From 285ef2ed42c2bceb5d41243b9f1a33b2fe69cb81 Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Tue, 1 Aug 2023 16:40:26 +0000 Subject: [PATCH 1/3] OpenSSL: update from 1.1.1u to 1.1.1v --- build/openssl/build-1.1.sh | 2 +- build/openssl/testsuite-1.1.log | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build/openssl/build-1.1.sh b/build/openssl/build-1.1.sh index 1aed98dc10..4f570b86d8 100755 --- a/build/openssl/build-1.1.sh +++ b/build/openssl/build-1.1.sh @@ -19,7 +19,7 @@ . common.sh PROG=openssl -VER=1.1.1u +VER=1.1.1v PKG=library/security/openssl-11 SUMMARY="Cryptography and SSL/TLS Toolkit" DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols " diff --git a/build/openssl/testsuite-1.1.log b/build/openssl/testsuite-1.1.log index 718fc0cbd1..4f690845a2 100644 --- a/build/openssl/testsuite-1.1.log +++ b/build/openssl/testsuite-1.1.log @@ -158,5 +158,5 @@ ../test/recipes/99-test_ecstress.t ................. ok ../test/recipes/99-test_fuzz.t ..................... ok All tests successful. -Files=159, Tests=2650, 302 wallclock secs ( 3.59 usr 1.03 sys + 151.15 cusr 106.31 csys = 262.08 CPU) +Files=159, Tests=2650, 212 wallclock secs ( 2.21 usr 0.59 sys + 119.37 cusr 62.12 csys = 184.29 CPU) Result: PASS From 453d93753d91cd63ac905499cae780e29fd441f6 Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Tue, 1 Aug 2023 17:19:39 +0000 Subject: [PATCH 2/3] OpenSSL: update from 3.0.9 to 3.0.10 --- build/openssl/build-3.sh | 2 +- build/openssl/testsuite-3.log | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build/openssl/build-3.sh b/build/openssl/build-3.sh index 6c4084486f..4d9c3d3a61 100755 --- a/build/openssl/build-3.sh +++ b/build/openssl/build-3.sh @@ -19,7 +19,7 @@ . common.sh PROG=openssl -VER=3.0.9 +VER=3.0.10 PKG=library/security/openssl-3 SUMMARY="Cryptography and SSL/TLS Toolkit" DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols " diff --git a/build/openssl/testsuite-3.log b/build/openssl/testsuite-3.log index 463a229cf9..ca39df1ab8 100644 --- a/build/openssl/testsuite-3.log +++ b/build/openssl/testsuite-3.log @@ -225,6 +225,7 @@ Result: NOTESTS 90-test_sslapi.t ................... ok 90-test_sslbuffers.t ............... ok 90-test_store.t .................... ok +90-test_store_cases.t .............. ok 90-test_sysdefault.t ............... ok 90-test_threads.t .................. ok 90-test_time_offset.t .............. ok @@ -251,5 +252,5 @@ Result: NOTESTS 99-test_fuzz_server.t .............. ok 99-test_fuzz_x509.t ................ ok All tests successful. -Files=249, Tests=3317, +Files=250, Tests=3322, Result: PASS From 1ea9752b97a8f42663c4abcd095ca02bee1f11c0 Mon Sep 17 00:00:00 2001 From: Andy Fiddaman Date: Tue, 1 Aug 2023 16:52:13 +0000 Subject: [PATCH 3/3] OpenSSL: security patches for 1.0.2 --- build/openssl/build-1.0.sh | 2 +- build/openssl/patches-1.0/CVE-2023-0465.patch | 46 +++++++++ build/openssl/patches-1.0/CVE-2023-3446.patch | 95 +++++++++++++++++++ build/openssl/patches-1.0/CVE-2023-3817.patch | 51 ++++++++++ build/openssl/patches-1.0/series | 3 + 5 files changed, 196 insertions(+), 1 deletion(-) create mode 100644 build/openssl/patches-1.0/CVE-2023-0465.patch create mode 100644 build/openssl/patches-1.0/CVE-2023-3446.patch create mode 100644 build/openssl/patches-1.0/CVE-2023-3817.patch diff --git a/build/openssl/build-1.0.sh b/build/openssl/build-1.0.sh index 8509a4c66d..21f823ce40 100755 --- a/build/openssl/build-1.0.sh +++ b/build/openssl/build-1.0.sh @@ -20,7 +20,7 @@ PROG=openssl VER=1.0.2u -DASHREV=1 +DASHREV=2 PKG=library/security/openssl-10 SUMMARY="Cryptography and SSL/TLS Toolkit" DESC="A toolkit for Secure Sockets Layer and Transport Layer protocols " diff --git a/build/openssl/patches-1.0/CVE-2023-0465.patch b/build/openssl/patches-1.0/CVE-2023-0465.patch new file mode 100644 index 0000000000..b0f38eae42 --- /dev/null +++ b/build/openssl/patches-1.0/CVE-2023-0465.patch @@ -0,0 +1,46 @@ +Origin: backport, https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b013765abfa80036dc779dd0e50602c57bb3bf95 + +From b013765abfa80036dc779dd0e50602c57bb3bf95 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Tue, 7 Mar 2023 16:52:55 +0000 +Subject: [PATCH] Ensure that EXFLAG_INVALID_POLICY is checked even in leaf + certs + +Even though we check the leaf cert to confirm it is valid, we +later ignored the invalid flag and did not notice that the leaf +cert was bad. + +Fixes: CVE-2023-0465 + +Reviewed-by: Hugo Landau +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/20588) +diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/x509/x509_vfy.c a/crypto/x509/x509_vfy.c +--- a~/crypto/x509/x509_vfy.c 1970-01-01 00:00:00 ++++ a/crypto/x509/x509_vfy.c 1970-01-01 00:00:00 +@@ -1765,16 +1765,23 @@ static int check_policy(X509_STORE_CTX * + * Locate certificates with bad extensions and notify callback. + */ + X509 *x; +- int i; +- for (i = 1; i < sk_X509_num(ctx->chain); i++) { ++ int i, cbcalled = 0; ++ for (i = 0; i < sk_X509_num(ctx->chain); i++) { + x = sk_X509_value(ctx->chain, i); + if (!(x->ex_flags & EXFLAG_INVALID_POLICY)) + continue; ++ cbcalled = 1; + ctx->current_cert = x; + ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION; + if (!ctx->verify_cb(0, ctx)) + return 0; + } ++ if (!cbcalled) { ++ /* Should not be able to get here */ ++ X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR); ++ return 0; ++ } ++ /* The callback ignored the error so we return success */ + return 1; + } + if (ret == -2) { diff --git a/build/openssl/patches-1.0/CVE-2023-3446.patch b/build/openssl/patches-1.0/CVE-2023-3446.patch new file mode 100644 index 0000000000..535600a952 --- /dev/null +++ b/build/openssl/patches-1.0/CVE-2023-3446.patch @@ -0,0 +1,95 @@ +From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Thu, 6 Jul 2023 16:36:35 +0100 +Subject: [PATCH] Fix DH_check() excessive time with over sized modulus + +The DH_check() function checks numerous aspects of the key or parameters +that have been supplied. Some of those checks use the supplied modulus +value even if it is excessively large. + +There is already a maximum DH modulus size (10,000 bits) over which +OpenSSL will not generate or derive keys. DH_check() will however still +perform various tests for validity on such a large modulus. We introduce a +new maximum (32,768) over which DH_check() will just fail. + +An application that calls DH_check() and supplies a key or parameters +obtained from an untrusted source could be vulnerable to a Denial of +Service attack. + +The function DH_check() is itself called by a number of other OpenSSL +functions. An application calling any of those other functions may +similarly be affected. The other functions affected by this are +DH_check_ex() and EVP_PKEY_param_check(). + +CVE-2023-3446 + +Reviewed-by: Paul Dale +Reviewed-by: Tom Cosgrove +Reviewed-by: Bernd Edlinger +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/21452) + +diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh.h a/crypto/dh/dh.h +--- a~/crypto/dh/dh.h 1970-01-01 00:00:00 ++++ a/crypto/dh/dh.h 1970-01-01 00:00:00 +@@ -76,6 +76,9 @@ + # ifndef OPENSSL_DH_MAX_MODULUS_BITS + # define OPENSSL_DH_MAX_MODULUS_BITS 10000 + # endif ++# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS ++# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 ++# endif + + # define DH_FLAG_CACHE_MONT_P 0x01 + +@@ -363,6 +366,7 @@ int DH_KDF_X9_42(unsigned char *out, siz + * The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ ++ + void ERR_load_DH_strings(void); + + /* Error codes for the DH functions. */ +@@ -371,6 +375,7 @@ void ERR_load_DH_strings(void); + # define DH_F_COMPUTE_KEY 102 + # define DH_F_DHPARAMS_PRINT_FP 101 + # define DH_F_DH_BUILTIN_GENPARAMS 106 ++# define DH_F_DH_CHECK 120 + # define DH_F_DH_CMS_DECRYPT 117 + # define DH_F_DH_CMS_SET_PEERKEY 118 + # define DH_F_DH_CMS_SET_SHARED_INFO 119 +diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c +--- a~/crypto/dh/dh_check.c 1970-01-01 00:00:00 ++++ a/crypto/dh/dh_check.c 1970-01-01 00:00:00 +@@ -78,6 +78,12 @@ int DH_check(const DH *dh, int *ret) + BN_ULONG l; + BIGNUM *t1 = NULL, *t2 = NULL; + ++ /* Don't do any checks at all with an excessively large modulus */ ++ if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { ++ DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); ++ return 0; ++ } ++ + *ret = 0; + ctx = BN_CTX_new(); + if (ctx == NULL) +diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_err.c a/crypto/dh/dh_err.c +--- a~/crypto/dh/dh_err.c 1970-01-01 00:00:00 ++++ a/crypto/dh/dh_err.c 1970-01-01 00:00:00 +@@ -1,6 +1,6 @@ + /* crypto/dh/dh_err.c */ + /* ==================================================================== +- * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. ++ * Copyright (c) 1999-2023 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions +@@ -73,6 +73,7 @@ static ERR_STRING_DATA DH_str_functs[] = + {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"}, + {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"}, + {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"}, ++ {ERR_FUNC(DH_F_DH_CHECK), "DH_check"}, + {ERR_FUNC(DH_F_DH_CMS_DECRYPT), "DH_CMS_DECRYPT"}, + {ERR_FUNC(DH_F_DH_CMS_SET_PEERKEY), "DH_CMS_SET_PEERKEY"}, + {ERR_FUNC(DH_F_DH_CMS_SET_SHARED_INFO), "DH_CMS_SET_SHARED_INFO"}, diff --git a/build/openssl/patches-1.0/CVE-2023-3817.patch b/build/openssl/patches-1.0/CVE-2023-3817.patch new file mode 100644 index 0000000000..7cb48c9222 --- /dev/null +++ b/build/openssl/patches-1.0/CVE-2023-3817.patch @@ -0,0 +1,51 @@ +From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Fri, 21 Jul 2023 11:39:41 +0200 +Subject: [PATCH] DH_check(): Do not try checking q properties if it is + obviously invalid + +If |q| >= |p| then the q value is obviously wrong as q +is supposed to be a prime divisor of p-1. + +We check if p is overly large so this added test implies that +q is not large either when performing subsequent tests using that +q value. + +Otherwise if it is too large these additional checks of the q value +such as the primality test can then trigger DoS by doing overly long +computations. + +Fixes CVE-2023-3817 + +Reviewed-by: Paul Dale +Reviewed-by: Matt Caswell +(Merged from https://github.com/openssl/openssl/pull/21551) + +diff -wpruN --no-dereference '--exclude=*.orig' a~/crypto/dh/dh_check.c a/crypto/dh/dh_check.c +--- a~/crypto/dh/dh_check.c 1970-01-01 00:00:00 ++++ a/crypto/dh/dh_check.c 1970-01-01 00:00:00 +@@ -73,7 +73,7 @@ + + int DH_check(const DH *dh, int *ret) + { +- int ok = 0; ++ int ok = 0, q_good = 0; + BN_CTX *ctx = NULL; + BN_ULONG l; + BIGNUM *t1 = NULL, *t2 = NULL; +@@ -96,7 +96,14 @@ int DH_check(const DH *dh, int *ret) + if (t2 == NULL) + goto err; + +- if (dh->q) { ++ if (dh->q != NULL) { ++ if (BN_ucmp(dh->p, dh->q) > 0) ++ q_good = 1; ++ else ++ *ret |= DH_CHECK_INVALID_Q_VALUE; ++ } ++ ++ if (q_good) { + if (BN_cmp(dh->g, BN_value_one()) <= 0) + *ret |= DH_NOT_SUITABLE_GENERATOR; + else if (BN_cmp(dh->g, dh->p) >= 0) diff --git a/build/openssl/patches-1.0/series b/build/openssl/patches-1.0/series index 2864e8acc8..461f3080f3 100644 --- a/build/openssl/patches-1.0/series +++ b/build/openssl/patches-1.0/series @@ -15,4 +15,7 @@ CVE-2022-2068.patch CVE-2023-0215.patch CVE-2023-0286.patch CVE-2023-0464.patch +CVE-2023-0465.patch CVE-2023-2650.patch +CVE-2023-3446.patch +CVE-2023-3817.patch