diff --git a/backport-CVE-2023-3817-testcase.patch b/backport-CVE-2023-3817-testcase.patch new file mode 100644 index 0000000000000000000000000000000000000000..870de575cb9980d109505b786c3abb4a693ce0e4 --- /dev/null +++ b/backport-CVE-2023-3817-testcase.patch @@ -0,0 +1,37 @@ +From 5b5d77221f69326b309d79f6124949781d20456b Mon Sep 17 00:00:00 2001 +From: liningjie +Date: Fri, 28 Jul 2023 00:48:48 +0800 +Subject: [PATCH] dhtest.c: Add test of DH_check() with q = p + 1 + +This must fail with DH_CHECK_INVALID_Q_VALUE and +with DH_CHECK_Q_NOT_PRIME unset. +--- + test/dhtest.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/test/dhtest.c b/test/dhtest.c +index 9d5609b..dcf5007 100644 +--- a/test/dhtest.c ++++ b/test/dhtest.c +@@ -123,6 +123,18 @@ static int dh_test(void) + /* check whether the public key was calculated correctly */ + TEST_uint_eq(BN_get_word(pub_key2), 3331L); + ++ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one()))) ++ goto err3; ++ ++ if (!TEST_true(DH_check(dh, &i))) ++ goto err3; ++ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE) ++ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)) ++ goto err3; ++ ++ /* We'll have a stale error on the queue from the above test so clear it */ ++ ERR_clear_error(); ++ + /* + * II) key generation + */ +-- +2.33.0 + diff --git a/backport-CVE-2023-3817.patch b/backport-CVE-2023-3817.patch new file mode 100644 index 0000000000000000000000000000000000000000..74ac26b76584b36dc9487ea11a959bee81e4abd2 --- /dev/null +++ b/backport-CVE-2023-3817.patch @@ -0,0 +1,58 @@ +From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 21 Jul 2023 11:39:41 +0200 +Subject: [PATCH 1/2] DH_check(): Do not try checking q properties if it is + obviously invalid + +If |q| >= |p| then the q value is obviously wrong as q +is supposed to be a prime divisor of p-1. + +We check if p is overly large so this added test implies that +q is not large either when performing subsequent tests using that +q value. + +Otherwise if it is too large these additional checks of the q value +such as the primality test can then trigger DoS by doing overly long +computations. + +Fixes CVE-2023-3817 + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/21551) +--- + crypto/dh/dh_check.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index 2001d2e7cb..9ae96991eb 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh) + + int DH_check(const DH *dh, int *ret) + { +- int ok = 0, r; ++ int ok = 0, r, q_good = 0; + BN_CTX *ctx = NULL; + BIGNUM *t1 = NULL, *t2 = NULL; + +@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret) + if (t2 == NULL) + goto err; + +- if (dh->q) { ++ if (dh->q != NULL) { ++ if (BN_ucmp(dh->p, dh->q) > 0) ++ q_good = 1; ++ else ++ *ret |= DH_CHECK_INVALID_Q_VALUE; ++ } ++ ++ if (q_good) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) +-- +2.33.0 + diff --git a/openssl.spec b/openssl.spec index 5458b0cd970f9efc79acf072960ef225f0345fec..715a2c171e5d0d8ca465af1697c1c4c61d5813de 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1f -Release: 11 +Release: 12 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -29,6 +29,8 @@ Patch18: bugfix-Don-t-Overflow-when-printing-Thawte-Strong-Extranet-.patch Patch19: CVE-2021-4160.patch Patch20: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch Patch21: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch +Patch22: backport-CVE-2023-3817.patch +Patch23: backport-CVE-2023-3817-testcase.patch BuildRequires: gcc perl make lksctp-tools-devel coreutils util-linux zlib-devel @@ -205,6 +207,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Wed Aug 2 2023 liningjie - 1:1.1.1f-12 +- fix CVE-2023-3817 + * Mon Mar 21 2022 steven Y.Gui - 1:1.1.1f-11 - fix CVE-2022-0778