zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/crypto
History
Tomas Mraz 1c16253f3c DH_check(): Do not try checking q properties if it is obviously invalid 
If  |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.

We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.

Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.

Fixes CVE-2023-3817

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)
2023-07-27 09:48:22 -04:00
..
aes
Fix typos found by codespell
2023-07-18 18:54:45 +10:00
aria
Change loops conditions to make zero loop risk more obvious.
2022-05-24 14:11:20 +10:00
asn1
Add more fixes for WebAssembly/WASI build
2023-07-12 10:50:09 +10:00
async
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
bf
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
bio
bio_print.c: Delete unreachable code at lines 710 and 711
2023-07-25 12:38:31 +02:00
bn
Check for 0 modulus in BN_RECP_CTX_set.
2023-06-26 08:07:55 +10:00
buffer
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
camellia
Rename x86-32 assembly files from .s to .S.
2022-05-24 13:16:06 +10:00
cast
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
chacha
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
cmac
Update CMAC test cases.
2023-06-12 08:36:08 +02:00
cmp
CMP: add support for genm with rootCaCert and genp with rootCaKeyUpdate
2023-07-17 08:48:36 +10:00
cms
Remove redundant check
2023-07-18 20:41:17 +02:00
comp
Add zlib oneshot compression
2022-11-07 11:23:13 +01:00
conf
conf/conf_sap.c: correct return of ossl_config_int() in UEFI system
2023-06-30 16:56:02 +02:00
crmf
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
2023-05-30 22:02:10 +02:00
ct
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
des
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
dh
DH_check(): Do not try checking q properties if it is obviously invalid
2023-07-27 09:48:22 -04:00
dsa
fix memory allocation and reference counting issues
2023-07-05 08:34:00 +10:00
dso
dso: update to structure based atomics
2023-07-01 21:18:25 +10:00
ec
Changes to resolve symbol conflict due to gf_mul
2023-07-14 08:44:26 +10:00
encode_decode
Optimise PKEY decoders
2023-07-17 08:12:06 +10:00
engine
engine: update to structure based atomics
2023-07-01 21:18:08 +10:00
err
Raise SSL_R_QUIC_PROTOCOL_ERROR on any QUIC protocol error
2023-07-18 20:37:52 +02:00
ess
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
evp
Fix typos found by codespell
2023-07-18 18:54:45 +10:00
ffc
FFC cleanups
2023-04-03 10:31:04 +02:00
hmac
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac()
2021-06-23 23:00:36 +02:00
hpke
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
http
Modified OSSL_parse_url to initialize pport_num to 0.
2023-07-14 12:04:38 +02:00
idea
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
kdf
lhash
Change all references to OpenSSL 3.1 to OpenSSL 3.2 in the master branch
2022-10-07 10:05:50 +02:00
md2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md4
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
md5
fix md5 bug on aarch64 big-endian plantform.
2023-04-28 14:36:35 +02:00
mdc2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
modes
riscv: Clarify dual-licensing wording for GCM and AES
2023-07-06 12:53:27 +10:00
objects
feat: add missing pki / pmi object identifiers
2023-06-29 09:29:56 +10:00
ocsp
Fix incomplete check on X509V3_add1_i2d()
2023-01-31 11:05:51 +11:00
pem
Avoid dangling ptrs in header and data params for PEM_read_bio_ex
2023-02-07 17:05:10 +01:00
perlasm
riscv: Clarify dual-licensing wording for GCM and AES
2023-07-06 12:53:27 +10:00
pkcs7
CMS, PKCS7, and CRMF: simplify use of EVP_PKEY_decrypt() by helper function
2023-05-30 22:02:10 +02:00
pkcs12
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
poly1305
Fix typos found by codespell
2023-07-18 18:54:45 +10:00
property
Only call OPENSSL_init_crypto on fetch if using the default libctx
2023-02-22 10:03:14 +11:00
rand
rand_lib: RAND_poll: Reseed in non-"no-deprecated" builds.
2023-06-14 09:03:14 +10:00
rc2
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rc4
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
rc5
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
ripemd
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
rsa
Fix RSA OAEP set/get label for legacy engine
2023-07-17 08:15:06 +10:00
seed
Avoid duplicating symbols in legacy.a with some build options
2023-01-31 11:10:22 +11:00
sha
Move Keccak rhotates tables to rodata
2023-07-14 11:15:45 +10:00
siphash
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
sm2
crypto/sm2/sm2_sign.c: Add BN_CTX_end
2023-06-13 13:37:33 +02:00
sm3
Fix arm64 asm code back compatible issue with gcc 4.9.4
2023-05-31 10:50:28 +10:00
sm4
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
srp
add a check for the return of sk_SRP_gN_new_null() so that capture the potential memory error in time
2022-10-20 19:04:44 +11:00
stack
stack: fix searching when the stack isn't sorted.
2023-04-28 09:24:06 +02:00
store
store: update to structure based atomics
2023-07-01 21:18:25 +10:00
thread
Fix no-thread-pool building
2023-07-06 12:55:21 +10:00
ts
crypto/*: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
txt_db
Coverity 1528487: Avoid assignment of unused value of i
2023-06-10 19:23:59 -04:00
ui
Fix stack corruption in ui_read
2023-05-17 12:07:02 +02:00
whrlpool
Fix typos found by codespell
2023-07-18 18:54:45 +10:00
x509
get_cert_by_subject_ex(): Check result of X509_STORE_lock()
2023-07-25 17:02:20 +02:00
alphacpuid.pl
arm64cpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
arm_arch.h
Update with ARMV8_HAVE_SHA3_AND_WORTH_USING
2023-07-21 10:19:19 +10:00
armcap.c
Update with ARMV8_HAVE_SHA3_AND_WORTH_USING
2023-07-21 10:19:19 +10:00
armv4cpuid.pl
Ensure there's only one copy of OPENSSL_armcap_P in libcrypto.a
2023-03-29 12:21:31 +02:00
asn1_dsa.c
Update copyright year
2021-04-08 13:04:41 +01:00
bsearch.c
build.info
params: provide a faster TRIE based param lookup.
2023-06-02 15:13:20 +10:00
c64xpluscpuid.pl
context.c
Optimise PKEY decoders
2023-07-17 08:12:06 +10:00
core_algorithm.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
core_fetch.c
"Reserve" the method store when constructing methods
2022-07-20 07:28:17 +01:00
core_namemap.c
return immediately if namemap is NULL
2023-06-18 16:55:09 +10:00
cpt_err.c
err: add additional errors
2022-01-12 20:10:21 +11:00
cpuid.c
Update copyright year
2022-05-03 13:34:51 +01:00
cryptlib.c
Fix UEFI support on win32
2023-04-13 10:25:55 +01:00
ctype.c
Fixed typos in documentation and comments
2023-01-04 12:53:05 +01:00
cversion.c
der_writer.c
der_writer: Use uint32_t instead of long.
2022-06-27 10:58:40 +02:00
deterministic_nonce.c
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
dllmain.c
Update copyright year
2022-05-03 13:34:51 +01:00
ebcdic.c
ex_data.c
When we're just reading EX_CALLBACK data just get a read lock
2023-05-30 17:26:02 +01:00
getenv.c
Update copyright year
2022-05-03 13:34:51 +01:00
ia64cpuid.S
info.c
info.c: Fix typos in seed macro name and description string
2023-01-10 12:15:42 +01:00
init.c
Add ZSTD compression support (RFC8478bis)
2022-10-18 09:30:21 -04:00
initthread.c
Update copyright year
2022-05-03 13:34:51 +01:00
loongarch64cpuid.pl
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
loongarch_arch.h
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
loongarchcap.c
Add LoongArch64 cpuid and OPENSSL_loongarchcap_P
2022-10-12 18:02:12 +11:00
LPdir_nyi.c
LPdir_unix.c
Cast the argument to unsigned char when calling isdigit()
2023-06-06 15:48:46 +02:00
LPdir_vms.c
LPdir_win32.c
LPdir_win.c
LPdir_wince.c
mem_clr.c
mem_sec.c
Introduce [HAVE_/NO_]MADVISE defines
2023-06-12 07:56:03 +02:00
mem.c
ERR: Make CRYPTO_malloc() and friends report ERR_R_MALLOC_FAILURE
2022-08-27 09:40:09 +02:00
mips_arch.h
o_dir.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_fopen.c
crypto: Fix various typos, repeated words, align some spelling to LDP.
2022-10-12 16:55:01 +11:00
o_init.c
Update copyright year
2022-05-03 13:34:51 +01:00
o_str.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
o_time.c
Update copyright year
2021-03-11 13:27:36 +00:00
packet.c
Rationalize FIPS sources
2023-02-08 16:20:55 +01:00
param_build_set.c
Update copyright year
2022-05-03 13:34:51 +01:00
param_build.c
Fix typos found by codespell
2023-06-15 10:11:46 +10:00
params_dup.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
params_from_text.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
params_idx.c.in
params: provide a faster TRIE based param lookup.
2023-06-02 15:13:20 +10:00
params.c
crypto/params: drop float for UEFI
2023-05-22 07:45:10 +01:00
pariscid.pl
passphrase.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
ppccap.c
Update copyright year
2022-05-03 13:34:51 +01:00
ppccpuid.pl
Update copyright year
2022-05-03 13:34:51 +01:00
provider_child.c
Fix a potential memory leak in crypto/provider_child.c
2023-02-01 08:20:08 +11:00
provider_conf.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
provider_core.c
Optimise PKEY decoders
2023-07-17 08:12:06 +10:00
provider_local.h
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider_predefined.c
make struct provider_info_st a full type
2021-06-24 14:48:15 +01:00
provider.c
Stop raising ERR_R_MALLOC_FAILURE in most places
2022-10-05 14:02:03 +02:00
punycode.c
Add more punycode tests and remove ossl_a2ucompare()
2023-02-08 16:17:37 +01:00
quic_vlint.c
QUIC: Enable building with QUIC support disabled
2023-01-13 13:20:16 +00:00
README-sparse_array.md
riscv32cpuid.pl
Add RISC-V 32 cpuid support
2022-09-05 10:20:30 +10:00
riscv64cpuid.pl
Add basic RISC-V cpuid and OPENSSL_riscvcap
2022-05-19 16:32:49 +10:00
riscvcap.c
Add basic RISC-V cpuid and OPENSSL_riscvcap
2022-05-19 16:32:49 +10:00
s390x_arch.h
S390X: Accelerate keccak XOF
2023-03-07 18:21:51 +01:00
s390xcap.c
s390xcap.c: Avoid copying structure on initialization
2023-06-28 08:31:07 +10:00
s390xcpuid.pl
self_test_core.c
Update copyright year
2022-05-03 13:34:51 +01:00
sleep.c
OSSL_sleep(): Calling sleep() function if sleepTime > 1sec
2023-05-30 21:10:03 +02:00
sparccpuid.S
sparcv9cap.c
Split bignum code out of the sparcv9cap.c
2021-07-15 09:33:04 +02:00
sparse_array.c
Coverity 1507376: Dereference after null check
2022-07-22 14:42:13 +02:00
threads_lib.c
Define threads_lib.c functions only for OPENSSL_SYS_UNIX
2022-11-14 07:47:53 +00:00
threads_none.c
QUIC: Fix bugs where threading is disabled
2023-05-24 10:34:54 +01:00
threads_pthread.c
QUIC: Fix bugs where threading is disabled
2023-05-24 10:34:54 +01:00
threads_win.c
Add note about Windows LONG
2023-05-24 10:34:55 +01:00
time.c
Fix UEFI support on win32
2023-04-13 10:25:55 +01:00
trace.c
add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()
2023-01-26 09:16:51 +01:00
uid.c
Add more fixes for WebAssembly/WASI build
2023-07-12 10:50:09 +10:00
vms_rms.h
x86_64cpuid.pl
Update copyright year
2021-04-08 13:04:41 +01:00
x86cpuid.pl