Accepting request 1101915 from home:pmonrealgonzalez:branches:security:tls

- Update to 1.1.1v: * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Rebase openssl-1_1-openssl-config.patch * Remove security patches fixed upstream: - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch OBS-URL: https://build.opensuse.org/request/show/1101915 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=141
2023-08-02 10:03:45 +00:00 · 2023-08-02 10:03:45 +00:00 · f8ec18178a
commit f8ec18178a
parent a620e0aeaf
9 changed files with 147 additions and 236 deletions
--- a/openssl-1.1.1u.tar.gz
+++ b/openssl-1.1.1u.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6
-size 9892176
--- a/openssl-1.1.1u.tar.gz.asc
+++ b/openssl-1.1.1u.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmR171cACgkQUnRmohyn
-nm0f7RAAj+ZssEY1hiRWhuLTmmFJIR1vhEpP9addj8oaXvlJSrA6QzHZrUcuzTL0
-jtOkS4gTIla8iNNe1alwQdYXnhW46IrQAy2+bYuHCLXJm55/0PKCs2Cdy3naPU3N
-9zxo+jAEx3X7hBJAzyLbGwrzpIUe9mbkyheSGxtEpW53ZvX1jo73uxyVYzq6BwJx
-ngCeyBDrRrP6GgwMrpR6zExUyOwltBl/Jvx813AvXXbczJgMe3wCeQOa9Y1QWaVA
-eTKz2lT7reZ80VzfXNMdPT+33+vABfwGEPsdXy7JIWGJubiC5vkHq2Im/U6wzU9v
-9WsKk9MGQ4OV52gcRiYVyb9+nvGWUgfgV8c268nwWHIdYA85FjBb8xGzK1vHgA3o
-E4rRT6e94l+NQChjmm7NwALLcQ+oFtqXsK+CiG9Ek6BMXJ/RitmQUHuhnRDyNL2u
-OtbF549NrxwPe3CskJzP+tUizcQbM6HJtaKi+U49f1+EYZObxJ57qom34eFgET8N
-GvnY6ikBccGEMjphL7dOzEnKYMRBSTCYAQfjBLFvwth2yLjM5f8AC+z6KhGiKnDY
-JI+hHdca4rfrsKXxon+62x8gFmP8waHacR6Sh0OqDiYqNYn+G9q3nuLZMGpRJD2M
-WgXyeu43LEXwhbCGzxnQH0mxFWSMB/2trWTTFzr5BrS7TmujVCw=
-=EBqr
-----END PGP SIGNATURE-----
--- a/openssl-1.1.1v.tar.gz
+++ b/openssl-1.1.1v.tar.gz
--- a/openssl-1.1.1v.tar.gz.asc
+++ b/openssl-1.1.1v.tar.gz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmTJDewACgkQ2JTizos9
+efVPDBAAjgNq842XSAhmH3CBHHFtMuVlg5RV+tAV7PF7tDm/Bu0VPxZecvDhEHyk
+y1bIzYki9kPQrnDc5Cz3UYHjnBp2n2GH+JDShedSJMH3qbsAlSB4j5b15UFjE8b4
+yDl4rlcug3SydqEdYJAGnOD3QBghsX7GiS6S9BgnU1D1XDZ1LYF6NumrjeypGm2r
+vodcjel0tD+Xu2Du398sGmXLZLfK7eBT8dYtzWHAZubf+dNQmfRRDALo2Q5Xux6p
+xIDlEQvTUkt5mF+Rx0CI1boIKeaFoZFOReUW0zkKYfwNkfq1WvGj3sGA+StQsgn1
+Dvfx6ONoS9UT+6KTegsLOIX2xOAHa8k4UgtW19eCovYzJNkBwNnq83lrvIEMoLY7
+brALTqBmlFq4prPgzpDHlTeC78uDcf/Ao95CeBw5yKVsKAN7W7vA2u6Gr2ZgUWsF
+zVnrxJ9difkrvkFxm6uO2qu1qA/84Bow77M6/7FSHFZ+oDB3tjGXtq4Tf6iBkhpf
+XIRu79S1LxCY7HxKVHHfpKuGSfefV/tgPeOac8CvucIq6r1Be20h0crRnDEGJt8G
+Otznvt04iX+FkSVC7PjiAVZqubQQWjXUZxDngQgUOye/suExGwEoaTMmhj95eiVu
+ufee+jDrVGOjhLLoEClP/+zpl2Wplq3KzLVsvvJa8v5KTVot9r4=
+=mu7b
+-----END PGP SIGNATURE-----
--- a/openssl-1_1-openssl-config.patch
+++ b/openssl-1_1-openssl-config.patch
@ -24,8 +24,10 @@
 tools/c_rehash.in                          |    6 ++--
 23 files changed, 71 insertions(+), 68 deletions(-)

--- a/Configurations/descrip.mms.tmpl
-+++ b/Configurations/descrip.mms.tmpl
+Index: openssl-1.1.1v/Configurations/descrip.mms.tmpl
+===================================================================
+--- openssl-1.1.1v.orig/Configurations/descrip.mms.tmpl
+++ openssl-1.1.1v/Configurations/descrip.mms.tmpl
@@ -142,8 +142,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\
 INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -}
 INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -}
@ -37,8 +39,10 @@
 {- output_on() if $disabled{apps}; "" -}
 
 APPS_OPENSSL={- use File::Spec::Functions;
--- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
+Index: openssl-1.1.1v/Configurations/unix-Makefile.tmpl
+===================================================================
+--- openssl-1.1.1v.orig/Configurations/unix-Makefile.tmpl
+++ openssl-1.1.1v/Configurations/unix-Makefile.tmpl
@@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\
 INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -}
 INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -}
@ -82,8 +86,10 @@
 
 generate_crypto_bn:
 	( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h )
--- a/Configure
-+++ b/Configure
+Index: openssl-1.1.1v/Configure
+===================================================================
+--- openssl-1.1.1v.orig/Configure
+++ openssl-1.1.1v/Configure
@@ -35,7 +35,7 @@ my $usage="Usage: Configure [no-<cipher>
 #               directories bin, lib, include, share/man, share/doc/openssl
 #               This becomes the value of INSTALLTOP in Makefile
@ -93,8 +99,10 @@
 #               If it's a relative directory, it will be added on the directory
 #               given with --prefix.
 #               This becomes the value of OPENSSLDIR in Makefile and in C.
--- a/INSTALL
-+++ b/INSTALL
+Index: openssl-1.1.1v/INSTALL
+===================================================================
+--- openssl-1.1.1v.orig/INSTALL
+++ openssl-1.1.1v/INSTALL
@@ -296,7 +296,7 @@
                    be undesirable if small executable size is an objective.
 
@ -104,11 +112,13 @@
                    Typically OpenSSL will automatically load a system config
                    file which configures default ssl options.
 
--- a/NEWS
-+++ b/NEWS
-@@ -5,6 +5,9 @@
-   This file gives a brief overview of the major changes between each OpenSSL
-   release. For more details please read the CHANGES file.
+Index: openssl-1.1.1v/NEWS
+===================================================================
+--- openssl-1.1.1v.orig/NEWS
+++ openssl-1.1.1v/NEWS
+@@ -10,6 +10,9 @@
+       o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
+       o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
 
 +  IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master
 +  configuration file openssl.cnf has been renamed to openssl-1_1.cnf.
@ -116,8 +126,10 @@
   Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
 
       o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
--- a/VMS/openssl_utils.com.in
-+++ b/VMS/openssl_utils.com.in
+Index: openssl-1.1.1v/VMS/openssl_utils.com.in
+===================================================================
+--- openssl-1.1.1v.orig/VMS/openssl_utils.com.in
+++ openssl-1.1.1v/VMS/openssl_utils.com.in
@@ -8,7 +8,7 @@ $	OPENSSL		:== $OSSL$EXE:OPENSSL'v'
 $
 $	IF F$TYPE(PERL) .EQS. "STRING"
@ -127,8 +139,10 @@
 $	ELSE
 $	    WRITE SYS$ERROR "NOTE: no perl => no C_REHASH"
 $	ENDIF
--- a/apps/CA.pl.in
-+++ b/apps/CA.pl.in
+Index: openssl-1.1.1v/apps/CA.pl.in
+===================================================================
+--- openssl-1.1.1v.orig/apps/CA.pl.in
+++ openssl-1.1.1v/apps/CA.pl.in
@@ -113,10 +113,10 @@ sub run
 
 
@ -144,8 +158,10 @@
     exit 0;
 }
 if ($WHAT eq '-newcert' ) {
--- a/apps/build.info
-+++ b/apps/build.info
+Index: openssl-1.1.1v/apps/build.info
+===================================================================
+--- openssl-1.1.1v.orig/apps/build.info
+++ openssl-1.1.1v/apps/build.info
@@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}]
   GENERATE[progs.h]=progs.pl $(APPS_OPENSSL)
   DEPEND[progs.h]=../configdata.pm
@ -157,8 +173,10 @@
 +  SOURCE[CA-1_1.pl]=CA.pl.in
 +  SOURCE[tsget-1_1.pl]=tsget.in
 ENDIF
--- a/apps/tsget.in
-+++ b/apps/tsget.in
+Index: openssl-1.1.1v/apps/tsget.in
+===================================================================
+--- openssl-1.1.1v.orig/apps/tsget.in
+++ openssl-1.1.1v/apps/tsget.in
@@ -47,7 +47,7 @@ sub create_curl {
     $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d};
     $curl->setopt(CURLOPT_FAILONERROR, 1);
@ -168,8 +186,10 @@
 
     # Options for POST method.
     $curl->setopt(CURLOPT_UPLOAD, 1);
--- a/doc/HOWTO/certificates.txt
-+++ b/doc/HOWTO/certificates.txt
+Index: openssl-1.1.1v/doc/HOWTO/certificates.txt
+===================================================================
+--- openssl-1.1.1v.orig/doc/HOWTO/certificates.txt
+++ openssl-1.1.1v/doc/HOWTO/certificates.txt
@@ -16,7 +16,7 @@ Certificate authorities should read http
 In all the cases shown below, the standard configuration file, as
 compiled into openssl, will be used.  You may find it in /etc/,
@ -179,8 +199,10 @@
 You can specify a different configuration file using the
 '-config {file}' argument with the commands shown below.
 
--- a/doc/man1/CA.pl.pod
-+++ b/doc/man1/CA.pl.pod
+Index: openssl-1.1.1v/doc/man1/CA.pl.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/CA.pl.pod
+++ openssl-1.1.1v/doc/man1/CA.pl.pod
@@ -2,16 +2,16 @@
 
 =head1 NAME
@ -283,8 +305,10 @@
 
 can be used and the B<OPENSSL_CONF> environment variable changed to point to
 the correct path of the configuration file.
--- a/doc/man1/ca.pod
-+++ b/doc/man1/ca.pod
+Index: openssl-1.1.1v/doc/man1/ca.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/ca.pod
+++ openssl-1.1.1v/doc/man1/ca.pod
@@ -698,7 +698,7 @@ the database has to be kept in memory.
 The B<ca> command really needs rewriting or the required functionality
 exposed at either a command or interface level so a more friendly utility
@ -303,8 +327,10 @@
 L<config(5)>, L<x509v3_config(5)>
 
 =head1 COPYRIGHT
--- a/doc/man1/rehash.pod
-+++ b/doc/man1/rehash.pod
+Index: openssl-1.1.1v/doc/man1/rehash.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/rehash.pod
+++ openssl-1.1.1v/doc/man1/rehash.pod
@@ -6,7 +6,7 @@ Original text by James Westby, contribut
 =head1 NAME
 
@ -340,8 +366,10 @@
 uses the B<openssl> program to compute the hashes and
 fingerprints. If not found in the user's B<PATH>, then set the
 B<OPENSSL> environment variable to the full pathname.
--- a/doc/man1/tsget.pod
-+++ b/doc/man1/tsget.pod
+Index: openssl-1.1.1v/doc/man1/tsget.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/tsget.pod
+++ openssl-1.1.1v/doc/man1/tsget.pod
@@ -35,7 +35,7 @@ line.
 The tool sends the following HTTP request for each timestamp request:
 
@ -360,8 +388,10 @@
 OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
 HTTPS. (Optional)
 
--- a/doc/man1/verify.pod
-+++ b/doc/man1/verify.pod
+Index: openssl-1.1.1v/doc/man1/verify.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/verify.pod
+++ openssl-1.1.1v/doc/man1/verify.pod
@@ -75,7 +75,7 @@ The file should contain one or more cert
 A directory of trusted certificates. The certificates should have names
 of the form: hash.0 or have symbolic links to them of this
@ -371,8 +401,10 @@
 create symbolic links to a directory of certificates.
 
 =item B<-no-CAfile>
--- a/doc/man1/x509.pod
-+++ b/doc/man1/x509.pod
+Index: openssl-1.1.1v/doc/man1/x509.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man1/x509.pod
+++ openssl-1.1.1v/doc/man1/x509.pod
@@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec
 before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
 of the distinguished name. In OpenSSL 1.0.0 and later it is based on a
@ -382,8 +414,10 @@
 
 =head1 COPYRIGHT
 
--- a/doc/man3/OPENSSL_config.pod
-+++ b/doc/man3/OPENSSL_config.pod
+Index: openssl-1.1.1v/doc/man3/OPENSSL_config.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man3/OPENSSL_config.pod
+++ openssl-1.1.1v/doc/man3/OPENSSL_config.pod
@@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp
 
 =head1 DESCRIPTION
@ -393,8 +427,10 @@
 reads from the application section B<appname>. If B<appname> is NULL then
 the default section, B<openssl_conf>, will be used.
 Errors are silently ignored.
--- a/doc/man3/SSL_CTX_load_verify_locations.pod
-+++ b/doc/man3/SSL_CTX_load_verify_locations.pod
+Index: openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man3/SSL_CTX_load_verify_locations.pod
+++ openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod
@@ -63,7 +63,7 @@ If more than one CA certificate with the
 extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search
 is performed in the ordering of the extension number, regardless of other
@ -413,8 +449,10 @@
 
 =head1 SEE ALSO
 
--- a/doc/man5/config.pod
-+++ b/doc/man5/config.pod
+Index: openssl-1.1.1v/doc/man5/config.pod
+===================================================================
+--- openssl-1.1.1v.orig/doc/man5/config.pod
+++ openssl-1.1.1v/doc/man5/config.pod
@@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat
 =head1 DESCRIPTION
 
@ -424,8 +462,10 @@
 and in a few other places like B<SPKAC> files and certificate extension
 files for the B<x509> utility. OpenSSL applications can also use the
 CONF library for their own purposes.
--- a/include/internal/cryptlib.h
-+++ b/include/internal/cryptlib.h
+Index: openssl-1.1.1v/include/internal/cryptlib.h
+===================================================================
+--- openssl-1.1.1v.orig/include/internal/cryptlib.h
+++ openssl-1.1.1v/include/internal/cryptlib.h
@@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO;
 typedef struct mem_st MEM;
 DEFINE_LHASH_OF(MEM);
@ -435,8 +475,10 @@
 
 # ifndef OPENSSL_SYS_VMS
 #  define X509_CERT_AREA          OPENSSLDIR
--- a/test/recipes/80-test_ca.t
-+++ b/test/recipes/80-test_ca.t
+Index: openssl-1.1.1v/test/recipes/80-test_ca.t
+===================================================================
+--- openssl-1.1.1v.orig/test/recipes/80-test_ca.t
+++ openssl-1.1.1v/test/recipes/80-test_ca.t
@@ -27,27 +27,27 @@ plan tests => 5;
  SKIP: {
      $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"';
@ -470,8 +512,10 @@
         'creating new pre-certificate');
 }
 
--- a/tools/build.info
-+++ b/tools/build.info
+Index: openssl-1.1.1v/tools/build.info
+===================================================================
+--- openssl-1.1.1v.orig/tools/build.info
+++ openssl-1.1.1v/tools/build.info
@@ -1,5 +1,5 @@
 {- our $c_rehash_name =
 -       $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash";
@ -479,8 +523,10 @@
    "" -}
 IF[{- !$disabled{apps} -}]
   SCRIPTS={- $c_rehash_name -}
--- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
+Index: openssl-1.1.1v/tools/c_rehash.in
+===================================================================
+--- openssl-1.1.1v.orig/tools/c_rehash.in
+++ openssl-1.1.1v/tools/c_rehash.in
@@ -8,7 +8,7 @@
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Tue Aug  1 16:12:36 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 1.1.1v:
+  * Fix excessive time spent checking DH q parameter value
+    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
+    various checks on DH parameters. After fixing CVE-2023-3446 it
+    was discovered that a large q parameter value can also trigger
+    an overly long computation during some of these checks. A
+    correct q value, if present, cannot be larger than the modulus
+    p parameter, thus it is unnecessary to perform these checks if
+    q is larger than p. If DH_check() is called with such q parameter
+    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
+    computationally intensive checks are skipped.
+  * Fix DH_check() excessive time with over sized modulus
+    (bsc#1213487, CVE-2023-3446). The function DH_check() performs
+    various checks on DH parameters. One of those checks confirms
+    that the modulus ("p" parameter) is not too large. Trying to use
+    a very large modulus is slow and OpenSSL will not normally use
+    a modulus which is over 10,000 bits in length. However the
+    DH_check() function checks numerous aspects of the key or
+    parameters that have been supplied. Some of those checks use the
+    supplied modulus value even if it has already been found to be
+    too large. A new limit has been added to DH_check of 32,768 bits.
+    Supplying a key/parameters with a modulus over this size will
+    simply cause DH_check() to fail.
+  * Rebase openssl-1_1-openssl-config.patch
+  * Remove security patches fixed upstream:
+    - openssl-CVE-2023-3446.patch
+    - openssl-CVE-2023-3446-test.patch
+
 -------------------------------------------------------------------
 Mon Jul 24 12:40:38 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@ -41,7 +41,7 @@
 %define _rname  openssl
 Name:           openssl-1_1
 # Don't forget to update the version in the "openssl" meta-package!
-Version:        1.1.1u
+Version:        1.1.1v
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@ -132,11 +132,8 @@ Patch78:        openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes
 Patch79:        openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch
 #PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl
 Patch80:        openssl-1_1-openssl-config.patch
-# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus
-Patch81:        openssl-CVE-2023-3446.patch
-Patch82:        openssl-CVE-2023-3446-test.patch
 # PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher
-Patch83:        openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
+Patch81:        openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Provides:       ssl
--- a/openssl-CVE-2023-3446-test.patch
+++ b/openssl-CVE-2023-3446-test.patch
@ -1,58 +0,0 @@
-From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 7 Jul 2023 14:39:48 +0100
-Subject: [PATCH] Add a test for CVE-2023-3446
-
-Confirm that the only errors DH_check() finds with DH parameters with an
-excessively long modulus is that the modulus is too large. We should not
-be performing time consuming checks using that modulus.
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21452)
---
- test/dhtest.c | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/test/dhtest.c b/test/dhtest.c
-index 9d5609b943ab..00b3c471015d 100644
--- a/test/dhtest.c
-+++ b/test/dhtest.c
-@@ -63,7 +63,7 @@ static int dh_test(void)
-         || !TEST_true(DH_set0_pqg(dh, p, q, g)))
-         goto err1;
- 
-    if (!DH_check(dh, &i))
-+    if (!TEST_true(DH_check(dh, &i)))
-         goto err2;
-     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
-@@ -123,6 +123,17 @@ static int dh_test(void)
-     /* check whether the public key was calculated correctly */
-     TEST_uint_eq(BN_get_word(pub_key2), 3331L);
- 
-+    /* Modulus of size: dh check max modulus bits + 1 */
-+    if (!TEST_true(BN_set_word(p, 1))
-+            || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
-+        goto err3;
-+
-+    /*
-+     * We expect no checks at all for an excessively large modulus
-+     */
-+    if (!TEST_false(DH_check(dh, &i)))
-+        goto err3;
-+
-     /*
-      * II) key generation
-      */
-@@ -137,7 +148,7 @@ static int dh_test(void)
-         goto err3;
- 
-     /* ... and check whether it is valid */
-    if (!DH_check(a, &i))
-+    if (!TEST_true(DH_check(a, &i)))
-         goto err3;
-     if (!TEST_false(i & DH_CHECK_P_NOT_PRIME)
-             || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME)
--- a/openssl-CVE-2023-3446.patch
+++ b/openssl-CVE-2023-3446.patch
@ -1,105 +0,0 @@
-From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 6 Jul 2023 16:36:35 +0100
-Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
-
-The DH_check() function checks numerous aspects of the key or parameters
-that have been supplied. Some of those checks use the supplied modulus
-value even if it is excessively large.
-
-There is already a maximum DH modulus size (10,000 bits) over which
-OpenSSL will not generate or derive keys. DH_check() will however still
-perform various tests for validity on such a large modulus. We introduce a
-new maximum (32,768) over which DH_check() will just fail.
-
-An application that calls DH_check() and supplies a key or parameters
-obtained from an untrusted source could be vulnerable to a Denial of
-Service attack.
-
-The function DH_check() is itself called by a number of other OpenSSL
-functions. An application calling any of those other functions may
-similarly be affected. The other functions affected by this are
-DH_check_ex() and EVP_PKEY_param_check().
-
-CVE-2023-3446
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21452)
---
- crypto/dh/dh_check.c    | 6 ++++++
- crypto/dh/dh_err.c      | 3 ++-
- crypto/err/openssl.txt  | 3 ++-
- include/openssl/dh.h    | 3 +++
- include/openssl/dherr.h | 3 ++-
- 5 files changed, 15 insertions(+), 3 deletions(-)
-
-Index: openssl-1.1.1u/crypto/dh/dh_check.c
-===================================================================
--- openssl-1.1.1u.orig/crypto/dh/dh_check.c
-+++ openssl-1.1.1u/crypto/dh/dh_check.c
-@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
-     BN_CTX *ctx = NULL;
-     BIGNUM *t1 = NULL, *t2 = NULL;
- 
-+    /* Don't do any checks at all with an excessively large modulus */
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     if (!DH_check_params(dh, ret))
-         return 0;
- 
-Index: openssl-1.1.1u/crypto/dh/dh_err.c
-===================================================================
--- openssl-1.1.1u.orig/crypto/dh/dh_err.c
-+++ openssl-1.1.1u/crypto/dh/dh_err.c
-@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_func
-     {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
-      "dh_builtin_genparams"},
-+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
-Index: openssl-1.1.1u/crypto/err/openssl.txt
-===================================================================
--- openssl-1.1.1u.orig/crypto/err/openssl.txt
-+++ openssl-1.1.1u/crypto/err/openssl.txt
-@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
- DH_F_COMPUTE_KEY:102:compute_key
- DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
- DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
-+DH_F_DH_CHECK:126:DH_check
- DH_F_DH_CHECK_EX:121:DH_check_ex
- DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
- DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
-Index: openssl-1.1.1u/include/openssl/dh.h
-===================================================================
--- openssl-1.1.1u.orig/include/openssl/dh.h
-+++ openssl-1.1.1u/include/openssl/dh.h
-@@ -29,6 +29,9 @@ extern "C" {
- # ifndef OPENSSL_DH_MAX_MODULUS_BITS
- #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
- # endif
-+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
-+#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
-+# endif
- 
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
-Index: openssl-1.1.1u/include/openssl/dherr.h
-===================================================================
--- openssl-1.1.1u.orig/include/openssl/dherr.h
-+++ openssl-1.1.1u/include/openssl/dherr.h
-@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
- #  define DH_F_COMPUTE_KEY                                 102
- #  define DH_F_DHPARAMS_PRINT_FP                           101
- #  define DH_F_DH_BUILTIN_GENPARAMS                        106
-+#  define DH_F_DH_CHECK                                    126
- #  define DH_F_DH_CHECK_EX                                 121
- #  define DH_F_DH_CHECK_PARAMS_EX                          122
- #  define DH_F_DH_CHECK_PUB_KEY_EX                         123