From b7d0840dcc651bb546be8778c501b079b4ccd776ba3c815ddeedc00b80df7f3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Mon, 30 Sep 2024 10:56:09 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main openssl-3 revision fb9c37359399775f5e48eb6edfac852c --- openssl-3.changes | 7 ++++++ openssl-3.spec | 3 +++ openssl-CVE-2024-41996.patch | 41 ++++++++++++++++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 openssl-CVE-2024-41996.patch diff --git a/openssl-3.changes b/openssl-3.changes index 53c7c96..74143fd 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Sep 19 08:05:52 UTC 2024 - Angel Yankov + +- Security fix: [bsc#1230698, CVE-2024-41996] + * Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used + * Added openssl-CVE-2024-41996.patch + ------------------------------------------------------------------- Thu Aug 22 15:18:03 UTC 2024 - Alexander Bergmann diff --git a/openssl-3.spec b/openssl-3.spec index 5b2247f..da507d2 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -167,6 +167,9 @@ Patch69: openssl-3-FIPS-PCT_rsa_keygen.patch Patch70: openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch # PATCH-FIX-UPSTREAM: bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks Patch71: openssl-CVE-2024-6119.patch +# PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE +Patch72: openssl-CVE-2024-41996.patch + BuildRequires: pkgconfig %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550 BuildRequires: ulp-macros diff --git a/openssl-CVE-2024-41996.patch b/openssl-CVE-2024-41996.patch new file mode 100644 index 0000000..81fc3e0 --- /dev/null +++ b/openssl-CVE-2024-41996.patch @@ -0,0 +1,41 @@ +From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Mon, 5 Aug 2024 17:54:14 +0200 +Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known + safe-prime groups +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The partial validation is fully sufficient to check the key validity. + +Thanks to Szilárd Pfeiffer for reporting the issue. + +Reviewed-by: Neil Horman +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/25088) +--- + providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index 82c3093b122c2..ebdce767102ee 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype) + if (pub_key == NULL) + return 0; + +- /* The partial test is only valid for named group's with q = (p - 1) / 2 */ +- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK +- && ossl_dh_is_named_safe_prime_group(dh)) ++ /* ++ * The partial test is only valid for named group's with q = (p - 1) / 2 ++ * but for that case it is also fully sufficient to check the key validity. ++ */ ++ if (ossl_dh_is_named_safe_prime_group(dh)) + return ossl_dh_check_pub_key_partial(dh, pub_key, &res); + + return DH_check_pub_key_ex(dh, pub_key); +