Fix some CVE

CVE-2023-3446、CVE-2023-3817、CVE-2024-0727、CVE-2023-2975、CVE-2023-6129

Signed-off-by: yexiao <yexiao7@huawei.com>

0003-Add-testcases-for-empty-associated-data-entries-with.patch

@@ -0,0 +1,69 @@
+From 02ea09fc1e2ca35033db52384543c47329d3566f Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 4 Jul 2023 17:50:37 +0200
+Subject: [PATCH 1/9] Add testcases for empty associated data entries with
+ AES-SIV
+
+CVE-2023-2975
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/21384
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../30-test_evp_data/evpciph_aes_siv.txt      | 31 +++++++++++++++++++
+ 1 file changed, 31 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
+index a78a4915..e434f13f 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
++++ b/CryptoPkg/Library/OpensslLib/openssl/test/recipes/30-test_evp_data/evpciph_aes_siv.txt
+@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93
+ Plaintext =  112233445566778899aabbccddee
+ Ciphertext = 40c02b9690c4dc04daef7f6afe5c
+ 
++Cipher = aes-128-siv
++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
++Tag = f1c5fdeac1f15a26779c1501f9fb7588
++Plaintext =  112233445566778899aabbccddee
++Ciphertext = 27e946c669088ab06da58c5c831c
++
++Cipher = aes-128-siv
++Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
++AAD =
++Tag = d1022f5b3664e5a4dfaf90f85be6f28a
++Plaintext =  112233445566778899aabbccddee
++Ciphertext = b66cff6b8eca0b79f083b39a0901
++
+ Cipher = aes-128-siv
+ Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
+ AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
+@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f
+ Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
+ Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d
+ 
++Cipher = aes-128-siv
++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
++AAD =
++AAD = 09f911029d74e35bd84156c5635688c0
++Tag = 83ce6593a8fa67eb6fcd2819cedfc011
++Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
++Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d
++
++Cipher = aes-128-siv
++Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f
++AAD =
++AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100
++AAD = 09f911029d74e35bd84156c5635688c0
++Tag = 77dd4a44f5a6b41302121ee7f378de25
++Plaintext =  7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
++Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe
++
+ Cipher = aes-192-siv
+ Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0
+ AAD = 101112131415161718191a1b1c1d1e1f2021222324252627
+-- 
+2.33.0
+

0004-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch

@@ -0,0 +1,57 @@
+From 7058d271753e1c2ca7d9384e09fd84b98e92c440 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 4 Jul 2023 17:30:35 +0200
+Subject: [PATCH 2/9] Do not ignore empty associated data with AES-SIV mode
+
+The AES-SIV mode allows for multiple associated data items
+authenticated separately with any of these being 0 length.
+
+The provided implementation ignores such empty associated data
+which is incorrect in regards to the RFC 5297 and is also
+a security issue because such empty associated data then become
+unauthenticated if an application expects to authenticate them.
+
+Fixes CVE-2023-2975
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/21384
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../implementations/ciphers/cipher_aes_siv.c   | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/providers/implementations/ciphers/cipher_aes_siv.c b/CryptoPkg/Library/OpensslLib/openssl/providers/implementations/ciphers/cipher_aes_siv.c
+index 45010b90..b396c865 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/providers/implementations/ciphers/cipher_aes_siv.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/providers/implementations/ciphers/cipher_aes_siv.c
+@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
+     if (!ossl_prov_is_running())
+         return 0;
+ 
+-    if (inl == 0) {
+-        *outl = 0;
+-        return 1;
+-    }
++    /* Ignore just empty encryption/decryption call and not AAD. */
++    if (out != NULL) {
++        if (inl == 0) {
++            if (outl != NULL)
++                *outl = 0;
++            return 1;
++        }
+ 
+-    if (outsize < inl) {
+-        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+-        return 0;
++        if (outsize < inl) {
++            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
++            return 0;
++        }
+     }
+ 
+     if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
+-- 
+2.33.0
+

0005-Add-a-test-for-CVE-2023-3446.patch

@@ -0,0 +1,63 @@
+From 3a2feb831096ede8621a9ae9053b48f732dc30b1 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 7 Jul 2023 14:39:48 +0100
+Subject: [PATCH 3/9] Add a test for CVE-2023-3446
+
+Confirm that the only errors DH_check() finds with DH parameters with an
+excessively long modulus is that the modulus is too large. We should not
+be performing time consuming checks using that modulus.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/21451
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../Library/OpensslLib/openssl/test/dhtest.c      | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
+index 7b587f3c..f8dd8f3a 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
+@@ -73,7 +73,7 @@ static int dh_test(void)
+         goto err1;
+ 
+     /* check fails, because p is way too small */
+-    if (!DH_check(dh, &i))
++    if (!TEST_true(DH_check(dh, &i)))
+         goto err2;
+     i ^= DH_MODULUS_TOO_SMALL;
+     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
+@@ -124,6 +124,17 @@ static int dh_test(void)
+     /* We'll have a stale error on the queue from the above test so clear it */
+     ERR_clear_error();
+ 
++    /* Modulus of size: dh check max modulus bits + 1 */
++    if (!TEST_true(BN_set_word(p, 1))
++            || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
++        goto err3;
++
++    /*
++     * We expect no checks at all for an excessively large modulus
++     */
++    if (!TEST_false(DH_check(dh, &i)))
++        goto err3;
++
+     /*
+      * II) key generation
+      */
+@@ -138,7 +149,7 @@ static int dh_test(void)
+         goto err3;
+ 
+     /* ... and check whether it is valid */
+-    if (!DH_check(a, &i))
++    if (!TEST_true(DH_check(a, &i)))
+         goto err3;
+     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
+             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
+-- 
+2.33.0
+

0006-Fix-DH_check-excessive-time-with-over-sized-modulus.patch

@@ -0,0 +1,74 @@
+From 96452ca9276610c46b7cb61f9efaf787bea627d0 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: [PATCH 4/9] Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/21451
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c | 6 ++++++
+ CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h | 6 +++++-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+index 0b391910..84a92699 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret)
+     if (nid != NID_undef)
+         return 1;
+ 
++    /* Don't do any checks at all with an excessively large modulus */
++    if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++        ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
++        return 0;
++    }
++
+     if (!DH_check_params(dh, ret))
+         return 0;
+ 
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h
+index b97871ec..36420f51 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h
++++ b/CryptoPkg/Library/OpensslLib/openssl/include/openssl/dh.h
+@@ -89,7 +89,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm);
+ #  include <openssl/dherr.h>
+ 
+ #  ifndef OPENSSL_DH_MAX_MODULUS_BITS
+-#   define OPENSSL_DH_MAX_MODULUS_BITS    10000
++#   define OPENSSL_DH_MAX_MODULUS_BITS        10000
++#  endif
++
++#  ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
++#   define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
+ #  endif
+ 
+ #  define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+-- 
+2.33.0
+

0007-Make-DH_check-set-some-error-bits-in-recently-added-.patch

@@ -0,0 +1,39 @@
+From 66ed0773fff248363b63273f78de8fe6da87a8b4 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 23 Jul 2023 14:27:54 +0200
+Subject: [PATCH 5/9] Make DH_check set some error bits in recently added error
+
+The pre-existing error cases where DH_check returned zero
+are not related to the dh params in any way, but are only
+triggered by out-of-memory errors, therefore having *ret
+set to zero feels right, but since the new error case is
+triggered by too large p values that is something different.
+On the other hand some callers of this function might not
+be prepared to handle the return value correctly but only
+rely on *ret. Therefore we set some error bits in *ret as
+additional safety measure.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/21524
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+index 84a92699..aef6f9b1 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+@@ -155,6 +155,7 @@ int DH_check(const DH *dh, int *ret)
+     /* Don't do any checks at all with an excessively large modulus */
+     if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+         ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
++        *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_P_NOT_PRIME;
+         return 0;
+     }
+ 
+-- 
+2.33.0
+

0008-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch

@@ -0,0 +1,60 @@
+From 7d3ba65d3f707ba29c854e6b1c73a68c941041ba Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 25 Jul 2023 15:22:48 +0200
+Subject: [PATCH 6/9] DH_check(): Do not try checking q properties if it is
+ obviously invalid
+
+If  |q| >= |p| then the q value is obviously wrong as q
+is supposed to be a prime divisor of p-1.
+
+We check if p is overly large so this added test implies that
+q is not large either when performing subsequent tests using that
+q value.
+
+Otherwise if it is too large these additional checks of the q value
+such as the primality test can then trigger DoS by doing overly long
+computations.
+
+Fixes CVE-2023-3817
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Todd Short <todd.short@me.com>
+
+reference: https://github.com/openssl/openssl/pull/21550
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../Library/OpensslLib/openssl/crypto/dh/dh_check.c      | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+index aef6f9b1..fbe27975 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/dh/dh_check.c
+@@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret)
+ #ifdef FIPS_MODULE
+     return DH_check_params(dh, ret);
+ #else
+-    int ok = 0, r;
++    int ok = 0, r, q_good = 0;
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+     int nid = DH_get_nid((DH *)dh);
+@@ -172,6 +172,13 @@ int DH_check(const DH *dh, int *ret)
+         goto err;
+ 
+     if (dh->params.q != NULL) {
++        if (BN_ucmp(dh->params.p, dh->params.q) > 0)
++            q_good = 1;
++        else
++            *ret |= DH_CHECK_INVALID_Q_VALUE;
++    }
++
++    if (q_good) {
+         if (BN_cmp(dh->params.g, BN_value_one()) <= 0)
+             *ret |= DH_NOT_SUITABLE_GENERATOR;
+         else if (BN_cmp(dh->params.g, dh->params.p) >= 0)
+-- 
+2.33.0
+

0009-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch

@@ -0,0 +1,52 @@
+From 6f3b1ae0a836880038787a1315b5b815f2951c8d Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 25 Jul 2023 15:23:43 +0200
+Subject: [PATCH 7/9] dhtest.c: Add test of DH_check() with q = p + 1
+
+This must fail with DH_CHECK_INVALID_Q_VALUE and
+with DH_CHECK_Q_NOT_PRIME unset.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Todd Short <todd.short@me.com>
+
+reference: https://github.com/openssl/openssl/pull/21550
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
+index f8dd8f3a..d02b3b7c 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/test/dhtest.c
+@@ -124,6 +124,15 @@ static int dh_test(void)
+     /* We'll have a stale error on the queue from the above test so clear it */
+     ERR_clear_error();
+ 
++    if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
++        goto err3;
++
++    if (!TEST_true(DH_check(dh, &i)))
++        goto err3;
++    if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
++        || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
++        goto err3;
++
+     /* Modulus of size: dh check max modulus bits + 1 */
+     if (!TEST_true(BN_set_word(p, 1))
+             || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
+@@ -135,6 +144,9 @@ static int dh_test(void)
+     if (!TEST_false(DH_check(dh, &i)))
+         goto err3;
+ 
++    /* We'll have a stale error on the queue from the above test so clear it */
++    ERR_clear_error();
++
+     /*
+      * II) key generation
+      */
+-- 
+2.33.0
+

0010-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch

@@ -0,0 +1,123 @@
+From 6b5fa79607808b28830ac267253dfbf6ed9c463c Mon Sep 17 00:00:00 2001
+From: liwei <liwei3013@126.com>
+Date: Fri, 26 Jan 2024 18:45:28 +0800
+Subject: [PATCH] Add NULL checks where ContentInfo data can be NULL
+
+PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
+optional and can be NULL even if the "type" is a valid value. OpenSSL
+was not properly accounting for this and a NULL dereference can occur
+causing a crash.
+
+CVE-2024-0727
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+
+reference: https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../OpensslLib/openssl/crypto/pkcs12/p12_add.c | 18 ++++++++++++++++++
+ .../openssl/crypto/pkcs12/p12_mutl.c           |  5 +++++
+ .../openssl/crypto/pkcs12/p12_npas.c           |  5 +++--
+ .../OpensslLib/openssl/crypto/pkcs7/pk7_mime.c |  7 +++++--
+ 4 files changed, 31 insertions(+), 4 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c
+index 6fd4184a..80ce31b3 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_add.c
+@@ -78,6 +78,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+         return NULL;
+     }
++
++    if (p7->d.data == NULL) {
++        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
++        return NULL;
++    }
++
+     return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+ }
+ 
+@@ -150,6 +156,12 @@ STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+ {
+     if (!PKCS7_type_is_encrypted(p7))
+         return NULL;
++
++    if (p7->d.encrypted == NULL) {
++        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
++        return NULL;
++    }
++
+     return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm,
+                                    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                    pass, passlen,
+@@ -188,6 +200,12 @@ STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+         ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+         return NULL;
+     }
++
++    if (p12->authsafes->d.data == NULL) {
++        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
++        return NULL;
++    }
++
+     p7s = ASN1_item_unpack(p12->authsafes->d.data,
+                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+     if (p7s != NULL) {
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c
+index afdb8d68..67be81eb 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_mutl.c
+@@ -98,6 +98,11 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+         return 0;
+     }
+ 
++    if (p12->authsafes->d.data == NULL) {
++        ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR);
++        return 0;
++    }
++
+     salt = p12->mac->salt->data;
+     saltlen = p12->mac->salt->length;
+     if (p12->mac->iter == NULL)
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c
+index 62230bc6..1e5b5495 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs12/p12_npas.c
+@@ -77,8 +77,9 @@ static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+             bags = PKCS12_unpack_p7data(p7);
+         } else if (bagnid == NID_pkcs7_encrypted) {
+             bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+-            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+-                         &pbe_nid, &pbe_iter, &pbe_saltlen))
++            if (p7->d.encrypted == NULL
++                    || !alg_get(p7->d.encrypted->enc_data->algorithm,
++                                &pbe_nid, &pbe_iter, &pbe_saltlen))
+                 goto err;
+         } else {
+             continue;
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c
+index 49a0da5f..8228315e 100644
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_mime.c
+@@ -33,10 +33,13 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+     int ctype_nid = OBJ_obj2nid(p7->type);
+     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
+ 
+-    if (ctype_nid == NID_pkcs7_signed)
++    if (ctype_nid == NID_pkcs7_signed) {
++        if (p7->d.sign == NULL)
++            return 0;
+         mdalgs = p7->d.sign->md_algs;
+-    else
++    } else {
+         mdalgs = NULL;
++    }
+ 
+     flags ^= SMIME_OLDMIME;
+ 
+-- 
+2.33.0
+

0011-poly1305-ppc.pl-Fix-vector-register-clobbering.patch

@@ -0,0 +1,112 @@
+From 1df7dcaa6684420a74e6f935e0b5290fb616d5a8 Mon Sep 17 00:00:00 2001
+From: Rohan McLure <rmclure@linux.ibm.com>
+Date: Thu, 4 Jan 2024 10:25:50 +0100
+Subject: [PATCH 9/9] poly1305-ppc.pl: Fix vector register clobbering
+
+Fixes CVE-2023-6129
+
+The POLY1305 MAC (message authentication code) implementation in OpenSSL for
+PowerPC CPUs saves the the contents of vector registers in different order
+than they are restored. Thus the contents of some of these vector registers
+is corrupted when returning to the caller. The vulnerable code is used only
+on newer PowerPC processors supporting the PowerISA 2.07 instructions.
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+reference: https://github.com/openssl/openssl/pull/23200
+Signed-off-by: yexiao <yexiao7@huawei.com>
+---
+ .../crypto/poly1305/asm/poly1305-ppc.pl       | 42 +++++++++----------
+ 1 file changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/asm/poly1305-ppc.pl b/CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/asm/poly1305-ppc.pl
+index 9f86134d..2e601bb9 100755
+--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/asm/poly1305-ppc.pl
++++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/poly1305/asm/poly1305-ppc.pl
+@@ -744,7 +744,7 @@ ___
+ my $LOCALS= 6*$SIZE_T;
+ my $VSXFRAME = $LOCALS + 6*$SIZE_T;
+    $VSXFRAME += 128;	# local variables
+-   $VSXFRAME += 13*16;	# v20-v31 offload
++   $VSXFRAME += 12*16;	# v20-v31 offload
+ 
+ my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0;
+ 
+@@ -919,12 +919,12 @@ __poly1305_blocks_vsx:
+ 	addi	r11,r11,32
+ 	stvx	v22,r10,$sp
+ 	addi	r10,r10,32
+-	stvx	v23,r10,$sp
+-	addi	r10,r10,32
+-	stvx	v24,r11,$sp
++	stvx	v23,r11,$sp
+ 	addi	r11,r11,32
+-	stvx	v25,r10,$sp
++	stvx	v24,r10,$sp
+ 	addi	r10,r10,32
++	stvx	v25,r11,$sp
++	addi	r11,r11,32
+ 	stvx	v26,r10,$sp
+ 	addi	r10,r10,32
+ 	stvx	v27,r11,$sp
+@@ -1153,12 +1153,12 @@ __poly1305_blocks_vsx:
+ 	addi	r11,r11,32
+ 	stvx	v22,r10,$sp
+ 	addi	r10,r10,32
+-	stvx	v23,r10,$sp
+-	addi	r10,r10,32
+-	stvx	v24,r11,$sp
++	stvx	v23,r11,$sp
+ 	addi	r11,r11,32
+-	stvx	v25,r10,$sp
++	stvx	v24,r10,$sp
+ 	addi	r10,r10,32
++	stvx	v25,r11,$sp
++	addi	r11,r11,32
+ 	stvx	v26,r10,$sp
+ 	addi	r10,r10,32
+ 	stvx	v27,r11,$sp
+@@ -1899,26 +1899,26 @@ Ldone_vsx:
+ 	mtspr	256,r12				# restore vrsave
+ 	lvx	v20,r10,$sp
+ 	addi	r10,r10,32
+-	lvx	v21,r10,$sp
+-	addi	r10,r10,32
+-	lvx	v22,r11,$sp
++	lvx	v21,r11,$sp
+ 	addi	r11,r11,32
+-	lvx	v23,r10,$sp
++	lvx	v22,r10,$sp
+ 	addi	r10,r10,32
+-	lvx	v24,r11,$sp
++	lvx	v23,r11,$sp
+ 	addi	r11,r11,32
+-	lvx	v25,r10,$sp
++	lvx	v24,r10,$sp
+ 	addi	r10,r10,32
+-	lvx	v26,r11,$sp
++	lvx	v25,r11,$sp
+ 	addi	r11,r11,32
+-	lvx	v27,r10,$sp
++	lvx	v26,r10,$sp
+ 	addi	r10,r10,32
+-	lvx	v28,r11,$sp
++	lvx	v27,r11,$sp
+ 	addi	r11,r11,32
+-	lvx	v29,r10,$sp
++	lvx	v28,r10,$sp
+ 	addi	r10,r10,32
+-	lvx	v30,r11,$sp
+-	lvx	v31,r10,$sp
++	lvx	v29,r11,$sp
++	addi	r11,r11,32
++	lvx	v30,r10,$sp
++	lvx	v31,r11,$sp
+ 	$POP	r27,`$VSXFRAME-$SIZE_T*5`($sp)
+ 	$POP	r28,`$VSXFRAME-$SIZE_T*4`($sp)
+ 	$POP	r29,`$VSXFRAME-$SIZE_T*3`($sp)
+-- 
+2.33.0
+

edk2.spec

@@ -7,7 +7,7 @@
 
 Name: edk2
 Version: %{stable_date}
-Release: 2
+Release: 3
 Summary: EFI Development Kit II
 License: BSD-2-Clause-Patent and OpenSSL and MIT 
 URL: https://github.com/tianocore/edk2
@@ -20,6 +20,15 @@ Source5: edk2-ovmf-x64-nosb.json
 
 patch0: 0001-OvmfPkg-VirtioNetDxe-Extend-the-RxBufferSize-to-avoi.patch
 patch1: 0002-add-Wno-maybe-uninitialized-to-fix-build-error.patch
+patch2: 0003-Add-testcases-for-empty-associated-data-entries-with.patch
+patch3: 0004-Do-not-ignore-empty-associated-data-with-AES-SIV-mod.patch
+patch4: 0005-Add-a-test-for-CVE-2023-3446.patch
+patch5: 0006-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
+patch6: 0007-Make-DH_check-set-some-error-bits-in-recently-added-.patch
+patch7: 0008-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
+patch8: 0009-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
+patch9: 0010-Add-NULL-checks-where-ContentInfo-data-can-be-NULL.patch
+patch10: 0011-poly1305-ppc.pl-Fix-vector-register-clobbering.patch
 
 BuildRequires: acpica-tools gcc gcc-c++ libuuid-devel python3 bc nasm python3-unversioned-command isl 
 
@@ -257,6 +266,9 @@ chmod +x %{buildroot}%{_bindir}/Rsa2048Sha256GenerateKeys
 %endif
 
 %changelog
+* Sat Feb 24 2024 yexiao <yexiao7@huawei.com> - 202308-3
+- Fix CVE-2023-3446、CVE-2023-3817、CVE-2024-0727、CVE-2023-2975、CVE-2023-6129
+
 * Thu Jan 25 2024 duyiwei <duyiwei@kylinos.cn> - 202308-2
 - Added firmware scanning directory mapping for libvirt XML