Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
126f382f
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
126f382f
编写于
2月 20, 2023
作者:
O
openharmony_ci
提交者:
Gitee
2月 20, 2023
浏览文件
操作
浏览文件
下载
差异文件
!83 release3.1分支修复CVE-2023-0215 CVE-2023-0286漏洞
Merge pull request !83 from wanghao-free/OpenHarmony-3.1-Release
上级
f64be627
bcf167c5
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
162 addition
and
9 deletion
+162
-9
CHANGES
CHANGES
+120
-0
crypto/asn1/bio_ndef.c
crypto/asn1/bio_ndef.c
+32
-7
crypto/x509v3/v3_genn.c
crypto/x509v3/v3_genn.c
+1
-1
include/openssl/x509v3.h
include/openssl/x509v3.h
+1
-1
test/v3nametest.c
test/v3nametest.c
+8
-0
未找到文件。
CHANGES
浏览文件 @
126f382f
...
...
@@ -7,6 +7,126 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
Changes between 1.1.1s and 1.1.1t [xx XXX xxxx]
*) Fixed a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Changes between 1.1.1n and 1.1.1o [3 May 2022]
*) Fixed a bug in the c_rehash script which was not properly sanitising shell
metacharacters to prevent command injection. This script is distributed
by some operating systems in a manner where it is automatically executed.
On such operating systems, an attacker could execute arbitrary commands
with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-1292)
[Tomáš Mráz]
Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
*) Fixed a problem with verifying a certificate chain when using the
...
...
crypto/asn1/bio_ndef.c
浏览文件 @
126f382f
...
...
@@ -49,12 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
static
int
ndef_suffix_free
(
BIO
*
b
,
unsigned
char
**
pbuf
,
int
*
plen
,
void
*
parg
);
/*
* On success, the returned BIO owns the input BIO as part of its BIO chain.
* On failure, NULL is returned and the input BIO is owned by the caller.
*
* Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
*/
BIO
*
BIO_new_NDEF
(
BIO
*
out
,
ASN1_VALUE
*
val
,
const
ASN1_ITEM
*
it
)
{
NDEF_SUPPORT
*
ndef_aux
=
NULL
;
BIO
*
asn_bio
=
NULL
;
const
ASN1_AUX
*
aux
=
it
->
funcs
;
ASN1_STREAM_ARG
sarg
;
BIO
*
pop_bio
=
NULL
;
if
(
!
aux
||
!
aux
->
asn1_cb
)
{
ASN1err
(
ASN1_F_BIO_NEW_NDEF
,
ASN1_R_STREAMING_NOT_SUPPORTED
);
...
...
@@ -69,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
out
=
BIO_push
(
asn_bio
,
out
);
if
(
out
==
NULL
)
goto
err
;
pop_bio
=
asn_bio
;
BIO_asn1_set_prefix
(
asn_bio
,
ndef_prefix
,
ndef_prefix_free
);
BIO_asn1_set_suffix
(
asn_bio
,
ndef_suffix
,
ndef_suffix_free
);
if
(
BIO_asn1_set_prefix
(
asn_bio
,
ndef_prefix
,
ndef_prefix_free
)
<=
0
||
BIO_asn1_set_suffix
(
asn_bio
,
ndef_suffix
,
ndef_suffix_free
)
<=
0
||
BIO_ctrl
(
asn_bio
,
BIO_C_SET_EX_ARG
,
0
,
ndef_aux
)
<=
0
)
goto
err
;
/*
* Now let
callback prepends any digest, cipher etc BIOs ASN1 structure
* needs.
* Now let
the callback prepend any digest, cipher, etc., that the BIO's
*
ASN1 structure
needs.
*/
sarg
.
out
=
out
;
sarg
.
ndef_bio
=
NULL
;
sarg
.
boundary
=
NULL
;
if
(
aux
->
asn1_cb
(
ASN1_OP_STREAM_PRE
,
&
val
,
it
,
&
sarg
)
<=
0
)
/*
* The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
* middle of some partially built, but not returned BIO chain.
*/
if
(
aux
->
asn1_cb
(
ASN1_OP_STREAM_PRE
,
&
val
,
it
,
&
sarg
)
<=
0
)
{
/*
* ndef_aux is now owned by asn_bio so we must not free it in the err
* clean up block
*/
ndef_aux
=
NULL
;
goto
err
;
}
/*
* We must not fail now because the callback has prepended additional
* BIOs to the chain
*/
ndef_aux
->
val
=
val
;
ndef_aux
->
it
=
it
;
...
...
@@ -91,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
ndef_aux
->
boundary
=
sarg
.
boundary
;
ndef_aux
->
out
=
out
;
BIO_ctrl
(
asn_bio
,
BIO_C_SET_EX_ARG
,
0
,
ndef_aux
);
return
sarg
.
ndef_bio
;
err:
/* BIO_pop() is NULL safe */
(
void
)
BIO_pop
(
pop_bio
);
BIO_free
(
asn_bio
);
OPENSSL_free
(
ndef_aux
);
return
NULL
;
...
...
crypto/x509v3/v3_genn.c
浏览文件 @
126f382f
...
...
@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
return
-
1
;
switch
(
a
->
type
)
{
case
GEN_X400
:
result
=
ASN1_
TYPE
_cmp
(
a
->
d
.
x400Address
,
b
->
d
.
x400Address
);
result
=
ASN1_
STRING
_cmp
(
a
->
d
.
x400Address
,
b
->
d
.
x400Address
);
break
;
case
GEN_EDIPARTY
:
...
...
include/openssl/x509v3.h
浏览文件 @
126f382f
...
...
@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
OTHERNAME
*
otherName
;
/* otherName */
ASN1_IA5STRING
*
rfc822Name
;
ASN1_IA5STRING
*
dNSName
;
ASN1_
TYPE
*
x400Address
;
ASN1_
STRING
*
x400Address
;
X509_NAME
*
directoryName
;
EDIPARTYNAME
*
ediPartyName
;
ASN1_IA5STRING
*
uniformResourceIdentifier
;
...
...
test/v3nametest.c
浏览文件 @
126f382f
...
...
@@ -646,6 +646,14 @@ static struct gennamedata {
0xb7
,
0x09
,
0x02
,
0x02
},
15
},
{
/*
* Regression test for CVE-2023-0286.
*/
{
0xa3
,
0x00
},
2
}
};
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录