECK_INVALID_J_VALUE 0x40
|
|
||||||
+/* DH_MODULUS_TOO_SMALL is 0x80 upstream */
|
|
||||||
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
|
|
||||||
|
|
||||||
/* DH_check_pub_key error codes */
|
|
||||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
|
||||||
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
|
||||||
index 528c819856..d66c35aa8e 100644
|
|
||||||
--- a/include/openssl/dherr.h
|
|
||||||
+++ b/include/openssl/dherr.h
|
|
||||||
@@ -87,6 +87,7 @@ int ERR_load_DH_strings(void);
|
|
||||||
# define DH_R_NON_FIPS_METHOD 202
|
|
||||||
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
|
||||||
# define DH_R_PEER_KEY_ERROR 111
|
|
||||||
+# define DH_R_Q_TOO_LARGE 130
|
|
||||||
# define DH_R_SHARED_INFO_ERROR 113
|
|
||||||
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
|
|
||||||
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
@ -1,255 +0,0 @@
|
|||||||
From d1d4b56fe0c9a4200276d630f62108e1165e0990 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Maurizio Barbaro <mbarbaro@redhat.com>
|
|
||||||
Date: Mon, 16 Sep 2024 10:53:53 +0200
|
|
||||||
Subject: [PATCH] Backport openssl: SSL_select_next_proto buffer overread from 3.2
|
|
||||||
|
|
||||||
Ensure that the provided client list is non-NULL and starts with a valid
|
|
||||||
entry. When called from the ALPN callback the client list should already
|
|
||||||
have been validated by OpenSSL so this should not cause a problem. When
|
|
||||||
called from the NPN callback the client list is locally configured and
|
|
||||||
will not have already been validated. Therefore SSL_select_next_proto
|
|
||||||
should not assume that it is correctly formatted.
|
|
||||||
|
|
||||||
We implement stricter checking of the client protocol list. We also do the
|
|
||||||
same for the server list while we are about it.
|
|
||||||
|
|
||||||
CVE-2024-5535
|
|
||||||
|
|
||||||
From: Matt Caswell <matt@openssl.org>
|
|
||||||
Date: Fri, 31 May 2024 11:14:33 +0100
|
|
||||||
Merged from: https://github.com/openssl/openssl/pull/24717.
|
|
||||||
|
|
||||||
Backported-by: Maurizio Barbaro <mbarbaro@redhat.com>
|
|
||||||
we did't ported test changes because rely on internal testing framework.
|
|
||||||
|
|
||||||
---
|
|
||||||
doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +++++++----
|
|
||||||
ssl/ssl_lib.c | 64 +++++++++++++++----------
|
|
||||||
ssl/statem/extensions_clnt.c | 30 +++++++++++-
|
|
||||||
ssl/statem/extensions_srvr.c | 3 +-
|
|
||||||
4 files changed, 89 insertions(+), 36 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
|
||||||
index e90caec..a3f8dfd 100644
|
|
||||||
--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
|
||||||
+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
|
||||||
@@ -43,7 +43,7 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
|
|
||||||
const unsigned char *server,
|
|
||||||
unsigned int server_len,
|
|
||||||
const unsigned char *client,
|
|
||||||
- unsigned int client_len)
|
|
||||||
+ unsigned int client_len);
|
|
||||||
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
|
|
||||||
unsigned *len);
|
|
||||||
|
|
||||||
@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
|
|
||||||
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
|
|
||||||
set the list of protocols available to be negotiated. The B<protos> must be in
|
|
||||||
protocol-list format, described below. The length of B<protos> is specified in
|
|
||||||
-B<protos_len>.
|
|
||||||
+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
|
|
||||||
+protocols and no ALPN extension will be sent to the server.
|
|
||||||
|
|
||||||
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
|
|
||||||
server to select which protocol to use for the incoming connection. When B<cb>
|
|
||||||
@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
|
|
||||||
described below. The first item in the B<server>, B<server_len> list that
|
|
||||||
matches an item in the B<client>, B<client_len> list is selected, and returned
|
|
||||||
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
|
|
||||||
-B<client>, so it should be copied immediately. If no match is found, the first
|
|
||||||
-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
|
|
||||||
-function can also be used in the NPN callback.
|
|
||||||
+B<client>, so it should be copied immediately. The client list must include at
|
|
||||||
+least one valid (nonempty) protocol entry in the list.
|
|
||||||
+
|
|
||||||
+The SSL_select_next_proto() helper function can be useful from either the ALPN
|
|
||||||
+callback or the NPN callback (described below). If no match is found, the first
|
|
||||||
+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
|
|
||||||
+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
|
|
||||||
+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
|
|
||||||
+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
|
|
||||||
+SSL_select_next_proto().
|
|
||||||
|
|
||||||
SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
|
|
||||||
client needs to select a protocol from the server's provided list, and a
|
|
||||||
@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
|
|
||||||
The length of the protocol name must be written into B<outlen>. The
|
|
||||||
server's advertised protocols are provided in B<in> and B<inlen>. The
|
|
||||||
callback can assume that B<in> is syntactically valid. The client must
|
|
||||||
-select a protocol. It is fatal to the connection if this callback returns
|
|
||||||
-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
|
|
||||||
-set via SSL_CTX_set_next_proto_select_cb().
|
|
||||||
+select a protocol (although it may be an empty, zero length protocol). It is
|
|
||||||
+fatal to the connection if this callback returns a value other than
|
|
||||||
+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
|
|
||||||
+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
|
|
||||||
|
|
||||||
SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
|
|
||||||
when a TLS server needs a list of supported protocols for Next Protocol
|
|
||||||
@@ -149,7 +158,8 @@ A match was found and is returned in B<out>, B<outlen>.
|
|
||||||
=item OPENSSL_NPN_NO_OVERLAP
|
|
||||||
|
|
||||||
No match was found. The first item in B<client>, B<client_len> is returned in
|
|
||||||
-B<out>, B<outlen>.
|
|
||||||
+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
|
|
||||||
+B<client> is invalid).
|
|
||||||
|
|
||||||
=back
|
|
||||||
|
|
||||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
|
||||||
index c71c686..21e6c45 100644
|
|
||||||
--- a/ssl/ssl_lib.c
|
|
||||||
+++ b/ssl/ssl_lib.c
|
|
||||||
@@ -2739,38 +2739,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
|
|
||||||
unsigned int server_len,
|
|
||||||
const unsigned char *client, unsigned int client_len)
|
|
||||||
{
|
|
||||||
- unsigned int i, j;
|
|
||||||
- const unsigned char *result;
|
|
||||||
- int status = OPENSSL_NPN_UNSUPPORTED;
|
|
||||||
+ PACKET cpkt, csubpkt, spkt, ssubpkt;
|
|
||||||
+ if (!PACKET_buf_init(&cpkt, client, client_len)
|
|
||||||
+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
|
|
||||||
+ || PACKET_remaining(&csubpkt) == 0) {
|
|
||||||
+ *out = NULL;
|
|
||||||
+ *outlen = 0;
|
|
||||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Set the default opportunistic protocol. Will be overwritten if we find
|
|
||||||
+ * a match.
|
|
||||||
+ */
|
|
||||||
+ *out = (unsigned char *)PACKET_data(&csubpkt);
|
|
||||||
+ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* For each protocol in server preference order, see if we support it.
|
|
||||||
*/
|
|
||||||
- for (i = 0; i < server_len;) {
|
|
||||||
- for (j = 0; j < client_len;) {
|
|
||||||
- if (server[i] == client[j] &&
|
|
||||||
- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
|
|
||||||
- /* We found a match */
|
|
||||||
- result = &server[i];
|
|
||||||
- status = OPENSSL_NPN_NEGOTIATED;
|
|
||||||
- goto found;
|
|
||||||
+ if (PACKET_buf_init(&spkt, server, server_len)) {
|
|
||||||
+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
|
|
||||||
+ if (PACKET_remaining(&ssubpkt) == 0)
|
|
||||||
+ continue; /* Invalid - ignore it */
|
|
||||||
+ if (PACKET_buf_init(&cpkt, client, client_len)) {
|
|
||||||
+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
|
|
||||||
+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
|
|
||||||
+ PACKET_remaining(&ssubpkt))) {
|
|
||||||
+ /* We found a match */
|
|
||||||
+ *out = (unsigned char *)PACKET_data(&ssubpkt);
|
|
||||||
+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
|
|
||||||
+ return OPENSSL_NPN_NEGOTIATED;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ /* Ignore spurious trailing bytes in the client list */
|
|
||||||
+ } else {
|
|
||||||
+ /* This should never happen */
|
|
||||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
|
||||||
}
|
|
||||||
- j += client[j];
|
|
||||||
- j++;
|
|
||||||
}
|
|
||||||
- i += server[i];
|
|
||||||
- i++;
|
|
||||||
+ /* Ignore spurious trailing bytes in the server list */
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* There's no overlap between our protocols and the server's list. */
|
|
||||||
- result = client;
|
|
||||||
- status = OPENSSL_NPN_NO_OVERLAP;
|
|
||||||
-
|
|
||||||
- found:
|
|
||||||
- *out = (unsigned char *)result + 1;
|
|
||||||
- *outlen = result[0];
|
|
||||||
- return status;
|
|
||||||
-}
|
|
||||||
+ /*
|
|
||||||
+ * There's no overlap between our protocols and the server's list. We use
|
|
||||||
+ * the default opportunistic protocol selected earlier
|
|
||||||
+ */
|
|
||||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
|
||||||
/*
|
|
||||||
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
|
|
||||||
index ce8a757..cfde733 100644
|
|
||||||
--- a/ssl/statem/extensions_clnt.c
|
|
||||||
+++ b/ssl/statem/extensions_clnt.c
|
|
||||||
@@ -1585,8 +1585,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|
||||||
if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
|
|
||||||
PACKET_data(pkt),
|
|
||||||
PACKET_remaining(pkt),
|
|
||||||
- s->ctx->ext.npn_select_cb_arg) !=
|
|
||||||
- SSL_TLSEXT_ERR_OK) {
|
|
||||||
+ s->ctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
|
|
||||||
+ || selected_len == 0) {
|
|
||||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
|
|
||||||
SSL_R_BAD_EXTENSION);
|
|
||||||
return 0;
|
|
||||||
@@ -1617,6 +1617,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|
||||||
size_t chainidx)
|
|
||||||
{
|
|
||||||
size_t len;
|
|
||||||
+ PACKET confpkt, protpkt;
|
|
||||||
+ int valid = 0;
|
|
||||||
|
|
||||||
/* We must have requested it. */
|
|
||||||
if (!s->s3->alpn_sent) {
|
|
||||||
@@ -1637,6 +1639,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
|
||||||
SSL_R_BAD_EXTENSION);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /* It must be a protocol that we sent */
|
|
||||||
+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
|
|
||||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
|
||||||
+ ERR_R_INTERNAL_ERROR);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
|
|
||||||
+ if (PACKET_remaining(&protpkt) != len)
|
|
||||||
+ continue;
|
|
||||||
+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
|
|
||||||
+ /* Valid protocol found */
|
|
||||||
+ valid = 1;
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (!valid) {
|
|
||||||
+ /* The protocol sent from the server does not match one we advertised */
|
|
||||||
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
|
||||||
+ SSL_R_BAD_EXTENSION);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
OPENSSL_free(s->s3->alpn_selected);
|
|
||||||
s->s3->alpn_selected = OPENSSL_malloc(len);
|
|
||||||
if (s->s3->alpn_selected == NULL) {
|
|
||||||
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
|
|
||||||
index 3c7395c..4e3cbf8 100644
|
|
||||||
--- a/ssl/statem/extensions_srvr.c
|
|
||||||
+++ b/ssl/statem/extensions_srvr.c
|
|
||||||
@@ -1559,9 +1559,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
|
|
||||||
return EXT_RETURN_FAIL;
|
|
||||||
}
|
|
||||||
s->s3->npn_seen = 1;
|
|
||||||
+ return EXT_RETURN_SENT;
|
|
||||||
}
|
|
||||||
|
|
||||||
- return EXT_RETURN_SENT;
|
|
||||||
+ return EXT_RETURN_NOT_SENT;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
--
|
|
||||||
2.46.0
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -22,7 +22,7 @@
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 1.1.1k
|
Version: 1.1.1k
|
||||||
Release: 14%{?dist}
|
Release: 9%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -92,16 +92,6 @@ Patch101: openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
|
|||||||
Patch102: openssl-1.1.1-cve-2022-4450-PEM-bio.patch
|
Patch102: openssl-1.1.1-cve-2022-4450-PEM-bio.patch
|
||||||
Patch103: openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
|
Patch103: openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
|
||||||
Patch104: openssl-1.1.1-cve-2023-0286-X400.patch
|
Patch104: openssl-1.1.1-cve-2023-0286-X400.patch
|
||||||
# OpenSSL 1.1.1v CVEs
|
|
||||||
Patch105: openssl-1.1.1-cve-2023-3446.patch
|
|
||||||
Patch106: openssl-1.1.1-cve-2023-3817.patch
|
|
||||||
Patch107: openssl-1.1.1-cve-2023-5678.patch
|
|
||||||
# Backport from OpenSSL 3.2/RHEL 9
|
|
||||||
# Proper fix for CVE-2020-25659
|
|
||||||
Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
|
|
||||||
# Backport from OpenSSL 3.2
|
|
||||||
# Fix for CVE-2024-5535
|
|
||||||
Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
|
|
||||||
|
|
||||||
License: OpenSSL and ASL 2.0
|
License: OpenSSL and ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -231,11 +221,6 @@ cp %{SOURCE13} test/
|
|||||||
%patch102 -p1 -b .cve-2022-4450
|
%patch102 -p1 -b .cve-2022-4450
|
||||||
%patch103 -p1 -b .cve-2023-0215
|
%patch103 -p1 -b .cve-2023-0215
|
||||||
%patch104 -p1 -b .cve-2023-0286
|
%patch104 -p1 -b .cve-2023-0286
|
||||||
%patch105 -p1 -b .cve-2023-3446
|
|
||||||
%patch106 -p1 -b .cve-2023-3817
|
|
||||||
%patch107 -p1 -b .cve-2023-5678
|
|
||||||
%patch108 -p1 -b .pkcs15imprejection
|
|
||||||
%patch109 -p1 -b .cve-2024-5535
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# Figure out which flags we want to use.
|
# Figure out which flags we want to use.
|
||||||
@ -519,52 +504,33 @@ export LD_LIBRARY_PATH
|
|||||||
%postun libs -p /sbin/ldconfig
|
%postun libs -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
|
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
|
||||||
- Backport fix SSL_select_next proto from OpenSSL 3.2
|
|
||||||
Fix CVE-2024-5535
|
|
||||||
Resolves: RHEL-45654
|
|
||||||
|
|
||||||
* Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
|
|
||||||
- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
|
|
||||||
(a proper fix for CVE-2020-25659)
|
|
||||||
Resolves: RHEL-17694
|
|
||||||
|
|
||||||
* Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
|
|
||||||
- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
|
|
||||||
excessively long X9.42 DH keys or parameters may be very slow
|
|
||||||
Resolves: RHEL-16536
|
|
||||||
|
|
||||||
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
|
|
||||||
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
|
|
||||||
Resolves: RHEL-14243
|
|
||||||
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
|
|
||||||
Resolves: RHEL-14237
|
|
||||||
|
|
||||||
* Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
|
|
||||||
- Fixed Timing Oracle in RSA Decryption
|
- Fixed Timing Oracle in RSA Decryption
|
||||||
Resolves: CVE-2022-4304
|
Resolves: CVE-2022-4304
|
||||||
- Fixed Double free after calling PEM_read_bio_ex
|
- Fixed Double free after calling PEM_read_bio_ex
|
||||||
Resolves: CVE-2022-4450
|
Resolves: CVE-2022-4450
|
||||||
- Fixed Use-after-free following BIO_new_NDEF
|
- Fixed Use-after-free following BIO_new_NDEF
|
||||||
Resolves: CVE-2023-0215
|
Resolves: CVE-2023-0215
|
||||||
|
|
||||||
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
|
|
||||||
- Fixed X.400 address type confusion in X.509 GeneralName
|
- Fixed X.400 address type confusion in X.509 GeneralName
|
||||||
Resolves: CVE-2023-0286
|
Resolves: CVE-2023-0286
|
||||||
|
|
||||||
|
* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
|
||||||
|
- Fix no-ec build
|
||||||
|
Resolves: rhbz#2071020
|
||||||
|
|
||||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
|
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
|
||||||
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||||
Resolves: CVE-2022-2097
|
Resolves: CVE-2022-2097
|
||||||
- Update expired certificates used in the testsuite
|
- Update expired certificates used in the testsuite
|
||||||
Resolves: rhbz#2100554
|
Resolves: rhbz#2092462
|
||||||
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
|
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
|
||||||
Resolves: rhbz#2090371
|
Resolves: rhbz#2090372
|
||||||
- Fix CVE-2022-2068: the c_rehash script allows command injection
|
- Fix CVE-2022-2068: the c_rehash script allows command injection
|
||||||
Resolves: rhbz#2098278
|
Resolves: rhbz#2098279
|
||||||
|
|
||||||
* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
|
* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
|
||||||
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
|
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
|
||||||
- Resolves: rhbz#2067145
|
- Resolves: rhbz#2067146
|
||||||
|
|
||||||
* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
|
* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
|
||||||
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
|
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
|
||||||
|
Loading…
Reference in New Issue
Block a user