Pedro Monreal Gonzalez
8c598ed63d
* Add openssl-3-disable-hmac-hw-acceleration-with-engine-digest.patch
* Add openssl-3-fix-hmac-digest-detection-s390x.patch
* Add openssl-3-fix-memleak-s390x_HMAC_CTX_copy.patch
- Add hardware acceleration for full AES-XTS jsc#PED-10273
* Add openssl-3-hw-acceleration-aes-xts-s390x.patch
- Support MSA 12 SHA3 on s390x jsc#PED-10280
* Add openssl-3-add_EVP_DigestSqueeze_api.patch
* Add openssl-3-support-multiple-sha3_squeeze_s390x.patch
* Add openssl-3-add-xof-state-handling-s3_absorb.patch
* Add openssl-3-fix-state-handling-sha3_absorb_s390x.patch
* Add openssl-3-fix-state-handling-sha3_final_s390x.patch
* Add openssl-3-fix-state-handling-shake_final_s390x.patch
* Add openssl-3-fix-state-handling-keccak_final_s390x.patch
* Add openssl-3-support-EVP_DigestSqueeze-in-digest-prov-s390x.patch
* Add openssl-3-add-defines-CPACF-funcs.patch
* Add openssl-3-add-hw-acceleration-hmac.patch
* Add openssl-3-support-CPACF-sha3-shake-perf-improvement.patch
* Add openssl-3-fix-s390x_sha3_absorb.patch
* Add openssl-3-fix-s390x_shake_squeeze.patch
- Update to 3.2.3:
* Changes between 3.2.2 and 3.2.3:
- Fixed possible denial of service in X.509 name checks. [CVE-2024-6119]
- Fixed possible buffer overread in SSL_select_next_proto(). [CVE-2024-5535]
* Changes between 3.2.1 and 3.2.2:
- Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741]
- Fixed an issue where checking excessively long DSA keys or parameters may
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=121
29 lines
1.1 KiB
Diff
29 lines
1.1 KiB
Diff
commit 19b87d2d2b022c20dd9043c3b6d021315011b45f
|
|
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
Date: Tue Aug 20 11:35:20 2024 +0200
|
|
|
|
s390x: Fix memory leak in s390x_HMAC_CTX_copy()
|
|
|
|
When s390x_HMAC_CTX_copy() is called, but the destination context already
|
|
has a buffer allocated, it is not freed before duplicating the buffer from
|
|
the source context.
|
|
|
|
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/25238)
|
|
|
|
diff --git a/crypto/hmac/hmac_s390x.c b/crypto/hmac/hmac_s390x.c
|
|
index 1124d9bc5d..8b0da0d59d 100644
|
|
--- a/crypto/hmac/hmac_s390x.c
|
|
+++ b/crypto/hmac/hmac_s390x.c
|
|
@@ -263,6 +263,7 @@ int s390x_HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
|
|
memcpy(&dctx->plat.s390x.param, &sctx->plat.s390x.param,
|
|
sizeof(dctx->plat.s390x.param));
|
|
|
|
+ OPENSSL_clear_free(dctx->plat.s390x.buf, dctx->plat.s390x.size);
|
|
dctx->plat.s390x.buf = NULL;
|
|
if (sctx->plat.s390x.buf != NULL) {
|
|
dctx->plat.s390x.buf = OPENSSL_memdup(sctx->plat.s390x.buf,
|