From f8ec18178aece972fa49cd0c045669545d9031df026f634a6c614818e4211688 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Wed, 2 Aug 2023 10:03:45 +0000 Subject: [PATCH] Accepting request 1101915 from home:pmonrealgonzalez:branches:security:tls - Update to 1.1.1v: * Fix excessive time spent checking DH q parameter value (bsc#1213853, CVE-2023-3817). The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped. * Fix DH_check() excessive time with over sized modulus (bsc#1213487, CVE-2023-3446). The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail. * Rebase openssl-1_1-openssl-config.patch * Remove security patches fixed upstream: - openssl-CVE-2023-3446.patch - openssl-CVE-2023-3446-test.patch OBS-URL: https://build.opensuse.org/request/show/1101915 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=141 --- openssl-1.1.1u.tar.gz | 3 - openssl-1.1.1u.tar.gz.asc | 16 ---- openssl-1.1.1v.tar.gz | 3 + openssl-1.1.1v.tar.gz.asc | 16 ++++ openssl-1_1-openssl-config.patch | 144 ++++++++++++++++++++----------- openssl-1_1.changes | 31 +++++++ openssl-1_1.spec | 7 +- openssl-CVE-2023-3446-test.patch | 58 ------------- openssl-CVE-2023-3446.patch | 105 ---------------------- 9 files changed, 147 insertions(+), 236 deletions(-) delete mode 100644 openssl-1.1.1u.tar.gz delete mode 100644 openssl-1.1.1u.tar.gz.asc create mode 100644 openssl-1.1.1v.tar.gz create mode 100644 openssl-1.1.1v.tar.gz.asc delete mode 100644 openssl-CVE-2023-3446-test.patch delete mode 100644 openssl-CVE-2023-3446.patch diff --git a/openssl-1.1.1u.tar.gz b/openssl-1.1.1u.tar.gz deleted file mode 100644 index c32616b..0000000 --- a/openssl-1.1.1u.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6 -size 9892176 diff --git a/openssl-1.1.1u.tar.gz.asc b/openssl-1.1.1u.tar.gz.asc deleted file mode 100644 index 8bca6a1..0000000 --- a/openssl-1.1.1u.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEE3HAyZir4heL0fyQ/UnRmohynnm0FAmR171cACgkQUnRmohyn -nm0f7RAAj+ZssEY1hiRWhuLTmmFJIR1vhEpP9addj8oaXvlJSrA6QzHZrUcuzTL0 -jtOkS4gTIla8iNNe1alwQdYXnhW46IrQAy2+bYuHCLXJm55/0PKCs2Cdy3naPU3N -9zxo+jAEx3X7hBJAzyLbGwrzpIUe9mbkyheSGxtEpW53ZvX1jo73uxyVYzq6BwJx -ngCeyBDrRrP6GgwMrpR6zExUyOwltBl/Jvx813AvXXbczJgMe3wCeQOa9Y1QWaVA -eTKz2lT7reZ80VzfXNMdPT+33+vABfwGEPsdXy7JIWGJubiC5vkHq2Im/U6wzU9v -9WsKk9MGQ4OV52gcRiYVyb9+nvGWUgfgV8c268nwWHIdYA85FjBb8xGzK1vHgA3o -E4rRT6e94l+NQChjmm7NwALLcQ+oFtqXsK+CiG9Ek6BMXJ/RitmQUHuhnRDyNL2u -OtbF549NrxwPe3CskJzP+tUizcQbM6HJtaKi+U49f1+EYZObxJ57qom34eFgET8N -GvnY6ikBccGEMjphL7dOzEnKYMRBSTCYAQfjBLFvwth2yLjM5f8AC+z6KhGiKnDY -JI+hHdca4rfrsKXxon+62x8gFmP8waHacR6Sh0OqDiYqNYn+G9q3nuLZMGpRJD2M -WgXyeu43LEXwhbCGzxnQH0mxFWSMB/2trWTTFzr5BrS7TmujVCw= -=EBqr ------END PGP SIGNATURE----- diff --git a/openssl-1.1.1v.tar.gz b/openssl-1.1.1v.tar.gz new file mode 100644 index 0000000..f4d327a --- /dev/null +++ b/openssl-1.1.1v.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0 +size 9893443 diff --git a/openssl-1.1.1v.tar.gz.asc b/openssl-1.1.1v.tar.gz.asc new file mode 100644 index 0000000..b5d3f7a --- /dev/null +++ b/openssl-1.1.1v.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEE78CkZ9YTy4PH7W0w2JTizos9efUFAmTJDewACgkQ2JTizos9 +efVPDBAAjgNq842XSAhmH3CBHHFtMuVlg5RV+tAV7PF7tDm/Bu0VPxZecvDhEHyk +y1bIzYki9kPQrnDc5Cz3UYHjnBp2n2GH+JDShedSJMH3qbsAlSB4j5b15UFjE8b4 +yDl4rlcug3SydqEdYJAGnOD3QBghsX7GiS6S9BgnU1D1XDZ1LYF6NumrjeypGm2r +vodcjel0tD+Xu2Du398sGmXLZLfK7eBT8dYtzWHAZubf+dNQmfRRDALo2Q5Xux6p +xIDlEQvTUkt5mF+Rx0CI1boIKeaFoZFOReUW0zkKYfwNkfq1WvGj3sGA+StQsgn1 +Dvfx6ONoS9UT+6KTegsLOIX2xOAHa8k4UgtW19eCovYzJNkBwNnq83lrvIEMoLY7 +brALTqBmlFq4prPgzpDHlTeC78uDcf/Ao95CeBw5yKVsKAN7W7vA2u6Gr2ZgUWsF +zVnrxJ9difkrvkFxm6uO2qu1qA/84Bow77M6/7FSHFZ+oDB3tjGXtq4Tf6iBkhpf +XIRu79S1LxCY7HxKVHHfpKuGSfefV/tgPeOac8CvucIq6r1Be20h0crRnDEGJt8G +Otznvt04iX+FkSVC7PjiAVZqubQQWjXUZxDngQgUOye/suExGwEoaTMmhj95eiVu +ufee+jDrVGOjhLLoEClP/+zpl2Wplq3KzLVsvvJa8v5KTVot9r4= +=mu7b +-----END PGP SIGNATURE----- diff --git a/openssl-1_1-openssl-config.patch b/openssl-1_1-openssl-config.patch index b5caa53..1ba132a 100644 --- a/openssl-1_1-openssl-config.patch +++ b/openssl-1_1-openssl-config.patch @@ -24,8 +24,10 @@ tools/c_rehash.in | 6 ++-- 23 files changed, 71 insertions(+), 68 deletions(-) ---- a/Configurations/descrip.mms.tmpl -+++ b/Configurations/descrip.mms.tmpl +Index: openssl-1.1.1v/Configurations/descrip.mms.tmpl +=================================================================== +--- openssl-1.1.1v.orig/Configurations/descrip.mms.tmpl ++++ openssl-1.1.1v/Configurations/descrip.mms.tmpl @@ -142,8 +142,8 @@ INSTALL_SHLIBS={- join(", ", map { "-\n\ INSTALL_ENGINES={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{engines}}) -} INSTALL_PROGRAMS={- join(", ", map { "-\n\t".$_.".EXE" } @{$unified_info{install}->{programs}}) -} @@ -37,8 +39,10 @@ {- output_on() if $disabled{apps}; "" -} APPS_OPENSSL={- use File::Spec::Functions; ---- a/Configurations/unix-Makefile.tmpl -+++ b/Configurations/unix-Makefile.tmpl +Index: openssl-1.1.1v/Configurations/unix-Makefile.tmpl +=================================================================== +--- openssl-1.1.1v.orig/Configurations/unix-Makefile.tmpl ++++ openssl-1.1.1v/Configurations/unix-Makefile.tmpl @@ -140,8 +140,8 @@ INSTALL_SHLIB_INFO={- join(" ", map { "\ INSTALL_ENGINES={- join(" ", map { dso($_) } @{$unified_info{install}->{engines}}) -} INSTALL_PROGRAMS={- join(" ", map { $_.$exeext } @{$unified_info{install}->{programs}}) -} @@ -82,8 +86,10 @@ generate_crypto_bn: ( cd $(SRCDIR); $(PERL) crypto/bn/bn_prime.pl > crypto/bn/bn_prime.h ) ---- a/Configure -+++ b/Configure +Index: openssl-1.1.1v/Configure +=================================================================== +--- openssl-1.1.1v.orig/Configure ++++ openssl-1.1.1v/Configure @@ -35,7 +35,7 @@ my $usage="Usage: Configure [no- # directories bin, lib, include, share/man, share/doc/openssl # This becomes the value of INSTALLTOP in Makefile @@ -93,8 +99,10 @@ # If it's a relative directory, it will be added on the directory # given with --prefix. # This becomes the value of OPENSSLDIR in Makefile and in C. ---- a/INSTALL -+++ b/INSTALL +Index: openssl-1.1.1v/INSTALL +=================================================================== +--- openssl-1.1.1v.orig/INSTALL ++++ openssl-1.1.1v/INSTALL @@ -296,7 +296,7 @@ be undesirable if small executable size is an objective. @@ -104,11 +112,13 @@ Typically OpenSSL will automatically load a system config file which configures default ssl options. ---- a/NEWS -+++ b/NEWS -@@ -5,6 +5,9 @@ - This file gives a brief overview of the major changes between each OpenSSL - release. For more details please read the CHANGES file. +Index: openssl-1.1.1v/NEWS +=================================================================== +--- openssl-1.1.1v.orig/NEWS ++++ openssl-1.1.1v/NEWS +@@ -10,6 +10,9 @@ + o Fix excessive time spent checking DH q parameter value (CVE-2023-3817) + o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) + IMPORTANT: For compatibility with OpenSSL 3.0, the OpenSSL master + configuration file openssl.cnf has been renamed to openssl-1_1.cnf. @@ -116,8 +126,10 @@ Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023] o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic ---- a/VMS/openssl_utils.com.in -+++ b/VMS/openssl_utils.com.in +Index: openssl-1.1.1v/VMS/openssl_utils.com.in +=================================================================== +--- openssl-1.1.1v.orig/VMS/openssl_utils.com.in ++++ openssl-1.1.1v/VMS/openssl_utils.com.in @@ -8,7 +8,7 @@ $ OPENSSL :== $OSSL$EXE:OPENSSL'v' $ $ IF F$TYPE(PERL) .EQS. "STRING" @@ -127,8 +139,10 @@ $ ELSE $ WRITE SYS$ERROR "NOTE: no perl => no C_REHASH" $ ENDIF ---- a/apps/CA.pl.in -+++ b/apps/CA.pl.in +Index: openssl-1.1.1v/apps/CA.pl.in +=================================================================== +--- openssl-1.1.1v.orig/apps/CA.pl.in ++++ openssl-1.1.1v/apps/CA.pl.in @@ -113,10 +113,10 @@ sub run @@ -144,8 +158,10 @@ exit 0; } if ($WHAT eq '-newcert' ) { ---- a/apps/build.info -+++ b/apps/build.info +Index: openssl-1.1.1v/apps/build.info +=================================================================== +--- openssl-1.1.1v.orig/apps/build.info ++++ openssl-1.1.1v/apps/build.info @@ -73,7 +73,7 @@ IF[{- !$disabled{apps} -}] GENERATE[progs.h]=progs.pl $(APPS_OPENSSL) DEPEND[progs.h]=../configdata.pm @@ -157,8 +173,10 @@ + SOURCE[CA-1_1.pl]=CA.pl.in + SOURCE[tsget-1_1.pl]=tsget.in ENDIF ---- a/apps/tsget.in -+++ b/apps/tsget.in +Index: openssl-1.1.1v/apps/tsget.in +=================================================================== +--- openssl-1.1.1v.orig/apps/tsget.in ++++ openssl-1.1.1v/apps/tsget.in @@ -47,7 +47,7 @@ sub create_curl { $curl->setopt(CURLOPT_VERBOSE, 1) if $options{d}; $curl->setopt(CURLOPT_FAILONERROR, 1); @@ -168,8 +186,10 @@ # Options for POST method. $curl->setopt(CURLOPT_UPLOAD, 1); ---- a/doc/HOWTO/certificates.txt -+++ b/doc/HOWTO/certificates.txt +Index: openssl-1.1.1v/doc/HOWTO/certificates.txt +=================================================================== +--- openssl-1.1.1v.orig/doc/HOWTO/certificates.txt ++++ openssl-1.1.1v/doc/HOWTO/certificates.txt @@ -16,7 +16,7 @@ Certificate authorities should read http In all the cases shown below, the standard configuration file, as compiled into openssl, will be used. You may find it in /etc/, @@ -179,8 +199,10 @@ You can specify a different configuration file using the '-config {file}' argument with the commands shown below. ---- a/doc/man1/CA.pl.pod -+++ b/doc/man1/CA.pl.pod +Index: openssl-1.1.1v/doc/man1/CA.pl.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/CA.pl.pod ++++ openssl-1.1.1v/doc/man1/CA.pl.pod @@ -2,16 +2,16 @@ =head1 NAME @@ -283,8 +305,10 @@ can be used and the B environment variable changed to point to the correct path of the configuration file. ---- a/doc/man1/ca.pod -+++ b/doc/man1/ca.pod +Index: openssl-1.1.1v/doc/man1/ca.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/ca.pod ++++ openssl-1.1.1v/doc/man1/ca.pod @@ -698,7 +698,7 @@ the database has to be kept in memory. The B command really needs rewriting or the required functionality exposed at either a command or interface level so a more friendly utility @@ -303,8 +327,10 @@ L, L =head1 COPYRIGHT ---- a/doc/man1/rehash.pod -+++ b/doc/man1/rehash.pod +Index: openssl-1.1.1v/doc/man1/rehash.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/rehash.pod ++++ openssl-1.1.1v/doc/man1/rehash.pod @@ -6,7 +6,7 @@ Original text by James Westby, contribut =head1 NAME @@ -340,8 +366,10 @@ uses the B program to compute the hashes and fingerprints. If not found in the user's B, then set the B environment variable to the full pathname. ---- a/doc/man1/tsget.pod -+++ b/doc/man1/tsget.pod +Index: openssl-1.1.1v/doc/man1/tsget.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/tsget.pod ++++ openssl-1.1.1v/doc/man1/tsget.pod @@ -35,7 +35,7 @@ line. The tool sends the following HTTP request for each timestamp request: @@ -360,8 +388,10 @@ OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional) ---- a/doc/man1/verify.pod -+++ b/doc/man1/verify.pod +Index: openssl-1.1.1v/doc/man1/verify.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/verify.pod ++++ openssl-1.1.1v/doc/man1/verify.pod @@ -75,7 +75,7 @@ The file should contain one or more cert A directory of trusted certificates. The certificates should have names of the form: hash.0 or have symbolic links to them of this @@ -371,8 +401,10 @@ create symbolic links to a directory of certificates. =item B<-no-CAfile> ---- a/doc/man1/x509.pod -+++ b/doc/man1/x509.pod +Index: openssl-1.1.1v/doc/man1/x509.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man1/x509.pod ++++ openssl-1.1.1v/doc/man1/x509.pod @@ -932,7 +932,7 @@ The hash algorithm used in the B<-subjec before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding of the distinguished name. In OpenSSL 1.0.0 and later it is based on a @@ -382,8 +414,10 @@ =head1 COPYRIGHT ---- a/doc/man3/OPENSSL_config.pod -+++ b/doc/man3/OPENSSL_config.pod +Index: openssl-1.1.1v/doc/man3/OPENSSL_config.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man3/OPENSSL_config.pod ++++ openssl-1.1.1v/doc/man3/OPENSSL_config.pod @@ -15,7 +15,7 @@ OPENSSL_config, OPENSSL_no_config - simp =head1 DESCRIPTION @@ -393,8 +427,10 @@ reads from the application section B. If B is NULL then the default section, B, will be used. Errors are silently ignored. ---- a/doc/man3/SSL_CTX_load_verify_locations.pod -+++ b/doc/man3/SSL_CTX_load_verify_locations.pod +Index: openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man3/SSL_CTX_load_verify_locations.pod ++++ openssl-1.1.1v/doc/man3/SSL_CTX_load_verify_locations.pod @@ -63,7 +63,7 @@ If more than one CA certificate with the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number, regardless of other @@ -413,8 +449,10 @@ =head1 SEE ALSO ---- a/doc/man5/config.pod -+++ b/doc/man5/config.pod +Index: openssl-1.1.1v/doc/man5/config.pod +=================================================================== +--- openssl-1.1.1v.orig/doc/man5/config.pod ++++ openssl-1.1.1v/doc/man5/config.pod @@ -7,7 +7,7 @@ config - OpenSSL CONF library configurat =head1 DESCRIPTION @@ -424,8 +462,10 @@ and in a few other places like B files and certificate extension files for the B utility. OpenSSL applications can also use the CONF library for their own purposes. ---- a/include/internal/cryptlib.h -+++ b/include/internal/cryptlib.h +Index: openssl-1.1.1v/include/internal/cryptlib.h +=================================================================== +--- openssl-1.1.1v.orig/include/internal/cryptlib.h ++++ openssl-1.1.1v/include/internal/cryptlib.h @@ -51,7 +51,7 @@ typedef struct app_mem_info_st APP_INFO; typedef struct mem_st MEM; DEFINE_LHASH_OF(MEM); @@ -435,8 +475,10 @@ # ifndef OPENSSL_SYS_VMS # define X509_CERT_AREA OPENSSLDIR ---- a/test/recipes/80-test_ca.t -+++ b/test/recipes/80-test_ca.t +Index: openssl-1.1.1v/test/recipes/80-test_ca.t +=================================================================== +--- openssl-1.1.1v.orig/test/recipes/80-test_ca.t ++++ openssl-1.1.1v/test/recipes/80-test_ca.t @@ -27,27 +27,27 @@ plan tests => 5; SKIP: { $ENV{OPENSSL_CONFIG} = '-config "'.srctop_file("test", "CAss.cnf").'"'; @@ -470,8 +512,10 @@ 'creating new pre-certificate'); } ---- a/tools/build.info -+++ b/tools/build.info +Index: openssl-1.1.1v/tools/build.info +=================================================================== +--- openssl-1.1.1v.orig/tools/build.info ++++ openssl-1.1.1v/tools/build.info @@ -1,5 +1,5 @@ {- our $c_rehash_name = - $config{target} =~ /^(VC|vms)-/ ? "c_rehash.pl" : "c_rehash"; @@ -479,8 +523,10 @@ "" -} IF[{- !$disabled{apps} -}] SCRIPTS={- $c_rehash_name -} ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in +Index: openssl-1.1.1v/tools/c_rehash.in +=================================================================== +--- openssl-1.1.1v.orig/tools/c_rehash.in ++++ openssl-1.1.1v/tools/c_rehash.in @@ -8,7 +8,7 @@ # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html diff --git a/openssl-1_1.changes b/openssl-1_1.changes index 87258a0..8772a90 100644 --- a/openssl-1_1.changes +++ b/openssl-1_1.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Aug 1 16:12:36 UTC 2023 - Pedro Monreal + +- Update to 1.1.1v: + * Fix excessive time spent checking DH q parameter value + (bsc#1213853, CVE-2023-3817). The function DH_check() performs + various checks on DH parameters. After fixing CVE-2023-3446 it + was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A + correct q value, if present, cannot be larger than the modulus + p parameter, thus it is unnecessary to perform these checks if + q is larger than p. If DH_check() is called with such q parameter + value, DH_CHECK_INVALID_Q_VALUE return flag is set and the + computationally intensive checks are skipped. + * Fix DH_check() excessive time with over sized modulus + (bsc#1213487, CVE-2023-3446). The function DH_check() performs + various checks on DH parameters. One of those checks confirms + that the modulus ("p" parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. However the + DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the + supplied modulus value even if it has already been found to be + too large. A new limit has been added to DH_check of 32,768 bits. + Supplying a key/parameters with a modulus over this size will + simply cause DH_check() to fail. + * Rebase openssl-1_1-openssl-config.patch + * Remove security patches fixed upstream: + - openssl-CVE-2023-3446.patch + - openssl-CVE-2023-3446-test.patch + ------------------------------------------------------------------- Mon Jul 24 12:40:38 UTC 2023 - Otto Hollmann diff --git a/openssl-1_1.spec b/openssl-1_1.spec index 8efc277..5a44979 100644 --- a/openssl-1_1.spec +++ b/openssl-1_1.spec @@ -41,7 +41,7 @@ %define _rname openssl Name: openssl-1_1 # Don't forget to update the version in the "openssl" meta-package! -Version: 1.1.1u +Version: 1.1.1v Release: 0 Summary: Secure Sockets and Transport Layer Security License: OpenSSL @@ -132,11 +132,8 @@ Patch78: openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes Patch79: openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch #PATCH-FIX-OPENSUSE bsc#1205042 Set OpenSSL 3.0 as the default openssl Patch80: openssl-1_1-openssl-config.patch -# PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus -Patch81: openssl-CVE-2023-3446.patch -Patch82: openssl-CVE-2023-3446-test.patch # PATCH-FIX-SUSE bsc#1213517 Dont pass zero length input to EVP_Cipher -Patch83: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch +Patch81: openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) Provides: ssl diff --git a/openssl-CVE-2023-3446-test.patch b/openssl-CVE-2023-3446-test.patch deleted file mode 100644 index 45a6f53..0000000 --- a/openssl-CVE-2023-3446-test.patch +++ /dev/null @@ -1,58 +0,0 @@ -From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 7 Jul 2023 14:39:48 +0100 -Subject: [PATCH] Add a test for CVE-2023-3446 - -Confirm that the only errors DH_check() finds with DH parameters with an -excessively long modulus is that the modulus is too large. We should not -be performing time consuming checks using that modulus. - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21452) ---- - test/dhtest.c | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/test/dhtest.c b/test/dhtest.c -index 9d5609b943ab..00b3c471015d 100644 ---- a/test/dhtest.c -+++ b/test/dhtest.c -@@ -63,7 +63,7 @@ static int dh_test(void) - || !TEST_true(DH_set0_pqg(dh, p, q, g))) - goto err1; - -- if (!DH_check(dh, &i)) -+ if (!TEST_true(DH_check(dh, &i))) - goto err2; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) -@@ -123,6 +123,17 @@ static int dh_test(void) - /* check whether the public key was calculated correctly */ - TEST_uint_eq(BN_get_word(pub_key2), 3331L); - -+ /* Modulus of size: dh check max modulus bits + 1 */ -+ if (!TEST_true(BN_set_word(p, 1)) -+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) -+ goto err3; -+ -+ /* -+ * We expect no checks at all for an excessively large modulus -+ */ -+ if (!TEST_false(DH_check(dh, &i))) -+ goto err3; -+ - /* - * II) key generation - */ -@@ -137,7 +148,7 @@ static int dh_test(void) - goto err3; - - /* ... and check whether it is valid */ -- if (!DH_check(a, &i)) -+ if (!TEST_true(DH_check(a, &i))) - goto err3; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) diff --git a/openssl-CVE-2023-3446.patch b/openssl-CVE-2023-3446.patch deleted file mode 100644 index a39ee09..0000000 --- a/openssl-CVE-2023-3446.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 6 Jul 2023 16:36:35 +0100 -Subject: [PATCH] Fix DH_check() excessive time with over sized modulus - -The DH_check() function checks numerous aspects of the key or parameters -that have been supplied. Some of those checks use the supplied modulus -value even if it is excessively large. - -There is already a maximum DH modulus size (10,000 bits) over which -OpenSSL will not generate or derive keys. DH_check() will however still -perform various tests for validity on such a large modulus. We introduce a -new maximum (32,768) over which DH_check() will just fail. - -An application that calls DH_check() and supplies a key or parameters -obtained from an untrusted source could be vulnerable to a Denial of -Service attack. - -The function DH_check() is itself called by a number of other OpenSSL -functions. An application calling any of those other functions may -similarly be affected. The other functions affected by this are -DH_check_ex() and EVP_PKEY_param_check(). - -CVE-2023-3446 - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21452) ---- - crypto/dh/dh_check.c | 6 ++++++ - crypto/dh/dh_err.c | 3 ++- - crypto/err/openssl.txt | 3 ++- - include/openssl/dh.h | 3 +++ - include/openssl/dherr.h | 3 ++- - 5 files changed, 15 insertions(+), 3 deletions(-) - -Index: openssl-1.1.1u/crypto/dh/dh_check.c -=================================================================== ---- openssl-1.1.1u.orig/crypto/dh/dh_check.c -+++ openssl-1.1.1u/crypto/dh/dh_check.c -@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret) - BN_CTX *ctx = NULL; - BIGNUM *t1 = NULL, *t2 = NULL; - -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - if (!DH_check_params(dh, ret)) - return 0; - -Index: openssl-1.1.1u/crypto/dh/dh_err.c -=================================================================== ---- openssl-1.1.1u.orig/crypto/dh/dh_err.c -+++ openssl-1.1.1u/crypto/dh/dh_err.c -@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_func - {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), - "dh_builtin_genparams"}, -+ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, - {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, -Index: openssl-1.1.1u/crypto/err/openssl.txt -=================================================================== ---- openssl-1.1.1u.orig/crypto/err/openssl.txt -+++ openssl-1.1.1u/crypto/err/openssl.txt -@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version - DH_F_COMPUTE_KEY:102:compute_key - DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp - DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams -+DH_F_DH_CHECK:126:DH_check - DH_F_DH_CHECK_EX:121:DH_check_ex - DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex - DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex -Index: openssl-1.1.1u/include/openssl/dh.h -=================================================================== ---- openssl-1.1.1u.orig/include/openssl/dh.h -+++ openssl-1.1.1u/include/openssl/dh.h -@@ -29,6 +29,9 @@ extern "C" { - # ifndef OPENSSL_DH_MAX_MODULUS_BITS - # define OPENSSL_DH_MAX_MODULUS_BITS 10000 - # endif -+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS -+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 -+# endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 -Index: openssl-1.1.1u/include/openssl/dherr.h -=================================================================== ---- openssl-1.1.1u.orig/include/openssl/dherr.h -+++ openssl-1.1.1u/include/openssl/dherr.h -@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void); - # define DH_F_COMPUTE_KEY 102 - # define DH_F_DHPARAMS_PRINT_FP 101 - # define DH_F_DH_BUILTIN_GENPARAMS 106 -+# define DH_F_DH_CHECK 126 - # define DH_F_DH_CHECK_EX 121 - # define DH_F_DH_CHECK_PARAMS_EX 122 - # define DH_F_DH_CHECK_PUB_KEY_EX 123