- 26 4月, 2023 10 次提交
-
-
由 Dmitry Belyavskiy 提交于
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: Ib81f15484fa3374bf5f50baece50bb36d105d6d7
-
由 slontis 提交于
Fixes CVE-2023-0217 When attempting to do a BN_Copy of params->p there was no NULL check. Since BN_copy does not check for NULL this is a NULL reference. As an aside BN_cmp() does do a NULL check, so there are other checks that fail because a NULL is passed. A more general check for NULL params has been added for both FFC public and private key validation instead. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I7086365d9f51b6f36fcfb79a45d36f8d032e1f22
-
由 Tomas Mraz 提交于
Original author: Nevine Ebeid (Amazon) Fixes: CVE-2023-1255 The buffer overread happens on decrypts of 4 mod 5 sizes. Unless the memory just after the buffer is unmapped this is harmless. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/20759) (cherry picked from commit 72dfe46550ee1f1bbfacd49f071419365bc23304) Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I636543b8cf34e1edaeee4d1c0d5617eb500a24a6
-
由 Tomas Mraz 提交于
Fixes CVE-2023-0216 Reviewed-by: NShane Lontis <shane.lontis@oracle.com> Reviewed-by: NPaul Dale <pauli@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: Ib4aac57064b9860c1960a66e3cbeac43ff929fe4
-
由 Hugo Landau 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Change-Id: If27a355635b2da681abac1d757386a5c9dfcdae3 Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
由 Tomas Mraz 提交于
These calls invoke EVP_DigestInit() which can fail for digests with implicit fetches. Subsequent EVP_DigestUpdate() from BIO_write() or EVP_DigestFinal() from BIO_read() will segfault on NULL dereference. This can be triggered by an attacker providing PKCS7 data digested with MD4 for example if the legacy provider is not loaded. If BIO_set_md() fails the md BIO cannot be used. CVE-2023-0401 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: Id19000b7a7fc2dbe28e9d41fb66d496ec7ca9ef1
-
由 Matt Caswell 提交于
Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad. Fixes: CVE-2023-0465 Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20587) Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I510a81e2e970638eb61ebd1d78c07f2559d15c18
-
由 Matt Caswell 提交于
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will be part of an invalid BIO chain. This causes a "use after free" when the BIO is eventually freed. Based on an original patch by Viktor Dukhovni and an idea from Theo Buehler. Thanks to Octavio Galland for reporting this issue. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I9194a044eccbf5410227b2e833dfd2221ffa3735
-
由 Matt Caswell 提交于
In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: Ic4a32fd3b5cbebfcc20bb93db250d44a60f00dd3
-
由 Viktor Dukhovni 提交于
This function assumes that if the "gen" is an OtherName, then the "base" is a rfc822Name constraint. This assumption is not true in all cases. If the end-entity certificate contains an OtherName SAN of any type besides SmtpUtf8Mailbox and the CA certificate contains a name constraint of OtherName (of any type), then "nc_email_eai" will be invoked, with the OTHERNAME "base" being incorrectly interpreted as a ASN1_IA5STRING. Reported by Corey Bonnell from Digicert. CVE-2022-4203 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com> Change-Id: I008cc36abe7c7957312525e5ee002fdc42737649
-
- 12 4月, 2023 2 次提交
-
-
由 code4lala 提交于
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
由 code4lala 提交于
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
- 29 3月, 2023 1 次提交
-
-
由 Matt Caswell 提交于
Even though we check the leaf cert to confirm it is valid, we later ignored the invalid flag and did not notice that the leaf cert was bad. Fixes: CVE-2023-0465 Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20588) Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
- 24 3月, 2023 1 次提交
-
-
由 Pauli 提交于
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Fixes CVE-2023-0464 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NShane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20569) Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
- 10 2月, 2023 4 次提交
-
-
由 Matt Caswell 提交于
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
由 Hugo Landau 提交于
Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
由 Matt Caswell 提交于
If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will be part of an invalid BIO chain. This causes a "use after free" when the BIO is eventually freed. Based on an original patch by Viktor Dukhovni and an idea from Theo Buehler. Thanks to Octavio Galland for reporting this issue. Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
由 Matt Caswell 提交于
In the event of a failure in PEM_read_bio_ex() we free the buffers we allocated for the header and data buffers. However we were not clearing the ptrs stored in *header and *data. Since, on success, the caller is responsible for freeing these ptrs this can potentially lead to a double free if the caller frees them even on failure. Thanks to Dawei Wang for reporting this issue. Based on a proposed patch by Kurt Roeckx. CVE-2022-4450 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
-
- 11 7月, 2022 1 次提交
-
-
由 zhao_zhen_zhou 提交于
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>
-
- 01 7月, 2022 1 次提交
-
-
由 zhao_zhen_zhou 提交于
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>
-
- 25 6月, 2022 1 次提交
-
-
由 zhao_zhen_zhou 提交于
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>
-
- 23 6月, 2022 1 次提交
-
-
由 zhao_zhen_zhou 提交于
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>
-
- 17 3月, 2022 1 次提交
-
-
由 haixiangw 提交于
Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>
-
- 08 3月, 2022 1 次提交
-
-
由 zhao_zhen_zhou 提交于
Signed-off-by: Nzhao_zhen_zhou <zhaozhenzhou@huawei.com>
-
- 30 1月, 2022 1 次提交
-
-
由 haixiangw 提交于
Signed-off-by: Nhaixiangw <wanghaixiang@huawei.com>
-
- 02 9月, 2021 1 次提交
-
-
由 wanghaixiang 提交于
Signed-off-by: Nwanghaixiang <wanghaixiang@huawei.com>
-
- 10 8月, 2021 1 次提交
-
-
由 HJ 提交于
Signed-off-by: NHJ <huangjun42@huawei.com>
-
- 29 6月, 2021 1 次提交
-
-
由 HJ 提交于
-
- 11 3月, 2021 1 次提交
-
-
由 mamingshuai 提交于
-
- 09 9月, 2020 1 次提交
-
-
由 wenjun 提交于
-
- 01 6月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:Openssl bugfix CVE-2019-1551 Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: I73aa3eb8c8f1fcbd49183ddfe3e2ea17a4c12bc5 Reviewed-on: http://mgit-tm.rnd.huawei.com/9089040Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 31 5月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:use openssl asm mode Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Id449bd200b5e2ef817ac329fc6874190bc245ad4 Reviewed-on: http://mgit-tm.rnd.huawei.com/9083098Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 20 5月, 2020 1 次提交
-
-
由 h00416433 提交于
Description:openssl support to build by arm Team:OTHERS Feature or Bugfix:Bugfix Binary Source:No PrivateCode(Yes/No):No Change-Id: Iedde66caa66b2baa5c1a4508240849da0e434efd Reviewed-on: http://mgit-tm.rnd.huawei.com/8910856Reviewed-by: Ndongjinguang 00268009 <dongjinguang@huawei.com> Reviewed-by: Nhouyuezhou 00386575 <hou@huawei.com> Tested-by: Npublic jenkins <public_jenkins@notesmail.huawei.com> Reviewed-by: Nlinyibin 00246405 <linyibin@huawei.com>
-
- 31 3月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Dale <paul.dale@oracle.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11445)
-
- 25 3月, 2020 1 次提交
-
-
由 Tomas Mraz 提交于
This partially reverts commit db943f43. Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11400)
-
- 23 3月, 2020 1 次提交
-
-
由 Bernd Edlinger 提交于
Basically we use EXFLAG_INVALID for all kinds of out of memory and all kinds of parse errors in x509v3_cache_extensions. [extended tests] Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10756)
-
- 20 3月, 2020 1 次提交
-
-
由 FdaSilvaYY 提交于
Found by Coverity. Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> Reviewed-by: NPaul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8274) (cherry picked from commit 23dc8feba817560485da00d690d7b7b9e5b15682)
-
- 19 3月, 2020 2 次提交
-
-
由 Bernd Edlinger 提交于
This should avoid half of the trial divisions in probable_prime_dh_safe and avoid bn_probable_prime_dh generating primes with special properties. Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
由 Bernd Edlinger 提交于
Currently probable_prime makes sure that p-1 does not have any prime factors from 3..17863, which is useful for safe primes, but not necessarily for the general case. Issue was initially reported here: MIRONOV, I. Factoring RSA Moduli II. https://windowsontheory.org/2012/05/17/factoring-rsa-moduli-part-ii/Reviewed-by: NTomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/9387)
-
- 17 3月, 2020 1 次提交
-
-
由 Matt Caswell 提交于
Reviewed-by: NPaul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/11344)
-