From cce2211ec4bc7d722a3cd6e99921b65b779decff Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Mon, 18 Dec 2023 20:37:28 +0800
Subject: [PATCH] fix CVE-2023-3446 CVE-2023-5678

---
 backport-CVE-2023-3446.patch |  77 ++++++++++++++++++++++
 backport-CVE-2023-5678.patch | 121 +++++++++++++++++++++++++++++++++++
 shim.spec                    |   7 +-
 3 files changed, 204 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2023-3446.patch
 create mode 100644 backport-CVE-2023-5678.patch

diff --git a/backport-CVE-2023-3446.patch b/backport-CVE-2023-3446.patch
new file mode 100644
index 0000000..4aca482
--- /dev/null
+++ b/backport-CVE-2023-3446.patch
@@ -0,0 +1,77 @@
+From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce
+a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/21452)
+---
+ Cryptlib/Include/openssl/dh.h         | 5 +++++
+ Cryptlib/OpenSSL/crypto/dh/dh_check.c | 4 ++++
+ 2 files changed, 9 insertions(+)
+
+diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h
+index 6488879..06142df 100644
+--- a/Cryptlib/Include/openssl/dh.h
++++ b/Cryptlib/Include/openssl/dh.h
+@@ -77,6 +77,10 @@
+ #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+ # endif
+ 
++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
++#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
++# endif
++
+ # define DH_FLAG_CACHE_MONT_P     0x01
+ 
+ /*
+@@ -356,6 +360,7 @@ void ERR_load_DH_strings(void);
+ # define DH_F_COMPUTE_KEY                                 102
+ # define DH_F_DHPARAMS_PRINT_FP                           101
+ # define DH_F_DH_BUILTIN_GENPARAMS                        106
++# define DH_F_DH_CHECK                                    126
+ # define DH_F_DH_CMS_DECRYPT                              117
+ # define DH_F_DH_CMS_SET_PEERKEY                          118
+ # define DH_F_DH_CMS_SET_SHARED_INFO                      119
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+index 9f3b174..9c62da4 100644
+--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c
++++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+@@ -78,6 +78,10 @@ int DH_check(const DH *dh, int *ret)
+     BN_ULONG l;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+ 
++    /* Don't do any check at all with an excessively large modulus */
++    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++        return 0;
++    }
+     *ret = 0;
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+-- 
+2.27.0
+
diff --git a/backport-CVE-2023-5678.patch b/backport-CVE-2023-5678.patch
new file mode 100644
index 0000000..ee6eb12
--- /dev/null
+++ b/backport-CVE-2023-5678.patch
@@ -0,0 +1,121 @@
+From 246b05d1f3d4b4b5d131bf2fc345d1e894fc3f32 Mon Sep 17 00:00:00 2001
+From: lanming1120 <lanming1120@126.com>
+Date: Tue, 5 Dec 2023 19:53:02 +0800
+Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
+
+---
+ Cryptlib/Include/openssl/dh.h         |  7 +++++--
+ Cryptlib/OpenSSL/crypto/dh/dh_check.c | 13 +++++++++++++
+ Cryptlib/OpenSSL/crypto/dh/dh_err.c   |  2 ++
+ Cryptlib/OpenSSL/crypto/dh/dh_key.c   | 12 ++++++++++++
+ 4 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/Cryptlib/Include/openssl/dh.h b/Cryptlib/Include/openssl/dh.h
+index 6488879..890f007 100644
+--- a/Cryptlib/Include/openssl/dh.h
++++ b/Cryptlib/Include/openssl/dh.h
+@@ -162,14 +162,15 @@ struct dh_st {
+ /* #define DH_GENERATOR_3       3 */
+ # define DH_GENERATOR_5          5
+ 
+-/* DH_check error codes */
++/* DH_check error codes, some of them shared with DH_check_pub_key */
+ # define DH_CHECK_P_NOT_PRIME            0x01
+ # define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+ # define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+ # define DH_NOT_SUITABLE_GENERATOR       0x08
+ # define DH_CHECK_Q_NOT_PRIME            0x10
+-# define DH_CHECK_INVALID_Q_VALUE        0x20
++# define DH_CHECK_INVALID_Q_VALUE        0x20 /* +DH_check_pub_key */
+ # define DH_CHECK_INVALID_J_VALUE        0x40
++# define DH_MODULUS_TOO_LARGE            0x100
+ 
+ /* DH_check_pub_key error codes */
+ # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+@@ -389,7 +390,9 @@ void ERR_load_DH_strings(void);
+ # define DH_R_NO_PRIVATE_VALUE                            100
+ # define DH_R_PARAMETER_ENCODING_ERROR                    105
+ # define DH_R_PEER_KEY_ERROR                              113
++# define DH_R_Q_TOO_LARGE                                 130
+ # define DH_R_SHARED_INFO_ERROR                           114
++# define DH_F_DH_CHECK_PUB_KEY                            128
+ 
+ #ifdef  __cplusplus
+ }
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+index 9f3b174..30b2d6c 100644
+--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c
++++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+@@ -162,6 +162,19 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+     BN_CTX *ctx = NULL;
+ 
+     *ret = 0;
++
++    /* Don't do any checks at all with an excessively large modulus */
++    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++        DHerr(DH_F_DH_CHECK_PUB_KEY, DH_R_MODULUS_TOO_LARGE);
++        *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
++        return 0;
++    }
++
++    if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
++        *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
++        return 1;
++    }
++
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+         goto err;
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c
+index b890cca..7615558 100644
+--- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c
++++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c
+@@ -73,6 +73,7 @@ static ERR_STRING_DATA DH_str_functs[] = {
+     {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+     {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+     {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
++    {ERR_FUNC(DH_F_DH_CHECK_PUB_KEY), "DH_check_pub_key"},
+     {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
+     {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
+     {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
+@@ -108,6 +109,7 @@ static ERR_STRING_DATA DH_str_reasons[] = {
+     {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+     {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"},
+     {ERR_REASON(DH_R_PEER_KEY_ERROR), "peer key error"},
++    {ERR_REASON(DH_R_Q_TOO_LARGE), "q too large"},
+     {ERR_REASON(DH_R_SHARED_INFO_ERROR), "shared info error"},
+     {0, NULL}
+ };
+diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c
+index f235e0d..d66de13 100644
+--- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c
++++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c
+@@ -134,6 +134,12 @@ static int generate_key(DH *dh)
+     BN_MONT_CTX *mont = NULL;
+     BIGNUM *pub_key = NULL, *priv_key = NULL;
+ 
++   if (dh->q != NULL
++        && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
++        return 0;
++    }
++
+     if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+         return 0;
+@@ -218,6 +224,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+     int ret = -1;
+     int check_result;
+ 
++   if (dh->q != NULL
++        && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
++        DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
++        goto err;
++    }
++
+     if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+         DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+         goto err;
+-- 
+2.27.0
+
diff --git a/shim.spec b/shim.spec
index 649dcf1..42da838 100644
--- a/shim.spec
+++ b/shim.spec
@@ -25,7 +25,7 @@
 
 Name:	   	   shim
 Version:	   15.6
-Release:	   15
+Release:	   16
 Summary:	   First-stage UEFI bootloader
 ExclusiveArch:     x86_64 aarch64
 License:	   BSD
@@ -71,6 +71,8 @@ Patch33:backport-Further-improve-load_certs-for-non-compliant-drivers.patch
 Patch34:backport-Work-around-malformed-path-delimiters-in-file-paths-.patch
 Patch35:backport-pe-only-process-RelocDir-Size-of-reloc-section.patch
 Patch36:backport-Correctly-free-memory-allocated-in-handle_image.patch
+Patch37:backport-CVE-2023-3446.patch
+Patch38:backport-CVE-2023-5678.patch
 
 # Feature for shim SMx support
 Patch9000:Feature-shim-openssl-add-ec-support.patch
@@ -205,6 +207,9 @@ make test
 /usr/src/debug/%{name}-%{version}-%{release}/*
 
 %changelog
+* Mon Dec 18 2023 jinlun <jinlun@huawei.com> - 15.6-16
+- fix CVE-2023-3446 CVE-2023-5678
+
 * Thu Dec 7 2023 huangzq6 <huangzhenqiang2@huawei.com> - 15.6-15
 - backport patches form upstream
 
-- 
Gitee