[openssl/openssl] ea3c14: Avoid an infinite loop in BN_GF2m_mod_inv
Matt Caswell
noreply at github.com
Tue Dec 12 16:17:24 UTC 2023
Branch: refs/heads/openssl-3.0
Home: https://github.com/openssl/openssl
Commit: ea3c14f1ec504dae450a3a439491922adebaaac9
https://github.com/openssl/openssl/commit/ea3c14f1ec504dae450a3a439491922adebaaac9
Author: Matt Caswell <matt at openssl.org>
Date: 2023-12-12 (Tue, 12 Dec 2023)
Changed paths:
M crypto/bn/bn_gf2m.c
Log Message:
-----------
Avoid an infinite loop in BN_GF2m_mod_inv
If p is set to 1 when calling BN_GF2m_mod_inv then an infinite loop will
result. Calling this function set 1 when applications call this directly
is a non-sensical value - so this would be considered a bug in the caller.
It does not seem possible to cause OpenSSL internal callers of
BN_GF2m_mod_inv to call it with a value of 1.
So, for the above reasons, this is not considered a security issue.
Reported by Bing Shi.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
(cherry picked from commit 9c1b8f17ce2471ca37ee3936d07aed29aab10975)
Commit: 4d4002852b2a8b877050288355a388413e6bdd90
https://github.com/openssl/openssl/commit/4d4002852b2a8b877050288355a388413e6bdd90
Author: Matt Caswell <matt at openssl.org>
Date: 2023-12-12 (Tue, 12 Dec 2023)
Changed paths:
M test/bntest.c
Log Message:
-----------
Extend the test of BN_GF2m_mod_inv
Test that input value of 1 for p is treated as an error
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/22960)
(cherry picked from commit b83c719ecb884f609ade7ad7f52bd5e09737585b)
Commit: 70c11b5e3bf6e29c12255ea276e5a5ace11e5ee6
https://github.com/openssl/openssl/commit/70c11b5e3bf6e29c12255ea276e5a5ace11e5ee6
Author: Matt Caswell <matt at openssl.org>
Date: 2023-12-12 (Tue, 12 Dec 2023)
Changed paths:
M apps/errstr.c
M crypto/http/http_lib.c
Log Message:
-----------
Fix some invalid use of sscanf
sscanf can return -1 on an empty input string. We need to appropriately
handle such an invalid case.
The instance in OSSL_HTTP_parse_url could cause an uninitialised read of
sizeof(unsigned int) bytes (typically 4). In many cases this uninit read
will immediately fail on the following check (i.e. if the read value
>65535).
If the top 2 bytes of a 4 byte unsigned int are zero then the value will
be <=65535 and the uninitialised value will be returned to the caller and
could represent arbitrary data on the application stack.
The OpenSSL security team has assessed this issue and consider it to be
a bug only (i.e. not a CVE).
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
(cherry picked from commit 322517d817ecb5c1a3a8b0e7e038fa146857b4d4)
Commit: a52ca9cbb134615291589657cb4562901115dfd1
https://github.com/openssl/openssl/commit/a52ca9cbb134615291589657cb4562901115dfd1
Author: Matt Caswell <matt at openssl.org>
Date: 2023-12-12 (Tue, 12 Dec 2023)
Changed paths:
M test/http_test.c
Log Message:
-----------
Add a test case for OSSL_HTTP_parse_url
Ensure we test the case where the port value is empty in the URL.
Reviewed-by: Todd Short <todd.short at me.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/22961)
(cherry picked from commit a36d10dfb7e77614c8d3da602ff3800a2e9f4989)
Compare: https://github.com/openssl/openssl/compare/31c695c3876b...a52ca9cbb134
More information about the openssl-commits
mailing list