Merge pull request #3311 from citrus-it/opensslr38

OpenSSL updates (r151038)
omniosorg · Aug 3, 2023 · 0554334 · 0554334
2 parents d3e0cb9 + 979dc31
commit 0554334
Show file tree

Hide file tree

Showing 7 changed files with 199 additions and 3 deletions.
diff --git a/build/openssl/build-1.0.sh b/build/openssl/build-1.0.sh
@@ -19,7 +19,7 @@
 
 PROG=openssl
 VER=1.0.2u
-DASHREV=3
+DASHREV=4
 PKG=library/security/openssl-10
 SUMMARY="Cryptography and SSL/TLS Toolkit"
 DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols "

diff --git a/build/openssl/build-1.1.sh b/build/openssl/build-1.1.sh
@@ -18,7 +18,7 @@
 . ../../lib/functions.sh
 
 PROG=openssl
-VER=1.1.1u
+VER=1.1.1v
 PKG=library/security/openssl-11
 SUMMARY="Cryptography and SSL/TLS Toolkit"
 DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols "

diff --git a/build/openssl/patches-1.0/CVE-2023-0465.patch b/build/openssl/patches-1.0/CVE-2023-0465.patch
@@ -0,0 +1,46 @@
+Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95
+
+From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <[email protected]>
+Date: Tue, 7 Mar 2023 16:52:55 +0000
+Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
+ certs
+
+Even though we check the leaf cert to confirm it is valid, we
+later ignored the invalid flag and did not notice that the leaf
+cert was bad.
+
+Fixes: CVE-2023-0465
+
+Reviewed-by: Hugo Landau <[email protected]>
+Reviewed-by: Tomas Mraz <[email protected]>
+(Merged from https://github.com/openssl/openssl/pull/20588)
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/x509/x509_vfy.c a/crypto/x509/x509_vfy.c
+--- a~/crypto/x509/x509_vfy.c	1970-01-01 00:00:00
++++ a/crypto/x509/x509_vfy.c	1970-01-01 00:00:00
+@@ -1765,16 +1765,23 @@ static int check_policy(X509_STORE_CTX *
+          * Locate certificates with bad extensions and notify callback.
+          */
+         X509 *x;
+-        int i;
+-        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
++        int i, cbcalled = 0;
++        for (i = 0; i < sk_X509_num(ctx->chain); i++) {
+             x = sk_X509_value(ctx->chain, i);
+             if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                 continue;
++            cbcalled = 1;
+             ctx->current_cert = x;
+             ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
+             if (!ctx->verify_cb(0, ctx))
+                 return 0;
+         }
++        if (!cbcalled) {
++            /* Should not be able to get here */
++            X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
++            return 0;
++        }
++        /* The callback ignored the error so we return success */
+         return 1;
+     }
+     if (ret == -2) {
diff --git a/build/openssl/patches-1.0/CVE-2023-3446.patch b/build/openssl/patches-1.0/CVE-2023-3446.patch
@@ -0,0 +1,95 @@
+From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <[email protected]>
+Date: Thu, 6 Jul 2023 16:36:35 +0100
+Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
+
+The DH_check() function checks numerous aspects of the key or parameters
+that have been supplied. Some of those checks use the supplied modulus
+value even if it is excessively large.
+
+There is already a maximum DH modulus size (10,000 bits) over which
+OpenSSL will not generate or derive keys. DH_check() will however still
+perform various tests for validity on such a large modulus. We introduce a
+new maximum (32,768) over which DH_check() will just fail.
+
+An application that calls DH_check() and supplies a key or parameters
+obtained from an untrusted source could be vulnerable to a Denial of
+Service attack.
+
+The function DH_check() is itself called by a number of other OpenSSL
+functions. An application calling any of those other functions may
+similarly be affected. The other functions affected by this are
+DH_check_ex() and EVP_PKEY_param_check().
+
+CVE-2023-3446
+
+Reviewed-by: Paul Dale <[email protected]>
+Reviewed-by: Tom Cosgrove <[email protected]>
+Reviewed-by: Bernd Edlinger <[email protected]>
+Reviewed-by: Tomas Mraz <[email protected]>
+(Merged from https://github.com/openssl/openssl/pull/21452)
+
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh.h a/crypto/dh/dh.h
+--- a~/crypto/dh/dh.h	1970-01-01 00:00:00
++++ a/crypto/dh/dh.h	1970-01-01 00:00:00
+@@ -76,6 +76,9 @@
+ # ifndef OPENSSL_DH_MAX_MODULUS_BITS
+ #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+ # endif
++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
++#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
++# endif
+
+ # define DH_FLAG_CACHE_MONT_P     0x01
+
+@@ -363,6 +366,7 @@ int DH_KDF_X9_42(unsigned char *out, siz
+  * The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++
+ void ERR_load_DH_strings(void);
+
+ /* Error codes for the DH functions. */
+@@ -371,6 +375,7 @@ void ERR_load_DH_strings(void);
+ # define DH_F_COMPUTE_KEY                                 102
+ # define DH_F_DHPARAMS_PRINT_FP                           101
+ # define DH_F_DH_BUILTIN_GENPARAMS                        106
++# define DH_F_DH_CHECK                                    120
+ # define DH_F_DH_CMS_DECRYPT                              117
+ # define DH_F_DH_CMS_SET_PEERKEY                          118
+ # define DH_F_DH_CMS_SET_SHARED_INFO                      119
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c
+--- a~/crypto/dh/dh_check.c	1970-01-01 00:00:00
++++ a/crypto/dh/dh_check.c	1970-01-01 00:00:00
+@@ -78,6 +78,12 @@ int DH_check(const DH *dh, int *ret)
+     BN_ULONG l;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+
++    /* Don't do any checks at all with an excessively large modulus */
++    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
++        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
++        return 0;
++    }
++
+     *ret = 0;
+     ctx = BN_CTX_new();
+     if (ctx == NULL)
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_err.c a/crypto/dh/dh_err.c
+--- a~/crypto/dh/dh_err.c	1970-01-01 00:00:00
++++ a/crypto/dh/dh_err.c	1970-01-01 00:00:00
+@@ -1,6 +1,6 @@
+ /* crypto/dh/dh_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2023 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -73,6 +73,7 @@ static ERR_STRING_DATA DH_str_functs[] =
+     {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+     {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+     {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
++    {ERR_FUNC(DH_F_DH_CHECK), "DH_check"},
+     {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
+     {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
+     {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
diff --git a/build/openssl/patches-1.0/CVE-2023-3817.patch b/build/openssl/patches-1.0/CVE-2023-3817.patch
@@ -0,0 +1,51 @@
+From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <[email protected]>
+Date: Fri, 21 Jul 2023 11:39:41 +0200
+Subject: [PATCH] DH_check(): Do not try checking q properties if it is
+ obviously invalid
+
+If  |q| >= |p| then the q value is obviously wrong as q
+is supposed to be a prime divisor of p-1.
+
+We check if p is overly large so this added test implies that
+q is not large either when performing subsequent tests using that
+q value.
+
+Otherwise if it is too large these additional checks of the q value
+such as the primality test can then trigger DoS by doing overly long
+computations.
+
+Fixes CVE-2023-3817
+
+Reviewed-by: Paul Dale <[email protected]>
+Reviewed-by: Matt Caswell <[email protected]>
+(Merged from https://github.com/openssl/openssl/pull/21551)
+
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c
+--- a~/crypto/dh/dh_check.c	1970-01-01 00:00:00
++++ a/crypto/dh/dh_check.c	1970-01-01 00:00:00
+@@ -73,7 +73,7 @@
+
+ int DH_check(const DH *dh, int *ret)
+ {
+-    int ok = 0;
++    int ok = 0, q_good = 0;
+     BN_CTX *ctx = NULL;
+     BN_ULONG l;
+     BIGNUM *t1 = NULL, *t2 = NULL;
+@@ -96,7 +96,14 @@ int DH_check(const DH *dh, int *ret)
+     if (t2 == NULL)
+         goto err;
+
+-    if (dh->q) {
++    if (dh->q != NULL) {
++        if (BN_ucmp(dh->p, dh->q) > 0)
++            q_good = 1;
++        else
++            *ret |= DH_CHECK_INVALID_Q_VALUE;
++    }
++
++    if (q_good) {
+         if (BN_cmp(dh->g, BN_value_one()) <= 0)
+             *ret |= DH_NOT_SUITABLE_GENERATOR;
+         else if (BN_cmp(dh->g, dh->p) >= 0)
diff --git a/build/openssl/patches-1.0/series b/build/openssl/patches-1.0/series
@@ -14,4 +14,7 @@ CVE-2022-2068.patch
 CVE-2023-0215.patch
 CVE-2023-0286.patch
 CVE-2023-0464.patch
+CVE-2023-0465.patch
 CVE-2023-2650.patch
+CVE-2023-3446.patch
+CVE-2023-3817.patch
diff --git a/build/openssl/testsuite-1.1.log b/build/openssl/testsuite-1.1.log
@@ -120,6 +120,7 @@
 ../test/recipes/80-test_dtlsv1listen.t ............. ok
 ../test/recipes/80-test_ocsp.t ..................... ok
 ../test/recipes/80-test_pkcs12.t ................... ok
+../test/recipes/80-test_policy_tree.t .............. ok
 ../test/recipes/80-test_ssl_new.t .................. ok
 ../test/recipes/80-test_ssl_old.t .................. ok
 ../test/recipes/80-test_ssl_test_ctx.t ............. ok
@@ -157,5 +158,5 @@
 ../test/recipes/99-test_ecstress.t ................. ok
 ../test/recipes/99-test_fuzz.t ..................... ok
 All tests successful.
-Files=158, Tests=2638, 297 wallclock secs ( 3.62 usr  1.08 sys + 143.88 cusr 104.88 csys = 253.46 CPU)
+Files=159, Tests=2650, 214 wallclock secs ( 2.23 usr  0.62 sys + 119.59 cusr 65.30 csys = 187.74 CPU)
 Result: PASS