Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
ae274c04
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
未验证
提交
ae274c04
编写于
6月 08, 2023
作者:
O
openharmony_ci
提交者:
Gitee
6月 08, 2023
浏览文件
操作
浏览文件
下载
差异文件
!119 fix CVE-2023-2650 for OpenHarmony-3.1-Release
Merge pull request !119 from code4lala/OpenHarmony-3.1-Release
上级
5c81cb12
3e9368a7
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
47 addition
and
0 deletion
+47
-0
CHANGES
CHANGES
+26
-0
NEWS
NEWS
+2
-0
crypto/objects/obj_dat.c
crypto/objects/obj_dat.c
+19
-0
未找到文件。
CHANGES
浏览文件 @
ae274c04
...
...
@@ -7,6 +7,32 @@
https://github.com/openssl/openssl/commits/ and pick the appropriate
release branch.
*) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier. (CVE-2023-2650)
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
IDENTIFIER to canonical numeric text form if the size of that OBJECT
IDENTIFIER is 586 bytes or less, and fail otherwise.
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
most 128 sub-identifiers, and that the maximum value that each sub-
identifier may have is 2^32-1 (4294967295 decimal).
For each byte of every sub-identifier, only the 7 lower bits are part of
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
bytes.
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
[Richard Levitte]
Changes between 1.1.1s and 1.1.1t [xx XXX xxxx]
*) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
...
...
NEWS
浏览文件 @
ae274c04
...
...
@@ -5,6 +5,8 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
...
...
crypto/objects/obj_dat.c
浏览文件 @
ae274c04
...
...
@@ -427,6 +427,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
first
=
1
;
bl
=
NULL
;
/*
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
*
* > 3.5. OBJECT IDENTIFIER values
* >
* > An OBJECT IDENTIFIER value is an ordered list of non-negative
* > numbers. For the SMIv2, each number in the list is referred to as a
* > sub-identifier, there are at most 128 sub-identifiers in a value,
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295
* > decimal).
*
* So a legitimate OID according to this RFC is at most (32 * 128 / 7),
* i.e. 586 bytes long.
*
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
*/
if
(
len
>
586
)
goto
err
;
while
(
len
>
0
)
{
l
=
0
;
use_bn
=
0
;
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录