未验证 提交 7e81159f 编写于 作者: O openharmony_ci 提交者: Gitee

!117 fix CVE-2023-2650 for OpenHarmony-3.2-Release

Merge pull request !117 from code4lala/OpenHarmony-3.2-Release
...@@ -7,6 +7,32 @@ ...@@ -7,6 +7,32 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch. release branch.
*) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier. (CVE-2023-2650)
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).
For each byte of every sub-identifier, only the 7 lower bits are part of
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[Richard Levitte]
Changes between 1.1.1s and 1.1.1t [xx XXX xxxx] Changes between 1.1.1s and 1.1.1t [xx XXX xxxx]
*) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to that it does not enable policy checking. Thanks to
......
...@@ -5,6 +5,8 @@ ...@@ -5,6 +5,8 @@
This file gives a brief overview of the major changes between each OpenSSL This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file. release. For more details please read the CHANGES file.
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022] Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
......
...@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) ...@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
first = 1; first = 1;
bl = NULL; bl = NULL;
/*
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
*
* > 3.5. OBJECT IDENTIFIER values
* >
* > An OBJECT IDENTIFIER value is an ordered list of non-negative
* > numbers. For the SMIv2, each number in the list is referred to as a
* > sub-identifier, there are at most 128 sub-identifiers in a value,
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295
* > decimal).
*
* So a legitimate OID according to this RFC is at most (32 * 128 / 7),
* i.e. 586 bytes long.
*
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
*/
if (len > 586)
goto err;
while (len > 0) { while (len > 0) {
l = 0; l = 0;
use_bn = 0; use_bn = 0;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册