Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 640212

Summary: dev-libs/openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A3 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 640210    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-07 18:27:19 UTC
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================

Severity: Low

There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.

This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).

Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
and CVE-2015-3193.

Due to the low severity of this issue we are not issuing a new release of
OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it
becomes available. The fix is also available in commit e502cc86d in the OpenSSL
git repository.

OpenSSL 1.0.2 users should upgrade to 1.0.2n

This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project. The fix was
developed by Andy Polyakov of the OpenSSL development team.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-07 18:28:25 UTC
This bug is for dev-libs/openssl:1.1.
Comment 2 Larry the Git Cow gentoo-dev 2017-12-07 18:53:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dfa3ddada875c129793d63fa7a5c2c49205434d9

commit dfa3ddada875c129793d63fa7a5c2c49205434d9
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-12-07 18:52:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-12-07 18:53:03 +0000

    dev-libs/openssl: Security cleanup
    
    Bug: https://bugs.gentoo.org/640212
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-libs/openssl/Manifest                 |   4 -
 dev-libs/openssl/openssl-1.1.0f-r1.ebuild | 282 -----------------------------
 dev-libs/openssl/openssl-1.1.0f.ebuild    | 240 -------------------------
 dev-libs/openssl/openssl-1.1.0g-r1.ebuild | 283 ------------------------------
 dev-libs/openssl/openssl-1.1.0g.ebuild    | 240 -------------------------
 5 files changed, 1049 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4afdc625b0b3aa1bc6e0df39903f133ba0caa04

commit f4afdc625b0b3aa1bc6e0df39903f133ba0caa04
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2017-12-07 18:50:17 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2017-12-07 18:53:02 +0000

    dev-libs/openssl: Rev bump to add patch for CVE-2017-3738
    
    Bug: https://bugs.gentoo.org/640212
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 dev-libs/openssl/Manifest                          |   2 +-
 .../files/openssl-1.1.0g-CVE-2017-3738.patch       |  77 ++++++
 dev-libs/openssl/openssl-1.1.0g-r2.ebuild          | 284 +++++++++++++++++++++
 3 files changed, 362 insertions(+), 1 deletion(-)}
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-01-08 16:11:57 UTC
This issue was resolved and addressed in
 GLSA 201712-03 at https://security.gentoo.org/glsa/201712-03
by GLSA coordinator Thomas Deutschmann (whissi).