d3b0038b60
Fix CVE-2023-0464、CVE-2023-0465、CVE-2023-0466 CVE-2023-2650、CVE-2023-3446、CVE-2023-3817、 CVE-2024-0727 Signed-off-by: yexiao <yexiao7@huawei.com>
51 lines
1.7 KiB
Diff
51 lines
1.7 KiB
Diff
From 105313716572d888f9b3ed0472f4ce9e15352407 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Tue, 25 Jul 2023 15:56:53 +0200
|
|
Subject: [PATCH 10/11] dhtest.c: Add test of DH_check() with q = p + 1
|
|
|
|
This must fail with DH_CHECK_INVALID_Q_VALUE and
|
|
with DH_CHECK_Q_NOT_PRIME unset.
|
|
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
|
|
reference: https://github.com/openssl/openssl/pull/21551
|
|
Signed-off-by: yexiao <yexiao7@huawei.com>
|
|
---
|
|
CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c | 12 ++++++++++++
|
|
1 file changed, 12 insertions(+)
|
|
|
|
diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
|
|
index 00b3c471..d7e10ebd 100644
|
|
--- a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
|
|
+++ b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
|
|
@@ -123,6 +123,15 @@ static int dh_test(void)
|
|
/* check whether the public key was calculated correctly */
|
|
TEST_uint_eq(BN_get_word(pub_key2), 3331L);
|
|
|
|
+ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
|
|
+ goto err3;
|
|
+
|
|
+ if (!TEST_true(DH_check(dh, &i)))
|
|
+ goto err3;
|
|
+ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
|
|
+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
|
|
+ goto err3;
|
|
+
|
|
/* Modulus of size: dh check max modulus bits + 1 */
|
|
if (!TEST_true(BN_set_word(p, 1))
|
|
|| !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
|
|
@@ -134,6 +143,9 @@ static int dh_test(void)
|
|
if (!TEST_false(DH_check(dh, &i)))
|
|
goto err3;
|
|
|
|
+ /* We'll have a stale error on the queue from the above test so clear it */
|
|
+ ERR_clear_error();
|
|
+
|
|
/*
|
|
* II) key generation
|
|
*/
|
|
--
|
|
2.33.0
|
|
|