packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!386 fix openssl asan error

Browse Source 
From: @hugel 
Reviewed-by: @zcfsite 
Signed-off-by: @zcfsite
This commit is contained in:
openeuler-ci-bot 2024-10-11 11:13:08 +00:00 committed by Gitee
commit 73157e1fa5
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch Normal file
View File

@ -0,0 +1,45 @@
From df9c7ceefef59cc870c80346906471fabec62494 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 21 Oct 2022 14:08:29 +0100
Subject: [PATCH] Pipeline output/input buf arrays must live until the
EVP_Cipher is called
Conflict:adapt context
Reference:https://github.com/openssl/openssl/commit/df9c7ceefef59cc870c80346906471fabec62494
The pipeline input/output buf arrays must remain accessible to the
EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an
asan error discovered by the newly added pipeline test.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20208)
---
ssl/record/ssl3_record.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index 368aaea5e9..4256f29663 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -964,6 +964,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
EVP_CIPHER_CTX *ds;
size_t reclen[SSL_MAX_PIPELINES];
unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+ unsigned char *data[SSL_MAX_PIPELINES];
int i, pad = 0, ret, tmpr;
size_t bs, mac_size = 0, ctr, padnum, loop;
unsigned char padval;
@@ -1123,8 +1124,6 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
}
}
if (n_recs > 1) {
- unsigned char *data[SSL_MAX_PIPELINES];
-
/* Set the output buffers */
for (ctr = 0; ctr < n_recs; ctr++) {
data[ctr] = recs[ctr].data;
--
2.33.0

6
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl Name: openssl
Epoch: 1 Epoch: 1
Version: 1.1.1wa Version: 1.1.1wa
Release: 8 Release: 9
Summary: Cryptography and SSL/TLS Toolkit Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay License: OpenSSL and SSLeay
URL: https://gitee.com/openeuler/openssl URL: https://gitee.com/openeuler/openssl
@ -25,6 +25,7 @@ Patch14: backport-CVE-2024-4741-Set-rlayer.packet-to-NULL-after-we-ve-.patch
Patch15: backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch Patch15: backport-CVE-2024-4741-test-Fix-possible-use-after-free.patch
Patch16: backport-CVE-2024-5535-Fix-SSL_select_next_proto-and-add-ALPN.patch Patch16: backport-CVE-2024-5535-Fix-SSL_select_next_proto-and-add-ALPN.patch
Patch17: backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch Patch17: backport-CVE-2024-5535-Add-a-test-for-ALPN-and-NPN.patch
Patch18: backport-Pipeline-output-input-buf-arrays-must-live-until-the.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -233,6 +234,9 @@ make test || :
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Fri Oct 11 2024 hugel <gengqihu2@h-partners.com> - 1:1.1.1wa-9
- fix openssl asan error
* Sat Jun 29 2024 jinlun <jinlun@huawei.comi> - 1:1.1.1wa-8 * Sat Jun 29 2024 jinlun <jinlun@huawei.comi> - 1:1.1.1wa-8
- fix CVE-2024-5535 - fix CVE-2024-5535