Sync from SUSE:SLFO:Main openssl-3 revision fb9c37359399775f5e48eb6edfac852c

2024-09-30 10:56:09 +02:00 · 2024-09-30 10:56:09 +02:00 · b7d0840dcc
commit b7d0840dcc
parent c5ce55a09c
3 changed files with 51 additions and 0 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep 19 08:05:52 UTC 2024 - Angel Yankov <angel.yankov@suse.com>
+
+- Security fix: [bsc#1230698, CVE-2024-41996] 
+  * Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used
+  * Added openssl-CVE-2024-41996.patch
+
 -------------------------------------------------------------------
 Thu Aug 22 15:18:03 UTC 2024 - Alexander Bergmann <abergmann@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -167,6 +167,9 @@ Patch69:        openssl-3-FIPS-PCT_rsa_keygen.patch
 Patch70:        openssl-3-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
 # PATCH-FIX-UPSTREAM: bsc#1229465 CVE-2024-6119: possible denial of service in X.509 name checks
 Patch71:        openssl-CVE-2024-6119.patch
+# PATCH-FIX-UPSTREAM bsc#1230698 CVE-2024-41996:  Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE
+Patch72:        openssl-CVE-2024-41996.patch
+
 BuildRequires:  pkgconfig
 %if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1550
 BuildRequires:  ulp-macros
--- a/openssl-CVE-2024-41996.patch
+++ b/openssl-CVE-2024-41996.patch
@ -0,0 +1,41 @@
+From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 5 Aug 2024 17:54:14 +0200
+Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
+ safe-prime groups
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The partial validation is fully sufficient to check the key validity.
+
+Thanks to Szilárd Pfeiffer for reporting the issue.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/25088)
+---
+ providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 82c3093b122c2..ebdce767102ee 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype)
+     if (pub_key == NULL)
+         return 0;
+ 
+-    /* The partial test is only valid for named group's with q = (p - 1) / 2 */
+-    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
+-        && ossl_dh_is_named_safe_prime_group(dh))
+    /*
+     * The partial test is only valid for named group's with q = (p - 1) / 2
+     * but for that case it is also fully sufficient to check the key validity.
+     */
+    if (ossl_dh_is_named_safe_prime_group(dh))
+         return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
+ 
+     return DH_check_pub_key_ex(dh, pub_key);
+