diff --git a/backport-Add-a-test-for-CVE-2023-3446.patch b/backport-Add-a-test-for-CVE-2023-3446.patch new file mode 100644 index 0000000000000000000000000000000000000000..2690fec1fc7f449b0f04aa1ca4ff49e9b3fe4572 --- /dev/null +++ b/backport-Add-a-test-for-CVE-2023-3446.patch @@ -0,0 +1,61 @@ +From e9ddae17e302a7e6a0daf00f25efed7c70f114d4 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Fri, 7 Jul 2023 14:39:48 +0100 +Subject: [PATCH] Add a test for CVE-2023-3446 + +Confirm that the only errors DH_check() finds with DH parameters with an +excessively long modulus is that the modulus is too large. We should not +be performing time consuming checks using that modulus. + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21452) +--- + test/dhtest.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/test/dhtest.c b/test/dhtest.c +index 9d5609b943..00b3c47101 100644 +--- a/test/dhtest.c ++++ b/test/dhtest.c +@@ -63,7 +63,7 @@ static int dh_test(void) + || !TEST_true(DH_set0_pqg(dh, p, q, g))) + goto err1; + +- if (!DH_check(dh, &i)) ++ if (!TEST_true(DH_check(dh, &i))) + goto err2; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) +@@ -123,6 +123,17 @@ static int dh_test(void) + /* check whether the public key was calculated correctly */ + TEST_uint_eq(BN_get_word(pub_key2), 3331L); + ++ /* Modulus of size: dh check max modulus bits + 1 */ ++ if (!TEST_true(BN_set_word(p, 1)) ++ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) ++ goto err3; ++ ++ /* ++ * We expect no checks at all for an excessively large modulus ++ */ ++ if (!TEST_false(DH_check(dh, &i))) ++ goto err3; ++ + /* + * II) key generation + */ +@@ -137,7 +148,7 @@ static int dh_test(void) + goto err3; + + /* ... and check whether it is valid */ +- if (!DH_check(a, &i)) ++ if (!TEST_true(DH_check(a, &i))) + goto err3; + if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) + || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) +-- +2.36.1 + diff --git a/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch b/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch new file mode 100644 index 0000000000000000000000000000000000000000..c84b70d62004870b7f8250fcdd7d9e878d0ab25c --- /dev/null +++ b/backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch @@ -0,0 +1,130 @@ +From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 6 Jul 2023 16:36:35 +0100 +Subject: [PATCH] Fix DH_check() excessive time with over sized modulus + +The DH_check() function checks numerous aspects of the key or parameters +that have been supplied. Some of those checks use the supplied modulus +value even if it is excessively large. + +There is already a maximum DH modulus size (10,000 bits) over which +OpenSSL will not generate or derive keys. DH_check() will however still +perform various tests for validity on such a large modulus. We introduce a +new maximum (32,768) over which DH_check() will just fail. + +An application that calls DH_check() and supplies a key or parameters +obtained from an untrusted source could be vulnerable to a Denial of +Service attack. + +The function DH_check() is itself called by a number of other OpenSSL +functions. An application calling any of those other functions may +similarly be affected. The other functions affected by this are +DH_check_ex() and EVP_PKEY_param_check(). + +CVE-2023-3446 + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21452) +--- + crypto/dh/dh_check.c | 6 ++++++ + crypto/dh/dh_err.c | 3 ++- + crypto/err/openssl.txt | 3 ++- + include/openssl/dh.h | 3 +++ + include/openssl/dherr.h | 3 ++- + 5 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index 4ac169e75c..e5f9dd5030 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret) + BN_CTX *ctx = NULL; + BIGNUM *t1 = NULL, *t2 = NULL; + ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); ++ return 0; ++ } ++ + if (!DH_check_params(dh, ret)) + return 0; + +diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c +index 7285587b4a..92800d3fcc 100644 +--- a/crypto/dh/dh_err.c ++++ b/crypto/dh/dh_err.c +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = { + {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), + "dh_builtin_genparams"}, ++ {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, +diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt +index 9f91a4a811..c0a3cd720b 100644 +--- a/crypto/err/openssl.txt ++++ b/crypto/err/openssl.txt +@@ -1,4 +1,4 @@ +-# Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. ++# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + # + # Licensed under the OpenSSL license (the "License"). You may not use + # this file except in compliance with the License. You can obtain a copy +@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version + DH_F_COMPUTE_KEY:102:compute_key + DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp + DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams ++DH_F_DH_CHECK:126:DH_check + DH_F_DH_CHECK_EX:121:DH_check_ex + DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex + DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex +diff --git a/include/openssl/dh.h b/include/openssl/dh.h +index 3527540cdd..892e31559d 100644 +--- a/include/openssl/dh.h ++++ b/include/openssl/dh.h +@@ -29,6 +29,9 @@ extern "C" { + # ifndef OPENSSL_DH_MAX_MODULUS_BITS + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + # endif ++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS ++# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 ++# endif + + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 + # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048 +diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h +index 916b3bed0b..528c819856 100644 +--- a/include/openssl/dherr.h ++++ b/include/openssl/dherr.h +@@ -1,6 +1,6 @@ + /* + * Generated by util/mkerr.pl DO NOT EDIT +- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. ++ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy +@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void); + # define DH_F_COMPUTE_KEY 102 + # define DH_F_DHPARAMS_PRINT_FP 101 + # define DH_F_DH_BUILTIN_GENPARAMS 106 ++# define DH_F_DH_CHECK 126 + # define DH_F_DH_CHECK_EX 121 + # define DH_F_DH_CHECK_PARAMS_EX 122 + # define DH_F_DH_CHECK_PUB_KEY_EX 123 +-- +2.36.1 + diff --git a/backport-update-expired-certificates-for-sm2.patch b/backport-update-expired-certificates-for-sm2.patch new file mode 100644 index 0000000000000000000000000000000000000000..6454171d90452e1fd5f05166e08e2f5d0410a07d --- /dev/null +++ b/backport-update-expired-certificates-for-sm2.patch @@ -0,0 +1,110 @@ +From 0f4738ab5ef8085b27e89dba91677f892b5b3689 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Thu, 2 Jun 2022 18:12:05 +0200 +Subject: [PATCH] Update further expiring certificates that affect tests + +Namely the smime certificates used in test_cms and the +SM2 certificates will expire soon and affect tests. + +Fixes #15179 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/18467) + +(cherry picked from commit 5d219937d067a761fb871483369a6020c60a3cb8) +--- + test/certs/sm2-ca-cert.pem | 22 ++++---- + test/certs/sm2-root.crt | 22 ++++---- + test/certs/sm2.pem | 23 ++++---- + +diff --git a/test/certs/sm2-ca-cert.pem b/test/certs/sm2-ca-cert.pem +index 5677ac6c9f6a..70ce71e43091 100644 +--- a/test/certs/sm2-ca-cert.pem ++++ b/test/certs/sm2-ca-cert.pem +@@ -1,14 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT ++MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT + AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG +-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU +-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW +-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU +-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI +-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X +-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 ++c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg ++Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x ++CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP ++cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH ++KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ ++ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O ++BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp ++SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 ++A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC ++WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu + -----END CERTIFICATE----- +diff --git a/test/certs/sm2-root.crt b/test/certs/sm2-root.crt +index 5677ac6c9f6a..70ce71e43091 100644 +--- a/test/certs/sm2-root.crt ++++ b/test/certs/sm2-root.crt +@@ -1,14 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIICJDCCAcqgAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT ++MIICJzCCAcygAwIBAgIJAOlkpDpSrmVbMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT + AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMGgxCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTBZMBMGByqG +-SM49AgEGCCqBHM9VAYItA0IABHRYnqErofBdXPptvvO7+BSVJxcpHuTGnZ+UPrbU +-5kVEUMaUnNOeMJZl/vRGimZCm/AkReJmRfnb15ESHR+ssp6jXTBbMB0GA1UdDgQW +-BBTFjcWu/zJgSZ5SKUlU5Vx4/0W5dDAfBgNVHSMEGDAWgBTFjcWu/zJgSZ5SKUlU +-5Vx4/0W5dDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzPVQGDdQNI +-ADBFAiEAs6byi1nSQtFELOw/2tQIv5AEsZFR5MJ/oB2ztXzs2LYCIEfIw4xlUH6X +-YFhs4RnIa0K9Ng1ebsGPrifYkudwBIk3 ++c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAg ++Fw0yMjA2MDIxNTQ5MzlaGA8yMTIyMDUwOTE1NDkzOVowaDELMAkGA1UEBhMCQ04x ++CzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzERMA8GA1UECgwIVGVzdCBP ++cmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rlc3QgU00yIENBMFkwEwYH ++KoZIzj0CAQYIKoEcz1UBgi0DQgAEdFieoSuh8F1c+m2+87v4FJUnFyke5Madn5Q+ ++ttTmRURQxpSc054wlmX+9EaKZkKb8CRF4mZF+dvXkRIdH6yynqNdMFswHQYDVR0O ++BBYEFMWNxa7/MmBJnlIpSVTlXHj/Rbl0MB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIp ++SVTlXHj/Rbl0MAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMAoGCCqBHM9VAYN1 ++A0kAMEYCIQC3c2TkO6Lyxt5GNZqoZNuMEphjL9K7W1TsX6mHzlhHDwIhAICXy2XC ++WsTzdrMZUXLtrDDFOq+3FaD4pe1HP2LZFNpu + -----END CERTIFICATE----- +diff --git a/test/certs/sm2.pem b/test/certs/sm2.pem +index 189abb137625..daf12926aff9 100644 +--- a/test/certs/sm2.pem ++++ b/test/certs/sm2.pem +@@ -1,13 +1,14 @@ + -----BEGIN CERTIFICATE----- +-MIIB6DCCAY6gAwIBAgIJAKH2BR6ITHZeMAoGCCqBHM9VAYN1MGgxCzAJBgNVBAYT +-AkNOMQswCQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRl +-c3QgT3JnMRAwDgYDVQQLDAdUZXN0IE9VMRQwEgYDVQQDDAtUZXN0IFNNMiBDQTAe +-Fw0xOTAyMTkwNzA1NDhaFw0yMzAzMzAwNzA1NDhaMG8xCzAJBgNVBAYTAkNOMQsw +-CQYDVQQIDAJMTjERMA8GA1UEBwwIU2hlbnlhbmcxETAPBgNVBAoMCFRlc3QgT3Jn +-MRAwDgYDVQQLDAdUZXN0IE9VMRswGQYDVQQDDBJUZXN0IFNNMiBTaWduIENlcnQw +-WTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQwqeNkWp7fiu1KZnuDkAucpM8piEzE +-TL1ymrcrOBvv8mhNNkeb20asbWgFQI2zOrSM99/sXGn9rM2/usM/MlcaoxowGDAJ +-BgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA9edBnAqT +-TNuGIUIvXsj6/nP+AzXA9HGtAIY4nrqW8LkCIHyZzhRTlxYtgfqkDl0OK5QQRCZH +-OZOfmtx613VyzXwc ++MIICNDCCAdugAwIBAgIUOMbsiFLCy2BCPtfHQSdG4R1+3BowCgYIKoEcz1UBg3Uw ++aDELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkxOMREwDwYDVQQHDAhTaGVueWFuZzER ++MA8GA1UECgwIVGVzdCBPcmcxEDAOBgNVBAsMB1Rlc3QgT1UxFDASBgNVBAMMC1Rl ++c3QgU00yIENBMCAXDTIyMDYwMjE1NTU0OFoYDzIxMjIwNTA5MTU1NTQ4WjBvMQsw ++CQYDVQQGEwJDTjELMAkGA1UECAwCTE4xETAPBgNVBAcMCFNoZW55YW5nMREwDwYD ++VQQKDAhUZXN0IE9yZzEQMA4GA1UECwwHVGVzdCBPVTEbMBkGA1UEAwwSVGVzdCBT ++TTIgU2lnbiBDZXJ0MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEMKnjZFqe34rt ++SmZ7g5ALnKTPKYhMxEy9cpq3Kzgb7/JoTTZHm9tGrG1oBUCNszq0jPff7Fxp/azN ++v7rDPzJXGqNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBsAwHQYDVR0OBBYEFNPl ++u8JjXkhQPiJ5bYrrq+voqBUlMB8GA1UdIwQYMBaAFMWNxa7/MmBJnlIpSVTlXHj/ ++Rbl0MAoGCCqBHM9VAYN1A0cAMEQCIG3gG1D7T7ltn6Gz1UksBZahgBE6jmkQ9Sp9 ++/3aY5trlAiB5adxiK0avV0LEKfbzTdff9skoZpd7vje1QTW0l0HaGg== + -----END CERTIFICATE----- diff --git a/openssl.spec b/openssl.spec index c9ff7fb156d3647c328688f6937546a9dfd64d5f..515ccd0261f5a53c25d7575b8232f71243430a89 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1m -Release: 23 +Release: 24 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -128,6 +128,9 @@ Patch117: backport-CVE-2023-2650-Restrict-the-size-of-OBJECT-IDENTIFIERs-that Patch118: backport-Add-negative-integer-check-when-using-ASN1_BIT_STRIN.patch Patch119: backport-Fix-stack-corruption-in-ui_read.patch Patch120: backport-Re-add-BN_F_OSSL_BN_RSA_DO_UNBLIND-which-was-incorre.patch +Patch121: backport-Add-a-test-for-CVE-2023-3446.patch +Patch122: backport-CVE-2023-3446-Fix-DH_check-excessive-time-with-over-sized-modulus.patch +Patch123: backport-update-expired-certificates-for-sm2.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel Requires: coreutils %{name}-libs%{?_isa} = %{epoch}:%{version}-%{release} @@ -330,6 +333,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Sat Jul 22 2023 zhujianwei - 1:1.1.1m-24 +* fix CVE-2023-3446 + * Thu Jul 06 2023 wangcheng - 1:1.1.1m-23 * backport some patches