Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2023-3446 #463

Merged
merged 3 commits into from
Aug 15, 2023
Merged

Fix CVE-2023-3446 #463

merged 3 commits into from
Aug 15, 2023

Conversation

dongbeiouba
Copy link
Member

Checklist
  • https://yuque.com/tsdoc 增加或更新了必要的文档
  • 增加或更新了必要的测试用例
  • 对于重要修改,更新了CHANGES文件
  • 当前修改存在对已有API参数或返回值的改变
  • 当前修改存在对旧版本功能的兼容性改变(如网络协议或密码算法)

@dongbeiouba
Fix DH_check() excessive time with over sized modulus
3b1df24 
The DH_check() function checks numerous aspects of the key or parameters
that have been supplied. Some of those checks use the supplied modulus
value even if it is excessively large.

There is already a maximum DH modulus size (10,000 bits) over which
OpenSSL will not generate or derive keys. DH_check() will however still
perform various tests for validity on such a large modulus. We introduce a
new maximum (32,768) over which DH_check() will just fail.

An application that calls DH_check() and supplies a key or parameters
obtained from an untrusted source could be vulnerable to a Denial of
Service attack.

The function DH_check() is itself called by a number of other OpenSSL
functions. An application calling any of those other functions may
similarly be affected. The other functions affected by this are
DH_check_ex() and EVP_PKEY_param_check().

CVE-2023-3446

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl/openssl#21451)

(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d)
@dongbeiouba
Add a test for CVE-2023-3446
2685301 
Confirm that the only errors DH_check() finds with DH parameters with an
excessively long modulus is that the modulus is too large. We should not
be performing time consuming checks using that modulus.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl/openssl#21451)
@dongbeiouba
Update CHANGES for CVE-2023-3446
35057ca
@dongbeiouba dongbeiouba added bug Something isn't working master labels Jul 24, 2023
@dongbeiouba dongbeiouba linked an issue Jul 24, 2023 that may be closed by this pull request
修复CVE-2023-3446 #455
Closed
@InfoHunter InfoHunter merged commit 8d5315d into Tongsuo-Project:master Aug 15, 2023
73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wa5i wa5i wa5i approved these changes

@InfoHunter InfoHunter Awaiting requested review from InfoHunter

Assignees
No one assigned
Labels
bug Something isn't working master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

修复CVE-2023-3446
3 participants
@dongbeiouba @wa5i @InfoHunter