From 1b2c0d19f75523db182b267901484f87abf732cf Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 4 Oct 2023 23:52:39 +0100 Subject: gentoo auto-resync : 04:10:2023 - 23:52:39 --- dev-libs/openssl/Manifest | 2 - .../files/openssl-3.1.1-CVE-2023-2975.patch | 110 ------------------- .../files/openssl-3.1.1-CVE-2023-3446.patch | 121 --------------------- 3 files changed, 233 deletions(-) delete mode 100644 dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch delete mode 100644 dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch (limited to 'dev-libs/openssl') diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest index 45221acdb647..1dfd336f19eb 100644 --- a/dev-libs/openssl/Manifest +++ b/dev-libs/openssl/Manifest @@ -4,8 +4,6 @@ AUX openssl-1.1.0j-parallel_install_fix.patch 515 BLAKE2B a1bcffce4dc9e0566e21e7 AUX openssl-1.1.1i-riscv32.patch 2557 BLAKE2B 97e51303706ee96d3fae46959b91d1021dcbb3efa421866f6e09bbee6287aae95c6f5d9498bd9d8974b0de747ef696242691cfebec90b31dc9e2cc31b41b81ec SHA512 f75ae1034bb9dda7f4959e8a5d6d0dae21200723d82aebfbea58bd1d7775ef4042e49fdf49d5738771d79d764e44a1b6e0da341d210ea51d21516bb3874b626a AUX openssl-3.0.9-CVE-2023-2975.patch 4607 BLAKE2B 6f668ab581573b4092a2e1b65f55288a77d48aa62053d6ce088f5e587cdc3ef6687522c36c21016f1095e8b1c036d28e54f1121eab2f13c821a08866930c7b0a SHA512 f070adb3722fa7561039efb149756571ba87d03094ff009a2fec433d5c3f24e99ca26bd67f73fd219c95a8117ca522ced9e501da7657f3e5a43a14727c34c889 AUX openssl-3.0.9-CVE-2023-3446.patch 4406 BLAKE2B 2ec4d353197bfcdfd953001228e9946436e4fced5d554d3e3b7fe9fc4a64d2f54fc2abbf294b47c37a1fc3a10a313c200d8bf8f100052103080b83144cab927d SHA512 e2e7ff2cddba0fb7bb3909c897aac8403de2accdfef23222371196bbf9d5c608a1b8505ef7ef2f15cb0bd9223d05e7195af4d66f96671c41c07dae0b5454b752 -AUX openssl-3.1.1-CVE-2023-2975.patch 4608 BLAKE2B 0e25fac29905f00f66d85210310783dd9a9e8f3d7e003789481fe27767282d81d28255238ac2b358b5b0460f43ad13a5c877d0650279f56661d5f86710db7eaa SHA512 29496068d5fb7c981e5341a0228bf14bfaf5062f30edcf3856a191d9061a30cb23054e4db6a89e1b6c90493576e747af1044d02b15a22ce386c99b570787d2dc -AUX openssl-3.1.1-CVE-2023-3446.patch 4407 BLAKE2B 78b14b2c6513475f4dadfa74eb6bb51e51b11eea9840a391b7eb29a37b26ebc4b2ed7f731cf029bb4152fbd3c8e684887be885ac79c471bd5d91fb1e60ff461d SHA512 8252fb9e1181517dc331ef241e892ad718a6bbaf381ca18baa1b3a68d8d83a963b90d999a77570a86dfb897b8ca3b6210d91816d49285a2b2404def0df576292 DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659 DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32 diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch deleted file mode 100644 index 5abf60737dbd..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-2975.patch +++ /dev/null @@ -1,110 +0,0 @@ -https://github.com/openssl/openssl/commit/6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc -https://github.com/openssl/openssl/commit/76214c4a8f3374b786811fdfeda3d98690f8faf4 - -From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 4 Jul 2023 17:30:35 +0200 -Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode - -The AES-SIV mode allows for multiple associated data items -authenticated separately with any of these being 0 length. - -The provided implementation ignores such empty associated data -which is incorrect in regards to the RFC 5297 and is also -a security issue because such empty associated data then become -unauthenticated if an application expects to authenticate them. - -Fixes CVE-2023-2975 - -Reviewed-by: Matt Caswell -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/21384) - -(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9) ---- a/providers/implementations/ciphers/cipher_aes_siv.c -+++ b/providers/implementations/ciphers/cipher_aes_siv.c -@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl, - if (!ossl_prov_is_running()) - return 0; - -- if (inl == 0) { -- *outl = 0; -- return 1; -- } -+ /* Ignore just empty encryption/decryption call and not AAD. */ -+ if (out != NULL) { -+ if (inl == 0) { -+ if (outl != NULL) -+ *outl = 0; -+ return 1; -+ } - -- if (outsize < inl) { -- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -- return 0; -+ if (outsize < inl) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); -+ return 0; -+ } - } - - if (ctx->hw->cipher(ctx, out, in, inl) <= 0) - -From 76214c4a8f3374b786811fdfeda3d98690f8faf4 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Tue, 4 Jul 2023 17:50:37 +0200 -Subject: [PATCH] Add testcases for empty associated data entries with AES-SIV - -Reviewed-by: Matt Caswell -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/21384) - -(cherry picked from commit 3993bb0c0c87e3ed0ab4274e4688aa814e164cfc) ---- a/test/recipes/30-test_evp_data/evpciph_aes_siv.txt -+++ b/test/recipes/30-test_evp_data/evpciph_aes_siv.txt -@@ -20,6 +20,19 @@ Tag = 85632d07c6e8f37f950acd320a2ecc93 - Plaintext = 112233445566778899aabbccddee - Ciphertext = 40c02b9690c4dc04daef7f6afe5c - -+Cipher = aes-128-siv -+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+Tag = f1c5fdeac1f15a26779c1501f9fb7588 -+Plaintext = 112233445566778899aabbccddee -+Ciphertext = 27e946c669088ab06da58c5c831c -+ -+Cipher = aes-128-siv -+Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff -+AAD = -+Tag = d1022f5b3664e5a4dfaf90f85be6f28a -+Plaintext = 112233445566778899aabbccddee -+Ciphertext = b66cff6b8eca0b79f083b39a0901 -+ - Cipher = aes-128-siv - Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f - AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -@@ -29,6 +42,24 @@ Tag = 7bdb6e3b432667eb06f4d14bff2fbd0f - Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 - Ciphertext = cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829ea64ad544a272e9c485b62a3fd5c0d - -+Cipher = aes-128-siv -+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f -+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -+AAD = -+AAD = 09f911029d74e35bd84156c5635688c0 -+Tag = 83ce6593a8fa67eb6fcd2819cedfc011 -+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 -+Ciphertext = 30d937b42f71f71f93fc2d8d702d3eac8dc7651eefcd81120081ff29d626f97f3de17f2969b691c91b69b652bf3a6d -+ -+Cipher = aes-128-siv -+Key = 7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f -+AAD = -+AAD = 00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa99887766554433221100 -+AAD = 09f911029d74e35bd84156c5635688c0 -+Tag = 77dd4a44f5a6b41302121ee7f378de25 -+Plaintext = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553 -+Ciphertext = 0fcd664c922464c88939d71fad7aefb864e501b0848a07d39201c1067a7288f3dadf0131a823a0bc3d588e8564a5fe -+ - Cipher = aes-192-siv - Key = fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfefffffefdfcfbfaf9f8f7f6f5f4f3f2f1f0 - AAD = 101112131415161718191a1b1c1d1e1f2021222324252627 - diff --git a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch b/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch deleted file mode 100644 index 781b0c8f48b3..000000000000 --- a/dev-libs/openssl/files/openssl-3.1.1-CVE-2023-3446.patch +++ /dev/null @@ -1,121 +0,0 @@ -https://github.com/openssl/openssl/commit/fc9867c1e03c22ebf56943be205202e576aabf23 -https://github.com/openssl/openssl/commit/4791e79b8803924b28c19af4d4036ad85335110d - -From fc9867c1e03c22ebf56943be205202e576aabf23 Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Thu, 6 Jul 2023 16:36:35 +0100 -Subject: [PATCH] Fix DH_check() excessive time with over sized modulus - -The DH_check() function checks numerous aspects of the key or parameters -that have been supplied. Some of those checks use the supplied modulus -value even if it is excessively large. - -There is already a maximum DH modulus size (10,000 bits) over which -OpenSSL will not generate or derive keys. DH_check() will however still -perform various tests for validity on such a large modulus. We introduce a -new maximum (32,768) over which DH_check() will just fail. - -An application that calls DH_check() and supplies a key or parameters -obtained from an untrusted source could be vulnerable to a Denial of -Service attack. - -The function DH_check() is itself called by a number of other OpenSSL -functions. An application calling any of those other functions may -similarly be affected. The other functions affected by this are -DH_check_ex() and EVP_PKEY_param_check(). - -CVE-2023-3446 - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21451) - -(cherry picked from commit 9e0094e2aa1b3428a12d5095132f133c078d3c3d) ---- a/crypto/dh/dh_check.c -+++ b/crypto/dh/dh_check.c -@@ -152,6 +152,12 @@ int DH_check(const DH *dh, int *ret) - if (nid != NID_undef) - return 1; - -+ /* Don't do any checks at all with an excessively large modulus */ -+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - if (!DH_check_params(dh, ret)) - return 0; - ---- a/include/openssl/dh.h -+++ b/include/openssl/dh.h -@@ -92,7 +92,11 @@ int EVP_PKEY_CTX_get0_dh_kdf_ukm(EVP_PKEY_CTX *ctx, unsigned char **ukm); - # include - - # ifndef OPENSSL_DH_MAX_MODULUS_BITS --# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+# endif -+ -+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS -+# define OPENSSL_DH_CHECK_MAX_MODULUS_BITS 32768 - # endif - - # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024 - -From 4791e79b8803924b28c19af4d4036ad85335110d Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Fri, 7 Jul 2023 14:39:48 +0100 -Subject: [PATCH] Add a test for CVE-2023-3446 - -Confirm that the only errors DH_check() finds with DH parameters with an -excessively long modulus is that the modulus is too large. We should not -be performing time consuming checks using that modulus. - -Reviewed-by: Paul Dale -Reviewed-by: Tom Cosgrove -Reviewed-by: Bernd Edlinger -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/21451) - -(cherry picked from commit ede782b4c8868d1f09c9cd237f82b6f35b7dba8b) ---- a/test/dhtest.c -+++ b/test/dhtest.c -@@ -73,7 +73,7 @@ static int dh_test(void) - goto err1; - - /* check fails, because p is way too small */ -- if (!DH_check(dh, &i)) -+ if (!TEST_true(DH_check(dh, &i))) - goto err2; - i ^= DH_MODULUS_TOO_SMALL; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) -@@ -124,6 +124,17 @@ static int dh_test(void) - /* We'll have a stale error on the queue from the above test so clear it */ - ERR_clear_error(); - -+ /* Modulus of size: dh check max modulus bits + 1 */ -+ if (!TEST_true(BN_set_word(p, 1)) -+ || !TEST_true(BN_lshift(p, p, OPENSSL_DH_CHECK_MAX_MODULUS_BITS))) -+ goto err3; -+ -+ /* -+ * We expect no checks at all for an excessively large modulus -+ */ -+ if (!TEST_false(DH_check(dh, &i))) -+ goto err3; -+ - /* - * II) key generation - */ -@@ -138,7 +149,7 @@ static int dh_test(void) - goto err3; - - /* ... and check whether it is valid */ -- if (!DH_check(a, &i)) -+ if (!TEST_true(DH_check(a, &i))) - goto err3; - if (!TEST_false(i & DH_CHECK_P_NOT_PRIME) - || !TEST_false(i & DH_CHECK_P_NOT_SAFE_PRIME) - -- cgit v1.2.3