Skip to content

Commit 8780a89

Browse files
mattcaswellt8m
authored andcommitted
Fix DH_check() excessive time with over sized modulus
The DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it is excessively large. There is already a maximum DH modulus size (10,000 bits) over which OpenSSL will not generate or derive keys. DH_check() will however still perform various tests for validity on such a large modulus. We introduce a new maximum (32,768) over which DH_check() will just fail. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). CVE-2023-3446 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #21452)
1 parent fe824ce commit 8780a89

File tree

5 files changed

+15
-3
lines changed

5 files changed

+15
-3
lines changed

Diff for: crypto/dh/dh_check.c

+6
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
101101
BN_CTX *ctx = NULL;
102102
BIGNUM *t1 = NULL, *t2 = NULL;
103103

104+
/* Don't do any checks at all with an excessively large modulus */
105+
if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
106+
DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
107+
return 0;
108+
}
109+
104110
if (!DH_check_params(dh, ret))
105111
return 0;
106112

Diff for: crypto/dh/dh_err.c

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* Generated by util/mkerr.pl DO NOT EDIT
3-
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3+
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
44
*
55
* Licensed under the OpenSSL license (the "License"). You may not use
66
* this file except in compliance with the License. You can obtain a copy
@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
1818
{ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
1919
{ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
2020
"dh_builtin_genparams"},
21+
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
2122
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
2223
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
2324
{ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},

Diff for: crypto/err/openssl.txt

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
1+
# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
22
#
33
# Licensed under the OpenSSL license (the "License"). You may not use
44
# this file except in compliance with the License. You can obtain a copy
@@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
401401
DH_F_COMPUTE_KEY:102:compute_key
402402
DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
403403
DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
404+
DH_F_DH_CHECK:126:DH_check
404405
DH_F_DH_CHECK_EX:121:DH_check_ex
405406
DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
406407
DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex

Diff for: include/openssl/dh.h

+3
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,9 @@ extern "C" {
2929
# ifndef OPENSSL_DH_MAX_MODULUS_BITS
3030
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
3131
# endif
32+
# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
33+
# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768
34+
# endif
3235

3336
# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
3437

Diff for: include/openssl/dherr.h

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* Generated by util/mkerr.pl DO NOT EDIT
3-
* Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
3+
* Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
44
*
55
* Licensed under the OpenSSL license (the "License"). You may not use
66
* this file except in compliance with the License. You can obtain a copy
@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
3030
# define DH_F_COMPUTE_KEY 102
3131
# define DH_F_DHPARAMS_PRINT_FP 101
3232
# define DH_F_DH_BUILTIN_GENPARAMS 106
33+
# define DH_F_DH_CHECK 126
3334
# define DH_F_DH_CHECK_EX 121
3435
# define DH_F_DH_CHECK_PARAMS_EX 122
3536
# define DH_F_DH_CHECK_PUB_KEY_EX 123

0 commit comments

Comments
 (0)