https://gitcode.net/openharmony/third_party_openssl/-/commit/4377827ffae6060bc647ed1f76d5d3b637708db7Fix DH_check() excessive time with over sized modulus2023-07-31T16:48:26+08:00Matt Caswellmatt@openssl.org
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.
There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.
An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().
CVE-2023-3446
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/998e0af2e618c8c066eb5b212c5105ec3504302fAdd a test for CVE-2023-34462023-07-31T16:48:35+08:00Matt Caswellmatt@openssl.org
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg1" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg1" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/96f1baaaa7b607ad4721b7ff9730c62dc6192552Update CHANGES/NEWS for CVE-2023-34462023-07-31T16:49:31+08:00Matt Caswellmatt@openssl.orgReviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/58dcbf4a09d58df5cf19e39b96d3bebd08bc0116!128 fix-CVE-2023-3446-for-OpenHarmony-3.0-LTS2023-08-02T08:01:54+00:00openharmony_ci120357966@qq.comMerge pull request !128 from code4lala/fix-CVE-2023-3446-for-OpenHarmony-3.0-LTShttps://gitcode.net/openharmony/third_party_openssl/-/commit/dea119810ce81d14abb50a0905ae97100366e737DH_check(): Do not try checking q properties if it is obviously invalid2023-08-07T15:06:54+08:00Tomas Mraztomas@openssl.org
If |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.
We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.
Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.
Fixes CVE-2023-3817
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:matt@openssl.org" title="matt@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:matt@openssl.org" title="matt@openssl.org">Matt Caswell</a> <<a href="mailto:matt@openssl.org" title="matt@openssl.org">matt@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21551" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21551</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/3501c55090a809dc20bc65e964b6b2d6a9b38d9dAdd CHANGES/NEWS for CVE-2023-38172023-08-07T15:07:47+08:00Tomas Mraztomas@openssl.orgReviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:matt@openssl.org" title="matt@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg4" style="text-decoration: none">N</a><a href="mailto:matt@openssl.org" title="matt@openssl.org">Matt Caswell</a> <<a href="mailto:matt@openssl.org" title="matt@openssl.org">matt@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21551" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21551</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg1" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/882a3636330d75343de64512e6d07a2ec6adf8a7!132 fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS2023-08-07T12:33:29+00:00openharmony_ci120357966@qq.comMerge pull request !132 from code4lala/fix-CVE-2023-3817-for-OpenHarmony-3.0-LTS