Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/openssl30: Security update for CVE-2023-3187 (Low)
Security: bad6588e-2fe0-11ee-a0d1-84a93843eb75
- Loading branch information
Showing
2 changed files
with
59 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| From 9002fd07327a91f35ba6c1307e71fa6fd4409b7f Mon Sep 17 00:00:00 2001 | ||
| From: Tomas Mraz <tomas@openssl.org> | ||
| Date: Tue, 25 Jul 2023 15:22:48 +0200 | ||
| Subject: [PATCH] DH_check(): Do not try checking q properties if it is | ||
| obviously invalid | ||
|
|
||
| If |q| >= |p| then the q value is obviously wrong as q | ||
| is supposed to be a prime divisor of p-1. | ||
|
|
||
| We check if p is overly large so this added test implies that | ||
| q is not large either when performing subsequent tests using that | ||
| q value. | ||
|
|
||
| Otherwise if it is too large these additional checks of the q value | ||
| such as the primality test can then trigger DoS by doing overly long | ||
| computations. | ||
|
|
||
| Fixes CVE-2023-3817 | ||
|
|
||
| Reviewed-by: Matt Caswell <matt@openssl.org> | ||
| Reviewed-by: Paul Dale <pauli@openssl.org> | ||
| Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> | ||
| Reviewed-by: Todd Short <todd.short@me.com> | ||
| (Merged from https://github.com/openssl/openssl/pull/21550) | ||
|
|
||
| (cherry picked from commit 1c16253f3c3a8d1e25918c3f404aae6a5b0893de) | ||
| (cherry picked from commit 6a1eb62c29db6cb5eec707f9338aee00f44e26f5) | ||
| --- | ||
| crypto/dh/dh_check.c | 9 ++++++++- | ||
| 1 file changed, 8 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c | ||
| index aef6f9b1b77d..fbe279756954 100644 | ||
| --- crypto/dh/dh_check.c.orig | ||
| +++ crypto/dh/dh_check.c | ||
| @@ -143,7 +143,7 @@ int DH_check(const DH *dh, int *ret) | ||
| #ifdef FIPS_MODULE | ||
| return DH_check_params(dh, ret); | ||
| #else | ||
| - int ok = 0, r; | ||
| + int ok = 0, r, q_good = 0; | ||
| BN_CTX *ctx = NULL; | ||
| BIGNUM *t1 = NULL, *t2 = NULL; | ||
| int nid = DH_get_nid((DH *)dh); | ||
| @@ -172,6 +172,13 @@ int DH_check(const DH *dh, int *ret) | ||
| goto err; | ||
|
|
||
| if (dh->params.q != NULL) { | ||
| + if (BN_ucmp(dh->params.p, dh->params.q) > 0) | ||
| + q_good = 1; | ||
| + else | ||
| + *ret |= DH_CHECK_INVALID_Q_VALUE; | ||
| + } | ||
| + | ||
| + if (q_good) { | ||
| if (BN_cmp(dh->params.g, BN_value_one()) <= 0) | ||
| *ret |= DH_NOT_SUITABLE_GENERATOR; | ||
| else if (BN_cmp(dh->params.g, dh->params.p) >= 0) |