!132 fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS

Merge pull request !132 from code4lala/fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS

!132 fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS
Merge pull request !132 from code4lala/fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS
882a3636 · openharmony_ci · Gitee · 58dcbf4a · 3501c550 · 882a3636
显示空白变更内容
内联并排

Showing with 26 addition and 2 deletion

CHANGES CHANGES +16 -0

NEWS NEWS +1 -0

crypto/dh/dh_check.c crypto/dh/dh_check.c +9 -2

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,22 @@
 For a full list of changes, see the git commit log; for example,
 https://github.com/openssl/openssl/commits/ and pick the appropriate
 release branch.
+ *) Fix excessive time spent checking DH q parameter value.
+
+    The function DH_check() performs various checks on DH parameters. After
+    fixing CVE-2023-3446 it was discovered that a large q parameter value can
+    also trigger an overly long computation during some of these checks.
+    A correct q value, if present, cannot be larger than the modulus p
+    parameter, thus it is unnecessary to perform these checks if q is larger
+    than p.
+
+    If DH_check() is called with such q parameter value,
+    DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
+    intensive checks are skipped.
+
+    (CVE-2023-3817)
+    [Tomáš Mráz]
+
 *) Fix DH_check() excessive time with over sized modulus

    The function DH_check() performs various checks on DH parameters. One of

--- a/NEWS
+++ b/NEWS
@@ -4,6 +4,7 @@

  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.
+      o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
      o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
      o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
      o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic

--- a/crypto/dh/dh_check.c
+++ b/crypto/dh/dh_check.c
@@ -97,7 +97,7 @@ int DH_check_ex(const DH *dh)

 int DH_check(const DH *dh, int *ret)
 {
-    int ok = 0, r;
+    int ok = 0, r, q_good = 0;
    BN_CTX *ctx = NULL;
    BIGNUM *t1 = NULL, *t2 = NULL;

@@ -119,7 +119,14 @@ int DH_check(const DH *dh, int *ret)
    if (t2 == NULL)
        goto err;

-    if (dh->q) {
+    if (dh->q != NULL) {
+        if (BN_ucmp(dh->p, dh->q) > 0)
+            q_good = 1;
+        else
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+    }
+
+    if (q_good) {
        if (BN_cmp(dh->g, BN_value_one()) <= 0)
            *ret |= DH_NOT_SUITABLE_GENERATOR;
        else if (BN_cmp(dh->g, dh->p) >= 0)