Merge pull request Tongsuo-Project#587 from dongbeiouba/fix/CVE-2023-…

…6237

Fix CVE-2023-6237

.github/workflows/ci.yml

@@ -113,7 +113,11 @@ jobs:
   non-caching:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
     - name: make
@@ -124,7 +128,11 @@ jobs:
   address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-bn-method enable-delegated-credential -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -135,7 +143,11 @@ jobs:
   ntls_address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -146,7 +158,11 @@ jobs:
   memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-delegated-credential enable-bn-method && perl configdata.pm --dump
@@ -158,7 +174,11 @@ jobs:
   ntls_memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls && perl configdata.pm --dump
@@ -170,7 +190,11 @@ jobs:
   threads_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
     - name: make
@@ -268,7 +292,11 @@ jobs:
   EC_POINTs_api_test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Adjust ASLR for sanitizer
+        run: |
+          sudo cat /proc/sys/vm/mmap_rnd_bits
+          sudo sysctl -w vm.mmap_rnd_bits=28
       - name: config
         run: ./config --strict-warnings --debug --api=1.1.1 enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic no-fips enable-engine enable-dynamic-engine no-deprecated && perl configdata.pm --dump
       - name: make
@@ -394,7 +422,11 @@ jobs:
   sm2-threshold-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Adjust ASLR for sanitizer
+        run: |
+          sudo cat /proc/sys/vm/mmap_rnd_bits
+          sudo sysctl -w vm.mmap_rnd_bits=28
       - name: config
         run: CC=clang ./config --strict-warnings --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY enable-sm2_threshold && perl configdata.pm --dump
       - name: make

.github/workflows/fuzz-checker.yml

@@ -45,8 +45,11 @@ jobs:
       run: |
         sudo apt-get update
         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
-    - uses: actions/checkout@v2
-
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: |
         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \

.github/workflows/run-checker-merge.yml

@@ -32,7 +32,11 @@ jobs:
         ]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
     - name: config dump

CHANGES

@@ -6,6 +6,8 @@
 
   *) 修复CVE-2023-6129
 
+  *) 修复CVE-2023-6237
+
   *) 增加SM2两方门限解密算法
 
   *) 增加SM2两方门限签名算法 [with work originated from FullyRobert]

crypto/dh/dh_check.c

@@ -282,22 +282,43 @@ int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
     two_powN = BN_new();
     if (two_powN == NULL)
         return 0;
-    if (dh->params.q == NULL)
-        goto err;
-    upper = dh->params.q;
+
+    if (dh->params.q != NULL) {
+        upper = dh->params.q;
+#ifndef FIPS_MODULE
+    } else if (dh->params.p != NULL) {
+        /*
+         * We do not have q so we just check the key is within some
+         * reasonable range, or the number of bits is equal to dh->length.
+         */
+        int length = dh->length;
+
+        if (length == 0) {
+            length = BN_num_bits(dh->params.p) - 1;
+            if (BN_num_bits(priv_key) <= length
+                && BN_num_bits(priv_key) > 1)
+                ok = 1;
+        } else if (BN_num_bits(priv_key) == length) {
+            ok = 1;
+        }
+        goto end;
+#endif
+    } else {
+        goto end;
+    }
 
     /* Is it from an approved Safe prime group ?*/
     if (DH_get_nid((DH *)dh) != NID_undef && dh->length != 0) {
         if (!BN_lshift(two_powN, BN_value_one(), dh->length))
-            goto err;
+            goto end;
         if (BN_cmp(two_powN, dh->params.q) < 0)
             upper = two_powN;
     }
     if (!ossl_ffc_validate_private_key(upper, priv_key, ret))
-        goto err;
+        goto end;
 
     ok = 1;
-err:
+end:
     BN_free(two_powN);
     return ok;
 }

crypto/rsa/rsa_sp800_56b_check.c

@@ -289,6 +289,11 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
         return 0;
 
     nbits = BN_num_bits(rsa->n);
+    if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
 #ifdef FIPS_MODULE
     /*
      * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1)
@@ -324,7 +329,8 @@ int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
         goto err;
     }
 
-    ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
+    /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */
+    ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status);
 #ifdef FIPS_MODULE
     if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
 #else

test/recipes/91-test_pkey_check.t

@@ -11,51 +11,96 @@ use strict;
 use warnings;
 
 use File::Spec;
-use OpenSSL::Test qw/:DEFAULT data_file/;
+use OpenSSL::Test qw/:DEFAULT data_file with/;
 use OpenSSL::Test::Utils;
 
-sub check_key {
+sub pkey_check {
     my $f = shift;
+    my $pubcheck = shift;
+    my @checkopt = ('-check');
+
+    @checkopt = ('-pubcheck', '-pubin') if $pubcheck;
 
-    return run(app(['openssl', 'pkey', '-check', '-text',
+    return run(app(['openssl', 'pkey', @checkopt, '-text',
                     '-in', $f]));
 }
 
-sub check_key_notok {
+sub check_key {
     my $f = shift;
-    my $str = "$f should fail validation";
+    my $should_fail = shift;
+    my $pubcheck = shift;
+    my $str;
+
+
+    $str = "$f should fail validation" if $should_fail;
+    $str = "$f should pass validation" unless $should_fail;
 
     $f = data_file($f);
 
     if ( -s $f ) {
-        ok(!check_key($f), $str);
+        with({ exit_checker => sub { return shift == $should_fail; } },
+            sub {
+                ok(pkey_check($f, $pubcheck), $str);
+            });
     } else {
         fail("Missing file $f");
     }
 }
 
 setup("test_pkey_check");
 
-my @tests = ();
+my @negative_tests = ();
 
-push(@tests, (
+push(@negative_tests, (
     # For EC keys the range for the secret scalar `k` is `1 <= k <= n-1`
     "ec_p256_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
     "ec_p256_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("ec");
 
-push(@tests, (
+push(@negative_tests, (
     # For SM2 keys the range for the secret scalar `k` is `1 <= k < n-1`
     "sm2_bad_neg1.pem", # `k` set to `n-1` (invalid, because SM2 range)
     "sm2_bad_0.pem", # `k` set to `n` (equivalent to `0 mod n`, invalid)
     "sm2_bad_1.pem", # `k` set to `n+1` (equivalent to `1 mod n`, invalid)
     )) unless disabled("sm2");
 
+my @positive_tests = ();
+
+push(@positive_tests, (
+    "dhpkey.pem"
+    )) unless disabled("dh");
+
+my @negative_pubtests = ("rsapub_17k.pem");  # Too big RSA public key
+
+push(@negative_pubtests, (
+    "dsapub_noparam.der"
+    )) unless disabled("dsa");
+
+my @positive_pubtests = ();
+
+push(@positive_pubtests, (
+    "dsapub.pem"
+    )) unless disabled("dsa");
+
 plan skip_all => "No tests within the current enabled feature set"
-    unless @tests;
+    unless @negative_tests && @positive_tests
+           && @negative_pubtests && @positive_pubtests;
+
+plan tests => scalar(@negative_tests) + scalar(@positive_tests)
+              + scalar(@negative_pubtests) + scalar(@positive_pubtests);
+
+foreach my $t (@negative_tests) {
+    check_key($t, 1, 0);
+}
+
+foreach my $t (@positive_tests) {
+    check_key($t, 0, 0);
+}
 
-plan tests => scalar(@tests);
+foreach my $t (@negative_pubtests) {
+    check_key($t, 1, 1);
+}
 
-foreach my $t (@tests) {
-    check_key_notok($t);
+foreach my $t (@positive_pubtests) {
+    check_key($t, 0, 1);
 }

test/recipes/91-test_pkey_check_data/dhpkey.pem

@@ -0,0 +1,14 @@
+-----BEGIN PRIVATE KEY-----
+MIICJgIBADCCARcGCSqGSIb3DQEDATCCAQgCggEBAMwWCRizXuSpEcD1rlHABvnQ
+NzZarWoOCGfuYe2NzM6b0BiR13l7zrcBocQLE401xxLUn6qkFfFMJOP3x6tbDx7w
+1DwsHjplqVSW8sLDipf37940aLjvcjhJ0ZSDOwkpUeO2WSJLZdNSxvygHG5bZ/e1
+V5c5BToWUzHsbx3It4EgddtRfgELgl0K6kY7YsxfeVKc+bNA40elhk8/gGr5xLko
+0fUSk4xPIqbHEkKVuusYvaxXrBXUmFdCuY/dokhhrahp3CFSEzxMCKrS75Kq+6Jx
+Xc4qJ1QsgHWxwO5C+KPRhWsePJ5zmGI/D++TAXKu70QgcQs8fnM61cXhUylnchsC
+AQIEggEEAoIBAGj8dNturd5CiUbDmzc/zMuSW+wIZFtH0XTlhie6Xap8ybXs53Dd
+vr2QwKbZpvbwpT+GrQM8K6lTYSW2AqeV29b23KstGGRDxyF9nrTM2a+la+m+YCuy
+XG3AeildriXHViJHe9BnpvqsArkv2kIMLsXwsrvJsbUU3ENJUGyTehOglmoiESW1
+kVq3PoYTuls7ynRDnZAcFZidMJmOynU182klgqjxy0Md0X1cX0SXdYVBtai+iwH8
+kNKnbs2nn0Dfprau/OlmLFL4JpiagOWBJCwZafELpXzLor4t0m0t1Mzy/XkxtmKT
+e6L4veD6kojaU7H8iCTjA6d7hPBWmXoslZI=
+-----END PRIVATE KEY-----

test/recipes/91-test_pkey_check_data/dsapub.pem

@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4
+4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD
+9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD
+CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV
+lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+
+4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq
+bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr
+YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER
+kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys
+DRjhKHBjdo0rZeSM8DAk3ctrXA==
+-----END PUBLIC KEY-----

test/recipes/91-test_pkey_check_data/rsapub_17k.pem

@@ -0,0 +1,48 @@
+-----BEGIN PUBLIC KEY-----
+MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR
+B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph
+gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2
+GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/
+XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj
+b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2
+gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq
+TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1
+vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0
+V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j
+/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH
+SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa
+PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y
+Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu
+C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J
+xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo
+F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id
+aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB
+nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi
+R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7
+kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN
+mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux
+AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O
+f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi
+ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH
+UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx
+wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP
+fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4
+y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS
+Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL
+HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ
+eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ
+EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz
+chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq
+4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW
+gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC
+A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK
+FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys
+26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC
+xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J
+pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+
+k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa
+2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q
+Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb
+77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID
+AQAB
+-----END PUBLIC KEY-----