Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 917616 - dev-libs/openssl: excessive processing of X9.42 DH keys
Summary: dev-libs/openssl: excessive processing of X9.42 DH keys
Status: RESOLVED DUPLICATE of bug 921684
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.openssl.org/news/secadv/2...
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-11-20 03:38 UTC by John Helmert III
Modified: 2024-02-03 21:10 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-20 03:38:20 UTC 
CVE-2023-5678:

"""
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.

Impact summary: Applications that use the functions DH_generate_key() to
generate an X9.42 DH key may experience long delays.  Likewise, applications
that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.

While DH_check() performs all the necessary checks (as of CVE-2023-3817),
DH_check_pub_key() doesn't make any of these checks, and is therefore
vulnerable for excessively large P and Q parameters.

Likewise, while DH_generate_key() performs a check for an excessively large
P, it doesn't check for an excessively large Q.

An application that calls DH_generate_key() or DH_check_pub_key() and
supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.

DH_generate_key() and DH_check_pub_key() are also called by a number of
other OpenSSL functions.  An application calling any of those other
functions may similarly be affected.  The other functions affected by this
are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

Also vulnerable are the OpenSSL pkey command line application when using the
"-pubcheck" option, as well as the OpenSSL genpkey command line application.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.
"""
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2024-02-03 21:10:31 UTC 
Let's roll this into bug 921684, which has the same fixed versions. Upstream didn't make a release for this advisory, instead deferring releasing fixes until the next-released version according to the advisory:

"Due to the low severity of this issue we are not issuing new releases of
OpenSSL at this time. The fix will be included in the next releases when they
become available.
The fix is also available in commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
(for 3.1) and commit db925ae2e65d0d925adef429afc37f75bd1c2017 (for 3.0)."

 ~/git/openssl $ git tag --contains db925ae2e65d0d925adef429afc37f75bd1c2017
openssl-3.0.13
 ~/git/openssl $ git tag --contains ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6
openssl-3.1.5

*** This bug has been marked as a duplicate of bug 921684 ***