Merge pull request !129 from code4lala/fix-CVE-2023-3817

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)

(cherry picked from commit 4b29762802c05fa871f0e1efcf804e86db0ddaa2)
(cherry picked from commit fb54f415b9981adebb03997304ac77d4d0cc520a)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

If  |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.

We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.

Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.

Fixes CVE-2023-3817
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NTodd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)

(cherry picked from commit 1c16253f3c3a8d1e25918c3f404aae6a5b0893de)
(cherry picked from commit 6a1eb62c29db6cb5eec707f9338aee00f44e26f5)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !125 from code4lala/CVE-2023-3446

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)

(cherry picked from commit 4ec53ad6e1791daafbe26bdbd539f2ba9172959a)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.

There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.

An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.

The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().

CVE-2023-3446
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21451)

(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !124 from code4lala/Fixes_CVE-2023-2975

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit 1e398bec538978b9957e69bf9e12b3c626290bea)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.

The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.

Fixes CVE-2023-2975
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !122 from cheng_jinsong/0619

Signed-off-by: Nchengjinsong2 <chengjinsong2@huawei.com>

!120 add ohos_executable openssl, Out of Tree Builds, add  openssl.cnf, UnsafeLegacyRenegotiation, load legacy provider
Merge pull request !120 from code4lala/master

add ohos_executable openssl, Out of Tree Builds, add openssl.cnf, UnsafeLegacyRenegotiation, load legacy provider
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !107 from cheng_jinsong/fly0516

Signed-off-by: Ncheng_jinsong <chengjinsong2@huawei.com>

Signed-off-by: Nchengjinsong2 <chengjinsong2@huawei.com>

Merge pull request !114 from code4lala/add_liblegacy

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I2228977076ababfa610e8b9e4a480d687642d9ce

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !113 from CheungVane/master

Signed-off-by: Nzhangwenzhi <zhangwenzhi3@huawei.com>

Merge pull request !112 from openharmony_ci/revert-merge-109-master

Merge pull request !109 from CheungVane/master

Merge pull request !110 from code4lala/master

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Signed-off-by: Nzhangwenzhi <zhangwenzhi3@huawei.com>

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I17f9c6be01e95129a522f2383fbfd10e84f564c4

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I877ef2192fa46fffcfc4326cd85d716c191139f9

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I5269be7d8e6c8ac399d86d9b48bfbd5cfabe0d19

Signed-off-by: Nzhangwenzhi <zhangwenzhi3@huawei.com>

Signed-off-by: Nzhangwenzhi <zhangwenzhi3@huawei.com>

Merge pull request !108 from code4lala/master

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>

Merge pull request !106 from code4lala/master

Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
Change-Id: I96e829f4af516c340556f51c3c531710267e3551