From nobody Tue Aug 1 16:49:19 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RFh0Q05lKz4pc2B; Tue, 1 Aug 2023 16:49:20 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RFh0H4LxPz4JSj; Tue, 1 Aug 2023 16:49:19 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690908559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N5y4RF5tBBLOK8BBLVjVakpUasXT5mHJIQmlci44UDo=; b=wQwfWJYGA4Z32PeBA4hTyR8y/a2DGLnmai+bwO3i8pmcIz7vRuse4TeOs98gkzHvRk397V M/l8FJpq6ZfGwbP3QOs6ys3dy4NrH6wtTU40e1nADM6qPDVR3tI5pCoSfw+rk5S82qru3K oKwPdxyrEw2QT7vK0BUDV2WE6qRtH9D+d0gumTd5Chv12io29y0GI3LlslgF0/N8KxafK4 8mK+/TRRKgtmSxusUwYkiJEo7XQgH6sm7x861omY+DX1ysPBWLQ2YgETl3CMgFlVsjsTwR FYjAVqBwCbDy2FDIbb0/g9yCs51ScYdCYuz34UivWh6jqPKOBiI+FJv6hrFIuw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1690908559; a=rsa-sha256; cv=none; b=ANXPVzcTXP3GQ3dhk9bsBrk7JVTNl0WVxufw4k4c3kw0SS6keYE7o8lUfKQ84NQnxG1rzo jQVzkvaWAB5SzQ8/2bcBZiBAVd5ctsd84PPHR5GiFzgYKDtWlnmRuKby5XheWucncnpWZt WhWNBYVW+q/A86W5I3esSNG3qeP6Yf+Y+JoZEGcGz8AR1sBMffsP49gNyfQGA4huD6hQlk Zp9fAKGpkUjKv+6zD8NU8niopftdDFX3clwTp3NvCQ75G1eahb4I2+AdCC+LyrsVbR/hXR qBDaQHpHCWxNTD3/b7eb4/hJB5xc/5kleFYGoMQdsfUtgYlXtZtQDvVJYjg/ig== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1690908559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=N5y4RF5tBBLOK8BBLVjVakpUasXT5mHJIQmlci44UDo=; b=Le8eqp/aYoZzZNDd6jTFP/IiBrZ4rqjveEJ0gLYYnMHn7Z3+R27TzsF+HpMy4ypym4Afoo vu7qnMIPrxQNmDp2/GF/gOm4jLYNrE+N3xbrGs6DnIyJgdn5z91mkG4bWDFv+2iEHL/eVU Y3Cv/eLrI6WWSn5xE9xcq8R9A6hJyYW81nqkek0hPcs/dKk7IWl6nOEfZGqwWtgsAvdVkq bt/qnTpO1V5Fbg07Ac0kwAoKbNYPYdrTmNVyiOTycOMGNRqWa32OHGYEQ1jbWiwGEbXo5c 7iIx5SqidFJ15YclmjYae6ycGqXvUANenDUSDdDdwVqSFwOJfLnyNIIC8U/AEg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RFh0H2nHrzl5n; Tue, 1 Aug 2023 16:49:19 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 371GnJbg080332; Tue, 1 Aug 2023 16:49:19 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 371GnJGk080331; Tue, 1 Aug 2023 16:49:19 GMT (envelope-from git) Date: Tue, 1 Aug 2023 16:49:19 GMT Message-Id: <202308011649.371GnJGk080331@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Jung-uk Kim Subject: git: 53a7dcac66f0 - stable/13 - OpenSSL: Import OpenSSL 1.1.1v List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: jkim X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 53a7dcac66f07bfc4b6da258e8a827aae44d6a74 Auto-Submitted: auto-generated The branch stable/13 has been updated by jkim: URL: https://cgit.FreeBSD.org/src/commit/?id=53a7dcac66f07bfc4b6da258e8a827aae44d6a74 commit 53a7dcac66f07bfc4b6da258e8a827aae44d6a74 Author: Jung-uk Kim AuthorDate: 2023-08-01 14:48:37 +0000 Commit: Jung-uk Kim CommitDate: 2023-08-01 16:16:57 +0000 OpenSSL: Import OpenSSL 1.1.1v (cherry picked from commit cc0d356166e39da7f956c39f874e6dee67fd5d60) --- crypto/openssl/CHANGES | 35 +++++++++++++++++++++++++++++++ crypto/openssl/NEWS | 5 +++++ crypto/openssl/README | 2 +- crypto/openssl/crypto/dh/dh_check.c | 20 +++++++++++++++--- crypto/openssl/crypto/dh/dh_err.c | 3 ++- crypto/openssl/crypto/err/openssl.txt | 3 ++- crypto/openssl/include/openssl/dh.h | 5 ++++- crypto/openssl/include/openssl/dherr.h | 3 ++- crypto/openssl/include/openssl/opensslv.h | 4 ++-- 9 files changed, 70 insertions(+), 10 deletions(-) diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index 500b0f653e6a..612aaf56f6e6 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -7,6 +7,41 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.1.1u and 1.1.1v [1 Aug 2023] + + *) Fix excessive time spent checking DH q parameter value. + + The function DH_check() performs various checks on DH parameters. After + fixing CVE-2023-3446 it was discovered that a large q parameter value can + also trigger an overly long computation during some of these checks. + A correct q value, if present, cannot be larger than the modulus p + parameter, thus it is unnecessary to perform these checks if q is larger + than p. + + If DH_check() is called with such q parameter value, + DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally + intensive checks are skipped. + + (CVE-2023-3817) + [Tomáš Mráz] + + *) Fix DH_check() excessive time with over sized modulus + + The function DH_check() performs various checks on DH parameters. One of + those checks confirms that the modulus ("p" parameter) is not too large. + Trying to use a very large modulus is slow and OpenSSL will not normally use + a modulus which is over 10,000 bits in length. + + However the DH_check() function checks numerous aspects of the key or + parameters that have been supplied. Some of those checks use the supplied + modulus value even if it has already been found to be too large. + + A new limit has been added to DH_check of 32,768 bits. Supplying a + key/parameters with a modulus over this size will simply cause DH_check() + to fail. + (CVE-2023-3446) + [Matt Caswell] + Changes between 1.1.1t and 1.1.1u [30 May 2023] *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic diff --git a/crypto/openssl/NEWS b/crypto/openssl/NEWS index f5a2d5ad33f8..c71c02911db0 100644 --- a/crypto/openssl/NEWS +++ b/crypto/openssl/NEWS @@ -5,6 +5,11 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] + + o Fix excessive time spent checking DH q parameter value (CVE-2023-3817) + o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) + Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023] o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic diff --git a/crypto/openssl/README b/crypto/openssl/README index b9bf50f4b1e5..dbe6bf756e94 100644 --- a/crypto/openssl/README +++ b/crypto/openssl/README @@ -1,5 +1,5 @@ - OpenSSL 1.1.1u 30 May 2023 + OpenSSL 1.1.1v 1 Aug 2023 Copyright (c) 1998-2023 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c index 4ac169e75c23..ae1b03bc92d9 100644 --- a/crypto/openssl/crypto/dh/dh_check.c +++ b/crypto/openssl/crypto/dh/dh_check.c @@ -1,5 +1,5 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -97,10 +97,17 @@ int DH_check_ex(const DH *dh) int DH_check(const DH *dh, int *ret) { - int ok = 0, r; + int ok = 0, r, q_good = 0; BN_CTX *ctx = NULL; BIGNUM *t1 = NULL, *t2 = NULL; + /* Don't do any checks at all with an excessively large modulus */ + if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { + DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE); + *ret = DH_CHECK_P_NOT_PRIME; + return 0; + } + if (!DH_check_params(dh, ret)) return 0; @@ -113,7 +120,14 @@ int DH_check(const DH *dh, int *ret) if (t2 == NULL) goto err; - if (dh->q) { + if (dh->q != NULL) { + if (BN_ucmp(dh->p, dh->q) > 0) + q_good = 1; + else + *ret |= DH_CHECK_INVALID_Q_VALUE; + } + + if (q_good) { if (BN_cmp(dh->g, BN_value_one()) <= 0) *ret |= DH_NOT_SUITABLE_GENERATOR; else if (BN_cmp(dh->g, dh->p) >= 0) diff --git a/crypto/openssl/crypto/dh/dh_err.c b/crypto/openssl/crypto/dh/dh_err.c index 7285587b4ade..92800d3fcc6b 100644 --- a/crypto/openssl/crypto/dh/dh_err.c +++ b/crypto/openssl/crypto/dh/dh_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = { {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0), "dh_builtin_genparams"}, + {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"}, {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"}, diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt index 8db8b00301aa..2af593afa19d 100644 --- a/crypto/openssl/crypto/err/openssl.txt +++ b/crypto/openssl/crypto/err/openssl.txt @@ -1,4 +1,4 @@ -# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -401,6 +401,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version DH_F_COMPUTE_KEY:102:compute_key DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams +DH_F_DH_CHECK:126:DH_check DH_F_DH_CHECK_EX:121:DH_check_ex DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex diff --git a/crypto/openssl/include/openssl/dh.h b/crypto/openssl/include/openssl/dh.h index 3527540cdddb..6c6ff3636ae7 100644 --- a/crypto/openssl/include/openssl/dh.h +++ b/crypto/openssl/include/openssl/dh.h @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -29,6 +29,9 @@ extern "C" { # ifndef OPENSSL_DH_MAX_MODULUS_BITS # define OPENSSL_DH_MAX_MODULUS_BITS 10000 # endif +# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS +# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 +# endif # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 diff --git a/crypto/openssl/include/openssl/dherr.h b/crypto/openssl/include/openssl/dherr.h index 916b3bed0b59..528c81985633 100644 --- a/crypto/openssl/include/openssl/dherr.h +++ b/crypto/openssl/include/openssl/dherr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,6 +30,7 @@ int ERR_load_DH_strings(void); # define DH_F_COMPUTE_KEY 102 # define DH_F_DHPARAMS_PRINT_FP 101 # define DH_F_DH_BUILTIN_GENPARAMS 106 +# define DH_F_DH_CHECK 126 # define DH_F_DH_CHECK_EX 121 # define DH_F_DH_CHECK_PARAMS_EX 122 # define DH_F_DH_CHECK_PUB_KEY_EX 123 diff --git a/crypto/openssl/include/openssl/opensslv.h b/crypto/openssl/include/openssl/opensslv.h index 027de5fa9490..c1063dc589e4 100644 --- a/crypto/openssl/include/openssl/opensslv.h +++ b/crypto/openssl/include/openssl/opensslv.h @@ -39,8 +39,8 @@ extern "C" { * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for * major minor fix final patch/beta) */ -# define OPENSSL_VERSION_NUMBER 0x1010115fL -# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1u-freebsd 30 May 2023" +# define OPENSSL_VERSION_NUMBER 0x1010116fL +# define OPENSSL_VERSION_TEXT "OpenSSL 1.1.1v-freebsd 1 Aug 2023" /*- * The macros below are to be used for shared library (.so, .dll, ...)