diff --git a/backport-CVE-2023-3817-testcase.patch b/backport-CVE-2023-3817-testcase.patch new file mode 100644 index 0000000000000000000000000000000000000000..870de575cb9980d109505b786c3abb4a693ce0e4 --- /dev/null +++ b/backport-CVE-2023-3817-testcase.patch @@ -0,0 +1,37 @@ +From 5b5d77221f69326b309d79f6124949781d20456b Mon Sep 17 00:00:00 2001 +From: liningjie +Date: Fri, 28 Jul 2023 00:48:48 +0800 +Subject: [PATCH] dhtest.c: Add test of DH_check() with q = p + 1 + +This must fail with DH_CHECK_INVALID_Q_VALUE and +with DH_CHECK_Q_NOT_PRIME unset. +--- + test/dhtest.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/test/dhtest.c b/test/dhtest.c +index 9d5609b..dcf5007 100644 +--- a/test/dhtest.c ++++ b/test/dhtest.c +@@ -123,6 +123,18 @@ static int dh_test(void) + /* check whether the public key was calculated correctly */ + TEST_uint_eq(BN_get_word(pub_key2), 3331L); + ++ if (!TEST_ptr(BN_copy(q, p)) || !TEST_true(BN_add(q, q, BN_value_one()))) ++ goto err3; ++ ++ if (!TEST_true(DH_check(dh, &i))) ++ goto err3; ++ if (!TEST_true(i & DH_CHECK_INVALID_Q_VALUE) ++ || !TEST_false(i & DH_CHECK_Q_NOT_PRIME)) ++ goto err3; ++ ++ /* We'll have a stale error on the queue from the above test so clear it */ ++ ERR_clear_error(); ++ + /* + * II) key generation + */ +-- +2.33.0 + diff --git a/backport-CVE-2023-3817.patch b/backport-CVE-2023-3817.patch new file mode 100644 index 0000000000000000000000000000000000000000..74ac26b76584b36dc9487ea11a959bee81e4abd2 --- /dev/null +++ b/backport-CVE-2023-3817.patch @@ -0,0 +1,58 @@ +From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 21 Jul 2023 11:39:41 +0200 +Subject: [PATCH 1/2] DH_check(): Do not try checking q properties if it is + obviously invalid + +If |q| >= |p| then the q value is obviously wrong as q +is supposed to be a prime divisor of p-1. + +We check if p is overly large so this added test implies that +q is not large either when performing subsequent tests using that +q value. + +Otherwise if it is too large these additional checks of the q value +such as the primality test can then trigger DoS by doing overly long +computations. + +Fixes CVE-2023-3817 + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/21551) +--- + crypto/dh/dh_check.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c +index 2001d2e7cb..9ae96991eb 100644 +--- a/crypto/dh/dh_check.c ++++ b/crypto/dh/dh_check.c +@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh) + + int DH_check(const DH *dh, int *ret) + { +- int ok = 0, r; ++ int ok = 0, r, q_good = 0; + BN_CTX *ctx = NULL; + BIGNUM *t1 = NULL, *t2 = NULL; + +@@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret) + if (t2 == NULL) + goto err; + +- if (dh->q) { ++ if (dh->q != NULL) { ++ if (BN_ucmp(dh->p, dh->q) > 0) ++ q_good = 1; ++ else ++ *ret |= DH_CHECK_INVALID_Q_VALUE; ++ } ++ ++ if (q_good) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) +-- +2.33.0 + diff --git a/openssl.spec b/openssl.spec index de1714a4b0d01cc6cfcd2f2dfeae78f3fbc22cf9..a760d8655fb940c47d442fa7f8a7857bacdb52ad 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 1.1.1f -Release: 6 +Release: 7 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -22,6 +22,8 @@ Patch11: CVE-2021-23841.patch Patch12: CVE-2022-0778-Add-a-negative-testcase-for-BN_mod_sqrt.patch Patch13: CVE-2022-0778-Fix-possible-infinite-loop-in-BN_mod_sqrt.patch Patch14: CVE-2022-1292.patch +Patch15: backport-CVE-2023-3817.patch +Patch16: backport-CVE-2023-3817-testcase.patch BuildRequires: gcc make lksctp-tools-devel coreutils util-linux zlib-devel @@ -198,6 +200,9 @@ make test || : %{_pkgdocdir}/html/ %changelog +* Thu Aug 3 2023 liningjie - 1:1.1.1f-7 +- fix the CVE-2023-3817 + * Mon May 16 2022 wangcheng - 1:1.1.1f-6 - fix the CVE-2022-1292