Accepting request 1126787 from security:tls

- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch
- Remove trailing spaces from changelog

- Remove a hack for bsc#936563
  bsc936563_hack.patch (bsc#936563)
- Build with no-ssl3, for details on why this is needed read
  require us to patch dependant packages as the relevant
  functions are still available (SSLv3_(client|server)_method)
- openssl.keyring: use Matt Caswells current key.
- openSSL 1.0.1j
- openssl.keyring: the 1.0.1i release was done by
- 012-Fix-eckey_priv_encode.patch eckey_priv_encode should
- 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
  it is already in RPM_OPT_FLAGS and is replaced by
- Remove the "gmp" and "capi" shared engines, nobody noticed
  but they are just dummies that do nothing.
- Use enable-rfc3779 to allow projects such as rpki.net
- openssl-buffreelistbug-aka-CVE-2010-5298.patch fix
- openssl-gcc-attributes.patch: fix thinko, CRYPTO_realloc_clean does
- openssl-gcc-attributes.patch

OBS-URL: https://build.opensuse.org/request/show/1126787
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=54
This commit is contained in:
Ana Guerrero 2023-11-17 19:48:11 +00:00 committed by Git OBS Bridge
commit 2e9c11df10
3 changed files with 288 additions and 95 deletions

View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Nov 13 09:29:26 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
- Security fix: [bsc#1216922, CVE-2023-5678]
* Fix excessive time spent in DH check / generation with large Q
parameter value.
* Applications that use the functions DH_generate_key() to generate
an X9.42 DH key may experience long delays. Likewise,
applications that use DH_check_pub_key(), DH_check_pub_key_ex
() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
DH parameters may experience long delays. Where the key or
parameters that are being checked have been obtained from an
untrusted source this may lead to a Denial of Service.
* Add openssl-CVE-2023-5678.patch
- Remove trailing spaces from changelog
-------------------------------------------------------------------
Thu Oct 19 15:03:14 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

View File

@ -185,6 +185,9 @@ Patch111: openssl-ec-powerpc64le-Add-asm-implementation-of-felem_-squa.pat
Patch112: openssl-ecc-Remove-extraneous-parentheses-in-secp384r1.patch
Patch113: openssl-powerpc-ecc-Fix-stack-allocation-secp384r1-asm.patch
Patch114: openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
# PATCH-FIX-UPSTREAM: bsc#1216922 CVE-2023-5678 Generating excessively long X9.42 DH keys or
# checking excessively long X9.42 DH keys or parameters may be very slow
Patch115: openssl-CVE-2023-5678.patch
BuildRequires: jitterentropy-devel >= 3.4.0
BuildRequires: pkgconfig
BuildRequires: pkgconfig(zlib)

174
openssl-CVE-2023-5678.patch Normal file
View File

@ -0,0 +1,174 @@
From db925ae2e65d0d925adef429afc37f75bd1c2017 Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 20 Oct 2023 09:18:19 +0200
Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.
This change adds all the missing excessive size checks of P and Q.
It's to be noted that behaviours surrounding excessively sized P and Q
differ. DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q. This behaviour is mimicked in
DH_check_pub_key().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22518)
(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
---
crypto/dh/dh_check.c | 12 ++++++++++++
crypto/dh/dh_err.c | 3 ++-
crypto/dh/dh_key.c | 12 ++++++++++++
crypto/err/openssl.txt | 1 +
include/crypto/dherr.h | 2 +-
include/openssl/dh.h | 6 +++---
include/openssl/dherr.h | 3 ++-
7 files changed, 33 insertions(+), 6 deletions(-)
Index: openssl-1.1.1w/crypto/dh/dh_err.c
===================================================================
--- openssl-1.1.1w.orig/crypto/dh/dh_err.c
+++ openssl-1.1.1w/crypto/dh/dh_err.c
@@ -21,6 +21,7 @@ static const ERR_STRING_DATA DH_str_func
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY, 0), "DH_check_pub_key"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
@@ -87,6 +88,7 @@ static const ERR_STRING_DATA DH_str_reas
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
"parameter encoding error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
"unable to check generator"},
Index: openssl-1.1.1w/crypto/err/openssl.txt
===================================================================
--- openssl-1.1.1w.orig/crypto/err/openssl.txt
+++ openssl-1.1.1w/crypto/err/openssl.txt
@@ -404,6 +404,7 @@ DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin
DH_F_DH_CHECK:126:DH_check
DH_F_DH_CHECK_EX:121:DH_check_ex
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
+DH_F_DH_CHECK_PUB_KEY:128:DH_check_pub_key
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
DH_F_DH_CMS_DECRYPT:114:dh_cms_decrypt
DH_F_DH_CMS_SET_PEERKEY:115:dh_cms_set_peerkey
@@ -2226,6 +2227,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters
DH_R_NO_PRIVATE_VALUE:100:no private value
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
DH_R_PEER_KEY_ERROR:111:peer key error
+DH_R_Q_TOO_LARGE:130:q too large
DH_R_SHARED_INFO_ERROR:113:shared info error
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
DSA_R_BAD_Q_VALUE:102:bad q value
Index: openssl-1.1.1w/include/openssl/dherr.h
===================================================================
--- openssl-1.1.1w.orig/include/openssl/dherr.h
+++ openssl-1.1.1w/include/openssl/dherr.h
@@ -31,6 +31,7 @@ int ERR_load_DH_strings(void);
# define DH_F_DH_CHECK 126
# define DH_F_DH_CHECK_EX 121
# define DH_F_DH_CHECK_PARAMS_EX 122
+# define DH_F_DH_CHECK_PUB_KEY 128
# define DH_F_DH_CHECK_PUB_KEY_EX 123
# define DH_F_DH_CMS_DECRYPT 114
# define DH_F_DH_CMS_SET_PEERKEY 115
@@ -84,6 +85,7 @@ int ERR_load_DH_strings(void);
# define DH_R_NO_PRIVATE_VALUE 100
# define DH_R_PARAMETER_ENCODING_ERROR 105
# define DH_R_PEER_KEY_ERROR 111
+# define DH_R_Q_TOO_LARGE 130
# define DH_R_SHARED_INFO_ERROR 113
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
Index: openssl-1.1.1w/crypto/dh/dh_check.c
===================================================================
--- openssl-1.1.1w.orig/crypto/dh/dh_check.c
+++ openssl-1.1.1w/crypto/dh/dh_check.c
@@ -260,6 +260,18 @@ static int dh_check_pub_key_int(const DH
*/
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
{
+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE);
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
+ return 0;
+ }
+
+ if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
+ return 1;
+ }
+
return dh_check_pub_key_int(dh, dh->q, pub_key, ret);
}
Index: openssl-1.1.1w/crypto/dh/dh_key.c
===================================================================
--- openssl-1.1.1w.orig/crypto/dh/dh_key.c
+++ openssl-1.1.1w/crypto/dh/dh_key.c
@@ -51,6 +51,12 @@ int DH_compute_key(unsigned char *key, c
int ret = 0, i;
volatile size_t npad = 0, mask = 1;
+ if (dh->q != NULL
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
+ return 0;
+ }
+
/* compute the key; ret is constant unless compute_key is external */
if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
return ret;
@@ -147,6 +153,12 @@ static int generate_key(DH *dh)
return 0;
}
+ if (dh->q != NULL
+ && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
+ return 0;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
Index: openssl-1.1.1w/doc/man3/DH_generate_parameters.pod
===================================================================
--- openssl-1.1.1w.orig/doc/man3/DH_generate_parameters.pod
+++ openssl-1.1.1w/doc/man3/DH_generate_parameters.pod
@@ -73,6 +73,10 @@ The generator B<g> is not suitable.
Note that the lack of this bit doesn't guarantee that B<g> is
suitable, unless B<p> is known to be a strong prime.
+=item DH_MODULUS_TOO_LARGE
+
+The modulus is too large.
+
=back
DH_check() confirms that the Diffie-Hellman parameters B<dh> are valid. The
Index: openssl-1.1.1w/include/openssl/dh.h
===================================================================
--- openssl-1.1.1w.orig/include/openssl/dh.h
+++ openssl-1.1.1w/include/openssl/dh.h
@@ -78,8 +78,9 @@ DECLARE_ASN1_ITEM(DHparams)
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
# define DH_NOT_SUITABLE_GENERATOR 0x08
# define DH_CHECK_Q_NOT_PRIME 0x10
-# define DH_CHECK_INVALID_Q_VALUE 0x20
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
# define DH_CHECK_INVALID_J_VALUE 0x40
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
/* DH_check_pub_key error codes */
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01