Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2023-05-31 21:54:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Wed May 31 21:54:58 2023 rev:34 rq:1089985 version:1.0.2u Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2023-04-04 21:27:40.943666456 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.1533/openssl-1_0_0.changes 2023-05-31 21:55:02.657199321 +0200 @@ -1,0 +2,7 @@ +Mon May 22 08:11:43 UTC 2023 - Otto Hollmann <[email protected]> + +- Security Fix: [CVE-2023-2650, bsc#1211430] + * Possible DoS translating ASN.1 object identifiers + * Add openssl-CVE-2023-2650.patch + +------------------------------------------------------------------- New: ---- openssl-CVE-2023-2650.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.Wwv0Yc/_old 2023-05-31 21:55:03.681205374 +0200 +++ /var/tmp/diff_new_pack.Wwv0Yc/_new 2023-05-31 21:55:03.685205397 +0200 @@ -126,6 +126,8 @@ Patch99: openssl-CVE-2023-0465.patch # PATCH-FIX-UPSTREAM: bsc#1209873, CVE-2023-0466 Certificate policy check not enabled Patch100: openssl-CVE-2023-0466.patch +# PATCH-FIX-UPSTREAM: bsc#1211430, CVE-2023-2650 Possible DoS translating ASN.1 object identifiers +Patch101: openssl-CVE-2023-2650.patch # steam patches Patch150: openssl-fix-cpuid_setup.patch # compat patches to build with soversion 10 (bsc#1175429) @@ -304,6 +306,7 @@ %patch98 -p1 %patch99 -p1 %patch100 -p1 +%patch101 -p1 # clean up patching leftovers find . -name '*.orig' -delete ++++++ openssl-CVE-2023-2650.patch ++++++ >From b82f94afbe612f8fcbcc74b6da42d03682fcdd8d Mon Sep 17 00:00:00 2001 From: Richard Levitte <[email protected]> Date: Fri, 12 May 2023 10:00:13 +0200 Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will translate OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. To mitigate this, a restriction on the size that OBJ_obj2txt() will translate to canonical numeric text form is added, based on RFC 2578 (STD 58), which says this: > 3.5. OBJECT IDENTIFIER values > > An OBJECT IDENTIFIER value is an ordered list of non-negative numbers. > For the SMIv2, each number in the list is referred to as a sub-identifier, > there are at most 128 sub-identifiers in a value, and each sub-identifier > has a maximum value of 2^32-1 (4294967295 decimal). Fixes otc/security#96 Fixes CVE-2023-2650 --- CHANGES | 26 ++++++++++++++++++++++++++ NEWS | 2 ++ crypto/objects/obj_dat.c | 19 +++++++++++++++++++ 3 files changed, 47 insertions(+) --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,32 @@ Changes between 1.0.2t and 1.0.2u [20 Dec 2019] + *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic + OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. + + OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical + numeric text form. For gigantic sub-identifiers, this would take a very + long time, the time complexity being O(n^2) where n is the size of that + sub-identifier. (CVE-2023-2650) + + To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT + IDENTIFIER to canonical numeric text form if the size of that OBJECT + IDENTIFIER is 586 bytes or less, and fail otherwise. + + The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT + IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at + most 128 sub-identifiers, and that the maximum value that each sub- + identifier may have is 2^32-1 (4294967295 decimal). + + For each byte of every sub-identifier, only the 7 lower bits are part of + the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with + these restrictions may occupy is 32 * 128 / 7, which is approximately 586 + bytes. + + Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 + + [Richard Levitte] + *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466) --- a/NEWS +++ b/NEWS @@ -7,6 +7,8 @@ Major changes between OpenSSL 1.0.2t and OpenSSL 1.0.2u [20 Dec 2019] + o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic + OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) o Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -515,6 +515,25 @@ int OBJ_obj2txt(char *buf, int buf_len, first = 1; bl = NULL; + /* + * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs: + * + * > 3.5. OBJECT IDENTIFIER values + * > + * > An OBJECT IDENTIFIER value is an ordered list of non-negative + * > numbers. For the SMIv2, each number in the list is referred to as a + * > sub-identifier, there are at most 128 sub-identifiers in a value, + * > and each sub-identifier has a maximum value of 2^32-1 (4294967295 + * > decimal). + * + * So a legitimate OID according to this RFC is at most (32 * 128 / 7), + * i.e. 586 bytes long. + * + * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 + */ + if (len > 586) + goto err; + while (len > 0) { l = 0; use_bn = 0;
