fix some CVEs

2023-10-12 21:19:56 +08:00 · 2023-10-12 21:19:56 +08:00 · f4ef39742e
commit f4ef39742e
parent a74129c09a
7 changed files with 482 additions and 1 deletions
--- a/backport-Add-a-test-for-CVE-2023-3446.patch
+++ b/backport-Add-a-test-for-CVE-2023-3446.patch
@ -0,0 +1,61 @@
+From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 7 Jul 2023 14:39:48 +0100
+Subject: [PATCH] Add a test for CVE-2023-3446
+
+Confirm that the only errors DH_check() finds with DH parameters with an
+excessively long modulus is that the modulus is too large. We should not
+be performing time consuming checks using that modulus.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21452)
+---
+ test/dhtest.c | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/test/dhtest.c b/test/dhtest.c
+index 9d5609b943..00b3c47101 100644
+--- a/test/dhtest.c
+++ b/test/dhtest.c
+@@ -63,7 +63,7 @@ static int dh_test(void)
+         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
+         goto err1;
+ 
+-    if (!DH_check(dh, &i))
+    if (!TEST_true(DH_check(dh, &i)))
+         goto err2;
+     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
+             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
+@@ -123,6 +123,17 @@ static int dh_test(void)
+     /* check whether the public key was calculated correctly */
+     TEST_uint_eq(BN_get_word(pub_key2), 3331L);
+ 
+    /* Modulus of size: dh check max modulus bits + 1 */
+    if (!TEST_true(BN_set_word(p, 1))
+            || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
+        goto err3;
+
+    /*
+     * We expect no checks at all for an excessively large modulus
+     */
+    if (!TEST_false(DH_check(dh, &i)))
+        goto err3;
+
+     /*
+      * II) key generation
+      */
+@@ -137,7 +148,7 @@ static int dh_test(void)
+         goto err3;
+ 
+     /* ... and check whether it is valid */
+-    if (!DH_check(a, &i))
+    if (!TEST_true(DH_check(a, &i)))
+         goto err3;
+     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
+             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
+-- 
+2.36.1
+
--- a/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
+++ b/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
@ -0,0 +1,65 @@
+From 423a2bc737a908ad0c77bda470b2b59dc879936b Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 12 May 2023 10:00:13 +0200
+Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
+ translate
+
+OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+numeric text form.  For gigantic sub-identifiers, this would take a very
+long time, the time complexity being O(n^2) where n is the size of that
+sub-identifier.
+
+To mitigate this, a restriction on the size that OBJ_obj2txt() will
+translate to canonical numeric text form is added, based on RFC 2578
+(STD 58), which says this:
+
+> 3.5. OBJECT IDENTIFIER values
+>
+> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
+> For the SMIv2, each number in the list is referred to as a sub-identifier,
+> there are at most 128 sub-identifiers in a value, and each sub-identifier
+> has a maximum value of 2^32-1 (4294967295 decimal).
+
+Fixes otc/security#96
+Fixes CVE-2023-2650
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+---
+ NEWS.md                  |  4 ++++
+ crypto/objects/obj_dat.c | 19 +++++++++++++++++++
+ 3 files changed, 50 insertions(+)
+
+diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
+index 01cde00e98..c0e55197a0 100644
+--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
+@@ -443,6 +443,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+     first = 1;
+     bl = NULL;
+ 
+    /*
+     * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+     *
+     * > 3.5. OBJECT IDENTIFIER values
+     * >
+     * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+     * > numbers. For the SMIv2, each number in the list is referred to as a
+     * > sub-identifier, there are at most 128 sub-identifiers in a value,
+     * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+     * > decimal).
+     *
+     * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+     * i.e. 586 bytes long.
+     *
+     * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+     */
+    if (len > 586)
+        goto err;
+
+     while (len > 0) {
+         l = 0;
+         use_bn = 0;
+-- 
+2.27.0
+
--- a/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
+++ b/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
@ -0,0 +1,130 @@
+From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21452)
+---
+ crypto/dh/dh_check.c    | 6 ++++++
+ crypto/dh/dh_err.c      | 3 ++-
+ crypto/err/openssl.txt  | 3 ++-
+ include/openssl/dh.h    | 3 +++
+ include/openssl/dherr.h | 3 ++-
+ 5 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 4ac169e75c..e5f9dd5030 100644
+--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
+@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
+    /* Don't do any checks at all with an excessively large modulus */
+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+     if (!DH_check_params(dh, ret))
+         return 0;
+ 
+diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
+index 7285587b4a..92800d3fcc 100644
+--- a/crypto/dh/dh_err.c
+++ b/crypto/dh/dh_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
+     {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+      "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index 9f91a4a811..c0a3cd720b 100644
+--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
+@@ -1,4 +1,4 @@
+-# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ #
+ # Licensed under the OpenSSL license (the "License").  You may not use
+ # this file except in compliance with the License.  You can obtain a copy
+@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
+ DH_F_COMPUTE_KEY:102:compute_key
+ DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
+ DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK:126:DH_check
+ DH_F_DH_CHECK_EX:121:DH_check_ex
+ DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
+diff --git a/include/openssl/dh.h b/include/openssl/dh.h
+index 3527540cdd..892e31559d 100644
+--- a/include/openssl/dh.h
+++ b/include/openssl/dh.h
+@@ -29,6 +29,9 @@ extern "C" {
+ # ifndef OPENSSL_DH_MAX_MODULUS_BITS
+ #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+ # endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
+# endif
+ 
+ # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+ # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
+diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
+index 916b3bed0b..528c819856 100644
+--- a/include/openssl/dherr.h
+++ b/include/openssl/dherr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
+ #  define DH_F_COMPUTE_KEY                                 102
+ #  define DH_F_DHPARAMS_PRINT_FP                           101
+ #  define DH_F_DH_BUILTIN_GENPARAMS                        106
+#  define DH_F_DH_CHECK                                    126
+ #  define DH_F_DH_CHECK_EX                                 121
+ #  define DH_F_DH_CHECK_PARAMS_EX                          122
+ #  define DH_F_DH_CHECK_PUB_KEY_EX                         123
+-- 
+2.36.1
+
--- a/backport-CVE-2023-3817-testcase.patch
+++ b/backport-CVE-2023-3817-testcase.patch
@ -0,0 +1,48 @@
+From 34d0f5cb93680a5286d1eb59125631ec8fd6dc81 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 25 Jul 2023 15:56:53 +0200
+Subject: [PATCH 2/2] dhtest.c: Add test of DH_check() with q = p + 1
+
+This must fail with DH_CHECK_INVALID_Q_VALUE and
+with DH_CHECK_Q_NOT_PRIME unset.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21551)
+---
+ test/dhtest.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/test/dhtest.c b/test/dhtest.c
+index 00b3c47101..d7e10ebda9 100644
+--- a/test/dhtest.c
+++ b/test/dhtest.c
+@@ -123,6 +123,15 @@ static int dh_test(void)
+     /* check whether the public key was calculated correctly */
+     TEST_uint_eq(BN_get_word(pub_key2), 3331L);
+ 
+    if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
+        goto err3;
+
+    if (!TEST_true(DH_check(dh, &i)))
+        goto err3;
+    if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
+        || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
+        goto err3;
+
+     /* Modulus of size: dh check max modulus bits + 1 */
+     if (!TEST_true(BN_set_word(p, 1))
+             || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
+@@ -134,6 +143,9 @@ static int dh_test(void)
+     if (!TEST_false(DH_check(dh, &i)))
+         goto err3;
+ 
+    /* We'll have a stale error on the queue from the above test so clear it */
+    ERR_clear_error();
+
+     /*
+      * II) key generation
+      */
+-- 
+2.33.0
+
--- a/backport-CVE-2023-3817.patch
+++ b/backport-CVE-2023-3817.patch
@ -0,0 +1,58 @@
+From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 21 Jul 2023 11:39:41 +0200
+Subject: [PATCH 1/2] DH_check(): Do not try checking q properties if it is
+ obviously invalid
+
+If  |q| >= |p| then the q value is obviously wrong as q
+is supposed to be a prime divisor of p-1.
+
+We check if p is overly large so this added test implies that
+q is not large either when performing subsequent tests using that
+q value.
+
+Otherwise if it is too large these additional checks of the q value
+such as the primality test can then trigger DoS by doing overly long
+computations.
+
+Fixes CVE-2023-3817
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21551)
+---
+ crypto/dh/dh_check.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index 2001d2e7cb..9ae96991eb 100644
+--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
+@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)
+ 
+ int DH_check(const DH *dh, int *ret)
+ {
+-    int ok = 0, r;
+    int ok = 0, r, q_good = 0;
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
+@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret)
+     if (t2 == NULL)
+         goto err;
+ 
+-    if (dh->q) {
+    if (dh->q != NULL) {
+        if (BN_ucmp(dh->p, dh->q) > 0)
+            q_good = 1;
+        else
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+    }
+
+    if (q_good) {
+         if (BN_cmp(dh->g, BN_value_one()) <= 0)
+             *ret |= DH_NOT_SUITABLE_GENERATOR;
+         else if (BN_cmp(dh->g, dh->p) >= 0)
+-- 
+2.33.0
+
--- a/backport-update-expired-certificates-for-sm2.patch
+++ b/backport-update-expired-certificates-for-sm2.patch
@ -0,0 +1,110 @@
+From 0f4738ab5ef8085b27e89dba91677f892b5b3689 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Thu, 2 Jun 2022 18:12:05 +0200
+Subject: [PATCH] Update further expiring certificates that affect tests
+
+Namely the smime certificates used in test_cms and the
+SM2 certificates will expire soon and affect tests.
+
+Fixes #15179
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/18467)
+
+(cherry picked from commit 5d219937d067a761fb871483369a6020c60a3cb8)
+---
+ test/certs/sm2-ca-cert.pem        | 22 ++++----
+ test/certs/sm2-root.crt           | 22 ++++----
+ test/certs/sm2.pem                | 23 ++++----
+
+diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem
+index 5677ac6c9f6a..70ce71e43091 100644
+--- a/test/certs/sm2-ca-cert.pem
+++ b/test/certs/sm2-ca-cert.pem
+@@ -1,14 +1,14 @@
+ -----BEGIN CERTIFICATE-----
+-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+ AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
+-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
+-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
+-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
+-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
+-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
+-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
+-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
+-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
+-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
+-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
+ -----END CERTIFICATE-----
+diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt
+index 5677ac6c9f6a..70ce71e43091 100644
+--- a/test/certs/sm2-root.crt
+++ b/test/certs/sm2-root.crt
+@@ -1,14 +1,14 @@
+ -----BEGIN CERTIFICATE-----
+-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+ AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
+-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
+-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw
+-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
+-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG
+-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU
+-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW
+-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU
+-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI
+-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X
+-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3
+c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg
+Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x
+CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP
+cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH
+KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+
+ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O
+BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp
+SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1
+A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC
+WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu
+ -----END CERTIFICATE-----
+diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem
+index 189abb137625..daf12926aff9 100644
+--- a/test/certs/sm2.pem
+++ b/test/certs/sm2.pem
+@@ -1,13 +1,14 @@
+ -----BEGIN CERTIFICATE-----
+-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT
+-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl
+-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe
+-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw
+-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn
+-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw
+-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE
+-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ
+-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT
+-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH
+-OZOfmtx613VyzXwc
+MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw
+aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER
+MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl
+c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw
+CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD
+VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT
+TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt
+SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN
+v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl
+u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/
+Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9
+/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg==
+ -----END CERTIFICATE-----
--- a/compat-openssl11.spec
+++ b/compat-openssl11.spec
@ -1,7 +1,7 @@
 %define soversion 1.1
 Name:        compat-openssl11
 Version:     1.1.1m
-Release:     8
+Release:     9
 Epoch:       1
 Summary:     Cryptography and SSL/TLS Toolkit
 License:     OpenSSL and SSLeay
@ -107,6 +107,12 @@ Patch96:     backport-test-add-test-cases-for-the-policy-resource-overuse.patch
 Patch97:     backport-x509-excessive-resource-use-verifying-policy-constra.patch
 Patch98:     backport-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
 Patch99:     backport-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
+Patch100:    backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
+Patch101:    backport-Add-a-test-for-CVE-2023-3446.patch
+Patch102:    backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
+Patch103:    backport-update-expired-certificates-for-sm2.patch
+Patch104:    backport-CVE-2023-3817.patch
+Patch105:    backport-CVE-2023-3817-testcase.patch

 BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel

@ -233,6 +239,9 @@ make test || :
 %ldconfig_scriptlets libs

 %changelog
+* Thu Oct 12 2023 fangxiuning <fangxiuning@huawei.com> - 1:1.1.1m-9
+- fix some CVEs
+
 * Mon Jun 05 2023 laokz <zhangkai@iscas.ac.cn> - 1:1.1.1m-8
 - fix sslarch and libdir for riscv64