Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
Resolves: RHEL-15954
This commit is contained in:
parent
72772f737e
commit
f1d5ccdb6e
143
0130-CVE-2023-5678.patch
Normal file
143
0130-CVE-2023-5678.patch
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
|
||||||
|
index 7ba2beae7f..e20eb62081 100644
|
||||||
|
--- a/crypto/dh/dh_check.c
|
||||||
|
+++ b/crypto/dh/dh_check.c
|
||||||
|
@@ -249,6 +249,18 @@ int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
|
||||||
|
*/
|
||||||
|
int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
|
||||||
|
{
|
||||||
|
+ /* Don't do any checks at all with an excessively large modulus */
|
||||||
|
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
|
||||||
|
+ *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) {
|
||||||
|
+ *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return ossl_ffc_validate_public_key(&dh->params, pub_key, ret);
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
|
||||||
|
index 4152397426..f76ac0dd14 100644
|
||||||
|
--- a/crypto/dh/dh_err.c
|
||||||
|
+++ b/crypto/dh/dh_err.c
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -54,6 +54,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
|
||||||
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
|
||||||
|
"parameter encoding error"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
|
||||||
|
+ {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
|
||||||
|
{ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
|
||||||
|
"unable to check generator"},
|
||||||
|
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
|
||||||
|
index d84ea99241..afc49f5cdc 100644
|
||||||
|
--- a/crypto/dh/dh_key.c
|
||||||
|
+++ b/crypto/dh/dh_key.c
|
||||||
|
@@ -49,6 +49,12 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (dh->params.q != NULL
|
||||||
|
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
|
||||||
|
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
|
||||||
|
return 0;
|
||||||
|
@@ -267,6 +273,12 @@ static int generate_key(DH *dh)
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (dh->params.q != NULL
|
||||||
|
+ && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) {
|
||||||
|
+ ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE);
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) {
|
||||||
|
ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL);
|
||||||
|
return 0;
|
||||||
|
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
|
||||||
|
index e51504b7ab..36de321b74 100644
|
||||||
|
--- a/crypto/err/openssl.txt
|
||||||
|
+++ b/crypto/err/openssl.txt
|
||||||
|
@@ -500,6 +500,7 @@ DH_R_NO_PARAMETERS_SET:107:no parameters set
|
||||||
|
DH_R_NO_PRIVATE_VALUE:100:no private value
|
||||||
|
DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
|
||||||
|
DH_R_PEER_KEY_ERROR:111:peer key error
|
||||||
|
+DH_R_Q_TOO_LARGE:130:q too large
|
||||||
|
DH_R_SHARED_INFO_ERROR:113:shared info error
|
||||||
|
DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
|
||||||
|
DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters
|
||||||
|
diff --git a/include/crypto/dherr.h b/include/crypto/dherr.h
|
||||||
|
index bb24d131eb..519327f795 100644
|
||||||
|
--- a/include/crypto/dherr.h
|
||||||
|
+++ b/include/crypto/dherr.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
diff --git a/include/openssl/dh.h b/include/openssl/dh.h
|
||||||
|
index 6533260f20..50e0cf54be 100644
|
||||||
|
--- a/include/openssl/dh.h
|
||||||
|
+++ b/include/openssl/dh.h
|
||||||
|
@@ -141,7 +141,7 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||||
|
# define DH_GENERATOR_3 3
|
||||||
|
# define DH_GENERATOR_5 5
|
||||||
|
|
||||||
|
-/* DH_check error codes */
|
||||||
|
+/* DH_check error codes, some of them shared with DH_check_pub_key */
|
||||||
|
/*
|
||||||
|
* NB: These values must align with the equivalently named macros in
|
||||||
|
* internal/ffc.h.
|
||||||
|
@@ -151,10 +151,10 @@ DECLARE_ASN1_ITEM(DHparams)
|
||||||
|
# define DH_UNABLE_TO_CHECK_GENERATOR 0x04
|
||||||
|
# define DH_NOT_SUITABLE_GENERATOR 0x08
|
||||||
|
# define DH_CHECK_Q_NOT_PRIME 0x10
|
||||||
|
-# define DH_CHECK_INVALID_Q_VALUE 0x20
|
||||||
|
+# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */
|
||||||
|
# define DH_CHECK_INVALID_J_VALUE 0x40
|
||||||
|
# define DH_MODULUS_TOO_SMALL 0x80
|
||||||
|
-# define DH_MODULUS_TOO_LARGE 0x100
|
||||||
|
+# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */
|
||||||
|
|
||||||
|
/* DH_check_pub_key error codes */
|
||||||
|
# define DH_CHECK_PUBKEY_TOO_SMALL 0x01
|
||||||
|
diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
|
||||||
|
index 5d2a762a96..074a70145f 100644
|
||||||
|
--- a/include/openssl/dherr.h
|
||||||
|
+++ b/include/openssl/dherr.h
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
/*
|
||||||
|
* Generated by util/mkerr.pl DO NOT EDIT
|
||||||
|
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
* this file except in compliance with the License. You can obtain a copy
|
||||||
|
@@ -50,6 +50,7 @@
|
||||||
|
# define DH_R_NO_PRIVATE_VALUE 100
|
||||||
|
# define DH_R_PARAMETER_ENCODING_ERROR 105
|
||||||
|
# define DH_R_PEER_KEY_ERROR 111
|
||||||
|
+# define DH_R_Q_TOO_LARGE 130
|
||||||
|
# define DH_R_SHARED_INFO_ERROR 113
|
||||||
|
# define DH_R_UNABLE_TO_CHECK_GENERATOR 121
|
||||||
|
|
@ -203,6 +203,7 @@ Patch127: 0127-CVE-2023-3817.patch
|
|||||||
Patch128: 0128-CVE-2023-5363.patch
|
Patch128: 0128-CVE-2023-5363.patch
|
||||||
# https://github.com/openssl/openssl/pull/22403
|
# https://github.com/openssl/openssl/pull/22403
|
||||||
Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
Patch129: 0129-rsa-Add-SP800-56Br2-6.4.1.2.1-3.c-check.patch
|
||||||
|
Patch130: 0130-CVE-2023-5678.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -555,6 +556,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
|
|||||||
Resolves: RHEL-14083
|
Resolves: RHEL-14083
|
||||||
- Add missing ECDH Public Key Check in FIPS mode
|
- Add missing ECDH Public Key Check in FIPS mode
|
||||||
Resolves: RHEL-15990
|
Resolves: RHEL-15990
|
||||||
|
- Excessive time spent in DH check/generation with large Q parameter value (CVE-2023-5678)
|
||||||
|
Resolves: RHEL-15954
|
||||||
|
|
||||||
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
* Wed Jul 12 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-24
|
||||||
- Make FIPS module configuration more crypto-policies friendly
|
- Make FIPS module configuration more crypto-policies friendly
|
||||||
|
Loading…
Reference in New Issue
Block a user