!96 fix some cve

From: @qsw333 Reviewed-by: @houmingyong Signed-off-by: @houmingyong
2024-01-08 13:38:48 +00:00 · 2024-01-08 13:38:48 +00:00 · 98e1c667f9
commit 98e1c667f9
parent 49a0305a46 7174fbaa1a
15 changed files with 1923 additions and 9 deletions
--- a/backport-Add-a-test-for-GENERAL_NAME_cmp.patch
+++ b/backport-Add-a-test-for-GENERAL_NAME_cmp.patch
@ -0,0 +1,369 @@
+From 97ab3c4b538840037812c8d9164d09a1f4bf11a1 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 30 Nov 2020 13:50:52 +0000
+Subject: [PATCH] Add a test for GENERAL_NAME_cmp
+
+Based on a boringssl test contributed by David Benjamin
+
+Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
+---
+ test/v3nametest.c | 344 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 344 insertions(+)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+index df12c15f09574..cdf0472387f14 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+@@ -359,8 +359,352 @@ static int call_run_cert(int i)
+     return failed == 0;
+ }
+ 
+struct gennamedata {
+    const unsigned char der[22];
+    size_t derlen;
+} gennames[] = {
+    {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     SEQUENCE {}
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x30, 0x00
+        },
+        21
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     [APPLICATION 0] {}
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x13, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x02, 0x60, 0x00
+        },
+        21
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x61
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.2 }
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x02, 0xa0, 0x03, 0x0c, 0x01, 0x61
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     UTF8String { "b" }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x0c, 0x01, 0x62
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     BOOLEAN { TRUE }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0xff
+        },
+        22
+    }, {
+        /*
+        * [0] {
+        *   OBJECT_IDENTIFIER { 1.2.840.113554.4.1.72585.2.1 }
+        *   [0] {
+        *     BOOLEAN { FALSE }
+        *   }
+        * }
+        */
+        {
+            0xa0, 0x14, 0x06, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04,
+            0x01, 0x84, 0xb7, 0x09, 0x02, 0x01, 0xa0, 0x03, 0x01, 0x01, 0x00
+        },
+        22
+    }, {
+        /* [1 PRIMITIVE] { "a" } */
+        {
+            0x81, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [1 PRIMITIVE] { "b" } */
+        {
+            0x81, 0x01, 0x62
+        },
+        3
+    }, {
+        /* [2 PRIMITIVE] { "a" } */
+        {
+            0x82, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [2 PRIMITIVE] { "b" } */
+        {
+            0x82, 0x01, 0x62
+        },
+        3
+    }, {
+        /*
+        * [4] {
+        *   SEQUENCE {
+        *     SET {
+        *       SEQUENCE {
+        *         # commonName
+        *         OBJECT_IDENTIFIER { 2.5.4.3 }
+        *         UTF8String { "a" }
+        *       }
+        *     }
+        *   }
+        * }
+        */
+        {
+            0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+            0x04, 0x03, 0x0c, 0x01, 0x61
+        },
+        16
+    }, {
+        /*
+        * [4] {
+        *   SEQUENCE {
+        *     SET {
+        *       SEQUENCE {
+        *         # commonName
+        *         OBJECT_IDENTIFIER { 2.5.4.3 }
+        *         UTF8String { "b" }
+        *       }
+        *     }
+        *   }
+        * }
+        */
+        {
+            0xa4, 0x0e, 0x30, 0x0c, 0x31, 0x0a, 0x30, 0x08, 0x06, 0x03, 0x55,
+            0x04, 0x03, 0x0c, 0x01, 0x62
+        },
+        16
+    }, {
+        /*
+        * [5] {
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x61
+        },
+        7
+    }, {
+        /*
+        * [5] {
+        *   [1] {
+        *     UTF8String { "b" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x05, 0xa1, 0x03, 0x0c, 0x01, 0x62
+        },
+        7
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String {}
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x09, 0xa0, 0x02, 0x0c, 0x00, 0xa1, 0x03, 0x0c, 0x01, 0x61
+        },
+        11
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String { "a" }
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x61, 0xa1, 0x03, 0x0c, 0x01,
+            0x61
+        },
+        12
+    }, {
+        /*
+        * [5] {
+        *   [0] {
+        *     UTF8String { "b" }
+        *   }
+        *   [1] {
+        *     UTF8String { "a" }
+        *   }
+        * }
+        */
+        {
+            0xa5, 0x0a, 0xa0, 0x03, 0x0c, 0x01, 0x62, 0xa1, 0x03, 0x0c, 0x01,
+            0x61
+        },
+        12
+    }, {
+        /* [6 PRIMITIVE] { "a" } */
+        {
+            0x86, 0x01, 0x61
+        },
+        3
+    }, {
+        /* [6 PRIMITIVE] { "b" } */
+        {
+            0x86, 0x01, 0x62
+        },
+        3
+    }, {
+        /* [7 PRIMITIVE] { `11111111` } */
+        {
+            0x87, 0x04, 0x11, 0x11, 0x11, 0x11
+        },
+        6
+    }, {
+        /* [7 PRIMITIVE] { `22222222`} */
+        {
+            0x87, 0x04, 0x22, 0x22, 0x22, 0x22
+        },
+        6
+    }, {
+        /* [7 PRIMITIVE] { `11111111111111111111111111111111` } */
+        {
+            0x87, 0x10, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+            0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
+        },
+        18
+    }, {
+        /* [7 PRIMITIVE] { `22222222222222222222222222222222` } */
+        {
+            0x87, 0x10, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+            0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
+        },
+        18
+    }, {
+        /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.1 } */
+        {
+            0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+            0xb7, 0x09, 0x02, 0x01
+        },
+        15
+    }, {
+        /* [8 PRIMITIVE] { 1.2.840.113554.4.1.72585.2.2 } */
+        {
+            0x88, 0x0d, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x12, 0x04, 0x01, 0x84,
+            0xb7, 0x09, 0x02, 0x02
+        },
+        15
+    }
+};
+
+static int test_GENERAL_NAME_cmp(void)
+{
+    size_t i, j;
+    GENERAL_NAME **namesa = OPENSSL_malloc(sizeof(*namesa)
+                                           * OSSL_NELEM(gennames));
+    GENERAL_NAME **namesb = OPENSSL_malloc(sizeof(*namesb)
+                                           * OSSL_NELEM(gennames));
+    int testresult = 0;
+
+    if (!TEST_ptr(namesa) || !TEST_ptr(namesb))
+        goto end;
+
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        const unsigned char *derp = gennames[i].der;
+
+        /*
+         * We create two versions of each GENERAL_NAME so that we ensure when
+         * we compare them they are always different pointers.
+         */
+        namesa[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+        derp = gennames[i].der;
+        namesb[i] = d2i_GENERAL_NAME(NULL, &derp, gennames[i].derlen);
+        if (!TEST_ptr(namesa[i]) || !TEST_ptr(namesb[i]))
+            goto end;
+    }
+
+    /* Every name should be equal to itself and not equal to any others. */
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        for (j = 0; j < OSSL_NELEM(gennames); j++) {
+            if (i == j) {
+                if (!TEST_int_eq(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+                    goto end;
+            } else {
+                if (!TEST_int_ne(GENERAL_NAME_cmp(namesa[i], namesb[j]), 0))
+                    goto end;
+            }
+        }
+    }
+    testresult = 1;
+
+ end:
+    for (i = 0; i < OSSL_NELEM(gennames); i++) {
+        if (namesa != NULL)
+            GENERAL_NAME_free(namesa[i]);
+        if (namesb != NULL)
+            GENERAL_NAME_free(namesb[i]);
+    }
+    OPENSSL_free(namesa);
+    OPENSSL_free(namesb);
+
+    return testresult;
+}
+
+ int setup_tests(void)
+ {
+     ADD_ALL_TESTS(call_run_cert, OSSL_NELEM(name_fns));
+    ADD_TEST(test_GENERAL_NAME_cmp);
+     return 1;
+ }
--- a/backport-Alternative-fix-for-CVE-2022-4304.patch
+++ b/backport-Alternative-fix-for-CVE-2022-4304.patch
@ -0,0 +1,461 @@
+From 3f499b24f3bcd66db022074f7e8b4f6ee266a3ae Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Mon, 13 Feb 2023 17:46:41 +0100
+Subject: [PATCH] Alternative fix for CVE-2022-4304
+
+This is about a timing leak in the topmost limb
+of the internal result of RSA_private_decrypt,
+before the padding check.
+
+There are in fact at least three bugs together that
+caused the timing leak:
+
+First and probably most important is the fact that
+the blinding did not use the constant time code path
+at all when the RSA object was used for a private
+decrypt, due to the fact that the Montgomery context
+rsa->_method_mod_n was not set up early enough in
+rsa_ossl_private_decrypt, when BN_BLINDING_create_param
+needed it, and that was persisted as blinding->m_ctx,
+although the RSA object creates the Montgomery context
+just a bit later.
+
+Then the infamous bn_correct_top was used on the
+secret value right after the blinding was removed.
+
+And finally the function BN_bn2binpad did not use
+the constant-time code path since the BN_FLG_CONSTTIME
+was not set on the secret value.
+
+In order to address the first problem, this patch
+makes sure that the rsa->_method_mod_n is initialized
+right before the blinding context.
+
+And to fix the second problem, we add a new utility
+function bn_correct_top_consttime, a const-time
+variant of bn_correct_top.
+
+Together with the fact, that BN_bn2binpad is already
+constant time if the flag BN_FLG_CONSTTIME is set,
+this should eliminate the timing oracle completely.
+
+In addition the no-asm variant may also have
+branches that depend on secret values, because the last
+invocation of bn_sub_words in bn_from_montgomery_word
+had branches when the function is compiled by certain
+gcc compiler versions, due to the clumsy coding style.
+
+So additionally this patch stream-lined the no-asm
+C-code in order to avoid branches where possible and
+improve the resulting code quality.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20284)
+
+Reference:https://github.com/openssl/openssl/commit/3f499b24f3bcd66db022074f7e8b4f6ee266a3ae
+Confilts:CHANGES
+---
+ crypto/bn/bn_asm.c    | 106 +++++++++++++++++++++++-------------------
+ crypto/bn/bn_blind.c  |   3 +-
+ crypto/bn/bn_lib.c    |  22 +++++++++
+ crypto/bn/bn_local.h  |  26 +++++------
+ crypto/rsa/rsa_ossl.c |  13 +++---
+ 5 files changed, 101 insertions(+), 69 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_asm.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_asm.c
+index 4d83a8cf11..177558c647 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_asm.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_asm.c
+@@ -381,25 +381,33 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ #ifndef OPENSSL_SMALL_FOOTPRINT
+     while (n & ~3) {
+         t1 = a[0];
+-        t2 = b[0];
+-        r[0] = (t1 - t2 - c) & BN_MASK2;
+-        if (t1 != t2)
+-            c = (t1 < t2);
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[0];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[0] = t1;
+        c += (t1 > t2);
+         t1 = a[1];
+-        t2 = b[1];
+-        r[1] = (t1 - t2 - c) & BN_MASK2;
+-        if (t1 != t2)
+-            c = (t1 < t2);
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[1];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[1] = t1;
+        c += (t1 > t2);
+         t1 = a[2];
+-        t2 = b[2];
+-        r[2] = (t1 - t2 - c) & BN_MASK2;
+-        if (t1 != t2)
+-            c = (t1 < t2);
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[2];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[2] = t1;
+        c += (t1 > t2);
+         t1 = a[3];
+-        t2 = b[3];
+-        r[3] = (t1 - t2 - c) & BN_MASK2;
+-        if (t1 != t2)
+-            c = (t1 < t2);
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[3];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[3] = t1;
+        c += (t1 > t2);
+         a += 4;
+         b += 4;
+         r += 4;
+@@ -408,10 +416,12 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+ #endif
+     while (n) {
+         t1 = a[0];
+-        t2 = b[0];
+-        r[0] = (t1 - t2 - c) & BN_MASK2;
+-        if (t1 != t2)
+-            c = (t1 < t2);
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[0];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[0] = t1;
+        c += (t1 > t2);
+         a++;
+         b++;
+         r++;
+@@ -446,7 +456,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         t += c0;                /* no carry */  \
+         c0 = (BN_ULONG)Lw(t);                   \
+         hi = (BN_ULONG)Hw(t);                   \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+@@ -455,11 +465,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         BN_ULLONG tt = t+c0;    /* no carry */  \
+         c0 = (BN_ULONG)Lw(tt);                  \
+         hi = (BN_ULONG)Hw(tt);                  \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         t += c0;                /* no carry */  \
+         c0 = (BN_ULONG)Lw(t);                   \
+         hi = (BN_ULONG)Hw(t);                   \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+@@ -468,7 +478,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         t += c0;                /* no carry */  \
+         c0 = (BN_ULONG)Lw(t);                   \
+         hi = (BN_ULONG)Hw(t);                   \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define sqr_add_c2(a,i,j,c0,c1,c2) \
+@@ -483,26 +493,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         BN_ULONG ta = (a), tb = (b);            \
+         BN_ULONG lo, hi;                        \
+         BN_UMULT_LOHI(lo,hi,ta,tb);             \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+         BN_ULONG ta = (a), tb = (b);            \
+         BN_ULONG lo, hi, tt;                    \
+         BN_UMULT_LOHI(lo,hi,ta,tb);             \
+-        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+-        c1 += tt; c2 += (c1<tt)?1:0;            \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; tt = hi + (c0<lo);            \
+        c1 += tt; c2 += (c1<tt);                \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+         BN_ULONG ta = (a)[i];                   \
+         BN_ULONG lo, hi;                        \
+         BN_UMULT_LOHI(lo,hi,ta,ta);             \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define sqr_add_c2(a,i,j,c0,c1,c2)    \
+@@ -517,26 +527,26 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         BN_ULONG ta = (a), tb = (b);            \
+         BN_ULONG lo = ta * tb;                  \
+         BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+         BN_ULONG ta = (a), tb = (b), tt;        \
+         BN_ULONG lo = ta * tb;                  \
+         BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+-        c0 += lo; tt = hi + ((c0<lo)?1:0);      \
+-        c1 += tt; c2 += (c1<tt)?1:0;            \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; tt = hi + (c0<lo);            \
+        c1 += tt; c2 += (c1<tt);                \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+         BN_ULONG ta = (a)[i];                   \
+         BN_ULONG lo = ta * ta;                  \
+         BN_ULONG hi = BN_UMULT_HIGH(ta,ta);     \
+-        c0 += lo; hi += (c0<lo)?1:0;            \
+-        c1 += hi; c2 += (c1<hi)?1:0;            \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+         } while(0)
+ 
+ #  define sqr_add_c2(a,i,j,c0,c1,c2)      \
+@@ -551,8 +561,8 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+         BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+         mul64(lo,hi,bl,bh);                     \
+-        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+@@ -561,17 +571,17 @@ BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+         BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+         mul64(lo,hi,bl,bh);                     \
+         tt = hi;                                \
+-        c0 = (c0+lo)&BN_MASK2; if (c0<lo) tt++; \
+-        c1 = (c1+tt)&BN_MASK2; if (c1<tt) c2++; \
+-        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c0 = (c0+lo)&BN_MASK2; tt += (c0<lo);   \
+        c1 = (c1+tt)&BN_MASK2; c2 += (c1<tt);   \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+         BN_ULONG lo, hi;                        \
+         sqr64(lo,hi,(a)[i]);                    \
+-        c0 = (c0+lo)&BN_MASK2; if (c0<lo) hi++; \
+-        c1 = (c1+hi)&BN_MASK2; if (c1<hi) c2++; \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+         } while(0)
+ 
+ #  define sqr_add_c2(a,i,j,c0,c1,c2) \
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_blind.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_blind.c
+index 15d9e0a544..e76f6107a7 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_blind.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_blind.c
+@@ -191,7 +191,8 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+             n->top = (int)(rtop & ~mask) | (ntop & mask);
+             n->flags |= (BN_FLG_FIXED_TOP & ~mask);
+         }
+-        ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
+        ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx);
+        bn_correct_top_consttime(n);
+     } else {
+         ret = BN_mod_mul(n, n, r, b->mod, ctx);
+     }
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_lib.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_lib.c
+index eb4a31849b..fe6fb0e40f 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_lib.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_lib.c
+@@ -1001,6 +1001,28 @@ BIGNUM *bn_wexpand(BIGNUM *a, int words)
+     return (words <= a->dmax) ? a : bn_expand2(a, words);
+ }
+ 
+void bn_correct_top_consttime(BIGNUM *a)
+{
+    int j, atop;
+    BN_ULONG limb;
+    unsigned int mask;
+
+    for (j = 0, atop = 0; j < a->dmax; j++) {
+        limb = a->d[j];
+        limb |= 0 - limb;
+        limb >>= BN_BITS2 - 1;
+        limb = 0 - limb;
+        mask = (unsigned int)limb;
+        mask &= constant_time_msb(j - a->top);
+        atop = constant_time_select_int(mask, j + 1, atop);
+    }
+
+    mask = constant_time_eq_int(atop, 0);
+    a->top = atop;
+    a->neg = constant_time_select_int(mask, 0, a->neg);
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+ void bn_correct_top(BIGNUM *a)
+ {
+     BN_ULONG *ftl;
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_local.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_local.h
+index ee6342b60c..818e34348e 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_local.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/bn/bn_local.h
+@@ -515,10 +515,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         ret =  (r);                     \
+         BN_UMULT_LOHI(low,high,w,tmp);  \
+         ret += (c);                     \
+-        (c) =  (ret<(c))?1:0;           \
+        (c) =  (ret<(c));               \
+         (c) += high;                    \
+         ret += low;                     \
+-        (c) += (ret<low)?1:0;           \
+        (c) += (ret<low);               \
+         (r) =  ret;                     \
+         }
+ 
+@@ -527,7 +527,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         BN_UMULT_LOHI(low,high,w,ta);   \
+         ret =  low + (c);               \
+         (c) =  high;                    \
+-        (c) += (ret<low)?1:0;           \
+        (c) += (ret<low);               \
+         (r) =  ret;                     \
+         }
+ 
+@@ -543,10 +543,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         high=  BN_UMULT_HIGH(w,tmp);    \
+         ret += (c);                     \
+         low =  (w) * tmp;               \
+-        (c) =  (ret<(c))?1:0;           \
+        (c) =  (ret<(c));               \
+         (c) += high;                    \
+         ret += low;                     \
+-        (c) += (ret<low)?1:0;           \
+        (c) += (ret<low);               \
+         (r) =  ret;                     \
+         }
+ 
+@@ -556,7 +556,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         high=  BN_UMULT_HIGH(w,ta);     \
+         ret =  low + (c);               \
+         (c) =  high;                    \
+-        (c) += (ret<low)?1:0;           \
+        (c) += (ret<low);               \
+         (r) =  ret;                     \
+         }
+ 
+@@ -589,10 +589,10 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         lt=(bl)*(lt); \
+         m1=(bl)*(ht); \
+         ht =(bh)*(ht); \
+-        m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS((BN_ULONG)1); \
+        m=(m+m1)&BN_MASK2; ht += L2HBITS((BN_ULONG)(m < m1)); \
+         ht+=HBITS(m); \
+         m1=L2HBITS(m); \
+-        lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \
+        lt=(lt+m1)&BN_MASK2; ht += (lt < m1); \
+         (l)=lt; \
+         (h)=ht; \
+         }
+@@ -609,7 +609,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         h*=h; \
+         h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+         m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+-        l=(l+m)&BN_MASK2; if (l < m) h++; \
+        l=(l+m)&BN_MASK2; h += (l < m); \
+         (lo)=l; \
+         (ho)=h; \
+         }
+@@ -623,9 +623,9 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         mul64(l,h,(bl),(bh)); \
+  \
+         /* non-multiply part */ \
+-        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        l=(l+(c))&BN_MASK2; h += (l < (c)); \
+         (c)=(r); \
+-        l=(l+(c))&BN_MASK2; if (l < (c)) h++; \
+        l=(l+(c))&BN_MASK2; h += (l < (c)); \
+         (c)=h&BN_MASK2; \
+         (r)=l; \
+         }
+@@ -639,7 +639,7 @@ unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+         mul64(l,h,(bl),(bh)); \
+  \
+         /* non-multiply part */ \
+-        l+=(c); if ((l&BN_MASK2) < (c)) h++; \
+        l+=(c); h += ((l&BN_MASK2) < (c)); \
+         (c)=h&BN_MASK2; \
+         (r)=l&BN_MASK2; \
+         }
+@@ -669,7 +669,7 @@ BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                            int cl, int dl);
+ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                 const BN_ULONG *np, const BN_ULONG *n0, int num);
+-
+void bn_correct_top_consttime(BIGNUM *a);
+ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                            const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                            int *noinv);
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/rsa/rsa_ossl.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/rsa/rsa_ossl.c
+index 53cf2d03c9..cf5a10ab43 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/rsa/rsa_ossl.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/rsa/rsa_ossl.c
+@@ -226,6 +226,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+      * will only read the modulus from BN_BLINDING. In both cases it's safe
+      * to access the blinding without a lock.
+      */
+    BN_set_flags(f, BN_FLG_CONSTTIME);
+     return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+ }
+ 
+@@ -412,6 +413,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+         goto err;
+     }
+ 
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+     if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+         blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+         if (blinding == NULL) {
+@@ -449,13 +455,6 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+             goto err;
+         }
+         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+-
+-        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+-            if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+-                                        rsa->n, ctx)) {
+-                BN_free(d);
+-                goto err;
+-            }
+         if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                    rsa->_method_mod_n)) {
+             BN_free(d);
+-- 
+2.27.0
+
--- a/backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch
+++ b/backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch
@ -0,0 +1,45 @@
+From bbcf509bd046b34cca19c766bbddc31683d0858b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 13 Dec 2022 14:54:55 +0000
+Subject: [PATCH] Avoid dangling ptrs in header and data params for
+ PEM_read_bio_ex
+
+In the event of a failure in PEM_read_bio_ex() we free the buffers we
+allocated for the header and data buffers. However we were not clearing
+the ptrs stored in *header and *data. Since, on success, the caller is
+responsible for freeing these ptrs this can potentially lead to a double
+free if the caller frees them even on failure.
+
+Thanks to Dawei Wang for reporting this issue.
+
+Based on a proposed patch by Kurt Roeckx.
+
+CVE-2022-4450
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+
+Reference:https://github.com/openssl/openssl/commit/bbcf509bd046b34cca19c766bbddc31683d0858b
+Confilts:CHANGES
+
+---
+ crypto/pem/pem_lib.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/pem/pem_lib.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/pem/pem_lib.c
+index d416d939ea..328c30cdbb 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/pem/pem_lib.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/pem/pem_lib.c
+@@ -957,7 +957,9 @@ int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+     *data = pem_malloc(len, flags);
+     if (*header == NULL || *data == NULL) {
+         pem_free(*header, flags, 0);
+        *header = NULL;
+         pem_free(*data, flags, 0);
+        *data = NULL;
+         goto end;
+     }
+     BIO_read(headerB, *header, headerlen);
+-- 
+2.27.0
+
--- a/backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
+++ b/backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
@ -0,0 +1,110 @@
+From c3829dd8825c654652201e16f8a0a0c46ee3f344 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 14 Dec 2022 16:18:14 +0000
+Subject: [PATCH] Fix a UAF resulting from a bug in BIO_new_NDEF
+
+If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
+be part of an invalid BIO chain. This causes a "use after free" when the
+BIO is eventually freed.
+
+Based on an original patch by Viktor Dukhovni and an idea from Theo
+Buehler.
+
+Thanks to Octavio Galland for reporting this issue.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+Reference:https://github.com/openssl/openssl/commit/c3829dd8825c654652201e16f8a0a0c46ee3f344
+Conflict: NA
+
+---
+ crypto/asn1/bio_ndef.c | 39 ++++++++++++++++++++++++++++++++-------
+ 1 file changed, 32 insertions(+), 7 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/asn1/bio_ndef.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/asn1/bio_ndef.c
+index 760e4846a4..f8d4b1b9aa 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/asn1/bio_ndef.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/asn1/bio_ndef.c
+@@ -49,12 +49,19 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+ static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                             void *parg);
+ 
+/*
+ * On success, the returned BIO owns the input BIO as part of its BIO chain.
+ * On failure, NULL is returned and the input BIO is owned by the caller.
+ *
+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
+ */
+ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+ {
+     NDEF_SUPPORT *ndef_aux = NULL;
+     BIO *asn_bio = NULL;
+     const ASN1_AUX *aux = it->funcs;
+     ASN1_STREAM_ARG sarg;
+    BIO *pop_bio = NULL;
+ 
+     if (!aux || !aux->asn1_cb) {
+         ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+@@ -69,21 +76,39 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     out = BIO_push(asn_bio, out);
+     if (out == NULL)
+         goto err;
+    pop_bio = asn_bio;
+ 
+-    BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free);
+-    BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free);
+    if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
+            || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
+            || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
+        goto err;
+ 
+     /*
+-     * Now let callback prepends any digest, cipher etc BIOs ASN1 structure
+-     * needs.
+     * Now let the callback prepend any digest, cipher, etc., that the BIO's
+     * ASN1 structure needs.
+      */
+ 
+     sarg.out = out;
+     sarg.ndef_bio = NULL;
+     sarg.boundary = NULL;
+ 
+-    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
+    /*
+     * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
+     * middle of some partially built, but not returned BIO chain.
+     */
+    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
+        /*
+         * ndef_aux is now owned by asn_bio so we must not free it in the err
+         * clean up block
+         */
+        ndef_aux = NULL;
+         goto err;
+    }
+
+    /*
+     * We must not fail now because the callback has prepended additional
+     * BIOs to the chain
+     */
+ 
+     ndef_aux->val = val;
+     ndef_aux->it = it;
+@@ -91,11 +116,11 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+     ndef_aux->boundary = sarg.boundary;
+     ndef_aux->out = out;
+ 
+-    BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux);
+-
+     return sarg.ndef_bio;
+ 
+  err:
+    /* BIO_pop() is NULL safe */
+    (void)BIO_pop(pop_bio);
+     BIO_free(asn_bio);
+     OPENSSL_free(ndef_aux);
+     return NULL;
+-- 
+2.27.0
+
--- a/backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
+++ b/backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
@ -0,0 +1,65 @@
+From 2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9 Mon Sep 17 00:00:00 2001
+From: Hugo Landau <hlandau@openssl.org>
+Date: Tue, 17 Jan 2023 17:45:42 +0000
+Subject: [PATCH] CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+Reference:https://github.com/openssl/openssl/commit/2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
+Confilts:CHANGES
+
+---
+ crypto/x509v3/v3_genn.c  |  2 +-
+ include/openssl/x509v3.h |  2 +-
+ test/v3nametest.c        |  8 ++++++++
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+index 87a5eff47c..e54ddc55c9 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+@@ -98,7 +98,7 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
+-        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+         break;
+ 
+     case GEN_EDIPARTY:
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/x509v3.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/x509v3.h
+index 90fa3592ce..e61c0f29d4 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/x509v3.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/x509v3.h
+@@ -136,7 +136,7 @@ typedef struct GENERAL_NAME_st {
+         OTHERNAME *otherName;   /* otherName */
+         ASN1_IA5STRING *rfc822Name;
+         ASN1_IA5STRING *dNSName;
+-        ASN1_TYPE *x400Address;
+        ASN1_STRING *x400Address;
+         X509_NAME *directoryName;
+         EDIPARTYNAME *ediPartyName;
+         ASN1_IA5STRING *uniformResourceIdentifier;
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+index d1852190b8..37819da8fd 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+@@ -646,6 +646,14 @@ static struct gennamedata {
+             0xb7, 0x09, 0x02, 0x02
+         },
+         15
+    }, {
+        /*
+         * Regression test for CVE-2023-0286.
+         */
+        {
+            0xa3, 0x00
+        },
+        2
+     }
+ };
+ 
+-- 
+2.27.0
+
--- a/backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
+++ b/backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
@ -0,0 +1,226 @@
+From 879f7080d7e141f415c79eaa3a8ac4a3dad0348b Mon Sep 17 00:00:00 2001
+From: Pauli <pauli@openssl.org>
+Date: Wed, 8 Mar 2023 15:28:20 +1100
+Subject: [PATCH] x509: excessive resource use verifying policy constraints
+
+A security vulnerability has been identified in all supported versions
+of OpenSSL related to the verification of X.509 certificate chains
+that include policy constraints.  Attackers may be able to exploit this
+vulnerability by creating a malicious certificate chain that triggers
+exponential use of computational resources, leading to a denial-of-service
+(DoS) attack on affected systems.
+
+Fixes CVE-2023-0464
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/20569)
+
+Reference:https://github.com/openssl/openssl/commit/879f7080d7e141f415c79eaa3a8ac4a3dad0348b
+Confilts:NA
+
+---
+ crypto/x509v3/pcy_local.h |  8 +++++++-
+ crypto/x509v3/pcy_node.c  | 12 +++++++++---
+ crypto/x509v3/pcy_tree.c  | 37 +++++++++++++++++++++++++++----------
+ 3 files changed, 43 insertions(+), 14 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_local.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_local.h
+index 5daf78de45..344aa06765 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_local.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_local.h
+@@ -111,6 +111,11 @@ struct X509_POLICY_LEVEL_st {
+ };
+ 
+ struct X509_POLICY_TREE_st {
+    /* The number of nodes in the tree */
+    size_t node_count;
+    /* The maximum number of nodes in the tree */
+    size_t node_maximum;
+
+     /* This is the tree 'level' data */
+     X509_POLICY_LEVEL *levels;
+     int nlevel;
+@@ -159,7 +164,8 @@ X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree);
+                                 X509_POLICY_TREE *tree,
+                                 int extra_data);
+ void policy_node_free(X509_POLICY_NODE *node);
+ int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                       const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_node.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_node.c
+index e2d7b15322..d574fb9d66 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_node.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_node.c
+@@ -59,10 +59,15 @@ X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                  X509_POLICY_DATA *data,
+                                  X509_POLICY_NODE *parent,
+-                                 X509_POLICY_TREE *tree)
+                                 X509_POLICY_TREE *tree,
+                                 int extra_data)
+ {
+     X509_POLICY_NODE *node;
+ 
+    /* Verify that the tree isn't too large.  This mitigates CVE-2023-0464 */
+    if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum)
+        return NULL;
+
+     node = OPENSSL_zalloc(sizeof(*node));
+     if (node == NULL) {
+         X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+@@ -70,7 +75,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+     }
+     node->data = data;
+     node->parent = parent;
+-    if (level) {
+    if (level != NULL) {
+         if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+             if (level->anyPolicy)
+                 goto node_error;
+@@ -90,7 +95,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+ 
+-    if (tree) {
+    if (extra_data) {
+         if (tree->extra_data == NULL)
+             tree->extra_data = sk_X509_POLICY_DATA_new_null();
+         if (tree->extra_data == NULL){
+@@ -103,6 +108,7 @@ X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+         }
+     }
+ 
+    tree->node_count++;
+     if (parent)
+         parent->nchild++;
+ 
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_tree.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_tree.c
+index 6e8322cbc5..6c7fd35405 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_tree.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/pcy_tree.c
+@@ -13,6 +13,18 @@
+ 
+ #include "pcy_local.h"
+ 
+/*
+ * If the maximum number of nodes in the policy tree isn't defined, set it to
+ * a generous default of 1000 nodes.
+ *
+ * Defining this to be zero means unlimited policy tree growth which opens the
+ * door on CVE-2023-0464.
+ */
+
+#ifndef OPENSSL_POLICY_TREE_NODES_MAX
+# define OPENSSL_POLICY_TREE_NODES_MAX 1000
+#endif
+
+ /*
+  * Enable this to print out the complete policy tree at various point during
+  * evaluation.
+@@ -168,6 +180,9 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+         return X509_PCY_TREE_INTERNAL;
+     }
+ 
+    /* Limit the growth of the tree to mitigate CVE-2023-0464 */
+    tree->node_maximum = OPENSSL_POLICY_TREE_NODES_MAX;
+
+     /*
+      * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+      *
+@@ -184,7 +199,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+     level = tree->levels;
+     if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+         goto bad_tree;
+-    if (level_add_node(level, data, NULL, tree) == NULL) {
+    if (level_add_node(level, data, NULL, tree, 1) == NULL) {
+         policy_data_free(data);
+         goto bad_tree;
+     }
+@@ -243,7 +258,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+  * Return value: 1 on success, 0 otherwise
+  */
+ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+-                                    X509_POLICY_DATA *data)
+                                    X509_POLICY_DATA *data,
+                                    X509_POLICY_TREE *tree)
+ {
+     X509_POLICY_LEVEL *last = curr - 1;
+     int i, matched = 0;
+@@ -253,13 +269,13 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+ 
+         if (policy_node_match(last, node, data->valid_policy)) {
+-            if (level_add_node(curr, data, node, NULL) == NULL)
+            if (level_add_node(curr, data, node, tree, 0) == NULL)
+                 return 0;
+             matched = 1;
+         }
+     }
+     if (!matched && last->anyPolicy) {
+-        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+        if (level_add_node(curr, data, last->anyPolicy, tree, 0) == NULL)
+             return 0;
+     }
+     return 1;
+@@ -272,7 +288,8 @@ static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+  * Return value: 1 on success, 0 otherwise.
+  */
+ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+-                           const X509_POLICY_CACHE *cache)
+                           const X509_POLICY_CACHE *cache,
+                           X509_POLICY_TREE *tree)
+ {
+     int i;
+ 
+@@ -280,7 +297,7 @@ static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+         X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+ 
+         /* Look for matching nodes in previous level */
+-        if (!tree_link_matching_nodes(curr, data))
+        if (!tree_link_matching_nodes(curr, data, tree))
+             return 0;
+     }
+     return 1;
+@@ -311,7 +328,7 @@ static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+     /* Curr may not have anyPolicy */
+     data->qualifier_set = cache->anyPolicy->qualifier_set;
+     data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+-    if (level_add_node(curr, data, node, tree) == NULL) {
+    if (level_add_node(curr, data, node, tree, 1) == NULL) {
+         policy_data_free(data);
+         return 0;
+     }
+@@ -373,7 +390,7 @@ static int tree_link_any(X509_POLICY_LEVEL *curr,
+     }
+     /* Finally add link to anyPolicy */
+     if (last->anyPolicy &&
+-        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, tree, 0) == NULL)
+         return 0;
+     return 1;
+ }
+@@ -555,7 +572,7 @@ static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+             extra->qualifier_set = anyPolicy->data->qualifier_set;
+             extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                 | POLICY_DATA_FLAG_EXTRA_NODE;
+-            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree, 1);
+         }
+         if (!tree->user_policies) {
+             tree->user_policies = sk_X509_POLICY_NODE_new_null();
+@@ -582,7 +599,7 @@ static int tree_evaluate(X509_POLICY_TREE *tree)
+ 
+     for (i = 1; i < tree->nlevel; i++, curr++) {
+         cache = policy_cache_set(curr->cert);
+-        if (!tree_link_nodes(curr, cache))
+        if (!tree_link_nodes(curr, cache, tree))
+             return X509_PCY_TREE_INTERNAL;
+ 
+         if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+-- 
+2.27.0
+
--- a/backport-CVE-2023-0465-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
+++ b/backport-CVE-2023-0465-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
@ -0,0 +1,58 @@
+From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <hlandau@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20588)
+
+Reference:https://github.com/openssl/openssl/commit/b013765abfa80036dc779dd0e50602c57bb3bf95
+Confilts:NA
+
+---
+ crypto/x509/x509_vfy.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509/x509_vfy.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509/x509_vfy.c
+index 925fbb5412..1dfe4f9f31 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509/x509_vfy.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509/x509_vfy.c
+@@ -1649,18 +1649,25 @@ static int check_policy(X509_STORE_CTX *ctx)
+     }
+     /* Invalid or inconsistent extensions */
+     if (ret == X509_PCY_TREE_INVALID) {
+-        int i;
+        int i, cbcalled = 0;
+ 
+         /* Locate certificates with bad extensions and notify callback. */
+-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+             X509 *x = sk_X509_value(ctx->chain, i);
+ 
+             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                 continue;
+            cbcalled = 1;
+             if (!verify_cb_cert(ctx, x, i,
+                                 X509_V_ERR_INVALID_POLICY_EXTENSION))
+                 return 0;
+         }
+        if (!cbcalled) {
+            /* Should not be able to get here */
+            X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /* The callback ignored the error so we return success */
+         return 1;
+     }
+     if (ret == X509_PCY_TREE_FAILURE) {
+-- 
+2.27.0
+
--- a/backport-CVE-2023-0466-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
+++ b/backport-CVE-2023-0466-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
@ -0,0 +1,50 @@
+From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 16:15:47 +0100
+Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+The function was incorrectly documented as enabling policy checking.
+
+Fixes: CVE-2023-0466
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20564)
+
+Reference:https://github.com/openssl/openssl/commit/0d16b7e99aafc0b4a6d729eec65a411a7e025f0a
+Confilts:CHANGES,NEWS
+
+---
+ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
+ 1 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index f6f304bf7b..aa292f9336 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -92,8 +92,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+ 
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
+Contrary to preexisting documentation of this function it does not enable
+policy checking.
+ 
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -377,6 +378,10 @@ and has no effect.
+ 
+ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+ 
+The function X509_VERIFY_PARAM_add0_policy() was historically documented as
+enabling policy checking however the implementation has never done this.
+The documentation was changed to align with the implementation.
+
+ =head1 COPYRIGHT
+ 
+ Copyright 2009-2019 The OpenSSL Project Authors. All Rights Reserved.
+-- 
+2.27.0
+
--- a/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
+++ b/backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
@ -0,0 +1,68 @@
+From 9e209944b35cf82368071f160a744b6178f9b098 Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 12 May 2023 10:00:13 +0200
+Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
+ translate
+
+OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+numeric text form.  For gigantic sub-identifiers, this would take a very
+long time, the time complexity being O(n^2) where n is the size of that
+sub-identifier.
+
+To mitigate this, a restriction on the size that OBJ_obj2txt() will
+translate to canonical numeric text form is added, based on RFC 2578
+(STD 58), which says this:
+
+> 3.5. OBJECT IDENTIFIER values
+>
+> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
+> For the SMIv2, each number in the list is referred to as a sub-identifier,
+> there are at most 128 sub-identifiers in a value, and each sub-identifier
+> has a maximum value of 2^32-1 (4294967295 decimal).
+
+Fixes otc/security#96
+Fixes CVE-2023-2650
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+
+Reference:https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098
+Confilts:CHANGES,NEWS
+
+---
+ crypto/objects/obj_dat.c | 19 +++++++++++++++++++
+ 1 files changed, 19 insertions(+)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/objects/obj_dat.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/objects/obj_dat.c
+index 7e8de727f3..d699915b20 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/objects/obj_dat.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/objects/obj_dat.c
+@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+     first = 1;
+     bl = NULL;
+ 
+    /*
+     * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+     *
+     * > 3.5. OBJECT IDENTIFIER values
+     * >
+     * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+     * > numbers. For the SMIv2, each number in the list is referred to as a
+     * > sub-identifier, there are at most 128 sub-identifiers in a value,
+     * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+     * > decimal).
+     *
+     * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+     * i.e. 586 bytes long.
+     *
+     * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+     */
+    if (len > 586)
+        goto err;
+
+     while (len > 0) {
+         l = 0;
+         use_bn = 0;
+-- 
+2.27.0
+
--- a/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
+++ b/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
@ -0,0 +1,134 @@
+From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21452)
+
+Reference:https://github.com/openssl/openssl/commit/8780a896543a654e757db1b9396383f9d8095528
+Confilts:Change the Source File Patch
+
+---
+ crypto/dh/dh_check.c    | 6 ++++++
+ crypto/dh/dh_err.c      | 3 ++-
+ crypto/err/openssl.txt  | 3 ++-
+ include/openssl/dh.h    | 3 +++
+ include/openssl/dherr.h | 3 ++-
+ 5 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+index 4ac169e75c..e5f9dd5030 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
+    /* Don't do any checks at all with an excessively large modulus */
+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+     if (!DH_check_params(dh, ret))
+         return 0;
+ 
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+index 7285587b4a..92800d3fcc 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
+     {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+      "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+index 9f91a4a811..c0a3cd720b 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+@@ -1,4 +1,4 @@
+-# Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ #
+ # Licensed under the OpenSSL license (the "License").  You may not use
+ # this file except in compliance with the License.  You can obtain a copy
+@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
+ DH_F_COMPUTE_KEY:102:compute_key
+ DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
+ DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
+DH_F_DH_CHECK:126:DH_check
+ DH_F_DH_CHECK_EX:121:DH_check_ex
+ DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+ DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+index 3527540cdd..892e31559d 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+@@ -29,6 +29,9 @@ extern "C" {
+ # ifndef OPENSSL_DH_MAX_MODULUS_BITS
+ #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+ # endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
+# endif
+ 
+ # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+ 
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+index 916b3bed0b..528c819856 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
+ #  define DH_F_COMPUTE_KEY                                 102
+ #  define DH_F_DHPARAMS_PRINT_FP                           101
+ #  define DH_F_DH_BUILTIN_GENPARAMS                        106
+#  define DH_F_DH_CHECK                                    126
+ #  define DH_F_DH_CHECK_EX                                 121
+ #  define DH_F_DH_CHECK_PARAMS_EX                          122
+ #  define DH_F_DH_CHECK_PUB_KEY_EX                         123
+-- 
+2.27.0
+
--- a/backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
+++ b/backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
@ -0,0 +1,62 @@
+From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Fri, 21 Jul 2023 11:39:41 +0200
+Subject: [PATCH] DH_check(): Do not try checking q properties if it is
+ obviously invalid
+
+If  |q| >= |p| then the q value is obviously wrong as q
+is supposed to be a prime divisor of p-1.
+
+We check if p is overly large so this added test implies that
+q is not large either when performing subsequent tests using that
+q value.
+
+Otherwise if it is too large these additional checks of the q value
+such as the primality test can then trigger DoS by doing overly long
+computations.
+
+Fixes CVE-2023-3817
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21551)
+
+Reference:https://github.com/openssl/openssl/commit/91ddeba0f2269b017dc06c46c993a788974b1aa5
+Confilts:Change the Source File Patch
+
+---
+ crypto/dh/dh_check.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+index 2001d2e7cb..9ae96991eb 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)
+ 
+ int DH_check(const DH *dh, int *ret)
+ {
+-    int ok = 0, r;
+    int ok = 0, r, q_good = 0;
+     BN_CTX *ctx = NULL;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
+@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret)
+     if (t2 == NULL)
+         goto err;
+ 
+-    if (dh->q) {
+    if (dh->q != NULL) {
+        if (BN_ucmp(dh->p, dh->q) > 0)
+            q_good = 1;
+        else
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+    }
+
+    if (q_good) {
+         if (BN_cmp(dh->g, BN_value_one()) <= 0)
+             *ret |= DH_NOT_SUITABLE_GENERATOR;
+         else if (BN_cmp(dh->g, dh->p) >= 0)
+-- 
+2.27.0
+
--- a/backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
+++ b/backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch
@ -0,0 +1,134 @@
+From 58589a46204c0dfca58906d6e66cf610caa11d88 Mon Sep 17 00:00:00 2001
+From: lanming1120 <lanming1120@126.com>
+Date: Tue, 7 Nov 2023 14:42:28 +0800
+Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
+
+Signed-off-by: lanming1120 <lanming1120@126.com>
+
+Reference:https://gitee.com/openeuler/openssl/commit/58589a46204c0dfca58906d6e66cf610caa11d88
+Confilts:NA
+
+---
+ crypto/dh/dh_check.c    | 13 +++++++++++++
+ crypto/dh/dh_err.c      |  1 +
+ crypto/dh/dh_key.c      | 12 ++++++++++++
+ crypto/err/openssl.txt  |  1 +
+ include/openssl/dh.h    |  5 +++--
+ include/openssl/dherr.h |  1 +
+ 6 files changed, 31 insertions(+), 2 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+index ae1b03bc92..779cfbcd91 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_check.c
+@@ -198,6 +198,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+     BN_CTX *ctx = NULL;
+ 
+     *ret = 0;
+
+    /* Don't do any checks at all with an excessively large modulus */
+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+        DHerr(DH_F_DH_CHECK_EX, DH_R_MODULUS_TOO_LARGE);
+        *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
+        return 0;
+    }
+
+    if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
+        *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
+        return 1;
+    }
+
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+index 92800d3fcc..b3b1e7a706 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_err.c
+@@ -82,6 +82,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+     "parameter encoding error"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+     {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+     "unable to check generator"},
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_key.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_key.c
+index 117f2fa883..4c4c4b9874 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_key.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/dh/dh_key.c
+@@ -109,6 +109,12 @@ static int generate_key(DH *dh)
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
+   if (dh->q != NULL
+        && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
+        return 0;
+    }
+
+     if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+         return 0;
+@@ -202,6 +208,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     int ret = -1;
+     int check_result;
+ 
+   if (dh->q != NULL
+        && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
+        goto err;
+    }
+
+     if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+         goto err;
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+index c111822eac..56d4093ada 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/err/openssl.txt
+@@ -2139,6 +2139,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
+ DH_R_NO_PRIVATE_VALUE:100:no private value
+ DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
+ DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_Q_TOO_LARGE:130:q too large
+ DH_R_SHARED_INFO_ERROR:113:shared info error
+ DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
+ DSA_R_BAD_Q_VALUE:102:bad q value
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+index 6c6ff3636a..7509f4fc3e 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dh.h
+@@ -71,14 +71,15 @@ DECLARE_ASN1_ITEM(DHparams)
+ /* #define DH_GENERATOR_3       3 */
+ # define DH_GENERATOR_5          5
+ 
+-/* DH_check error codes */
+/* DH_check error codes, some of them shared with DH_check_pub_key */
+ # define DH_CHECK_P_NOT_PRIME            0x01
+ # define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+ # define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+ # define DH_NOT_SUITABLE_GENERATOR       0x08
+ # define DH_CHECK_Q_NOT_PRIME            0x10
+-# define DH_CHECK_INVALID_Q_VALUE        0x20
+# define DH_CHECK_INVALID_Q_VALUE        0x20 /* +DH_check_pub_key */
+ # define DH_CHECK_INVALID_J_VALUE        0x40
+# define DH_MODULUS_TOO_LARGE            0x100
+ 
+ /* DH_check_pub_key error codes */
+ # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+index 528c819856..d66c35aa8e 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/include/openssl/dherr.h
+@@ -82,6 +82,7 @@ int ERR_load_DH_strings(void);
+ #  define DH_R_NO_PRIVATE_VALUE                            100
+ #  define DH_R_PARAMETER_ENCODING_ERROR                    105
+ #  define DH_R_PEER_KEY_ERROR                              111
+#  define DH_R_Q_TOO_LARGE                                 130
+ #  define DH_R_SHARED_INFO_ERROR                           113
+ #  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
+ 
+-- 
+2.27.0
+
--- a/backport-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
+++ b/backport-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
@ -0,0 +1,98 @@
+From b33c48b75aaf33c93aeda42d7138616b9e6a64cb Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 11 Nov 2020 16:12:58 +0000
+Subject: [PATCH] Correctly compare EdiPartyName in GENERAL_NAME_cmp()
+
+If a GENERAL_NAME field contained EdiPartyName data then it was
+incorrectly being handled as type "other". This could lead to a
+segmentation fault.
+
+Many thanks to David Benjamin from Google for reporting this issue.
+
+CVE-2020-1971
+
+Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
+---
+ crypto/x509/v3_genn.c | 45 ++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 42 insertions(+), 3 deletions(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+index 3d1f0a8777d2f..c0a7166cd0e64 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/crypto/x509v3/v3_genn.c
+@@ -58,6 +58,37 @@ GENERAL_NAME *GENERAL_NAME_dup(const GENERAL_NAME *a)
+                                     (char *)a);
+ }
+ 
+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+    int res;
+
+    if (a == NULL || b == NULL) {
+        /*
+         * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+         * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
+         */
+        return -1;
+    }
+    if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+        return -1;
+    if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+        return 1;
+    /* If we get here then both have nameAssigner set, or both unset */
+    if (a->nameAssigner != NULL) {
+        res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+        if (res != 0)
+            return res;
+    }
+    /*
+     * partyName is required, so these should never be NULL. We treat it in
+     * the same way as the a == NULL || b == NULL case above
+     */
+    if (a->partyName == NULL || b->partyName == NULL)
+        return -1;
+
+    return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
+ /* Returns 0 if they are equal, != 0 otherwise. */
+ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ {
+@@ -67,8 +98,11 @@ int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+         return -1;
+     switch (a->type) {
+     case GEN_X400:
+        result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+        break;
+
+     case GEN_EDIPARTY:
+-        result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+        result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+         break;
+ 
+     case GEN_OTHERNAME:
+@@ -115,8 +149,11 @@ void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+ {
+     switch (type) {
+     case GEN_X400:
+        a->d.x400Address = value;
+        break;
+
+     case GEN_EDIPARTY:
+-        a->d.other = value;
+        a->d.ediPartyName = value;
+         break;
+ 
+     case GEN_OTHERNAME:
+@@ -150,8 +187,10 @@ void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
+         *ptype = a->type;
+     switch (a->type) {
+     case GEN_X400:
+        return a->d.x400Address;
+
+     case GEN_EDIPARTY:
+-        return a->d.other;
+        return a->d.ediPartyName;
+ 
+     case GEN_OTHERNAME:
+         return a->d.otherName;
--- a/backport-v3nametest-Make-the-gennames-structure-static.patch
+++ b/backport-v3nametest-Make-the-gennames-structure-static.patch
@ -0,0 +1,24 @@
+From 7eea331eabe8b0a7ce03c9602a2bc72e9ddfe676 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tmraz@fedoraproject.org>
+Date: Tue, 8 Dec 2020 17:45:32 +0100
+Subject: [PATCH] v3nametest: Make the gennames structure static
+
+Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
+(Merged from https://github.com/openssl/openssl/pull/13635)
+---
+ test/v3nametest.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+index cdf0472387f14..e1eeb75f2f6ae 100644
+--- a/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+++ b/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source/openssl-1.1.1g/test/v3nametest.c
+@@ -359,7 +359,7 @@ static int call_run_cert(int i)
+     return failed == 0;
+ }
+ 
+-struct gennamedata {
+static struct gennamedata {
+     const unsigned char der[22];
+     size_t derlen;
+ } gennames[] = {
--- a/linux-sgx.spec
+++ b/linux-sgx.spec
@ -1,6 +1,6 @@
 Name:           linux-sgx
 Version:        2.11.100
-Release:        13
+Release:        14
 Summary:        Intel(R) Software Guard Extensions for Linux* OS
 ExclusiveArch:	x86_64
 License:        BSD-3-Clause
@ -24,6 +24,20 @@ Patch4:         backport-CVE-2022-0778_test.patch
 Patch5:         backport-CVE-2022-1292.patch
 Patch6:         backport-CVE-2022-2068-Fix-file-operations-in-c_rehash.patch
 Patch7:         backport-CVE-2022-2097-Fix-AES-OCB-encrypt-decrypt-for-x86-AES-NI.patch
+Patch8:         backport-Alternative-fix-for-CVE-2022-4304.patch
+Patch9:         backport-CVE-2022-4450-Avoid-dangling-ptrs-in-header-and-data-params-for-PE.patch
+Patch10:        backport-CVE-2023-0215-Fix-a-UAF-resulting-from-a-bug-in-BIO_new_NDEF.patch
+Patch11:        backport-Correctly-compare-EdiPartyName-in-GENERAL_NAME_cmp.patch
+Patch12:        backport-Add-a-test-for-GENERAL_NAME_cmp.patch
+Patch13:        backport-v3nametest-Make-the-gennames-structure-static.patch
+Patch14:        backport-CVE-2023-0286-Fix-GENERAL_NAME_cmp-for-x400Address-1.patch
+Patch15:        backport-CVE-2023-0464-x509-excessive-resource-use-verifying-policy-constra.patch
+Patch16:        backport-CVE-2023-0465-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch
+Patch17:        backport-CVE-2023-0466-Fix-documentation-of-X509_VERIFY_PARAM_add0_policy.patch
+Patch18:        backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that-OBJ_obj.patch
+Patch19:        backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
+Patch20:        backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
+Patch21:        backport-CVE-2023-5678-Make-DH_check_pub_key-and-DH_generate_key-safer-yet.patch

 BuildRequires:  gcc-c++ protobuf-devel libtool ocaml-ocamlbuild openssl-devel cmake python curl-devel createrepo_c git

@ -260,14 +274,7 @@ Intel(R) Software Guard Extensions Registration Agent Service
 %%setup -q -D -a 8 -n linux-sgx-sgx_2.11/external/dcap_source/SGXDataCenterAttestationPrimitives-DCAP_1.8/QuoteVerification/intel-sgx-ssl-lin_2.10_1.1.1g/openssl_source
 %%setup -q -D -a 5 -n linux-sgx-sgx_2.11
 %%setup -q -D -a 6 -n linux-sgx-sgx_2.11
-%%patch0 -p1
-%%patch1 -p1
-%%patch2 -p1
-%%patch3 -p1
-%%patch4 -p1
-%%patch5 -p1
-%%patch6 -p1
-%%patch7 -p1
+%autopatch -p1

 %build
 cp %{SOURCE7} %{SOURCE8} %{SOURCE9} ./
@ -939,6 +946,9 @@ fi
 %files -n sgx-ra-service -f %{TOOLS_INSTALLER_RPM_DIR}/sgx-ra-service/build/list-sgx-ra-service

 %changelog
+* Mon Jan 8 2024 wangyu <wangqingsan@huawei.com> - 2.11.100-14
+- fix some cve
+
 * Tue Sep 27 2022 wangyu <wangyu283@huawei.com> - 2.11.100-13
 - add glibc as requires for sgx-aesm-service