[openssl/openssl] 9e2099: Restrict the size of OBJECT IDENTIFIERs that OBJ_o...
Tomáš Mráz
noreply at github.com
Tue May 30 13:11:23 UTC 2023
Branch: refs/heads/OpenSSL_1_1_1-stable
Home: https://github.com/openssl/openssl
Commit: 9e209944b35cf82368071f160a744b6178f9b098
https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
Author: Richard Levitte <levitte at openssl.org>
Date: 2023-05-29 (Mon, 29 May 2023)
Changed paths:
M CHANGES
M NEWS
M crypto/objects/obj_dat.c
Log Message:
-----------
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form. For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.
To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:
> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).
Fixes otc/security#96
Fixes CVE-2023-2650
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Commit: aff2886eab2243cb32151d25c2341bc82e0ccf21
https://github.com/openssl/openssl/commit/aff2886eab2243cb32151d25c2341bc82e0ccf21
Author: Tomas Mraz <tomas at openssl.org>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M README
M crypto/aes/asm/bsaes-armv7.pl
M crypto/asn1/a_bitstr.c
M crypto/bn/bn_asm.c
M crypto/bn/bn_lib.c
M crypto/conf/conf_sap.c
M crypto/objects/obj_dat.c
M crypto/ui/ui_lib.c
M crypto/ui/ui_util.c
M crypto/x509/x509_vfy.c
M crypto/x509v3/pcy_local.h
M crypto/x509v3/pcy_node.c
M crypto/x509v3/pcy_tree.c
M doc/man3/X509_VERIFY_PARAM_set_flags.pod
M engines/e_padlock.c
M include/openssl/opensslv.h
M test/certs/mkcert.sh
M test/recipes/25-test_verify.t
M util/mkdef.pl
Log Message:
-----------
Copyright year updates
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Commit: 70c2912f635aac8ab28629a2b5ea0c09740d2bda
https://github.com/openssl/openssl/commit/70c2912f635aac8ab28629a2b5ea0c09740d2bda
Author: Tomas Mraz <tomas at openssl.org>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M CHANGES
M NEWS
M README
M include/openssl/opensslv.h
Log Message:
-----------
Prepare for release of 1.1.1u
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Commit: fe824ce0c5d51e7e7cf36c31db6c49c1c0c04a25
https://github.com/openssl/openssl/commit/fe824ce0c5d51e7e7cf36c31db6c49c1c0c04a25
Author: Tomas Mraz <tomas at openssl.org>
Date: 2023-05-30 (Tue, 30 May 2023)
Changed paths:
M CHANGES
M NEWS
M README
M include/openssl/opensslv.h
Log Message:
-----------
Prepare for 1.1.1v
Reviewed-by: Richard Levitte <levitte at openssl.org>
Release: yes
Compare: https://github.com/openssl/openssl/compare/3cc6933555a0...fe824ce0c5d5
More information about the openssl-commits
mailing list