File openssl-CVE-2023-2650.patch of Package openssl-1_1.34286

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2023-2650.patch of Package openssl-1_1.34286

From b82f94afbe612f8fcbcc74b6da42d03682fcdd8d Mon Sep 17 00:00:00 2001
From: Richard Levitte <levitte@openssl.org>
Date: Fri, 12 May 2023 10:00:13 +0200
Subject: [PATCH] Restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt will
 translate

OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
numeric text form.  For gigantic sub-identifiers, this would take a very
long time, the time complexity being O(n^2) where n is the size of that
sub-identifier.

To mitigate this, a restriction on the size that OBJ_obj2txt() will
translate to canonical numeric text form is added, based on RFC 2578
(STD 58), which says this:

> 3.5. OBJECT IDENTIFIER values
>
> An OBJECT IDENTIFIER value is an ordered list of non-negative numbers.
> For the SMIv2, each number in the list is referred to as a sub-identifier,
> there are at most 128 sub-identifiers in a value, and each sub-identifier
> has a maximum value of 2^32-1 (4294967295 decimal).

Fixes otc/security#96
Fixes CVE-2023-2650
---
 CHANGES                  |   26 ++++++++++++++++++++++++++
 NEWS                     |    2 ++
 crypto/objects/obj_dat.c |   19 +++++++++++++++++++
 3 files changed, 47 insertions(+)

--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,32 @@
 
  Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
 
+  *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
+     OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
+
+     OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical
+     numeric text form.  For gigantic sub-identifiers, this would take a very
+     long time, the time complexity being O(n^2) where n is the size of that
+     sub-identifier.  (CVE-2023-2650)
+
+     To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT
+     IDENTIFIER to canonical numeric text form if the size of that OBJECT
+     IDENTIFIER is 586 bytes or less, and fail otherwise.
+
+     The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT
+     IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at
+     most 128 sub-identifiers, and that the maximum value that each sub-
+     identifier may have is 2^32-1 (4294967295 decimal).
+
+     For each byte of every sub-identifier, only the 7 lower bits are part of
+     the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with
+     these restrictions may occupy is 32 * 128 / 7, which is approximately 586
+     bytes.
+
+     Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+
+     [Richard Levitte]
+
   *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
      that it does not enable policy checking. Thanks to
      David Benjamin for discovering this issue. (CVE-2023-0466)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,8 @@
 
   Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
 
+      o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
+        OBJECT IDENTIFIER sub-identities.  (CVE-2023-2650)
       o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
       o Fixed handling of invalid certificate policies in leaf certificates
         (CVE-2023-0465)
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -427,6 +427,25 @@ int OBJ_obj2txt(char *buf, int buf_len,
     first = 1;
     bl = NULL;
 
+    /*
+     * RFC 2578 (STD 58) says this about OBJECT IDENTIFIERs:
+     *
+     * > 3.5. OBJECT IDENTIFIER values
+     * >
+     * > An OBJECT IDENTIFIER value is an ordered list of non-negative
+     * > numbers. For the SMIv2, each number in the list is referred to as a
+     * > sub-identifier, there are at most 128 sub-identifiers in a value,
+     * > and each sub-identifier has a maximum value of 2^32-1 (4294967295
+     * > decimal).
+     *
+     * So a legitimate OID according to this RFC is at most (32 * 128 / 7),
+     * i.e. 586 bytes long.
+     *
+     * Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
+     */
+    if (len > 586)
+        goto err;
+
     while (len > 0) {
         l = 0;
         use_bn = 0;

Places

File openssl-CVE-2023-2650.patch of Package openssl-1_1.34286

Places