pool/openssl-3
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity
Files
factory
openssl-3/openssl-CVE-2025-69418.patch
Pedro Monreal Gonzalez b0d78d2994 - Security fixes: 
* Missing ASN1_TYPE validation in PKCS#12 parsing
    - openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
  * ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
    - openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
  * Missing ASN1_TYPE validation in TS_RESP_verify_response() function
    - openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
  * NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
    - openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
  * Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
    - openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
  * TLS 1.3 CompressedCertificate excessive memory allocation
    - openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
  * Heap out-of-bounds write in BIO_f_linebuffer on short writes
    - openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
  * Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
    - openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
  * 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
    - openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
  * Stack buffer overflow in CMS AuthEnvelopedData parsing
    - openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
    - openssl-CVE-2025-15467-comments.patch
    - openssl-CVE-2025-15467-test.patch
  * Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
    - openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
  * NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
    - openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]

- Security fix: [bsc#1250232 CVE-2025-9230]

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=160
2026-02-19 15:28:42 +00:00

68 lines
2.8 KiB
Diff
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 8 Jan 2026 15:04:54 +0100
Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted
trailing bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When ctx->stream (e.g., AESNI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.
CVE-2025-69418
Fixes: https://github.com/openssl/srt/issues/58
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
---
crypto/modes/ocb128.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/modes/ocb128.c
===================================================================
--- openssl-3.5.0.orig/crypto/modes/ocb128.c
+++ openssl-3.5.0/crypto/modes/ocb128.c
@@ -338,7 +338,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -352,6 +352,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keyenc,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
/* Loop through all full blocks to be encrypted */
for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
@@ -430,7 +433,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -444,6 +447,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keydec,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
OCB_BLOCK tmp;
Reference in New Issue View Git Blame Copy Permalink