Sync from SUSE:ALP:Source:Standard:1.0 openssl-3 revision 99795a6b1300793b3879b1361cd91437

openssl-3-CVE-2024-41996.patch

@@ -0,0 +1,41 @@
+From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 5 Aug 2024 17:54:14 +0200
+Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
+ safe-prime groups
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The partial validation is fully sufficient to check the key validity.
+
+Thanks to Szilárd Pfeiffer for reporting the issue.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/25088)
+---
+ providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 82c3093b122c2..ebdce767102ee 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype)
+     if (pub_key == NULL)
+         return 0;
+ 
+-    /* The partial test is only valid for named group's with q = (p - 1) / 2 */
+-    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
+-        && ossl_dh_is_named_safe_prime_group(dh))
++    /*
++     * The partial test is only valid for named group's with q = (p - 1) / 2
++     * but for that case it is also fully sufficient to check the key validity.
++     */
++    if (ossl_dh_is_named_safe_prime_group(dh))
+         return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
+ 
+     return DH_check_pub_key_ex(dh, pub_key);
+

openssl-3.changes

@@ -1,5 +1,20 @@
 -------------------------------------------------------------------
-Wed Aug 28 08:44:51 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
+Thu Oct 17 12:21:14 UTC 2024 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1220262, CVE-2023-50782]
+  * Implicit rejection in PKCS#1 v1.5
+  * Add openssl-CVE-2023-50782.patch
+
+-------------------------------------------------------------------
+Wed Sep 25 06:59:52 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix: [bsc#1230698, CVE-2024-41996] 
+  * Validating the order of the public keys in the Diffie-Hellman
+    Key Agreement Protocol, when an approved safe prime is used.
+  * Added openssl-3-CVE-2024-41996.patch
+
+-------------------------------------------------------------------
+Thu Aug 22 15:18:03 UTC 2024 - Alexander Bergmann <abergmann@suse.com>
 
 - Security fix: [bsc#1229465, CVE-2024-6119]
   * possible denial of service in X.509 name checks

openssl-3.spec

@@ -167,6 +167,11 @@ Patch69:        openssl-3-FIPS-PCT_rsa_keygen.patch
 Patch70:        openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
 # PATCH-FIX-UPSTREAM: bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks
 Patch71:        openssl-CVE-2024-6119.patch
+# PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validation order of the DH public keys
+Patch72:        openssl-3-CVE-2024-41996.patch
+# PATCH-FIX-SUSE bsc#1220262 CVE-2023-50782: Implicit rejection in PKCS#1 v1.5
+Patch73:        openssl-CVE-2023-50782.patch
+
 BuildRequires:  pkgconfig
 %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
 BuildRequires:  ulp-macros