Accepting request 1099670 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1099670 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=49
This commit is contained in:
commit
eacff36a04
@ -1,3 +1,22 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 20 07:48:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||||
|
|
||||||
|
- Security fix: [bsc#1213487, CVE-2023-3446]
|
||||||
|
* Fix DH_check() excessive time with over sized modulus.
|
||||||
|
* The function DH_check() performs various checks on DH parameters.
|
||||||
|
One of those checks confirms that the modulus ("p" parameter) is
|
||||||
|
not too large. Trying to use a very large modulus is slow and
|
||||||
|
OpenSSL will not normally use a modulus which is over 10,000 bits
|
||||||
|
in length.
|
||||||
|
However the DH_check() function checks numerous aspects of the
|
||||||
|
key or parameters that have been supplied. Some of those checks
|
||||||
|
use the supplied modulus value even if it has already been found
|
||||||
|
to be too large.
|
||||||
|
A new limit has been added to DH_check of 32,768 bits. Supplying
|
||||||
|
a key/parameters with a modulus over this size will simply cause
|
||||||
|
DH_check() to fail.
|
||||||
|
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jun 20 15:18:56 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
Tue Jun 20 15:18:56 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||||
|
|
||||||
|
@ -132,6 +132,9 @@ Patch78: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes
|
|||||||
Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
|
Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
|
||||||
#PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
|
#PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
|
||||||
Patch80: openssl-1_1-openssl-config.patch
|
Patch80: openssl-1_1-openssl-config.patch
|
||||||
|
# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
|
||||||
|
Patch81: openssl-CVE-2023-3446.patch
|
||||||
|
Patch82: openssl-CVE-2023-3446-test.patch
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
BuildRequires: pkgconfig(zlib)
|
BuildRequires: pkgconfig(zlib)
|
||||||
Provides: ssl
|
Provides: ssl
|
||||||
|
58
openssl-CVE-2023-3446-test.patch
Normal file
58
openssl-CVE-2023-3446-test.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Fri, 7 Jul 2023 14:39:48 +0100
|
||||||
|
Subject: [PATCH] Add a test for CVE-2023-3446
|
||||||
|
|
||||||
|
Confirm that the only errors DH_check() finds with DH parameters with an
|
||||||
|
excessively long modulus is that the modulus is too large. We should not
|
||||||
|
be performing time consuming checks using that modulus.
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||||||
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/21452)
|
||||||
|
---
|
||||||
|
test/dhtest.c | 15 +++++++++++++--
|
||||||
|
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/test/dhtest.c b/test/dhtest.c
|
||||||
|
index 9d5609b943ab..00b3c471015d 100644
|
||||||
|
--- a/test/dhtest.c
|
||||||
|
+++ b/test/dhtest.c
|
||||||
|
@@ -63,7 +63,7 @@ static int dh_test(void)
|
||||||
|
|| !TEST_true(DH_set0_pqg(dh, p, q, g)))
|
||||||
|
goto err1;
|
||||||
|
|
||||||
|
- if (!DH_check(dh, &i))
|
||||||
|
+ if (!TEST_true(DH_check(dh, &i)))
|
||||||
|
goto err2;
|
||||||
|
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||||
|
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|
||||||
|
@@ -123,6 +123,17 @@ static int dh_test(void)
|
||||||
|
/* check whether the public key was calculated correctly */
|
||||||
|
TEST_uint_eq(BN_get_word(pub_key2), 3331L);
|
||||||
|
|
||||||
|
+ /* Modulus of size: dh check max modulus bits + 1 */
|
||||||
|
+ if (!TEST_true(BN_set_word(p, 1))
|
||||||
|
+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
|
||||||
|
+ goto err3;
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * We expect no checks at all for an excessively large modulus
|
||||||
|
+ */
|
||||||
|
+ if (!TEST_false(DH_check(dh, &i)))
|
||||||
|
+ goto err3;
|
||||||
|
+
|
||||||
|
/*
|
||||||
|
* II) key generation
|
||||||
|
*/
|
||||||
|
@@ -137,7 +148,7 @@ static int dh_test(void)
|
||||||
|
goto err3;
|
||||||
|
|
||||||
|
/* ... and check whether it is valid */
|
||||||
|
- if (!DH_check(a, &i))
|
||||||
|
+ if (!TEST_true(DH_check(a, &i)))
|
||||||
|
goto err3;
|
||||||
|
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||||
|
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|
105
openssl-CVE-2023-3446.patch
Normal file
105
openssl-CVE-2023-3446.patch
Normal file
@ -0,0 +1,105 @@
|
|||||||
|
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Matt Caswell <matt@openssl.org>
|
||||||
|
Date: Thu, 6 Jul 2023 16:36:35 +0100
|
||||||
|
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
|
||||||
|
|
||||||
|
The DH_check() function checks numerous aspects of the key or parameters
|
||||||
|
that have been supplied. Some of those checks use the supplied modulus
|
||||||
|
value even if it is excessively large.
|
||||||
|
|
||||||
|
There is already a maximum DH modulus size (10,000 bits) over which
|
||||||
|
OpenSSL will not generate or derive keys. DH_check() will however still
|
||||||
|
perform various tests for validity on such a large modulus. We introduce a
|
||||||
|
new maximum (32,768) over which DH_check() will just fail.
|
||||||
|
|
||||||
|
An application that calls DH_check() and supplies a key or parameters
|
||||||
|
obtained from an untrusted source could be vulnerable to a Denial of
|
||||||
|
Service attack.
|
||||||
|
|
||||||
|
The function DH_check() is itself called by a number of other OpenSSL
|
||||||
|
functions. An application calling any of those other functions may
|
||||||
|
similarly be affected. The other functions affected by this are
|
||||||
|
DH_check_ex() and EVP_PKEY_param_check().
|
||||||
|
|
||||||
|
CVE-2023-3446
|
||||||
|
|
||||||
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||||
|
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||||||
|
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||||
|
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/21452)
|
||||||
|
---
|
||||||
|
crypto/dh/dh_check.c | 6 ++++++
|
||||||
|
crypto/dh/dh_err.c | 3 ++-
|
||||||
|
crypto/err/openssl.txt | 3 ++-
|
||||||
|
include/openssl/dh.h | 3 +++
|
||||||
|
include/openssl/dherr.h | 3 ++-
|
||||||
|
5 files changed, 15 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
Index: openssl-1.1.1u/crypto/dh/dh_check.c
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.1u.orig/crypto/dh/dh_check.c
|
||||||
|
+++ openssl-1.1.1u/crypto/dh/dh_check.c
|
||||||
|
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
|
||||||
|
BN_CTX *ctx = NULL;
|
||||||
|
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||||
|
|
||||||
|
+ /* Don't do any checks at all with an excessively large modulus */
|
||||||
|
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||||
|
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!DH_check_params(dh, ret))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
Index: openssl-1.1.1u/crypto/dh/dh_err.c
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.1u.orig/crypto/dh/dh_err.c
|
||||||
|
+++ openssl-1.1.1u/crypto/dh/dh_err.c
|
||||||
|
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_func
|
||||||
|
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
|
||||||
|
"dh_builtin_genparams"},
|
||||||
|
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
|
||||||
|
Index: openssl-1.1.1u/crypto/err/openssl.txt
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.1u.orig/crypto/err/openssl.txt
|
||||||
|
+++ openssl-1.1.1u/crypto/err/openssl.txt
|
||||||
|
@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
|
||||||
|
DH_F_COMPUTE_KEY:102:compute_key
|
||||||
|
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
|
||||||
|
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
|
||||||
|
+DH_F_DH_CHECK:126:DH_check
|
||||||
|
DH_F_DH_CHECK_EX:121:DH_check_ex
|
||||||
|
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
|
||||||
|
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
|
||||||
|
Index: openssl-1.1.1u/include/openssl/dh.h
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.1u.orig/include/openssl/dh.h
|
||||||
|
+++ openssl-1.1.1u/include/openssl/dh.h
|
||||||
|
@@ -29,6 +29,9 @@ extern "C" {
|
||||||
|
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
||||||
|
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||||
|
# endif
|
||||||
|
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
|
||||||
|
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
|
||||||
|
+# endif
|
||||||
|
|
||||||
|
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
||||||
|
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
|
||||||
|
Index: openssl-1.1.1u/include/openssl/dherr.h
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.1u.orig/include/openssl/dherr.h
|
||||||
|
+++ openssl-1.1.1u/include/openssl/dherr.h
|
||||||
|
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
|
||||||
|
# define DH_F_COMPUTE_KEY 102
|
||||||
|
# define DH_F_DHPARAMS_PRINT_FP 101
|
||||||
|
# define DH_F_DH_BUILTIN_GENPARAMS 106
|
||||||
|
+# define DH_F_DH_CHECK 126
|
||||||
|
# define DH_F_DH_CHECK_EX 121
|
||||||
|
# define DH_F_DH_CHECK_PARAMS_EX 122
|
||||||
|
# define DH_F_DH_CHECK_PUB_KEY_EX 123
|
Loading…
Reference in New Issue
Block a user