https://gitcode.net/openharmony/third_party_openssl/-/commit/8de8ba4eebd3c07487875cb9e6ad736e1b6ccf76Fix DH_check() excessive time with over sized modulus2023-07-31T16:31:56+08:00Matt Caswellmatt@openssl.org
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.
There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.
An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.
The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().
CVE-2023-3446
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg4" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg4" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/dcf9b01a2fdca5221d12957d0a831d6edbbf18a4Add a test for CVE-2023-34462023-07-31T16:32:53+08:00Matt Caswellmatt@openssl.org
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg4" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/858097216d38e70d0d9cd84dde9295fc80f0e99cUpdate CHANGES/NEWS for CVE-2023-34462023-07-31T16:34:55+08:00Matt Caswellmatt@openssl.orgReviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">Tom Cosgrove</a> <<a href="mailto:tom.cosgrove@arm.com" title="tom.cosgrove@arm.com">tom.cosgrove@arm.com</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">Bernd Edlinger</a> <<a href="mailto:bernd.edlinger@hotmail.de" title="bernd.edlinger@hotmail.de">bernd.edlinger@hotmail.de</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:tomas@openssl.org" title="tomas@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:tomas@openssl.org" title="tomas@openssl.org">Tomas Mraz</a> <<a href="mailto:tomas@openssl.org" title="tomas@openssl.org">tomas@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21452" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21452</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg6" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/c66e51e2cfbc64b5edfd6f308a25e560245c6dcc!126 fix-CVE-2023-3446-for-OpenHarmony-3.2-Release2023-08-02T07:21:59+00:00openharmony_ci120357966@qq.comMerge pull request !126 from code4lala/fix-CVE-2023-3446-for-OpenHarmony-3.2-Releasehttps://gitcode.net/openharmony/third_party_openssl/-/commit/57a34f9a8fa3a757f3f1361aa19d7361a128aa59DH_check(): Do not try checking q properties if it is obviously invalid2023-08-07T14:59:08+08:00Tomas Mraztomas@openssl.org
If |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.
We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.
Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.
Fixes CVE-2023-3817
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg1" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:matt@openssl.org" title="matt@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg4" style="text-decoration: none">N</a><a href="mailto:matt@openssl.org" title="matt@openssl.org">Matt Caswell</a> <<a href="mailto:matt@openssl.org" title="matt@openssl.org">matt@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21551" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21551</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg3" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/5a1462e3718849da9b6709af353e88d8f9f62f78Add CHANGES/NEWS for CVE-2023-38172023-08-07T15:01:06+08:00Tomas Mraztomas@openssl.orgReviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:pauli@openssl.org" title="pauli@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:pauli@openssl.org" title="pauli@openssl.org">Paul Dale</a> <<a href="mailto:pauli@openssl.org" title="pauli@openssl.org">pauli@openssl.org</a>></span>
Reviewed-by: <span data-trailer="Reviewed-by:"><a href="mailto:matt@openssl.org" title="matt@openssl.org"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg5" style="text-decoration: none">N</a><a href="mailto:matt@openssl.org" title="matt@openssl.org">Matt Caswell</a> <<a href="mailto:matt@openssl.org" title="matt@openssl.org">matt@openssl.org</a>></span>
(Merged from <a href="https://github.com/openssl/openssl/pull/21551" rel="nofollow noreferrer noopener" target="_blank">https://github.com/openssl/openssl/pull/21551</a>)
Signed-off-by: <span data-trailer="Signed-off-by:"><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com"></a><a href="javascript:void(0)" class="avatar s16 avatar-inline identicon bg2" style="text-decoration: none">N</a><a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">code4lala</a> <<a href="mailto:fengziteng2@huawei.com" title="fengziteng2@huawei.com">fengziteng2@huawei.com</a>></span>https://gitcode.net/openharmony/third_party_openssl/-/commit/53f8dd5dbfb24242bdd31a386491a5f1fb0bc950!130 fix-CVE-2023-3817-for-OpenHarmony-3.2-Release2023-08-07T12:25:49+00:00openharmony_ci120357966@qq.comMerge pull request !130 from code4lala/fix-CVE-2023-3817-for-OpenHarmony-3.2-Release