Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/openssl: Security update for CVE-2023-3817 (Low)
Security: bad6588e-2fe0-11ee-a0d1-84a93843eb75
- Loading branch information
Showing
2 changed files
with
56 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 | ||
| From: Tomas Mraz <tomas@openssl.org> | ||
| Date: Fri, 21 Jul 2023 11:39:41 +0200 | ||
| Subject: [PATCH] DH_check(): Do not try checking q properties if it is | ||
| obviously invalid | ||
|
|
||
| If |q| >= |p| then the q value is obviously wrong as q | ||
| is supposed to be a prime divisor of p-1. | ||
|
|
||
| We check if p is overly large so this added test implies that | ||
| q is not large either when performing subsequent tests using that | ||
| q value. | ||
|
|
||
| Otherwise if it is too large these additional checks of the q value | ||
| such as the primality test can then trigger DoS by doing overly long | ||
| computations. | ||
|
|
||
| Fixes CVE-2023-3817 | ||
|
|
||
| Reviewed-by: Paul Dale <pauli@openssl.org> | ||
| Reviewed-by: Matt Caswell <matt@openssl.org> | ||
| (Merged from https://github.com/openssl/openssl/pull/21551) | ||
| --- | ||
| crypto/dh/dh_check.c | 11 +++++++++-- | ||
| 1 file changed, 9 insertions(+), 2 deletions(-) | ||
|
|
||
| diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c | ||
| index 2001d2e7cb19..9ae96991eb4a 100644 | ||
| --- crypto/dh/dh_check.c.orig | ||
| +++ crypto/dh/dh_check.c | ||
| @@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh) | ||
|
|
||
| int DH_check(const DH *dh, int *ret) | ||
| { | ||
| - int ok = 0, r; | ||
| + int ok = 0, r, q_good = 0; | ||
| BN_CTX *ctx = NULL; | ||
| BIGNUM *t1 = NULL, *t2 = NULL; | ||
|
|
||
| @@ -120,7 +120,14 @@ int DH_check(const DH *dh, int *ret) | ||
| if (t2 == NULL) | ||
| goto err; | ||
|
|
||
| - if (dh->q) { | ||
| + if (dh->q != NULL) { | ||
| + if (BN_ucmp(dh->p, dh->q) > 0) | ||
| + q_good = 1; | ||
| + else | ||
| + *ret |= DH_CHECK_INVALID_Q_VALUE; | ||
| + } | ||
| + | ||
| + if (q_good) { | ||
| if (BN_cmp(dh->g, BN_value_one()) <= 0) | ||
| *ret |= DH_NOT_SUITABLE_GENERATOR; | ||
| else if (BN_cmp(dh->g, dh->p) >= 0) |