From e6dc224d628031dcc16944f8a4ed387e0f28e7df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 07:50:53 +0000 Subject: [PATCH 1/2] fix CVE-2024-41996 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 毛焱平 --- backport-CVE-2024-41996.patch | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 backport-CVE-2024-41996.patch diff --git a/backport-CVE-2024-41996.patch b/backport-CVE-2024-41996.patch new file mode 100644 index 0000000..a4ecf7b --- /dev/null +++ b/backport-CVE-2024-41996.patch @@ -0,0 +1,31 @@ +From 272a625f1e4c554dc2df4c01d1ad8485559bb927 Mon Sep 17 00:00:00 2001 +From: maoyanping +Date: Fri, 18 Apr 2025 15:45:29 +0800 +Subject: [PATCH] backport-CVE-2024-41996 + +--- + providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c +index c14b976..2d6bc02 100644 +--- a/providers/implementations/keymgmt/dh_kmgmt.c ++++ b/providers/implementations/keymgmt/dh_kmgmt.c +@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype) + if (pub_key == NULL) + return 0; + +- /* The partial test is only valid for named group's with q = (p - 1) / 2 */ +- if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK +- && ossl_dh_is_named_safe_prime_group(dh)) ++ /* ++ * The partial test is only valid for named group's with q = (p - 1) / 2 ++ * but for that case it is also fully sufficient to check the key validity. ++ */ ++ if (ossl_dh_is_named_safe_prime_group(dh)) + return ossl_dh_check_pub_key_partial(dh, pub_key, &res); + + return DH_check_pub_key_ex(dh, pub_key); +-- +2.33.0 + -- Gitee From 78c82349ba83a412118989562539074cbc72ff4b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AF=9B=E7=84=B1=E5=B9=B3?= Date: Fri, 18 Apr 2025 07:52:13 +0000 Subject: [PATCH 2/2] fix CVE-2024-41996 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 毛焱平 --- openssl.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openssl.spec b/openssl.spec index df851e7..c110072 100644 --- a/openssl.spec +++ b/openssl.spec @@ -2,7 +2,7 @@ Name: openssl Epoch: 1 Version: 3.0.12 -Release: 17 +Release: 18 Summary: Cryptography and SSL/TLS Toolkit License: OpenSSL and SSLeay URL: https://www.openssl.org/ @@ -76,6 +76,7 @@ Patch63: backport-Refactor-OSSL_LIB_CTX-to-avoid-using-CRYPTO_EX_DATA.patch Patch64: backport-Release-the-drbg-in-the-global-default-context-befor.patch Patch65: backport-params-provide-a-faster-TRIE-based-param-lookup.patch Patch66: backport-CVE-2024-13176-Fix-timing-side-channel.patch +Patch67: backport-CVE-2024-41996.patch Patch9000: add-FIPS_mode_set-support.patch Patch9001: backport-CVE-2024-9143-Harden-BN_GF2m_poly2arr-against-misuse.patch @@ -281,6 +282,9 @@ make test || : %ldconfig_scriptlets libs %changelog +* Fri Apr 18 2025 maoyanping - 1:3.0.12-18 +- fix CVE-2024-41996 + * Mon Mar 10 2025 mahailiang - 1:3.0.12-17 - add sw_64 support -- Gitee