"description":"Initial UEFI bootloader that handles chaining to a trusted full \\ bootloader under secure boot environments.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nThe X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the \"-crl_download\"optionwhichimplementsautomaticCRLdownloadingandthisattackhasbeendemonstratedtoworkagainstthosetools.NotethatanunrelatedbugmeansthataffectedversionsofOpenSSLcannotparseorconstructcorrectencodingsofEDIPARTYNAME.HoweveritispossibletoconstructamalformedEDIPARTYNAMEthatOpenSSL'sparserwillacceptandhencetriggerthisattack.AllOpenSSL1.1.1and1.0.2versionsareaffectedbythisissue.OtherOpenSSLreleasesareoutofsupportandhavenotbeenchecked.FixedinOpenSSL1.1.1i(Affected1.1.1-1.1.1h).FixedinOpenSSL1.0.2x(Affected1.0.2-1.0.2w).(CVE-2020-1971)\r\n\r\nCallstoEVP_CipherUpdate,EVP_EncryptUpdateandEVP_DecryptUpdatemayoverflowtheoutputlengthargumentinsomecaseswheretheinputlengthisclosetothemaximumpermissablelengthforanintegerontheplatform.Insuchcasesthereturnvaluefromthefunctioncallwillbe1(indicatingsuccess),buttheoutputlengthvaluewillbenegative.Thiscouldcauseapplicationstobehaveincorrectlyorcrash.OpenSSLversions1.1.1iandbelowareaffectedbythisissue.UsersoftheseversionsshouldupgradetoOpenSSL1.1.1j.OpenSSLversions1.0.2xandbelowareaffectedbythisissue.HoweverOpenSSL1.0.2isoutofsupportandnolongerreceivingpublicupdates.PremiumsupportcustomersofOpenSSL1.0.2shouldupgradeto1.0.2y.Otherusersshouldupgradeto1.1.1j.FixedinOpenSSL1.1.1j(Affected1.1.1-1.1.1i).FixedinOpenSSL1.0.2y(Affected1.0.2-1.0.2x).(CVE-2021-23840)\r\n\r\nWhileparsinganIPAddressFamilyextensioninanX.509certificate,itispossibletodoaone-byteoverread.Thiswouldresultinanincorrecttextdisplayofthecertificate.Thisbughasbeenpresentsince2006andispresentinallversionsofOpenSSLbefore1.0.2mand1.1.0g.(CVE-2017-3735)\r\n\r\nDuringkeyagreementinaTLShandshakeusingaDH(E)basedciphersuiteamaliciousservercansendaverylargeprimevaluetotheclient.Thiswillcausetheclienttospendanunreasonablylongperiodoftimegeneratingakeyforthisprimeresultinginahanguntiltheclienthasfinished.ThiscouldbeexploitedinaDenialOfServiceattack.FixedinOpenSSL1.1.0i-dev(Affected1.1.0-1.1.0h).FixedinOpenSSL1.0.2p-dev(Affected1.0.2-1.0.2o).(CVE-2018-0732)\r\n\r\nASN.1stringsarerepresentedinternallywithinOpenSSLasanASN1_STRINGstructurewhichcontainsabufferholdingthestringdataandafieldholdingthebufferlength.ThiscontrastswithnormalCstringswhicharerepesentedasabufferforthestringdatawhichisterminatedwithaNU
