Pedro Monreal Gonzalez
b0d78d2994
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- Security fix: [bsc#1250232 CVE-2025-9230]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=160
55 lines
2.0 KiB
Diff
55 lines
2.0 KiB
Diff
From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001
|
|
From: Igor Ustinov <igus68@gmail.com>
|
|
Date: Mon, 12 Jan 2026 12:15:42 +0100
|
|
Subject: [PATCH] Some comments to clarify functions usage
|
|
|
|
---
|
|
crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++
|
|
1 file changed, 20 insertions(+)
|
|
|
|
Index: openssl-3.5.0/crypto/asn1/evp_asn1.c
|
|
===================================================================
|
|
--- openssl-3.5.0.orig/crypto/asn1/evp_asn1.c
|
|
+++ openssl-3.5.0/crypto/asn1/evp_asn1.c
|
|
@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_o
|
|
oct->flags = 0;
|
|
}
|
|
|
|
+/*
|
|
+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
|
|
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
|
|
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
|
|
+ * whether all the data was copied.
|
|
+ */
|
|
static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
|
|
long *num, unsigned char *data, int max_len)
|
|
{
|
|
@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
|
|
return 0;
|
|
}
|
|
|
|
+/*
|
|
+ * This function decodes an int-octet sequence and copies the integer to 'num'
|
|
+ * and the data of octet to 'data'.
|
|
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
|
|
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
|
|
+ * whether all the data was copied.
|
|
+ */
|
|
int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
|
|
unsigned char *data, int max_len)
|
|
{
|
|
@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(A
|
|
return 0;
|
|
}
|
|
|
|
+/*
|
|
+ * This function decodes an octet-int sequence and copies the data of octet
|
|
+ * to 'data' and the integer to 'num'.
|
|
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
|
|
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
|
|
+ * whether all the data was copied.
|
|
+ */
|
|
int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
|
|
unsigned char *data, int max_len)
|
|
{
|