Skip to content

Commit 9e20994

Browse files
levittet8m
authored andcommitted
Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
1 parent 3cc6933 commit 9e20994

File tree

3 files changed

+47
-0
lines changed

3 files changed

+47
-0
lines changed

Diff for: CHANGES

+26
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,32 @@
99

1010
Changes between 1.1.1t and 1.1.1u [xx XXX xxxx]
1111

12+
*) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
13+
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
14+
15+
OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
16+
numeric text form. For gigantic sub-identifiers, this would take a very
17+
long time, the time complexity being O(n^2) where n is the size of that
18+
sub-identifier. (CVE-2023-2650)
19+
20+
To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
21+
IDENTIFIER to canonical numeric text form if the size of that OBJECT
22+
IDENTIFIER is 586 bytes or less, and fail otherwise.
23+
24+
The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
25+
IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
26+
most 128 sub-identifiers, and that the maximum value that each sub-
27+
identifier may have is 2^32-1 (4294967295 decimal).
28+
29+
For each byte of every sub-identifier, only the 7 lower bits are part of
30+
the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
31+
these restrictions may occupy is 32 * 128 / 7, which is approximately 586
32+
bytes.
33+
34+
Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
35+
36+
[Richard Levitte]
37+
1238
*) Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304).
1339
The previous fix for this timing side channel turned out to cause
1440
a severe 2-3x performance regression in the typical use case

Diff for: NEWS

+2
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,8 @@
77

88
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [under development]
99

10+
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
11+
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
1012
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
1113
o Fixed handling of invalid certificate policies in leaf certificates
1214
(CVE-2023-0465)

Diff for: crypto/objects/obj_dat.c

+19
Original file line numberDiff line numberDiff line change
@@ -428,6 +428,25 @@ int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
428428
first = 1;
429429
bl = NULL;
430430

431+
/*
432+
* RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
433+
*
434+
* > 3.5. OBJECT IDENTIFIER values
435+
* >
436+
* > An OBJECT IDENTIFIER value is an ordered list of non-negative
437+
* > numbers. For the SMIv2, each number in the list is referred to as a
438+
* > sub-identifier, there are at most 128 sub-identifiers in a value,
439+
* > and each sub-identifier has a maximum value of 2^32-1 (4294967295
440+
* > decimal).
441+
*
442+
* So a legitimate OID according to this RFC is at most (32 * 128 / 7),
443+
* i.e. 586 bytes long.
444+
*
445+
* Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
446+
*/
447+
if (len > 586)
448+
goto err;
449+
431450
while (len > 0) {
432451
l = 0;
433452
use_bn = 0;

0 commit comments

Comments
 (0)