rpms
/
openssl3
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix occasional internal error in TLS when DHE is used

Browse Source 
Resolves: rhbz#2004915
Signed-off-by: Clemens Lang <cllang@redhat.com>
epel8
Clemens Lang 3 years ago
parent 153f593fa6
commit 93ff3f8fe5
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File

53
0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
Unescape View File

@ -0,0 +1,53 @@
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Wed, 2 Feb 2022 17:47:26 +0100
Subject: [PATCH] Replace size check with more meaningful pubkey check
It does not make sense to check the size because this
function can be used in other contexts than in TLS-1.3 and
the value might not be padded to the size of p.
However it makes sense to do the partial pubkey check because
there is no valid reason having the pubkey value outside the
1 < pubkey < p-1 bounds.
Fixes #15465
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17630)
---
crypto/dh/dh_key.c | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 6b8cd550f2..c78ed618bf 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
int err_reason = DH_R_BN_ERROR;
BIGNUM *pubkey = NULL;
const BIGNUM *p;
- size_t p_size;
+ int ret;
if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
goto err;
DH_get0_pqg(dh, &p, NULL, NULL);
- if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
+ if (p == NULL || BN_num_bytes(p) == 0) {
err_reason = DH_R_NO_PARAMETERS_SET;
goto err;
}
- /*
- * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
- * public key is of size not equal to size of p
- */
- if (BN_is_zero(pubkey) || p_size != len) {
+ /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
+ if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
err_reason = DH_R_INVALID_PUBKEY;
goto err;
}
--
2.35.1

8
openssl.spec
Unescape View File

@ -15,7 +15,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.0.1
Release: 20%{?dist}
Release: 21%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@ -86,6 +86,8 @@ Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch
Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# CVE 2022-0778
Patch53: 0053-CVE-2022-0778.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2004915, backport of 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62
Patch54: 0054-Replace-size-check-with-more-meaningful-pubkey-check.patch
License: ASL 2.0
URL: http://www.openssl.org/
@ -416,6 +418,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs
%changelog
* Tue Mar 22 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-21
- Fix occasional internal error in TLS when DHE is used
- Resolves: rhbz#2004915
* Fri Mar 18 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-20
- Fix acceptance of SHA-1 certificates with rh-allow-sha1-signatures = yes when
no OpenSSL library context is set

Write Preview
Loading…
Cancel
Save