Skip to content

Commit

Permalink
Merge pull request #3313 from citrus-it/opensslr46
Browse files Browse the repository at this point in the history
OpenSSL updates (r151046)
  • Loading branch information
oetiker authored Aug 3, 2023
2 parents e284ce5 + 1ea9752 commit 5cb35c7
Show file tree
Hide file tree
Showing 9 changed files with 201 additions and 5 deletions.
2 changes: 1 addition & 1 deletion build/openssl/build-1.0.sh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@

PROG=openssl
VER=1.0.2u
DASHREV=1
DASHREV=2
PKG=library/security/openssl-10
SUMMARY="Cryptography and SSL/TLS Toolkit"
DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols "
Expand Down
2 changes: 1 addition & 1 deletion build/openssl/build-1.1.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
. common.sh

PROG=openssl
VER=1.1.1u
VER=1.1.1v
PKG=library/security/openssl-11
SUMMARY="Cryptography and SSL/TLS Toolkit"
DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols "
Expand Down
2 changes: 1 addition & 1 deletion build/openssl/build-3.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
. common.sh

PROG=openssl
VER=3.0.9
VER=3.0.10
PKG=library/security/openssl-3
SUMMARY="Cryptography and SSL/TLS Toolkit"
DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols "
Expand Down
46 changes: 46 additions & 0 deletions build/openssl/patches-1.0/CVE-2023-0465.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95

From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001
From: Matt Caswell <[email protected]>
Date: Tue, 7 Mar 2023 16:52:55 +0000
Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf
certs

Even though we check the leaf cert to confirm it is valid, we
later ignored the invalid flag and did not notice that the leaf
cert was bad.

Fixes: CVE-2023-0465

Reviewed-by: Hugo Landau <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/20588)
diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/x509/x509_vfy.c a/crypto/x509/x509_vfy.c
--- a~/crypto/x509/x509_vfy.c 1970-01-01 00:00:00
+++ a/crypto/x509/x509_vfy.c 1970-01-01 00:00:00
@@ -1765,16 +1765,23 @@ static int check_policy(X509_STORE_CTX *
* Locate certificates with bad extensions and notify callback.
*/
X509 *x;
- int i;
- for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+ int i, cbcalled = 0;
+ for (i = 0; i < sk_X509_num(ctx->chain); i++) {
x = sk_X509_value(ctx->chain, i);
if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
continue;
+ cbcalled = 1;
ctx->current_cert = x;
ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
if (!ctx->verify_cb(0, ctx))
return 0;
}
+ if (!cbcalled) {
+ /* Should not be able to get here */
+ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+ return 0;
+ }
+ /* The callback ignored the error so we return success */
return 1;
}
if (ret == -2) {
95 changes: 95 additions & 0 deletions build/openssl/patches-1.0/CVE-2023-3446.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
From: Matt Caswell <[email protected]>
Date: Thu, 6 Jul 2023 16:36:35 +0100
Subject: [PATCH] Fix DH_check() excessive time with over sized modulus

The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.

There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.

An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.

The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().

CVE-2023-3446

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Tom Cosgrove <[email protected]>
Reviewed-by: Bernd Edlinger <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/21452)

diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh.h a/crypto/dh/dh.h
--- a~/crypto/dh/dh.h 1970-01-01 00:00:00
+++ a/crypto/dh/dh.h 1970-01-01 00:00:00
@@ -76,6 +76,9 @@
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
# endif
+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
+# endif

# define DH_FLAG_CACHE_MONT_P 0x01

@@ -363,6 +366,7 @@ int DH_KDF_X9_42(unsigned char *out, siz
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
void ERR_load_DH_strings(void);

/* Error codes for the DH functions. */
@@ -371,6 +375,7 @@ void ERR_load_DH_strings(void);
# define DH_F_COMPUTE_KEY 102
# define DH_F_DHPARAMS_PRINT_FP 101
# define DH_F_DH_BUILTIN_GENPARAMS 106
+# define DH_F_DH_CHECK 120
# define DH_F_DH_CMS_DECRYPT 117
# define DH_F_DH_CMS_SET_PEERKEY 118
# define DH_F_DH_CMS_SET_SHARED_INFO 119
diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c
--- a~/crypto/dh/dh_check.c 1970-01-01 00:00:00
+++ a/crypto/dh/dh_check.c 1970-01-01 00:00:00
@@ -78,6 +78,12 @@ int DH_check(const DH *dh, int *ret)
BN_ULONG l;
BIGNUM *t1 = NULL, *t2 = NULL;

+ /* Don't do any checks at all with an excessively large modulus */
+ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
+ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
*ret = 0;
ctx = BN_CTX_new();
if (ctx == NULL)
diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_err.c a/crypto/dh/dh_err.c
--- a~/crypto/dh/dh_err.c 1970-01-01 00:00:00
+++ a/crypto/dh/dh_err.c 1970-01-01 00:00:00
@@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2023 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -73,6 +73,7 @@ static ERR_STRING_DATA DH_str_functs[] =
{ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+ {ERR_FUNC(DH_F_DH_CHECK), "DH_check"},
{ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"},
{ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"},
{ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"},
51 changes: 51 additions & 0 deletions build/openssl/patches-1.0/CVE-2023-3817.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <[email protected]>
Date: Fri, 21 Jul 2023 11:39:41 +0200
Subject: [PATCH] DH_check(): Do not try checking q properties if it is
obviously invalid

If |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.

We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.

Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.

Fixes CVE-2023-3817

Reviewed-by: Paul Dale <[email protected]>
Reviewed-by: Matt Caswell <[email protected]>
(Merged from https://github.com/openssl/openssl/pull/21551)

diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c
--- a~/crypto/dh/dh_check.c 1970-01-01 00:00:00
+++ a/crypto/dh/dh_check.c 1970-01-01 00:00:00
@@ -73,7 +73,7 @@

int DH_check(const DH *dh, int *ret)
{
- int ok = 0;
+ int ok = 0, q_good = 0;
BN_CTX *ctx = NULL;
BN_ULONG l;
BIGNUM *t1 = NULL, *t2 = NULL;
@@ -96,7 +96,14 @@ int DH_check(const DH *dh, int *ret)
if (t2 == NULL)
goto err;

- if (dh->q) {
+ if (dh->q != NULL) {
+ if (BN_ucmp(dh->p, dh->q) > 0)
+ q_good = 1;
+ else
+ *ret |= DH_CHECK_INVALID_Q_VALUE;
+ }
+
+ if (q_good) {
if (BN_cmp(dh->g, BN_value_one()) <= 0)
*ret |= DH_NOT_SUITABLE_GENERATOR;
else if (BN_cmp(dh->g, dh->p) >= 0)
3 changes: 3 additions & 0 deletions build/openssl/patches-1.0/series
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,7 @@ CVE-2022-2068.patch
CVE-2023-0215.patch
CVE-2023-0286.patch
CVE-2023-0464.patch
CVE-2023-0465.patch
CVE-2023-2650.patch
CVE-2023-3446.patch
CVE-2023-3817.patch
2 changes: 1 addition & 1 deletion build/openssl/testsuite-1.1.log
Original file line number Diff line number Diff line change
Expand Up @@ -158,5 +158,5 @@
../test/recipes/99-test_ecstress.t ................. ok
../test/recipes/99-test_fuzz.t ..................... ok
All tests successful.
Files=159, Tests=2650, 302 wallclock secs ( 3.59 usr 1.03 sys + 151.15 cusr 106.31 csys = 262.08 CPU)
Files=159, Tests=2650, 212 wallclock secs ( 2.21 usr 0.59 sys + 119.37 cusr 62.12 csys = 184.29 CPU)
Result: PASS
3 changes: 2 additions & 1 deletion build/openssl/testsuite-3.log
Original file line number Diff line number Diff line change
Expand Up @@ -225,6 +225,7 @@ Result: NOTESTS
90-test_sslapi.t ................... ok
90-test_sslbuffers.t ............... ok
90-test_store.t .................... ok
90-test_store_cases.t .............. ok
90-test_sysdefault.t ............... ok
90-test_threads.t .................. ok
90-test_time_offset.t .............. ok
Expand All @@ -251,5 +252,5 @@ Result: NOTESTS
99-test_fuzz_server.t .............. ok
99-test_fuzz_x509.t ................ ok
All tests successful.
Files=249, Tests=3317,
Files=250, Tests=3322,
Result: PASS

0 comments on commit 5cb35c7

Please sign in to comment.