Accepting request 1099670 from security:tls
OBS-URL: https://build.opensuse.org/request/show/1099670 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-1_1?expand=0&rev=49
This commit is contained in:
commit
eacff36a04
@ -1,3 +1,22 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 20 07:48:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
- Security fix: [bsc#1213487, CVE-2023-3446]
|
||||
* Fix DH_check() excessive time with over sized modulus.
|
||||
* The function DH_check() performs various checks on DH parameters.
|
||||
One of those checks confirms that the modulus ("p" parameter) is
|
||||
not too large. Trying to use a very large modulus is slow and
|
||||
OpenSSL will not normally use a modulus which is over 10,000 bits
|
||||
in length.
|
||||
However the DH_check() function checks numerous aspects of the
|
||||
key or parameters that have been supplied. Some of those checks
|
||||
use the supplied modulus value even if it has already been found
|
||||
to be too large.
|
||||
A new limit has been added to DH_check of 32,768 bits. Supplying
|
||||
a key/parameters with a modulus over this size will simply cause
|
||||
DH_check() to fail.
|
||||
* Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 20 15:18:56 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
|
||||
|
||||
|
@ -132,6 +132,9 @@ Patch78: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes
|
||||
Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
|
||||
#PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
|
||||
Patch80: openssl-1_1-openssl-config.patch
|
||||
# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
|
||||
Patch81: openssl-CVE-2023-3446.patch
|
||||
Patch82: openssl-CVE-2023-3446-test.patch
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
Provides: ssl
|
||||
|
58
openssl-CVE-2023-3446-test.patch
Normal file
58
openssl-CVE-2023-3446-test.patch
Normal file
@ -0,0 +1,58 @@
|
||||
From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Fri, 7 Jul 2023 14:39:48 +0100
|
||||
Subject: [PATCH] Add a test for CVE-2023-3446
|
||||
|
||||
Confirm that the only errors DH_check() finds with DH parameters with an
|
||||
excessively long modulus is that the modulus is too large. We should not
|
||||
be performing time consuming checks using that modulus.
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||||
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21452)
|
||||
---
|
||||
test/dhtest.c | 15 +++++++++++++--
|
||||
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/test/dhtest.c b/test/dhtest.c
|
||||
index 9d5609b943ab..00b3c471015d 100644
|
||||
--- a/test/dhtest.c
|
||||
+++ b/test/dhtest.c
|
||||
@@ -63,7 +63,7 @@ static int dh_test(void)
|
||||
|| !TEST_true(DH_set0_pqg(dh, p, q, g)))
|
||||
goto err1;
|
||||
|
||||
- if (!DH_check(dh, &i))
|
||||
+ if (!TEST_true(DH_check(dh, &i)))
|
||||
goto err2;
|
||||
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|
||||
@@ -123,6 +123,17 @@ static int dh_test(void)
|
||||
/* check whether the public key was calculated correctly */
|
||||
TEST_uint_eq(BN_get_word(pub_key2), 3331L);
|
||||
|
||||
+ /* Modulus of size: dh check max modulus bits + 1 */
|
||||
+ if (!TEST_true(BN_set_word(p, 1))
|
||||
+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
|
||||
+ goto err3;
|
||||
+
|
||||
+ /*
|
||||
+ * We expect no checks at all for an excessively large modulus
|
||||
+ */
|
||||
+ if (!TEST_false(DH_check(dh, &i)))
|
||||
+ goto err3;
|
||||
+
|
||||
/*
|
||||
* II) key generation
|
||||
*/
|
||||
@@ -137,7 +148,7 @@ static int dh_test(void)
|
||||
goto err3;
|
||||
|
||||
/* ... and check whether it is valid */
|
||||
- if (!DH_check(a, &i))
|
||||
+ if (!TEST_true(DH_check(a, &i)))
|
||||
goto err3;
|
||||
if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
|
||||
|| !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
|
105
openssl-CVE-2023-3446.patch
Normal file
105
openssl-CVE-2023-3446.patch
Normal file
@ -0,0 +1,105 @@
|
||||
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
|
||||
From: Matt Caswell <matt@openssl.org>
|
||||
Date: Thu, 6 Jul 2023 16:36:35 +0100
|
||||
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
|
||||
|
||||
The DH_check() function checks numerous aspects of the key or parameters
|
||||
that have been supplied. Some of those checks use the supplied modulus
|
||||
value even if it is excessively large.
|
||||
|
||||
There is already a maximum DH modulus size (10,000 bits) over which
|
||||
OpenSSL will not generate or derive keys. DH_check() will however still
|
||||
perform various tests for validity on such a large modulus. We introduce a
|
||||
new maximum (32,768) over which DH_check() will just fail.
|
||||
|
||||
An application that calls DH_check() and supplies a key or parameters
|
||||
obtained from an untrusted source could be vulnerable to a Denial of
|
||||
Service attack.
|
||||
|
||||
The function DH_check() is itself called by a number of other OpenSSL
|
||||
functions. An application calling any of those other functions may
|
||||
similarly be affected. The other functions affected by this are
|
||||
DH_check_ex() and EVP_PKEY_param_check().
|
||||
|
||||
CVE-2023-3446
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
|
||||
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/21452)
|
||||
---
|
||||
crypto/dh/dh_check.c | 6 ++++++
|
||||
crypto/dh/dh_err.c | 3 ++-
|
||||
crypto/err/openssl.txt | 3 ++-
|
||||
include/openssl/dh.h | 3 +++
|
||||
include/openssl/dherr.h | 3 ++-
|
||||
5 files changed, 15 insertions(+), 3 deletions(-)
|
||||
|
||||
Index: openssl-1.1.1u/crypto/dh/dh_check.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1u.orig/crypto/dh/dh_check.c
|
||||
+++ openssl-1.1.1u/crypto/dh/dh_check.c
|
||||
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
|
||||
BN_CTX *ctx = NULL;
|
||||
BIGNUM *t1 = NULL, *t2 = NULL;
|
||||
|
||||
+ /* Don't do any checks at all with an excessively large modulus */
|
||||
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (!DH_check_params(dh, ret))
|
||||
return 0;
|
||||
|
||||
Index: openssl-1.1.1u/crypto/dh/dh_err.c
|
||||
===================================================================
|
||||
--- openssl-1.1.1u.orig/crypto/dh/dh_err.c
|
||||
+++ openssl-1.1.1u/crypto/dh/dh_err.c
|
||||
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_func
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
|
||||
"dh_builtin_genparams"},
|
||||
+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
|
||||
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
|
||||
Index: openssl-1.1.1u/crypto/err/openssl.txt
|
||||
===================================================================
|
||||
--- openssl-1.1.1u.orig/crypto/err/openssl.txt
|
||||
+++ openssl-1.1.1u/crypto/err/openssl.txt
|
||||
@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
|
||||
DH_F_COMPUTE_KEY:102:compute_key
|
||||
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
|
||||
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
|
||||
+DH_F_DH_CHECK:126:DH_check
|
||||
DH_F_DH_CHECK_EX:121:DH_check_ex
|
||||
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
|
||||
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
|
||||
Index: openssl-1.1.1u/include/openssl/dh.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1u.orig/include/openssl/dh.h
|
||||
+++ openssl-1.1.1u/include/openssl/dh.h
|
||||
@@ -29,6 +29,9 @@ extern "C" {
|
||||
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
|
||||
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
|
||||
# endif
|
||||
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
|
||||
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
|
||||
+# endif
|
||||
|
||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
|
||||
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
|
||||
Index: openssl-1.1.1u/include/openssl/dherr.h
|
||||
===================================================================
|
||||
--- openssl-1.1.1u.orig/include/openssl/dherr.h
|
||||
+++ openssl-1.1.1u/include/openssl/dherr.h
|
||||
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
|
||||
# define DH_F_COMPUTE_KEY 102
|
||||
# define DH_F_DHPARAMS_PRINT_FP 101
|
||||
# define DH_F_DH_BUILTIN_GENPARAMS 106
|
||||
+# define DH_F_DH_CHECK 126
|
||||
# define DH_F_DH_CHECK_EX 121
|
||||
# define DH_F_DH_CHECK_PARAMS_EX 122
|
||||
# define DH_F_DH_CHECK_PUB_KEY_EX 123
|
Loading…
Reference in New Issue
Block a user