Pedro Monreal Gonzalez
6e95485a74
* Major changes between OpenSSL 3.1.6 and OpenSSL 3.1.7 [3 Sep 2024]
- Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
- Fixed possible buffer overread in SSL_select_next_proto()
(CVE-2024-5535)
* Major changes between OpenSSL 3.1.5 and OpenSSL 3.1.6 [4 Jun 2024]
- Fixed potential use after free after SSL_free_buffers() is
called (CVE-2024-4741)
- Fixed an issue where checking excessively long DSA keys or
parameters may be very slow (CVE-2024-4603)
- Fixed unbounded memory growth with session handling in TLSv1.3
(CVE-2024-2511)
* Major changes between OpenSSL 3.1.4 and OpenSSL 3.1.5 [30 Jan 2024]
- Fixed PKCS12 Decoding crashes (CVE-2024-0727)
- Fixed Excessive time spent checking invalid RSA public keys
[CVE-2023-6237)
- Fixed POLY1305 MAC implementation corrupting vector registers
on PowerPC CPUs which support PowerISA 2.07 (CVE-2023-6129)
- Fix excessive time spent in DH check / generation with large
Q parameter value (CVE-2023-5678)
* Update openssl.keyring with BA5473A2B0587B07FB27CF2D216094DFD0CB81EF
* Rebase patches:
- openssl-Force-FIPS.patch
- openssl-FIPS-embed-hmac.patch
- openssl-FIPS-services-minimize.patch
- openssl-FIPS-RSA-disable-shake.patch
- openssl-CVE-2023-50782.patch
* Remove patches fixed in the update:
- openssl-Improve-performance-for-6x-unrolling-with-vpermxor-i.patch
- openssl-CVE-2024-6119.patch openssl-CVE-2024-5535.patch
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=119
42 lines
1.6 KiB
Diff
42 lines
1.6 KiB
Diff
From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
|
|
From: Tomas Mraz <tomas@openssl.org>
|
|
Date: Mon, 5 Aug 2024 17:54:14 +0200
|
|
Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
|
|
safe-prime groups
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
The partial validation is fully sufficient to check the key validity.
|
|
|
|
Thanks to Szilárd Pfeiffer for reporting the issue.
|
|
|
|
Reviewed-by: Neil Horman <nhorman@openssl.org>
|
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
|
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
|
|
(Merged from https://github.com/openssl/openssl/pull/25088)
|
|
---
|
|
providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
|
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
|
|
index 82c3093b122c2..ebdce767102ee 100644
|
|
--- a/providers/implementations/keymgmt/dh_kmgmt.c
|
|
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
|
|
@@ -388,9 +388,11 @@ static int dh_validate_public(const DH *dh, int checktype)
|
|
if (pub_key == NULL)
|
|
return 0;
|
|
|
|
- /* The partial test is only valid for named group's with q = (p - 1) / 2 */
|
|
- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
|
|
- && ossl_dh_is_named_safe_prime_group(dh))
|
|
+ /*
|
|
+ * The partial test is only valid for named group's with q = (p - 1) / 2
|
|
+ * but for that case it is also fully sufficient to check the key validity.
|
|
+ */
|
|
+ if (ossl_dh_is_named_safe_prime_group(dh))
|
|
return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
|
|
|
|
return DH_check_pub_key_ex(dh, pub_key);
|
|
|