[openssl/openssl] 1c1625: DH_check(): Do not try checking q properties if it...

Tomáš Mráz noreply at github.com
Thu Jul 27 13:53:15 UTC 2023 

  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 1c16253f3c3a8d1e25918c3f404aae6a5b0893de
      https://github.com/openssl/openssl/commit/1c16253f3c3a8d1e25918c3f404aae6a5b0893de
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-27 (Thu, 27 Jul 2023)

  Changed paths:
    M crypto/dh/dh_check.c

  Log Message:
  -----------
  DH_check(): Do not try checking q properties if it is obviously invalid

If  |q| >= |p| then the q value is obviously wrong as q
is supposed to be a prime divisor of p-1.

We check if p is overly large so this added test implies that
q is not large either when performing subsequent tests using that
q value.

Otherwise if it is too large these additional checks of the q value
such as the primality test can then trigger DoS by doing overly long
computations.

Fixes CVE-2023-3817

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)


  Commit: ad5d35572695d7b5748b2bd4fb1afaa189b29e28
      https://github.com/openssl/openssl/commit/ad5d35572695d7b5748b2bd4fb1afaa189b29e28
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-27 (Thu, 27 Jul 2023)

  Changed paths:
    M test/dhtest.c

  Log Message:
  -----------
  dhtest.c: Add test of DH_check() with q = p + 1

This must fail with DH_CHECK_INVALID_Q_VALUE and
with DH_CHECK_Q_NOT_PRIME unset.

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)


  Commit: 4b29762802c05fa871f0e1efcf804e86db0ddaa2
      https://github.com/openssl/openssl/commit/4b29762802c05fa871f0e1efcf804e86db0ddaa2
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-07-27 (Thu, 27 Jul 2023)

  Changed paths:
    M CHANGES.md
    M NEWS.md

  Log Message:
  -----------
  Add CHANGES.md and NEWS.md entries for CVE-2023-3817

Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove at arm.com>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/21550)


Compare: https://github.com/openssl/openssl/compare/81d10e61a4b7...4b29762802c0

More information about the openssl-commits mailing list