Accepting request 1099214 from home:pmonrealgonzalez:branches:security:tls

- Security fix: [bsc#1213383, CVE-2023-2975] * AES-SIV implementation ignores empty associated data entries * Add openssl-CVE-2023-2975.patch OBS-URL: https://build.opensuse.org/request/show/1099214 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=67
2023-07-18 09:07:15 +00:00 · 2023-07-18 09:07:15 +00:00 · 0ed0686753
commit 0ed0686753
parent b496b916bd
3 changed files with 66 additions and 1 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jul 18 07:32:49 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Security fix: [bsc#1213383, CVE-2023-2975]
+  * AES-SIV implementation ignores empty associated data entries
+  * Add openssl-CVE-2023-2975.patch
+
 -------------------------------------------------------------------
 Tue Jun 20 15:18:56 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -50,7 +50,8 @@ Patch8:         openssl-Override-default-paths-for-the-CA-directory-tree.patch
 Patch9:         openssl-z16-s390x.patch
 # PATCH-FIX-UPSTREAM: bsc#1209430 Upgrade OpenSSL from 3.0.8 to 3.1.0 in TW
 Patch10:        openssl-Add_support_for_Windows_CA_certificate_store.patch
-
+# PATCH-FIX-UPSTREAM: bsc#1213383 CVE-2023-2975 AES-SIV ignores empty data entries
+Patch11:        openssl-CVE-2023-2975.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
--- a/openssl-CVE-2023-2975.patch
+++ b/openssl-CVE-2023-2975.patch
@ -0,0 +1,57 @@
+From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 4 Jul 2023 17:30:35 +0200
+Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode
+
+The AES-SIV mode allows for multiple associated data items
+authenticated separately with any of these being 0 length.
+
+The provided implementation ignores such empty associated data
+which is incorrect in regards to the RFC 5297 and is also
+a security issue because such empty associated data then become
+unauthenticated if an application expects to authenticate them.
+
+Fixes CVE-2023-2975
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21384)
+
+(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
+---
+ .../implementations/ciphers/cipher_aes_siv.c   | 18 +++++++++++-------
+ 1 file changed, 11 insertions(+), 7 deletions(-)
+
+diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
+index 45010b90db..b396c8651a 100644
+--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
+@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
+     if (!ossl_prov_is_running())
+         return 0;
+ 
+-    if (inl == 0) {
+-        *outl = 0;
+-        return 1;
+-    }
+    /* Ignore just empty encryption/decryption call and not AAD. */
+    if (out != NULL) {
+        if (inl == 0) {
+            if (outl != NULL)
+                *outl = 0;
+            return 1;
+        }
+ 
+-    if (outsize < inl) {
+-        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+-        return 0;
+        if (outsize < inl) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+            return 0;
+        }
+     }
+ 
+     if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
+-- 
+2.34.1
+