add rsa_sup_mul.c from CVE-2022-4304 fix https://github.com/openssl/openssl/commit/43d8f88511991533f53680a751e9326999a6a31fSigned-off-by: Ncode4lala <fengziteng2@huawei.com>

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !83 from wanghao-free/OpenHarmony-3.1-Release

Signed-off-by: Nwanghao-free <wanghao453@h-partners.com>

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !80 from wanghao-free/OpenHarmony-3.1-Release

Call PEM_read_bio_ex() and expect a failure. There should be no dangling
ptrs and therefore there should be no double free if we free the ptrs on
error.
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NHugo Landau <hlandau@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !64 from zhao_zhen_zhou/cherry-pick-1657512878

CVE-2022-2097
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>

Merge pull request !57 from HaixiangW/cherry-pick-1656070700

fix CVE-2022-2068
Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !49 from HaixiangW/cherry-pick-1652952329

fix CVE-2022-1292
Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !38 from zhao_zhen_zhou/OpenHarmony-3.1-Release

Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>

Merge pull request !33 from HaixiangW/cherry-pick-1647482351

fix CVE-2022-0778
Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !28 from HaixiangW/myfeature

Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>

Merge pull request !27 from 33/master

Signed-off-by: NSang_Sang33 <wangzhu15@huawei.com>

Merge pull request !25 from zhao_zhen_zhou/myfeature

Signed-off-by: Nzhao-zhen-zhou <zhaozhenzhou@huawei.com>

Merge pull request !24 from zhao_zhen_zhou/myfeature

Signed-off-by: Nzhao-zhen-zhou <zhaozhenzhou@huawei.com>

Merge pull request !21 from zhao_zhen_zhou/myfeature

Signed-off-by: Nzhao-zhen-zhou <zhaozhenzhou@huawei.com>

Merge pull request !18 from zhao_zhen_zhou/myfeature

Signed-off-by: Nzhao-zhen-zhou <zhaozhenzhou@huawei.com>

Merge pull request !16 from HaixiangW/myfeature

Signed-off-by: Nwanghaixiang <wanghaixiang@huawei.com>

Merge pull request !13 from HJ/master

Signed-off-by: NHJ <huangjun42@huawei.com>

Signed-off-by: NHJ <huangjun42@huawei.com>

Merge pull request !11 from HJ/0810

Signed-off-by: NHJ <huangjun42@huawei.com>

Merge pull request !6 from HJ/master

Merge pull request !5 from HJ/master