forked from pool/openssl-1_1
Pedro Monreal Gonzalez
18ecb7a582
- Security fix: [bsc#1227138, CVE-2024-5535] * SSL_select_next_proto buffer overread * Add openssl-CVE-2024-5535.patch - Apply "openssl-CVE-2024-4741.patch" to fix a use-after-free security vulnerability. Calling the function SSL_free_buffers() potentially caused memory to be accessed that was previously freed in some situations and a malicious attacker could attempt to engineer a stituation where this occurs to facilitate a denial-of-service attack. [CVE-2024-4741, bsc#1225551] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=164
58 lines
2.7 KiB
Diff
58 lines
2.7 KiB
Diff
From 653b883b97f72a15d35d21246696881aa65311e2 Mon Sep 17 00:00:00 2001
|
|
From: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
Date: Thu, 15 Aug 2019 22:51:57 +0200
|
|
Subject: [PATCH] Fix 9bf682f which broke nistp224_method
|
|
|
|
Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com>
|
|
|
|
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
|
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/9607)
|
|
---
|
|
crypto/ec/ecp_nistp224.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: openssl-1.1.1d/crypto/ec/ecp_nistp224.c
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.104632265 +0100
|
|
+++ openssl-1.1.1d/crypto/ec/ecp_nistp224.c 2020-01-23 13:45:11.208632883 +0100
|
|
@@ -291,10 +291,10 @@ const EC_METHOD *EC_GFp_nistp224_method(
|
|
ec_key_simple_generate_public_key,
|
|
0, /* keycopy */
|
|
0, /* keyfinish */
|
|
+ ecdh_simple_compute_key,
|
|
ecdsa_simple_sign_setup,
|
|
ecdsa_simple_sign_sig,
|
|
ecdsa_simple_verify_sig,
|
|
- ecdh_simple_compute_key,
|
|
0, /* field_inverse_mod_ord */
|
|
0, /* blind_coordinates */
|
|
0, /* ladder_pre */
|
|
Index: openssl-1.1.1d/crypto/ec/build.info
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/crypto/ec/build.info 2019-09-10 15:13:07.000000000 +0200
|
|
+++ openssl-1.1.1d/crypto/ec/build.info 2020-01-23 13:45:11.208632883 +0100
|
|
@@ -20,6 +20,9 @@ GENERATE[ecp_nistz256-avx2.s]=asm/ecp_ni
|
|
GENERATE[ecp_nistz256-sparcv9.S]=asm/ecp_nistz256-sparcv9.pl $(PERLASM_SCHEME)
|
|
INCLUDE[ecp_nistz256-sparcv9.o]=..
|
|
|
|
+INCLUDE[ecp_s390x_nistp.o]=..
|
|
+INCLUDE[ecx_meth.o]=..
|
|
+
|
|
GENERATE[ecp_nistz256-armv4.S]=asm/ecp_nistz256-armv4.pl $(PERLASM_SCHEME)
|
|
INCLUDE[ecp_nistz256-armv4.o]=..
|
|
GENERATE[ecp_nistz256-armv8.S]=asm/ecp_nistz256-armv8.pl $(PERLASM_SCHEME)
|
|
Index: openssl-1.1.1d/include/openssl/ecerr.h
|
|
===================================================================
|
|
--- openssl-1.1.1d.orig/include/openssl/ecerr.h 2020-01-23 13:45:11.108632290 +0100
|
|
+++ openssl-1.1.1d/include/openssl/ecerr.h 2020-01-23 13:45:11.208632883 +0100
|
|
@@ -38,6 +38,8 @@ int ERR_load_EC_strings(void);
|
|
# define EC_F_ECDH_SIMPLE_COMPUTE_KEY 257
|
|
# define EC_F_ECDSA_DO_SIGN_EX 251
|
|
# define EC_F_ECDSA_DO_VERIFY 252
|
|
+# define EC_F_ECDSA_S390X_NISTP_SIGN_SIG 313
|
|
+# define EC_F_ECDSA_S390X_NISTP_VERIFY_SIG 314
|
|
# define EC_F_ECDSA_SIGN_EX 254
|
|
# define EC_F_ECDSA_SIGN_SETUP 248
|
|
# define EC_F_ECDSA_SIG_NEW 265
|