packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2023-3817

Browse Source
This commit is contained in:
steven 2023-08-08 20:51:51 +08:00 committed by hzero1996
parent f9ba7bcdc5
commit a6a4091c26
3 changed files with 114 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch Normal file
View File

@ -0,0 +1,59 @@
From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Fri, 21 Jul 2023 11:39:41 +0200
Subject: [PATCH] DH_check(): Do not try checking q properties if it is
obviously invalid
If |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.
We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.
Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.
Fixes CVE-2023-3817
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21551)
---
crypto/dh/dh_check.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
index 2001d2e7cb..9ae96991eb 100644
--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)
int DH_check(const DH *dh, int *ret)
{
- int ok = 0, r;
+ int ok = 0, r, q_good = 0;
BN_CTX *ctx = NULL;
BIGNUM *t1 = NULL, *t2 = NULL;
@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret)
if (t2 == NULL)
goto err;
- if (dh->q) {
+ if (dh->q != NULL) {
+ if (BN_ucmp(dh->p, dh->q) > 0)
+ q_good = 1;
+ else
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ }
+
+ if (q_good) {
if (BN_cmp(dh->g, BN_value_one()) <= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
else if (BN_cmp(dh->g, dh->p) >= 0)
--
2.27.0

49
backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch Normal file
View File

@ -0,0 +1,49 @@
From 34d0f5cb93680a5286d1eb59125631ec8fd6dc81 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 25 Jul 2023 15:56:53 +0200
Subject: [PATCH] dhtest.c: Add test of DH_check() with q = p + 1
This must fail with DH_CHECK_INVALID_Q_VALUE and
with DH_CHECK_Q_NOT_PRIME unset.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21551)
---
test/dhtest.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/test/dhtest.c b/test/dhtest.c
index 00b3c47101..d7e10ebda9 100644
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -123,6 +123,15 @@ static int dh_test(void)
/* check whether the public key was calculated correctly */
TEST_uint_eq(BN_get_word(pub_key2), 3331L);
+ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one())))
+ goto err3;
+
+ if (!TEST_true(DH_check(dh, &i)))
+ goto err3;
+ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE)
+ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME))
+ goto err3;
+
/* Modulus of size: dh check max modulus bits + 1 */
if (!TEST_true(BN_set_word(p, 1))
|| !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS)))
@@ -134,6 +143,9 @@ static int dh_test(void)
if (!TEST_false(DH_check(dh, &i)))
goto err3;
+ /* We'll have a stale error on the queue from the above test so clear it */
+ ERR_clear_error();
+
/*
* II) key generation
*/
--
2.27.0

7
openssl.spec
View File

@ -2,7 +2,7 @@
Name: openssl Name: openssl
Epoch: 1 Epoch: 1
Version: 1.1.1m Version: 1.1.1m
Release: 22 Release: 23
Summary: Cryptography and SSL/TLS Toolkit Summary: Cryptography and SSL/TLS Toolkit
License: OpenSSL and SSLeay License: OpenSSL and SSLeay
URL: https://www.openssl.org/ URL: https://www.openssl.org/
@ -63,6 +63,8 @@ Patch52: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that
Patch53: backport-Add-a-test-for-CVE-2023-3446.patch Patch53: backport-Add-a-test-for-CVE-2023-3446.patch
Patch54: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch Patch54: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch
Patch55: backport-update-expired-certificates-for-sm2.patch Patch55: backport-update-expired-certificates-for-sm2.patch
Patch56: backport-CVE-2023-3817-DH_check-Do-not-try-checking-q-properties-if-it-is-o.patch
Patch57: backport-CVE-2023-3817-dhtest.c-Add-test-of-DH_check-with-q-p-1.patch
BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel
Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release}
@ -269,6 +271,9 @@ make test || :
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Tue Aug 08 2023 steven <steven_ygui@163.com> - 1:1.1.1m-23
- fix CVE-2023-3817
* Sat Jul 22 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1m-22 * Sat Jul 22 2023 zcfsite <zhchf2010@126.com> - 1:1.1.1m-22
* fix CVE-2023-3446 * fix CVE-2023-3446