[openssl/openssl] 43d8f8: Fix Timing Oracle in RSA decryption

Richard Levitte noreply at github.com
Tue Feb 7 15:47:44 UTC 2023 

  Branch: refs/heads/OpenSSL_1_1_1-stable
  Home:   https://github.com/openssl/openssl
  Commit: 43d8f88511991533f53680a751e9326999a6a31f
      https://github.com/openssl/openssl/commit/43d8f88511991533f53680a751e9326999a6a31f
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/bn/bn_blind.c
    M crypto/bn/bn_err.c
    M crypto/bn/bn_local.h
    M crypto/bn/build.info
    A crypto/bn/rsa_sup_mul.c
    M crypto/err/openssl.txt
    M crypto/rsa/rsa_ossl.c
    M include/crypto/bn.h
    M include/openssl/bnerr.h

  Log Message:
  -----------
  Fix Timing Oracle in RSA decryption

A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA
padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.

Patch written by Dmitry Belyavsky and Hubert Kario

CVE-2022-4304

Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: bbcf509bd046b34cca19c766bbddc31683d0858b
      https://github.com/openssl/openssl/commit/bbcf509bd046b34cca19c766bbddc31683d0858b
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/pem/pem_lib.c

  Log Message:
  -----------
  Avoid dangling ptrs in header and data params for PEM_read_bio_ex

In the event of a failure in PEM_read_bio_ex() we free the buffers we
allocated for the header and data buffers. However we were not clearing
the ptrs stored in *header and *data. Since, on success, the caller is
responsible for freeing these ptrs this can potentially lead to a double
free if the caller frees them even on failure.

Thanks to Dawei Wang for reporting this issue.

Based on a proposed patch by Kurt Roeckx.

CVE-2022-4450

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: 2bd611267868a008afa576846ba71566bd0d4d15
      https://github.com/openssl/openssl/commit/2bd611267868a008afa576846ba71566bd0d4d15
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/pemtest.c

  Log Message:
  -----------
  Add a test for CVE-2022-4450

Call PEM_read_bio_ex() and expect a failure. There should be no dangling
ptrs and therefore there should be no double free if we free the ptrs on
error.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: c3829dd8825c654652201e16f8a0a0c46ee3f344
      https://github.com/openssl/openssl/commit/c3829dd8825c654652201e16f8a0a0c46ee3f344
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M crypto/asn1/bio_ndef.c

  Log Message:
  -----------
  Fix a UAF resulting from a bug in BIO_new_NDEF

If the aux->asn1_cb() call fails in BIO_new_NDEF then the "out" BIO will
be part of an invalid BIO chain. This causes a "use after free" when the
BIO is eventually freed.

Based on an original patch by Viktor Dukhovni and an idea from Theo
Buehler.

Thanks to Octavio Galland for reporting this issue.

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: f040f2577891d2bdb7610566c172233844cf673a
      https://github.com/openssl/openssl/commit/f040f2577891d2bdb7610566c172233844cf673a
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M test/recipes/80-test_cms.t
    A test/smime-certs/badrsa.pem

  Log Message:
  -----------
  Check CMS failure during BIO setup with -stream is handled correctly

Test for the issue fixed in the previous commit

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: 2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
      https://github.com/openssl/openssl/commit/2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9
  Author: Hugo Landau <hlandau at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M CHANGES
    M crypto/x509v3/v3_genn.c
    M include/openssl/x509v3.h
    M test/v3nametest.c

  Log Message:
  -----------
  CVE-2023-0286: Fix GENERAL_NAME_cmp for x400Address (1.1.1)

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>


  Commit: a85fbb5e9614b4bd754010097da07bd14731e5a3
      https://github.com/openssl/openssl/commit/a85fbb5e9614b4bd754010097da07bd14731e5a3
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-02-03 (Fri, 03 Feb 2023)

  Changed paths:
    M CHANGES
    M NEWS

  Log Message:
  -----------
  Add CHANGES and NEWS entries for the 1.1.1t release

Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>


  Commit: c3a54c3b08b150bd1f5f6b5f572adbd243fbaf59
      https://github.com/openssl/openssl/commit/c3a54c3b08b150bd1f5f6b5f572adbd243fbaf59
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M Configure
    M crypto/asn1/bio_ndef.c
    M crypto/bio/b_print.c
    M crypto/bn/bn_blind.c
    M crypto/bn/bn_err.c
    M crypto/bn/bn_exp.c
    M crypto/bn/bn_local.h
    M crypto/bn/bn_mont.c
    M crypto/pem/pem_lib.c
    M crypto/rsa/rsa_ossl.c
    M crypto/txt_db/txt_db.c
    M crypto/x509/by_dir.c
    M crypto/x509/x_name.c
    M crypto/x509v3/v3_genn.c
    M engines/asm/e_padlock-x86.pl
    M engines/asm/e_padlock-x86_64.pl
    M include/crypto/bn.h
    M include/openssl/bnerr.h
    M include/openssl/x509v3.h
    M ssl/record/ssl3_buffer.c
    M test/exptest.c
    M test/pemtest.c
    M test/recipes/80-test_cms.t
    M test/recipes/95-test_external_pyca_data/cryptography.sh
    M test/sslapitest.c
    M test/test_test.c
    M test/testutil/driver.c
    M test/v3nametest.c

  Log Message:
  -----------
  Update copyright year


Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: 830bf8e1e4749ad65c51b6a1d0d769ae689404ba
      https://github.com/openssl/openssl/commit/830bf8e1e4749ad65c51b6a1d0d769ae689404ba
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M CHANGES
    M NEWS
    M README
    M include/openssl/opensslv.h

  Log Message:
  -----------
  Prepare for 1.1.1t release

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


  Commit: fd42c9126844f5eefa76872a1ffe5f529f8f75df
      https://github.com/openssl/openssl/commit/fd42c9126844f5eefa76872a1ffe5f529f8f75df
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-02-07 (Tue, 07 Feb 2023)

  Changed paths:
    M CHANGES
    M NEWS
    M README
    M include/openssl/opensslv.h

  Log Message:
  -----------
  Prepare for 1.1.1u-dev

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Release: yes


Compare: https://github.com/openssl/openssl/compare/1dc2ae414f8e...fd42c9126844

More information about the openssl-commits mailing list