isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/0054-Replace-size-check-with-more-meaningful-pubkey-check.patch

22d461
From 2c0f7d46b8449423446cfe1e52fc1e1ecd506b62 Mon Sep 17 00:00:00 2001
22d461
From: Tomas Mraz <tomas@openssl.org>
22d461
Date: Wed, 2 Feb 2022 17:47:26 +0100
22d461
Subject: [PATCH] Replace size check with more meaningful pubkey check
22d461
22d461
It does not make sense to check the size because this
22d461
function can be used in other contexts than in TLS-1.3 and
22d461
the value might not be padded to the size of p.
22d461
22d461
However it makes sense to do the partial pubkey check because
22d461
there is no valid reason having the pubkey value outside the
22d461
1 < pubkey < p-1 bounds.
22d461
22d461
Fixes #15465
22d461
22d461
Reviewed-by: Paul Dale <pauli@openssl.org>
22d461
(Merged from https://github.com/openssl/openssl/pull/17630)
22d461
---
22d461
 crypto/dh/dh_key.c | 11 ++++-------
22d461
 1 file changed, 4 insertions(+), 7 deletions(-)
22d461
22d461
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
22d461
index 6b8cd550f2..c78ed618bf 100644
22d461
--- a/crypto/dh/dh_key.c
22d461
+++ b/crypto/dh/dh_key.c
22d461
@@ -375,20 +375,17 @@ int ossl_dh_buf2key(DH *dh, const unsigned char *buf, size_t len)
22d461
     int err_reason = DH_R_BN_ERROR;
22d461
     BIGNUM *pubkey = NULL;
22d461
     const BIGNUM *p;
22d461
-    size_t p_size;
22d461
+    int ret;
22d461
 
22d461
     if ((pubkey = BN_bin2bn(buf, len, NULL)) == NULL)
22d461
         goto err;
22d461
     DH_get0_pqg(dh, &p, NULL, NULL);
22d461
-    if (p == NULL || (p_size = BN_num_bytes(p)) == 0) {
22d461
+    if (p == NULL || BN_num_bytes(p) == 0) {
22d461
         err_reason = DH_R_NO_PARAMETERS_SET;
22d461
         goto err;
22d461
     }
22d461
-    /*
22d461
-     * As per Section 4.2.8.1 of RFC 8446 fail if DHE's
22d461
-     * public key is of size not equal to size of p
22d461
-     */
22d461
-    if (BN_is_zero(pubkey) || p_size != len) {
22d461
+    /* Prevent small subgroup attacks per RFC 8446 Section 4.2.8.1 */
22d461
+    if (!ossl_dh_check_pub_key_partial(dh, pubkey, &ret)) {
22d461
         err_reason = DH_R_INVALID_PUBKEY;
22d461
         goto err;
22d461
     }
22d461
-- 
22d461
2.35.1
22d461