Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openssl-1_0_0 for openSUSE:Factory checked in at 2023-08-08 17:25:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_0_0 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.22712 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_0_0" Tue Aug 8 17:25:58 2023 rev:40 rq:1102939 version:1.0.2u Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_0_0/openssl-1_0_0.changes 2023-07-25 11:50:16.829163437 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_0_0.new.22712/openssl-1_0_0.changes 2023-08-08 17:26:03.443220012 +0200 @@ -1,0 +2,16 @@ +Mon Aug 7 14:21:09 UTC 2023 - Otto Hollmann <otto.hollm...@suse.com> + +- Security fix: (bsc#1213853, CVE-2023-3817) + * Fix excessive time spent checking DH q parameter value + (bsc#1213853, CVE-2023-3817). The function DH_check() performs + various checks on DH parameters. After fixing CVE-2023-3446 it + was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A + correct q value, if present, cannot be larger than the modulus + p parameter, thus it is unnecessary to perform these checks if + q is larger than p. If DH_check() is called with such q parameter + value, DH_CHECK_INVALID_Q_VALUE return flag is set and the + computationally intensive checks are skipped. + * Add openssl-1_0-CVE-2023-3817.patch + +------------------------------------------------------------------- New: ---- openssl-1_0-CVE-2023-3817.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_0_0.spec ++++++ --- /var/tmp/diff_new_pack.hzk1ZR/_old 2023-08-08 17:26:04.875228910 +0200 +++ /var/tmp/diff_new_pack.hzk1ZR/_new 2023-08-08 17:26:04.875228910 +0200 @@ -130,6 +130,8 @@ Patch101: openssl-CVE-2023-2650.patch # PATCH-FIX-UPSTREAM: bsc#1213487 CVE-2023-3446 DH_check() excessive time with over sized modulus Patch102: openssl-CVE-2023-3446.patch +# PATCH-FIX-UPSTREAM bsc#1213853 CVE-2023-3817 Excessive time spent checking DH q parameter value +Patch103: openssl-1_0-CVE-2023-3817.patch # steam patches Patch150: openssl-fix-cpuid_setup.patch # compat patches to build with soversion 10 (bsc#1175429) @@ -295,6 +297,7 @@ %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 # clean up patching leftovers find . -name '*.orig' -delete ++++++ openssl-1_0-CVE-2023-3817.patch ++++++ >From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001 From: Tomas Mraz <to...@openssl.org> Date: Fri, 21 Jul 2023 11:39:41 +0200 Subject: [PATCH 198/200] DH_check(): Do not try checking q properties if it is obviously invalid If |q| >= |p| then the q value is obviously wrong as q is supposed to be a prime divisor of p-1. We check if p is overly large so this added test implies that q is not large either when performing subsequent tests using that q value. Otherwise if it is too large these additional checks of the q value such as the primality test can then trigger DoS by doing overly long computations. Fixes CVE-2023-3817 Reviewed-by: Paul Dale <pa...@openssl.org> Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21551) --- crypto/dh/dh_check.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) --- a/crypto/dh/dh_check.c +++ b/crypto/dh/dh_check.c @@ -74,7 +74,7 @@ int DH_check(const DH *dh, int *ret) { - int ok = 0; + int ok = 0, q_good = 0; BN_CTX *ctx = NULL; BN_ULONG l; BIGNUM *t1 = NULL, *t2 = NULL; @@ -107,7 +107,14 @@ int DH_check(const DH *dh, int *ret) if (t2 == NULL) goto err; - if (dh->q) { + if (dh->q != NULL) { + if (BN_ucmp(dh->p, dh->q) > 0) + q_good = 1; + else + *ret |= DH_CHECK_INVALID_Q_VALUE; + } + + if (q_good) { if (BN_cmp(dh->g, BN_value_one()) <= 0) *ret |= DH_NOT_SUITABLE_GENERATOR; else if (BN_cmp(dh->g, dh->p) >= 0)
