Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,11 +1,13 @@
|
||||
diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
|
||||
--- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100
|
||||
+++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200
|
||||
@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
|
||||
@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori
|
||||
#ifndef OPENSSL_NO_SRP
|
||||
static int init_srp(SSL *s, unsigned int context);
|
||||
#endif
|
||||
+#ifndef OPENSSL_NO_EC
|
||||
+static int init_ec_point_formats(SSL *s, unsigned int context);
|
||||
+#endif
|
||||
static int init_etm(SSL *s, unsigned int context);
|
||||
static int init_ems(SSL *s, unsigned int context);
|
||||
static int final_ems(SSL *s, unsigned int context, int sent);
|
||||
@ -18,10 +20,11 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
|
||||
tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
|
||||
final_ec_pt_formats
|
||||
},
|
||||
@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
|
||||
@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int
|
||||
}
|
||||
#endif
|
||||
|
||||
+#ifndef OPENSSL_NO_EC
|
||||
+static int init_ec_point_formats(SSL *s, unsigned int context)
|
||||
+{
|
||||
+ OPENSSL_free(s->ext.peer_ecpointformats);
|
||||
@ -30,6 +33,7 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static int init_etm(SSL *s, unsigned int context)
|
||||
{
|
||||
|
||||
@ -1,127 +0,0 @@
|
||||
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Thu, 6 Jul 2023 16:36:35 +0100
|
||||
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
|
||||
|
||||
The DH_check() function checks numerous aspects of the key or parameters
|
||||
that have been supplied. Some of those checks use the supplied modulus
|
||||
value even if it is excessively large.
|
||||
|
||||
There is already a maximum DH modulus size (10,000 bits) over which
|
||||
OpenSSL will not generate or derive keys. DH_check() will however still
|
||||
perform various tests for validity on such a large modulus. We introduce a
|
||||
new maximum (32,768) over which DH_check() will just fail.
|
||||
|
||||
An application that calls DH_check() and supplies a key or parameters
|
||||
obtained from an untrusted source could be vulnerable to a Denial of
|
||||
Service attack.
|
||||
|
||||
The function DH_check() is itself called by a number of other OpenSSL
|
||||
functions. An application calling any of those other functions may
|
||||
similarly be affected. The other functions affected by this are
|
||||
DH_check_ex() and EVP_PKEY_param_check().
|
||||
|
||||
CVE-2023-3446
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||||
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21452)
|
||||
|
||||
Upstream-Status: Backport [8780a896543a654e757db1b9396383f9d8095528]
|
||||
---
|
||||
crypto/dh/dh_check.c | 6 ++++++
|
||||
crypto/dh/dh_err.c | 3 ++-
|
||||
crypto/err/openssl.txt | 3 ++-
|
||||
include/openssl/dh.h | 3 +++
|
||||
include/openssl/dherr.h | 3 ++-
|
||||
5 files changed, 15 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 4ac169e75c..e5f9dd5030 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (!DH_check_params(dh, ret))
|
||||
return 0;
|
||||
|
||||
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
||||
index 7285587b4a..92800d3fcc 100644
|
||||
--- a/crypto/dh/dh_err.c
|
||||
+++ b/crypto/dh/dh_err.c
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
|
||||
"dh_builtin_genparams"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
|
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||
index 9f91a4a811..c0a3cd720b 100644
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -402,6 +402,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
|
||||
DH_F_COMPUTE_KEY:102:compute_key
|
||||
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
|
||||
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
|
||||
+DH_F_DH_CHECK:126:DH_check
|
||||
DH_F_DH_CHECK_EX:121:DH_check_ex
|
||||
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
|
||||
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
|
||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
||||
index 3527540cdd..892e31559d 100644
|
||||
--- a/include/openssl/dh.h
|
||||
+++ b/include/openssl/dh.h
|
||||
@@ -29,6 +29,9 @@ extern "C" {
|
||||
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
||||
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
# endif
|
||||
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
|
||||
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
|
||||
+# endif
|
||||
|
||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
|
||||
|
||||
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
||||
index 916b3bed0b..528c819856 100644
|
||||
--- a/include/openssl/dherr.h
|
||||
+++ b/include/openssl/dherr.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/*
|
||||
* Generated by util/mkerr.pl DO NOT EDIT
|
||||
- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the OpenSSL license (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_F_COMPUTE_KEY 102
|
||||
# define DH_F_DHPARAMS_PRINT_FP 101
|
||||
# define DH_F_DH_BUILTIN_GENPARAMS 106
|
||||
+# define DH_F_DH_CHECK 126
|
||||
# define DH_F_DH_CHECK_EX 121
|
||||
# define DH_F_DH_CHECK_PARAMS_EX 122
|
||||
# define DH_F_DH_CHECK_PUB_KEY_EX 123
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,60 +0,0 @@
|
||||
From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Fri, 21 Jul 2023 11:39:41 +0200
|
||||
Subject: [PATCH] DH_check(): Do not try checking q properties if it is
|
||||
obviously invalid
|
||||
|
||||
If |q| >= |p| then the q value is obviously wrong as q
|
||||
is supposed to be a prime divisor of p-1.
|
||||
|
||||
We check if p is overly large so this added test implies that
|
||||
q is not large either when performing subsequent tests using that
|
||||
q value.
|
||||
|
||||
Otherwise if it is too large these additional checks of the q value
|
||||
such as the primality test can then trigger DoS by doing overly long
|
||||
computations.
|
||||
|
||||
Fixes CVE-2023-3817
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21551)
|
||||
|
||||
Upstream-Status: Backport [91ddeba0f2269b017dc06c46c993a788974b1aa5]
|
||||
---
|
||||
crypto/dh/dh_check.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index 2001d2e7cb..9ae96991eb 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -105,7 +105,7 @@ int DH_check_ex(const DH *dh)
|
||||
/* Note: according to documentation - this only checks the params */
|
||||
int DH_check(const DH *dh, int *ret)
|
||||
{
|
||||
- int ok = 0, r;
|
||||
+ int ok = 0, r, q_good = 0;
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||
|
||||
@@ -130,7 +130,14 @@ int DH_check(const DH *dh, int *ret)
|
||||
if (t2 == NULL)
|
||||
goto err;
|
||||
|
||||
- if (dh->q) {
|
||||
+ if (dh->q != NULL) {
|
||||
+ if (BN_ucmp(dh->p, dh->q) > 0)
|
||||
+ q_good = 1;
|
||||
+ else
|
||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
|
||||
+ }
|
||||
+
|
||||
+ if (q_good) {
|
||||
if (BN_cmp(dh->g, BN_value_one()) <= 0)
|
||||
*ret |= DH_NOT_SUITABLE_GENERATOR;
|
||||
else if (BN_cmp(dh->g, dh->p) >= 0)
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,154 +0,0 @@
|
||||
From 0814467cc1b6a2839877277d3efa69cdd4582dd7 Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Fri, 20 Oct 2023 09:18:19 +0200
|
||||
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
|
||||
|
||||
We already check for an excessively large P in DH_generate_key(), but not in
|
||||
DH_check_pub_key(), and none of them check for an excessively large Q.
|
||||
|
||||
This change adds all the missing excessive size checks of P and Q.
|
||||
|
||||
It's to be noted that behaviours surrounding excessively sized P and Q
|
||||
differ. DH_check() raises an error on the excessively sized P, but only
|
||||
sets a flag for the excessively sized Q. This behaviour is mimicked in
|
||||
DH_check_pub_key().
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Hugo Landau <hlandau@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/22518)
|
||||
|
||||
(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
|
||||
Backported-by: Clemens Lang <cllang@redhat.com>
|
||||
---
|
||||
crypto/dh/dh_check.c | 17 +++++++++++++++++
|
||||
crypto/dh/dh_err.c | 1 +
|
||||
crypto/dh/dh_key.c | 10 ++++++++++
|
||||
crypto/err/openssl.txt | 1 +
|
||||
include/openssl/dh.h | 6 ++++--
|
||||
include/openssl/dherr.h | 1 +
|
||||
6 files changed, 34 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||
index ae1b03bc92..424a3bb4cd 100644
|
||||
--- a/crypto/dh/dh_check.c
|
||||
+++ b/crypto/dh/dh_check.c
|
||||
@@ -198,10 +198,27 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||
BN_CTX *ctx = NULL;
|
||||
|
||||
*ret = 0;
|
||||
+
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
BN_CTX_start(ctx);
|
||||
+
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
||||
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
|
||||
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
|
||||
+ /* This may look strange here, but returning 1 after setting ret is
|
||||
+ * correct. See also the behavior of the pub_key^q == 1 mod p check
|
||||
+ * further down, which behaves in the same way. */
|
||||
+ ok = 1;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
tmp = BN_CTX_get(ctx);
|
||||
if (tmp == NULL || !BN_set_word(tmp, 1))
|
||||
goto err;
|
||||
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
||||
index 92800d3fcc..b3b1e7a706 100644
|
||||
--- a/crypto/dh/dh_err.c
|
||||
+++ b/crypto/dh/dh_err.c
|
||||
@@ -87,6 +87,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
||||
"parameter encoding error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
|
||||
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
|
||||
"unable to check generator"},
|
||||
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||
index 117f2fa883..9f5e6f6d4c 100644
|
||||
--- a/crypto/dh/dh_key.c
|
||||
+++ b/crypto/dh/dh_key.c
|
||||
@@ -140,6 +140,11 @@ static int generate_key(DH *dh)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
ctx = BN_CTX_new();
|
||||
if (ctx == NULL)
|
||||
goto err;
|
||||
@@ -250,6 +255,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||
DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
|
||||
goto err;
|
||||
}
|
||||
+
|
||||
+ if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (FIPS_mode()
|
||||
&& (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
|
||||
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||
index c0a3cd720b..5e0ff47516 100644
|
||||
--- a/crypto/err/openssl.txt
|
||||
+++ b/crypto/err/openssl.txt
|
||||
@@ -2151,6 +2151,7 @@DH_R_NO_PARAMETERS_SET:107:no parameters set
|
||||
DH_R_NO_PRIVATE_VALUE:100:no private value
|
||||
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
||||
DH_R_PEER_KEY_ERROR:111:peer key error
|
||||
+DH_R_Q_TOO_LARGE:130:q too large
|
||||
DH_R_SHARED_INFO_ERROR:113:shared info error
|
||||
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
|
||||
DSA_R_BAD_Q_VALUE:102:bad q value
|
||||
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
||||
index 6c6ff3636a..b7df43b44f 100644
|
||||
--- a/include/openssl/dh.h
|
||||
+++ b/include/openssl/dh.h
|
||||
@@ -72,14 +72,16 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||
/* #define DH_GENERATOR_3 3 */
|
||||
# define DH_GENERATOR_5 5
|
||||
|
||||
-/* DH_check error codes */
|
||||
+/* DH_check error codes, some of them shared with DH_check_pub_key */
|
||||
# define DH_CHECK_P_NOT_PRIME 0x01
|
||||
# define DH_CHECK_P_NOT_SAFE_PRIME 0x02
|
||||
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||
# define DH_NOT_SUITABLE_GENERATOR 0x08
|
||||
# define DH_CHECK_Q_NOT_PRIME 0x10
|
||||
-# define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
|
||||
# define DH_CHECK_INVALID_J_VALUE 0x40
|
||||
+/* DH_MODULUS_TOO_SMALL is 0x80 upstream */
|
||||
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
|
||||
|
||||
/* DH_check_pub_key error codes */
|
||||
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
||||
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
||||
index 528c819856..d66c35aa8e 100644
|
||||
--- a/include/openssl/dherr.h
|
||||
+++ b/include/openssl/dherr.h
|
||||
@@ -87,6 +87,7 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_R_NON_FIPS_METHOD 202
|
||||
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
||||
# define DH_R_PEER_KEY_ERROR 111
|
||||
+# define DH_R_Q_TOO_LARGE 130
|
||||
# define DH_R_SHARED_INFO_ERROR 113
|
||||
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
||||
@ -1,80 +0,0 @@
|
||||
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
|
||||
index 17f7372026c3b..01e2269444cba 100644
|
||||
--- a/crypto/asn1/a_strex.c
|
||||
+++ b/crypto/asn1/a_strex.c
|
||||
@@ -198,8 +198,10 @@ static int do_buf(unsigned char *buf, int buflen,
|
||||
orflags = CHARTYPE_LAST_ESC_2253;
|
||||
if (type & BUF_TYPE_CONVUTF8) {
|
||||
unsigned char utfbuf[6];
|
||||
- int utflen;
|
||||
- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
|
||||
+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
|
||||
+
|
||||
+ if (utflen < 0)
|
||||
+ return -1; /* error happened with UTF8 */
|
||||
for (i = 0; i < utflen; i++) {
|
||||
/*
|
||||
* We don't need to worry about setting orflags correctly
|
||||
|
||||
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
|
||||
index 50adce6b26fd2..8b5f2909e8d96 100644
|
||||
--- a/crypto/pkcs12/p12_utl.c
|
||||
+++ b/crypto/pkcs12/p12_utl.c
|
||||
@@ -213,6 +213,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
|
||||
/* re-run the loop emitting UTF-8 string */
|
||||
for (asclen = 0, i = 0; i < unilen; ) {
|
||||
j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
|
||||
+ /* when UTF8_putc fails */
|
||||
+ if (j < 0) {
|
||||
+ OPENSSL_free(asctmp);
|
||||
+ return NULL;
|
||||
+ }
|
||||
if (j == 4) i += 4;
|
||||
else i += 2;
|
||||
asclen += j;
|
||||
|
||||
From 06f1b7338403a56a645de93b95fc68f3ab165fd5 Mon Sep 17 00:00:00 2001
|
||||
From: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
Date: Tue, 10 Feb 2026 10:39:46 +0100
|
||||
Subject: [PATCH 1/1] asn1_internal_test
|
||||
|
||||
Signed-off-by: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
---
|
||||
test/asn1_internal_test.c | 17 +++++++++++++++++
|
||||
1 file changed, 17 insertions(+)
|
||||
|
||||
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
|
||||
index ccfb75a..92ed921 100644
|
||||
--- a/test/asn1_internal_test.c
|
||||
+++ b/test/asn1_internal_test.c
|
||||
@@ -147,10 +147,27 @@ static int test_unicode_range(void)
|
||||
return ok;
|
||||
}
|
||||
|
||||
+static int test_mbstring_ncopy(void)
|
||||
+{
|
||||
+ ASN1_STRING *str = NULL;
|
||||
+ const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE };
|
||||
+ int inlen = 4;
|
||||
+ int inform = MBSTRING_UNIV;
|
||||
+
|
||||
+ if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1)
|
||||
+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1)
|
||||
+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1)
|
||||
+ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1))
|
||||
+ return 0;
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
ADD_TEST(test_tbl_standard);
|
||||
ADD_TEST(test_standard_methods);
|
||||
ADD_TEST(test_unicode_range);
|
||||
+ ADD_TEST(test_mbstring_ncopy);
|
||||
return 1;
|
||||
}
|
||||
--
|
||||
2.52.0
|
||||
|
||||
@ -1,31 +0,0 @@
|
||||
From 5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 Mon Sep 17 00:00:00 2001
|
||||
From: Viktor Dukhovni <openssl-users@dukhovni.org>
|
||||
Date: Thu, 11 Sep 2025 18:10:12 +0200
|
||||
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
|
||||
|
||||
Fixes CVE-2025-9230
|
||||
|
||||
The check is off by 8 bytes so it is possible to overread by
|
||||
up to 8 bytes and overwrite up to 4 bytes.
|
||||
|
||||
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
|
||||
---
|
||||
crypto/cms/cms_pwri.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
|
||||
index a7d609f83791a..ee1b8aa6ed61d 100644
|
||||
--- a/crypto/cms/cms_pwri.c
|
||||
+++ b/crypto/cms/cms_pwri.c
|
||||
@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
|
||||
/* Check byte failure */
|
||||
goto err;
|
||||
}
|
||||
- if (inlen < (size_t)(tmp[0] - 4)) {
|
||||
+ if (inlen < 4 + (size_t)tmp[0]) {
|
||||
/* Invalid length value */
|
||||
goto err;
|
||||
}
|
||||
@ -1,255 +0,0 @@
|
||||
From d1d4b56fe0c9a4200276d630f62108e1165e0990 Mon Sep 17 00:00:00 2001
|
||||
From: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
Date: Mon, 16 Sep 2024 10:53:53 +0200
|
||||
Subject: [PATCH] Backport openssl: SSL_select_next_proto buffer overread from 3.2
|
||||
|
||||
Ensure that the provided client list is non-NULL and starts with a valid
|
||||
entry. When called from the ALPN callback the client list should already
|
||||
have been validated by OpenSSL so this should not cause a problem. When
|
||||
called from the NPN callback the client list is locally configured and
|
||||
will not have already been validated. Therefore SSL_select_next_proto
|
||||
should not assume that it is correctly formatted.
|
||||
|
||||
We implement stricter checking of the client protocol list. We also do the
|
||||
same for the server list while we are about it.
|
||||
|
||||
CVE-2024-5535
|
||||
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Fri, 31 May 2024 11:14:33 +0100
|
||||
Merged from: https://github.com/openssl/openssl/pull/24717.
|
||||
|
||||
Backported-by: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
we did't ported test changes because rely on internal testing framework.
|
||||
|
||||
---
|
||||
doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +++++++----
|
||||
ssl/ssl_lib.c | 64 +++++++++++++++----------
|
||||
ssl/statem/extensions_clnt.c | 30 +++++++++++-
|
||||
ssl/statem/extensions_srvr.c | 3 +-
|
||||
4 files changed, 89 insertions(+), 36 deletions(-)
|
||||
|
||||
diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
index e90caec..a3f8dfd 100644
|
||||
--- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
|
||||
@@ -43,7 +43,7 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
|
||||
const unsigned char *server,
|
||||
unsigned int server_len,
|
||||
const unsigned char *client,
|
||||
- unsigned int client_len)
|
||||
+ unsigned int client_len);
|
||||
void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
|
||||
unsigned *len);
|
||||
|
||||
@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
|
||||
SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
|
||||
set the list of protocols available to be negotiated. The B<protos> must be in
|
||||
protocol-list format, described below. The length of B<protos> is specified in
|
||||
-B<protos_len>.
|
||||
+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
|
||||
+protocols and no ALPN extension will be sent to the server.
|
||||
|
||||
SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
|
||||
server to select which protocol to use for the incoming connection. When B<cb>
|
||||
@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
|
||||
described below. The first item in the B<server>, B<server_len> list that
|
||||
matches an item in the B<client>, B<client_len> list is selected, and returned
|
||||
in B<out>, B<outlen>. The B<out> value will point into either B<server> or
|
||||
-B<client>, so it should be copied immediately. If no match is found, the first
|
||||
-item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
|
||||
-function can also be used in the NPN callback.
|
||||
+B<client>, so it should be copied immediately. The client list must include at
|
||||
+least one valid (nonempty) protocol entry in the list.
|
||||
+
|
||||
+The SSL_select_next_proto() helper function can be useful from either the ALPN
|
||||
+callback or the NPN callback (described below). If no match is found, the first
|
||||
+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
|
||||
+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
|
||||
+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
|
||||
+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
|
||||
+SSL_select_next_proto().
|
||||
|
||||
SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
|
||||
client needs to select a protocol from the server's provided list, and a
|
||||
@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
|
||||
The length of the protocol name must be written into B<outlen>. The
|
||||
server's advertised protocols are provided in B<in> and B<inlen>. The
|
||||
callback can assume that B<in> is syntactically valid. The client must
|
||||
-select a protocol. It is fatal to the connection if this callback returns
|
||||
-a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
|
||||
-set via SSL_CTX_set_next_proto_select_cb().
|
||||
+select a protocol (although it may be an empty, zero length protocol). It is
|
||||
+fatal to the connection if this callback returns a value other than
|
||||
+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
|
||||
+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
|
||||
|
||||
SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
|
||||
when a TLS server needs a list of supported protocols for Next Protocol
|
||||
@@ -149,7 +158,8 @@ A match was found and is returned in B<out>, B<outlen>.
|
||||
=item OPENSSL_NPN_NO_OVERLAP
|
||||
|
||||
No match was found. The first item in B<client>, B<client_len> is returned in
|
||||
-B<out>, B<outlen>.
|
||||
+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
|
||||
+B<client> is invalid).
|
||||
|
||||
=back
|
||||
|
||||
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|
||||
index c71c686..21e6c45 100644
|
||||
--- a/ssl/ssl_lib.c
|
||||
+++ b/ssl/ssl_lib.c
|
||||
@@ -2739,38 +2739,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
|
||||
unsigned int server_len,
|
||||
const unsigned char *client, unsigned int client_len)
|
||||
{
|
||||
- unsigned int i, j;
|
||||
- const unsigned char *result;
|
||||
- int status = OPENSSL_NPN_UNSUPPORTED;
|
||||
+ PACKET cpkt, csubpkt, spkt, ssubpkt;
|
||||
+ if (!PACKET_buf_init(&cpkt, client, client_len)
|
||||
+ || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
|
||||
+ || PACKET_remaining(&csubpkt) == 0) {
|
||||
+ *out = NULL;
|
||||
+ *outlen = 0;
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Set the default opportunistic protocol. Will be overwritten if we find
|
||||
+ * a match.
|
||||
+ */
|
||||
+ *out = (unsigned char *)PACKET_data(&csubpkt);
|
||||
+ *outlen = (unsigned char)PACKET_remaining(&csubpkt);
|
||||
|
||||
/*
|
||||
* For each protocol in server preference order, see if we support it.
|
||||
*/
|
||||
- for (i = 0; i < server_len;) {
|
||||
- for (j = 0; j < client_len;) {
|
||||
- if (server[i] == client[j] &&
|
||||
- memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
|
||||
- /* We found a match */
|
||||
- result = &server[i];
|
||||
- status = OPENSSL_NPN_NEGOTIATED;
|
||||
- goto found;
|
||||
+ if (PACKET_buf_init(&spkt, server, server_len)) {
|
||||
+ while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
|
||||
+ if (PACKET_remaining(&ssubpkt) == 0)
|
||||
+ continue; /* Invalid - ignore it */
|
||||
+ if (PACKET_buf_init(&cpkt, client, client_len)) {
|
||||
+ while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
|
||||
+ if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
|
||||
+ PACKET_remaining(&ssubpkt))) {
|
||||
+ /* We found a match */
|
||||
+ *out = (unsigned char *)PACKET_data(&ssubpkt);
|
||||
+ *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
|
||||
+ return OPENSSL_NPN_NEGOTIATED;
|
||||
+ }
|
||||
+ }
|
||||
+ /* Ignore spurious trailing bytes in the client list */
|
||||
+ } else {
|
||||
+ /* This should never happen */
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
}
|
||||
- j += client[j];
|
||||
- j++;
|
||||
}
|
||||
- i += server[i];
|
||||
- i++;
|
||||
+ /* Ignore spurious trailing bytes in the server list */
|
||||
}
|
||||
|
||||
- /* There's no overlap between our protocols and the server's list. */
|
||||
- result = client;
|
||||
- status = OPENSSL_NPN_NO_OVERLAP;
|
||||
-
|
||||
- found:
|
||||
- *out = (unsigned char *)result + 1;
|
||||
- *outlen = result[0];
|
||||
- return status;
|
||||
-}
|
||||
+ /*
|
||||
+ * There's no overlap between our protocols and the server's list. We use
|
||||
+ * the default opportunistic protocol selected earlier
|
||||
+ */
|
||||
+ return OPENSSL_NPN_NO_OVERLAP;
|
||||
+ }
|
||||
|
||||
#ifndef OPENSSL_NO_NEXTPROTONEG
|
||||
/*
|
||||
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
|
||||
index ce8a757..cfde733 100644
|
||||
--- a/ssl/statem/extensions_clnt.c
|
||||
+++ b/ssl/statem/extensions_clnt.c
|
||||
@@ -1585,8 +1585,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
||||
if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
|
||||
PACKET_data(pkt),
|
||||
PACKET_remaining(pkt),
|
||||
- s->ctx->ext.npn_select_cb_arg) !=
|
||||
- SSL_TLSEXT_ERR_OK) {
|
||||
+ s->ctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
|
||||
+ || selected_len == 0) {
|
||||
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
|
||||
SSL_R_BAD_EXTENSION);
|
||||
return 0;
|
||||
@@ -1617,6 +1617,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
||||
size_t chainidx)
|
||||
{
|
||||
size_t len;
|
||||
+ PACKET confpkt, protpkt;
|
||||
+ int valid = 0;
|
||||
|
||||
/* We must have requested it. */
|
||||
if (!s->s3->alpn_sent) {
|
||||
@@ -1637,6 +1639,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
|
||||
SSL_R_BAD_EXTENSION);
|
||||
return 0;
|
||||
}
|
||||
+
|
||||
+ /* It must be a protocol that we sent */
|
||||
+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
|
||||
+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
+ ERR_R_INTERNAL_ERROR);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
|
||||
+ if (PACKET_remaining(&protpkt) != len)
|
||||
+ continue;
|
||||
+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
|
||||
+ /* Valid protocol found */
|
||||
+ valid = 1;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (!valid) {
|
||||
+ /* The protocol sent from the server does not match one we advertised */
|
||||
+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
|
||||
+ SSL_R_BAD_EXTENSION);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
OPENSSL_free(s->s3->alpn_selected);
|
||||
s->s3->alpn_selected = OPENSSL_malloc(len);
|
||||
if (s->s3->alpn_selected == NULL) {
|
||||
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
|
||||
index 3c7395c..4e3cbf8 100644
|
||||
--- a/ssl/statem/extensions_srvr.c
|
||||
+++ b/ssl/statem/extensions_srvr.c
|
||||
@@ -1559,9 +1559,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
|
||||
return EXT_RETURN_FAIL;
|
||||
}
|
||||
s->s3->npn_seen = 1;
|
||||
+ return EXT_RETURN_SENT;
|
||||
}
|
||||
|
||||
- return EXT_RETURN_SENT;
|
||||
+ return EXT_RETURN_NOT_SENT;
|
||||
}
|
||||
#endif
|
||||
|
||||
--
|
||||
2.46.0
|
||||
|
||||
@ -1,387 +0,0 @@
|
||||
From 23c0f08fa39a825003c9d7eb0c28260939e0d3ef Mon Sep 17 00:00:00 2001
|
||||
From: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
Date: Tue, 10 Feb 2026 11:48:41 +0100
|
||||
Subject: [PATCH 1/1] hardening-from-openssl-3.0.1
|
||||
|
||||
Signed-off-by: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
---
|
||||
crypto/asn1/a_mbstr.c | 58 ++++++++++++++++++++++++----
|
||||
crypto/asn1/a_utf8.c | 77 +++++++-------------------------------
|
||||
include/internal/unicode.h | 31 +++++++++++++++
|
||||
test/asn1_internal_test.c | 41 ++++++++++++++++++++
|
||||
4 files changed, 135 insertions(+), 72 deletions(-)
|
||||
create mode 100644 include/internal/unicode.h
|
||||
|
||||
diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
|
||||
index bdb697a..6ef4137 100644
|
||||
--- a/crypto/asn1/a_mbstr.c
|
||||
+++ b/crypto/asn1/a_mbstr.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
- * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <stdio.h>
|
||||
#include "crypto/ctype.h"
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/unicode.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
static int traverse_string(const unsigned char *p, int len, int inform,
|
||||
@@ -49,12 +50,15 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
ASN1_STRING *dest;
|
||||
unsigned char *p;
|
||||
int nchar;
|
||||
- char strbuf[32];
|
||||
+ char strbuf[32];
|
||||
+
|
||||
int (*cpyfunc) (unsigned long, void *) = NULL;
|
||||
if (len == -1)
|
||||
len = strlen((const char *)in);
|
||||
if (!mask)
|
||||
mask = DIRSTRING_TYPE;
|
||||
+ if (len < 0)
|
||||
+ return -1;
|
||||
|
||||
/* First do a string check and work out the number of characters */
|
||||
switch (inform) {
|
||||
@@ -116,7 +120,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
return -1;
|
||||
}
|
||||
|
||||
- /* Now work out output format and string type */
|
||||
+ /*
|
||||
+ * Now work out output format and string type.
|
||||
+ * These checks should be in sync with the checks in type_str.
|
||||
+ */
|
||||
outform = MBSTRING_ASC;
|
||||
if (mask & B_ASN1_NUMERICSTRING)
|
||||
str_type = V_ASN1_NUMERICSTRING;
|
||||
@@ -182,7 +189,11 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
||||
|
||||
case MBSTRING_UTF8:
|
||||
outlen = 0;
|
||||
- traverse_string(in, len, inform, out_utf8, &outlen);
|
||||
+ ret = traverse_string(in, len, inform, out_utf8, &outlen);
|
||||
+ if (ret < 0) {
|
||||
+ ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
|
||||
+ return -1;
|
||||
+ }
|
||||
cpyfunc = cpy_utf8;
|
||||
break;
|
||||
}
|
||||
@@ -247,6 +258,9 @@ static int traverse_string(const unsigned char *p, int len, int inform,
|
||||
static int in_utf8(unsigned long value, void *arg)
|
||||
{
|
||||
int *nchar;
|
||||
+
|
||||
+ if (!is_unicode_valid(value))
|
||||
+ return -2;
|
||||
nchar = arg;
|
||||
(*nchar)++;
|
||||
return 1;
|
||||
@@ -256,9 +270,13 @@ static int in_utf8(unsigned long value, void *arg)
|
||||
|
||||
static int out_utf8(unsigned long value, void *arg)
|
||||
{
|
||||
- int *outlen;
|
||||
+ int *outlen, len;
|
||||
+
|
||||
+ len = UTF8_putc(NULL, -1, value);
|
||||
+ if (len <= 0)
|
||||
+ return len;
|
||||
outlen = arg;
|
||||
- *outlen += UTF8_putc(NULL, -1, value);
|
||||
+ *outlen += len;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -269,9 +287,29 @@ static int out_utf8(unsigned long value, void *arg)
|
||||
|
||||
static int type_str(unsigned long value, void *arg)
|
||||
{
|
||||
- unsigned long types = *((unsigned long *)arg);
|
||||
+ unsigned long usable_types = *((unsigned long *)arg);
|
||||
+ unsigned long types = usable_types;
|
||||
const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
|
||||
|
||||
+ /*
|
||||
+ * Clear out all the types which are not checked later. If any of those
|
||||
+ * is present in the mask, then the UTF8 type will be added and checked
|
||||
+ * below.
|
||||
+ */
|
||||
+ types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING
|
||||
+ | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING
|
||||
+ | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING;
|
||||
+
|
||||
+ /*
|
||||
+ * If any other types were in the input mask, they're effectively treated
|
||||
+ * as UTF8
|
||||
+ */
|
||||
+ if (types != usable_types)
|
||||
+ types |= B_ASN1_UTF8STRING;
|
||||
+
|
||||
+ /*
|
||||
+ * These checks should be in sync with ASN1_mbstring_ncopy.
|
||||
+ */
|
||||
if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
|
||||
|| native == ' '))
|
||||
types &= ~B_ASN1_NUMERICSTRING;
|
||||
@@ -283,6 +321,8 @@ static int type_str(unsigned long value, void *arg)
|
||||
types &= ~B_ASN1_T61STRING;
|
||||
if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
|
||||
types &= ~B_ASN1_BMPSTRING;
|
||||
+ if ((types & B_ASN1_UTF8STRING) && !is_unicode_valid(value))
|
||||
+ types &= ~B_ASN1_UTF8STRING;
|
||||
if (!types)
|
||||
return -1;
|
||||
*((unsigned long *)arg) = types;
|
||||
@@ -338,6 +378,8 @@ static int cpy_utf8(unsigned long value, void *arg)
|
||||
p = arg;
|
||||
/* We already know there is enough room so pass 0xff as the length */
|
||||
ret = UTF8_putc(*p, 0xff, value);
|
||||
+ if (ret < 0)
|
||||
+ return ret;
|
||||
*p += ret;
|
||||
return 1;
|
||||
}
|
||||
diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
|
||||
index e2dc09f..6572726 100644
|
||||
--- a/crypto/asn1/a_utf8.c
|
||||
+++ b/crypto/asn1/a_utf8.c
|
||||
@@ -1,7 +1,7 @@
|
||||
/*
|
||||
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
- * Licensed under the OpenSSL license (the "License"). You may not use
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
@@ -9,6 +9,7 @@
|
||||
|
||||
#include <stdio.h>
|
||||
#include "internal/cryptlib.h"
|
||||
+#include "internal/unicode.h"
|
||||
#include <openssl/asn1.h>
|
||||
|
||||
/* UTF8 utilities */
|
||||
@@ -58,6 +59,8 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
||||
value |= *p++ & 0x3f;
|
||||
if (value < 0x800)
|
||||
return -4;
|
||||
+ if (is_unicode_surrogate(value))
|
||||
+ return -2;
|
||||
ret = 3;
|
||||
} else if ((*p & 0xf8) == 0xf0) {
|
||||
if (len < 4)
|
||||
@@ -73,40 +76,6 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
||||
if (value < 0x10000)
|
||||
return -4;
|
||||
ret = 4;
|
||||
- } else if ((*p & 0xfc) == 0xf8) {
|
||||
- if (len < 5)
|
||||
- return -1;
|
||||
- if (((p[1] & 0xc0) != 0x80)
|
||||
- || ((p[2] & 0xc0) != 0x80)
|
||||
- || ((p[3] & 0xc0) != 0x80)
|
||||
- || ((p[4] & 0xc0) != 0x80))
|
||||
- return -3;
|
||||
- value = ((unsigned long)(*p++ & 0x3)) << 24;
|
||||
- value |= ((unsigned long)(*p++ & 0x3f)) << 18;
|
||||
- value |= ((unsigned long)(*p++ & 0x3f)) << 12;
|
||||
- value |= (*p++ & 0x3f) << 6;
|
||||
- value |= *p++ & 0x3f;
|
||||
- if (value < 0x200000)
|
||||
- return -4;
|
||||
- ret = 5;
|
||||
- } else if ((*p & 0xfe) == 0xfc) {
|
||||
- if (len < 6)
|
||||
- return -1;
|
||||
- if (((p[1] & 0xc0) != 0x80)
|
||||
- || ((p[2] & 0xc0) != 0x80)
|
||||
- || ((p[3] & 0xc0) != 0x80)
|
||||
- || ((p[4] & 0xc0) != 0x80)
|
||||
- || ((p[5] & 0xc0) != 0x80))
|
||||
- return -3;
|
||||
- value = ((unsigned long)(*p++ & 0x1)) << 30;
|
||||
- value |= ((unsigned long)(*p++ & 0x3f)) << 24;
|
||||
- value |= ((unsigned long)(*p++ & 0x3f)) << 18;
|
||||
- value |= ((unsigned long)(*p++ & 0x3f)) << 12;
|
||||
- value |= (*p++ & 0x3f) << 6;
|
||||
- value |= *p++ & 0x3f;
|
||||
- if (value < 0x4000000)
|
||||
- return -4;
|
||||
- ret = 6;
|
||||
} else
|
||||
return -2;
|
||||
*val = value;
|
||||
@@ -116,15 +85,15 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
|
||||
/*
|
||||
* This takes a character 'value' and writes the UTF8 encoded value in 'str'
|
||||
* where 'str' is a buffer containing 'len' characters. Returns the number of
|
||||
- * characters written or -1 if 'len' is too small. 'str' can be set to NULL
|
||||
- * in which case it just returns the number of characters. It will need at
|
||||
- * most 6 characters.
|
||||
+ * characters written, -1 if 'len' is too small or -2 if 'value' is out of
|
||||
+ * range. 'str' can be set to NULL in which case it just returns the number of
|
||||
+ * characters. It will need at most 4 characters.
|
||||
*/
|
||||
|
||||
int UTF8_putc(unsigned char *str, int len, unsigned long value)
|
||||
{
|
||||
if (!str)
|
||||
- len = 6; /* Maximum we will need */
|
||||
+ len = 4; /* Maximum we will need */
|
||||
else if (len <= 0)
|
||||
return -1;
|
||||
if (value < 0x80) {
|
||||
@@ -142,6 +111,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
|
||||
return 2;
|
||||
}
|
||||
if (value < 0x10000) {
|
||||
+ if (is_unicode_surrogate(value))
|
||||
+ return -2;
|
||||
if (len < 3)
|
||||
return -1;
|
||||
if (str) {
|
||||
@@ -151,7 +122,7 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
|
||||
}
|
||||
return 3;
|
||||
}
|
||||
- if (value < 0x200000) {
|
||||
+ if (value < UNICODE_LIMIT) {
|
||||
if (len < 4)
|
||||
return -1;
|
||||
if (str) {
|
||||
@@ -162,27 +133,5 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
|
||||
}
|
||||
return 4;
|
||||
}
|
||||
- if (value < 0x4000000) {
|
||||
- if (len < 5)
|
||||
- return -1;
|
||||
- if (str) {
|
||||
- *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
|
||||
- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
|
||||
- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
|
||||
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
|
||||
- *str = (unsigned char)((value & 0x3f) | 0x80);
|
||||
- }
|
||||
- return 5;
|
||||
- }
|
||||
- if (len < 6)
|
||||
- return -1;
|
||||
- if (str) {
|
||||
- *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
|
||||
- *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
|
||||
- *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
|
||||
- *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
|
||||
- *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
|
||||
- *str = (unsigned char)((value & 0x3f) | 0x80);
|
||||
- }
|
||||
- return 6;
|
||||
+ return -2;
|
||||
}
|
||||
diff --git a/include/internal/unicode.h b/include/internal/unicode.h
|
||||
new file mode 100644
|
||||
index 0000000..a6de835
|
||||
--- /dev/null
|
||||
+++ b/include/internal/unicode.h
|
||||
@@ -0,0 +1,31 @@
|
||||
+/*
|
||||
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
+ *
|
||||
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
+ * this file except in compliance with the License. You can obtain a copy
|
||||
+ * in the file LICENSE in the source distribution or at
|
||||
+ * https://www.openssl.org/source/license.html
|
||||
+ */
|
||||
+
|
||||
+#ifndef OSSL_INTERNAL_UNICODE_H
|
||||
+# define OSSL_INTERNAL_UNICODE_H
|
||||
+# pragma once
|
||||
+
|
||||
+typedef enum {
|
||||
+ SURROGATE_MIN = 0xd800UL,
|
||||
+ SURROGATE_MAX = 0xdfffUL,
|
||||
+ UNICODE_MAX = 0x10ffffUL,
|
||||
+ UNICODE_LIMIT
|
||||
+} UNICODE_CONSTANTS;
|
||||
+
|
||||
+static ossl_unused ossl_inline int is_unicode_surrogate(unsigned long value)
|
||||
+{
|
||||
+ return value >= SURROGATE_MIN && value <= SURROGATE_MAX;
|
||||
+}
|
||||
+
|
||||
+static ossl_unused ossl_inline int is_unicode_valid(unsigned long value)
|
||||
+{
|
||||
+ return value <= UNICODE_MAX && !is_unicode_surrogate(value);
|
||||
+}
|
||||
+
|
||||
+#endif
|
||||
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
|
||||
index 865e058..ccfb75a 100644
|
||||
--- a/test/asn1_internal_test.c
|
||||
+++ b/test/asn1_internal_test.c
|
||||
@@ -107,9 +107,50 @@ static int test_standard_methods(void)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/**********************************************************************
|
||||
+ *
|
||||
+ * Tests of the Unicode code point range
|
||||
+ *
|
||||
+ ***/
|
||||
+
|
||||
+static int test_unicode(const unsigned char *univ, size_t len, int expected)
|
||||
+{
|
||||
+ const unsigned char *end = univ + len;
|
||||
+ int ok = 1;
|
||||
+
|
||||
+ for (; univ < end; univ += 4) {
|
||||
+ if (!TEST_int_eq(ASN1_mbstring_copy(NULL, univ, 4, MBSTRING_UNIV,
|
||||
+ B_ASN1_UTF8STRING),
|
||||
+ expected))
|
||||
+ ok = 0;
|
||||
+ }
|
||||
+ return ok;
|
||||
+}
|
||||
+
|
||||
+static int test_unicode_range(void)
|
||||
+{
|
||||
+ const unsigned char univ_ok[] = "\0\0\0\0"
|
||||
+ "\0\0\xd7\xff"
|
||||
+ "\0\0\xe0\x00"
|
||||
+ "\0\x10\xff\xff";
|
||||
+ const unsigned char univ_bad[] = "\0\0\xd8\x00"
|
||||
+ "\0\0\xdf\xff"
|
||||
+ "\0\x11\x00\x00"
|
||||
+ "\x80\x00\x00\x00"
|
||||
+ "\xff\xff\xff\xff";
|
||||
+ int ok = 1;
|
||||
+
|
||||
+ if (!test_unicode(univ_ok, sizeof univ_ok - 1, V_ASN1_UTF8STRING))
|
||||
+ ok = 0;
|
||||
+ if (!test_unicode(univ_bad, sizeof univ_bad - 1, -1))
|
||||
+ ok = 0;
|
||||
+ return ok;
|
||||
+}
|
||||
+
|
||||
int setup_tests(void)
|
||||
{
|
||||
ADD_TEST(test_tbl_standard);
|
||||
ADD_TEST(test_standard_methods);
|
||||
+ ADD_TEST(test_unicode_range);
|
||||
return 1;
|
||||
}
|
||||
--
|
||||
2.52.0
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -1,145 +0,0 @@
|
||||
From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
|
||||
From: Todd Short <todd.short@me.com>
|
||||
Date: Wed, 23 Mar 2022 18:55:10 -0400
|
||||
Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3
|
||||
|
||||
For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
|
||||
|
||||
Fixes #17948
|
||||
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Reviewed-by: Tim Hudson <tjh@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/17952)
|
||||
|
||||
(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
|
||||
Modified by: Maurizio Barbaro <mbarbaro@redhat.com>
|
||||
---
|
||||
doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
|
||||
ssl/statem/statem_srvr.c | 21 ++++++++----
|
||||
test/sslapitest.c | 59 ++++++++++++++++++++++++++++++++
|
||||
3 files changed, 84 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
|
||||
index c32585e45f924..54592654ffd1f 100644
|
||||
--- a/doc/man3/SSL_CTX_set_timeout.pod
|
||||
+++ b/doc/man3/SSL_CTX_set_timeout.pod
|
||||
@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
|
||||
All currently supported protocols have the same default timeout value
|
||||
of 300 seconds.
|
||||
|
||||
+This timeout value is used as the ticket lifetime hint for stateless session
|
||||
+tickets. It is also used as the timeout value within the ticket itself.
|
||||
+
|
||||
+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
|
||||
+seconds).
|
||||
+
|
||||
+For TLSv1.2, tickets generated during an initial handshake use the value
|
||||
+as specified. Tickets generated during a resumed handshake have a value
|
||||
+of 0 for the ticket lifetime hint.
|
||||
+
|
||||
=head1 RETURN VALUES
|
||||
|
||||
SSL_CTX_set_timeout() returns the previously set timeout value.
|
||||
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|
||||
index d701c46b43b5a..79cfd1d8353a0 100644
|
||||
--- a/ssl/statem/statem_srvr.c
|
||||
+++ b/ssl/statem/statem_srvr.c
|
||||
@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
|
||||
static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
|
||||
unsigned char *tick_nonce)
|
||||
{
|
||||
+ uint32_t timeout = (uint32_t)s->session->timeout;
|
||||
+
|
||||
/*
|
||||
- * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
|
||||
- * unspecified for resumed session (for simplicity).
|
||||
+ * Ticket lifetime hint:
|
||||
* In TLSv1.3 we reset the "time" field above, and always specify the
|
||||
- * timeout.
|
||||
+ * timeout, limited to a 1 week period per RFC8446.
|
||||
+ * For TLSv1.2 this is advisory only and we leave this unspecified for
|
||||
+ * resumed session (for simplicity).
|
||||
*/
|
||||
- if (!WPACKET_put_bytes_u32(pkt,
|
||||
- (s->hit && !SSL_IS_TLS13(s))
|
||||
- ? 0 : s->session->timeout)) {
|
||||
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
|
||||
+
|
||||
+ if (SSL_IS_TLS13(s)) {
|
||||
+ if (s->session->timeout > ONE_WEEK_SEC)
|
||||
+ timeout = ONE_WEEK_SEC;
|
||||
+ } else if (s->hit)
|
||||
+ timeout = 0;
|
||||
+
|
||||
+ if (!WPACKET_put_bytes_u32(pkt, timeout)) {
|
||||
SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
|
||||
ERR_R_INTERNAL_ERROR);
|
||||
return 0;
|
||||
|
||||
--- a/test/sslapitest.c 2025-10-21 18:44:14.836888120 +0200
|
||||
+++ b/test/sslapitest.c 2025-10-22 17:39:24.869230280 +0200
|
||||
@@ -6656,6 +6656,64 @@
|
||||
|
||||
return testresult;
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
|
||||
+ * 0 = TLSv1.2
|
||||
+ * 1 = TLSv1.3
|
||||
+ */
|
||||
+static int test_ticket_lifetime(int idx)
|
||||
+{
|
||||
+ SSL_CTX *cctx = NULL, *sctx = NULL;
|
||||
+ SSL *clientssl = NULL, *serverssl = NULL;
|
||||
+ int testresult = 0;
|
||||
+ int version = TLS1_3_VERSION;
|
||||
+
|
||||
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
|
||||
+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
|
||||
+
|
||||
+ if (idx == 0) {
|
||||
+ version = TLS1_2_VERSION;
|
||||
+ }
|
||||
+
|
||||
+ if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
|
||||
+ TLS_client_method(), version, version,
|
||||
+ &sctx, &cctx, cert, privkey)))
|
||||
+ goto end;
|
||||
+
|
||||
+ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
|
||||
+ &clientssl, NULL, NULL)))
|
||||
+ goto end;
|
||||
+
|
||||
+ /*
|
||||
+ * Set the timeout to be more than 1 week
|
||||
+ * make sure the returned value is the default
|
||||
+ */
|
||||
+ if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
|
||||
+ SSL_get_default_timeout(serverssl)))
|
||||
+ goto end;
|
||||
+
|
||||
+ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
|
||||
+ goto end;
|
||||
+
|
||||
+ if (idx == 0) {
|
||||
+ /* TLSv1.2 uses the set value */
|
||||
+ if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
|
||||
+ goto end;
|
||||
+ } else {
|
||||
+ /* TLSv1.3 uses the limited value */
|
||||
+ if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
|
||||
+ goto end;
|
||||
+ }
|
||||
+ testresult = 1;
|
||||
+
|
||||
+end:
|
||||
+ SSL_free(serverssl);
|
||||
+ SSL_free(clientssl);
|
||||
+ SSL_CTX_free(sctx);
|
||||
+ SSL_CTX_free(cctx);
|
||||
+ return testresult;
|
||||
+}
|
||||
#endif
|
||||
|
||||
int setup_tests(void)
|
||||
@ -22,7 +22,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1k
|
||||
Release: 15%{?dist}
|
||||
Release: 9%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -92,22 +92,6 @@ Patch101: openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
|
||||
Patch102: openssl-1.1.1-cve-2022-4450-PEM-bio.patch
|
||||
Patch103: openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
|
||||
Patch104: openssl-1.1.1-cve-2023-0286-X400.patch
|
||||
# OpenSSL 1.1.1v CVEs
|
||||
Patch105: openssl-1.1.1-cve-2023-3446.patch
|
||||
Patch106: openssl-1.1.1-cve-2023-3817.patch
|
||||
Patch107: openssl-1.1.1-cve-2023-5678.patch
|
||||
# Backport from OpenSSL 3.2/RHEL 9
|
||||
# Proper fix for CVE-2020-25659
|
||||
Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
|
||||
# Backport from OpenSSL 3.2
|
||||
# Fix for CVE-2024-5535
|
||||
Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
|
||||
# Fix for CVE-2025-9230
|
||||
Patch110: openssl-1.1.1-cve-2025-9230.patch
|
||||
Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
|
||||
# Fix for CVE-2025-69419 (next two)
|
||||
Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch
|
||||
Patch113: openssl-1.1.1-cve-2025-69419.patch
|
||||
|
||||
License: OpenSSL and ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -186,66 +170,57 @@ from other formats to the formats used by the OpenSSL toolkit.
|
||||
cp %{SOURCE12} crypto/ec/
|
||||
cp %{SOURCE13} test/
|
||||
|
||||
%patch -P1 -p1 -b .build %{?_rawbuild}
|
||||
%patch -P2 -p1 -b .defaults
|
||||
%patch -P3 -p1 -b .no-html %{?_rawbuild}
|
||||
%patch -P4 -p1 -b .man-rename
|
||||
%patch1 -p1 -b .build %{?_rawbuild}
|
||||
%patch2 -p1 -b .defaults
|
||||
%patch3 -p1 -b .no-html %{?_rawbuild}
|
||||
%patch4 -p1 -b .man-rename
|
||||
|
||||
%patch -P31 -p1 -b .conf-paths
|
||||
%patch -P32 -p1 -b .version-add-engines
|
||||
%patch -P33 -p1 -b .dgst
|
||||
%patch -P36 -p1 -b .no-brainpool
|
||||
%patch -P37 -p1 -b .curves
|
||||
%patch -P38 -p1 -b .no-weak-verify
|
||||
%patch -P40 -p1 -b .sslv3-abi
|
||||
%patch -P41 -p1 -b .system-cipherlist
|
||||
%patch -P42 -p1 -b .fips
|
||||
%patch -P44 -p1 -b .version-override
|
||||
%patch -P45 -p1 -b .weak-ciphers
|
||||
%patch -P46 -p1 -b .seclevel
|
||||
%patch -P47 -p1 -b .ts-sha256-default
|
||||
%patch -P48 -p1 -b .fips-post-rand
|
||||
%patch -P49 -p1 -b .evp-kdf
|
||||
%patch -P50 -p1 -b .ssh-kdf
|
||||
%patch -P51 -p1 -b .intel-cet
|
||||
%patch -P52 -p1 -b .s390x-update
|
||||
%patch -P53 -p1 -b .crng-test
|
||||
%patch -P55 -p1 -b .arm-update
|
||||
%patch -P56 -p1 -b .s390x-ecc
|
||||
%patch -P60 -p1 -b .krb5-kdf
|
||||
%patch -P61 -p1 -b .edk2-build
|
||||
%patch -P62 -p1 -b .fips-curves
|
||||
%patch -P65 -p1 -b .drbg-selftest
|
||||
%patch -P66 -p1 -b .fips-dh
|
||||
%patch -P67 -p1 -b .kdf-selftest
|
||||
%patch -P69 -p1 -b .alpn-cb
|
||||
%patch -P70 -p1 -b .rewire-fips-drbg
|
||||
%patch -P74 -p1 -b .addrconfig
|
||||
%patch -P75 -p1 -b .tls13-curves
|
||||
%patch -P76 -p1 -b .cleanup-reneg
|
||||
%patch -P77 -p1 -b .s390x-aes
|
||||
%patch -P78 -p1 -b .addr-ipv6
|
||||
%patch -P79 -p1 -b .servername-cb
|
||||
%patch -P80 -p1 -b .s390x-test-aes
|
||||
%patch -P81 -p1 -b .read-buff
|
||||
%patch -P82 -p1 -b .cve-2022-0778
|
||||
%patch -P83 -p1 -b .replace-expired-certs
|
||||
%patch -P84 -p1 -b .cve-2022-1292
|
||||
%patch -P85 -p1 -b .cve-2022-2068
|
||||
%patch -P86 -p1 -b .cve-2022-2097
|
||||
%patch -P101 -p1 -b .cve-2022-4304
|
||||
%patch -P102 -p1 -b .cve-2022-4450
|
||||
%patch -P103 -p1 -b .cve-2023-0215
|
||||
%patch -P104 -p1 -b .cve-2023-0286
|
||||
%patch -P105 -p1 -b .cve-2023-3446
|
||||
%patch -P106 -p1 -b .cve-2023-3817
|
||||
%patch -P107 -p1 -b .cve-2023-5678
|
||||
%patch -P108 -p1 -b .pkcs15imprejection
|
||||
%patch -P109 -p1 -b .cve-2024-5535
|
||||
%patch -P110 -p1 -b .cve-2025-9230
|
||||
%patch -P111 -p1 -b .ticket_lifetime_hint
|
||||
%patch -P112 -p1 -b .cve-2025-69419-1
|
||||
%patch -P113 -p1 -b .cve-2025-69419-2
|
||||
%patch31 -p1 -b .conf-paths
|
||||
%patch32 -p1 -b .version-add-engines
|
||||
%patch33 -p1 -b .dgst
|
||||
%patch36 -p1 -b .no-brainpool
|
||||
%patch37 -p1 -b .curves
|
||||
%patch38 -p1 -b .no-weak-verify
|
||||
%patch40 -p1 -b .sslv3-abi
|
||||
%patch41 -p1 -b .system-cipherlist
|
||||
%patch42 -p1 -b .fips
|
||||
%patch44 -p1 -b .version-override
|
||||
%patch45 -p1 -b .weak-ciphers
|
||||
%patch46 -p1 -b .seclevel
|
||||
%patch47 -p1 -b .ts-sha256-default
|
||||
%patch48 -p1 -b .fips-post-rand
|
||||
%patch49 -p1 -b .evp-kdf
|
||||
%patch50 -p1 -b .ssh-kdf
|
||||
%patch51 -p1 -b .intel-cet
|
||||
%patch52 -p1 -b .s390x-update
|
||||
%patch53 -p1 -b .crng-test
|
||||
%patch55 -p1 -b .arm-update
|
||||
%patch56 -p1 -b .s390x-ecc
|
||||
%patch60 -p1 -b .krb5-kdf
|
||||
%patch61 -p1 -b .edk2-build
|
||||
%patch62 -p1 -b .fips-curves
|
||||
%patch65 -p1 -b .drbg-selftest
|
||||
%patch66 -p1 -b .fips-dh
|
||||
%patch67 -p1 -b .kdf-selftest
|
||||
%patch69 -p1 -b .alpn-cb
|
||||
%patch70 -p1 -b .rewire-fips-drbg
|
||||
%patch74 -p1 -b .addrconfig
|
||||
%patch75 -p1 -b .tls13-curves
|
||||
%patch76 -p1 -b .cleanup-reneg
|
||||
%patch77 -p1 -b .s390x-aes
|
||||
%patch78 -p1 -b .addr-ipv6
|
||||
%patch79 -p1 -b .servername-cb
|
||||
%patch80 -p1 -b .s390x-test-aes
|
||||
%patch81 -p1 -b .read-buff
|
||||
%patch82 -p1 -b .cve-2022-0778
|
||||
%patch83 -p1 -b .replace-expired-certs
|
||||
%patch84 -p1 -b .cve-2022-1292
|
||||
%patch85 -p1 -b .cve-2022-2068
|
||||
%patch86 -p1 -b .cve-2022-2097
|
||||
%patch101 -p1 -b .cve-2022-4304
|
||||
%patch102 -p1 -b .cve-2022-4450
|
||||
%patch103 -p1 -b .cve-2023-0215
|
||||
%patch104 -p1 -b .cve-2023-0286
|
||||
|
||||
%build
|
||||
# Figure out which flags we want to use.
|
||||
@ -529,63 +504,33 @@ export LD_LIBRARY_PATH
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Thu Feb 12 2026 Antonio Vieiro <avieirov@redhat.com> - 1:1.1.1k-15
|
||||
- Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
|
||||
ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients
|
||||
Resolves: RHEL-149165
|
||||
Resolves: RHEL-142715
|
||||
|
||||
* Mon Dec 22 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14.1
|
||||
- Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
|
||||
Fix CVE-2025-9230
|
||||
Resolves: RHEL-128615
|
||||
|
||||
* Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
|
||||
- Backport fix SSL_select_next proto from OpenSSL 3.2
|
||||
Fix CVE-2024-5535
|
||||
Resolves: RHEL-45654
|
||||
|
||||
* Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
|
||||
- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
|
||||
(a proper fix for CVE-2020-25659)
|
||||
Resolves: RHEL-17694
|
||||
|
||||
* Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
|
||||
- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
|
||||
excessively long X9.42 DH keys or parameters may be very slow
|
||||
Resolves: RHEL-16536
|
||||
|
||||
* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
|
||||
- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
|
||||
Resolves: RHEL-14243
|
||||
- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
|
||||
Resolves: RHEL-14237
|
||||
|
||||
* Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
|
||||
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
|
||||
- Fixed Timing Oracle in RSA Decryption
|
||||
Resolves: CVE-2022-4304
|
||||
- Fixed Double free after calling PEM_read_bio_ex
|
||||
Resolves: CVE-2022-4450
|
||||
- Fixed Use-after-free following BIO_new_NDEF
|
||||
Resolves: CVE-2023-0215
|
||||
|
||||
* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
|
||||
- Fixed X.400 address type confusion in X.509 GeneralName
|
||||
Resolves: CVE-2023-0286
|
||||
|
||||
* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
|
||||
- Fix no-ec build
|
||||
Resolves: rhbz#2071020
|
||||
|
||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
|
||||
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||
Resolves: CVE-2022-2097
|
||||
- Update expired certificates used in the testsuite
|
||||
Resolves: rhbz#2100554
|
||||
Resolves: rhbz#2092462
|
||||
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
|
||||
Resolves: rhbz#2090371
|
||||
Resolves: rhbz#2090372
|
||||
- Fix CVE-2022-2068: the c_rehash script allows command injection
|
||||
Resolves: rhbz#2098278
|
||||
Resolves: rhbz#2098279
|
||||
|
||||
* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
|
||||
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
|
||||
- Resolves: rhbz#2067145
|
||||
- Resolves: rhbz#2067146
|
||||
|
||||
* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
|
||||
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
|
||||
|
||||
Loading…
Reference in New Issue
Block a user