Accepting request 869551 from home:jsikes:branches:security:tls

Small fix. Enjoy! OBS-URL: https://build.opensuse.org/request/show/869551 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=83
2021-02-05 15:53:45 +00:00 · 2021-02-05 15:53:45 +00:00 · 083820900d
commit 083820900d
parent 3d07044ba3
3 changed files with 49 additions and 0 deletions
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Feb  4 18:23:17 UTC 2021 - Jason Sikes <jsikes@suse.com>
+
+- Zero pad the DHE public key in ClientKeyExchange for interoperability with
+  Windows Server 2019.
+  * openssl-zero-pad-DHE-public-key.patch
+  * bsc#1181796
+  * sourced from https://github.com/openssl/openssl/pull/12331/files
+
 -------------------------------------------------------------------
 Wed Jan 20 15:59:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>

--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@ -91,6 +91,7 @@ Patch52:        openssl-1.1.1-system-cipherlist.patch
 Patch53:        openssl-1_1-seclevel.patch
 Patch54:        openssl-1_1-use-seclevel2-in-tests.patch
 Patch55:        openssl-1_1-disable-test_srp-sslapi.patch
+Patch56:        openssl-zero-pad-DHE-public-key.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
--- a/openssl-zero-pad-DHE-public-key.patch
+++ b/openssl-zero-pad-DHE-public-key.patch
@ -0,0 +1,39 @@
+Index: openssl-1.1.1i/ssl/statem/statem_clnt.c
+===================================================================
+--- openssl-1.1.1i.orig/ssl/statem/statem_clnt.c
+++ openssl-1.1.1i/ssl/statem/statem_clnt.c
+@@ -3057,9 +3057,9 @@ static int tls_construct_cke_dhe(SSL *s,
+ {
+ #ifndef OPENSSL_NO_DH
+     DH *dh_clnt = NULL;
+-    const BIGNUM *pub_key;
+     EVP_PKEY *ckey = NULL, *skey = NULL;
+     unsigned char *keybytes = NULL;
+    int prime_len;
+ 
+     skey = s->s3->peer_tmp;
+     if (skey == NULL) {
+@@ -3089,15 +3089,19 @@ static int tls_construct_cke_dhe(SSL *s,
+     }
+ 
+     /* send off the data */
+-    DH_get0_key(dh_clnt, &pub_key, NULL);
+-    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
+-                                        &keybytes)) {
+    prime_len = BN_num_bytes(DH_get0_p(dh_clnt));
+    /*
+     * For interoperability with some versions of the Microsoft TLS
+     * stack, we need to zero pad the DHE pub key to the same length
+     * as the prime, so use the length of the prime here.
+     */
+    if (!WPACKET_sub_allocate_bytes_u16(pkt, prime_len, &keybytes)
+            || BN_bn2binpad(DH_get0_pub_key(dh_clnt), keybytes, prime_len) < 0) {
+         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                  ERR_R_INTERNAL_ERROR);
+         goto err;
+     }
+ 
+-    BN_bn2bin(pub_key, keybytes);
+     EVP_PKEY_free(ckey);
+ 
+     return 1;