[openssl/openssl] d73028: Make DH_check_pub_key() and DH_generate_key() safe...

Richard Levitte noreply at github.com
Mon Nov 6 07:56:34 UTC 2023 

  Branch: refs/heads/openssl-3.2
  Home:   https://github.com/openssl/openssl
  Commit: d73028b75b416ccabdc267553dcce241e831eaf3
      https://github.com/openssl/openssl/commit/d73028b75b416ccabdc267553dcce241e831eaf3
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-11-06 (Mon, 06 Nov 2023)

  Changed paths:
    M crypto/dh/dh_check.c
    M crypto/dh/dh_err.c
    M crypto/dh/dh_key.c
    M crypto/err/openssl.txt
    M include/crypto/dherr.h
    M include/openssl/dh.h
    M include/openssl/dherr.h

  Log Message:
  -----------
  Make DH_check_pub_key() and DH_generate_key() safer yet

We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.

This change adds all the missing excessive size checks of P and Q.

It's to be noted that behaviours surrounding excessively sized P and Q
differ.  DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q.  This behaviour is mimicked in
DH_check_pub_key().

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)

(cherry picked from commit ec061bf8ff2add8050599058557178c03295bcc0)


  Commit: 6061fd58a30f181c956e5ba5a06932f99d2c9a18
      https://github.com/openssl/openssl/commit/6061fd58a30f181c956e5ba5a06932f99d2c9a18
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2023-11-06 (Mon, 06 Nov 2023)

  Changed paths:
    M include/internal/ffc.h

  Log Message:
  -----------
  Fix conflicts between DH check flags and FFC check flags

There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes have been
introduced.

The simplest fix is to move the offending FFC flags out of the way, as they
are indeed internal and shouldn't affect any public interface, apart from
those that are aligned with the DH flags, which are public.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Hugo Landau <hlandau at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)

(cherry picked from commit bc224e7edf87bbb353d51e9cb5c5999af8828856)


Compare: https://github.com/openssl/openssl/compare/61a468bfaff4...6061fd58a30f

More information about the openssl-commits mailing list