File openssl-CVE-2023-0217-2of4.patch of Package openssl-3.27638

Overview Repositories Revisions Requests Users Attributes Meta

File openssl-CVE-2023-0217-2of4.patch of Package openssl-3.27638

commit 8386d224589c66d8471a5986743824eff8e447f2
Author: Tomas Mraz <tomas@openssl.org>
Date:   Fri Jan 13 17:57:59 2023 +0100

Prevent creating DSA and DH keys without parameters through import

Index: openssl-3.0.1/providers/implementations/keymgmt/dh_kmgmt.c
===================================================================
--- openssl-3.0.1.orig/providers/implementations/keymgmt/dh_kmgmt.c
+++ openssl-3.0.1/providers/implementations/keymgmt/dh_kmgmt.c
@@ -198,8 +198,8 @@ static int dh_import(void *keydata, int
     if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
         return 0;
 
-    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && ossl_dh_params_fromdata(dh, params);
+    /* a key without parameters is meaningless */
+    ok = ok && ossl_dh_params_fromdata(dh, params);
 
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && ossl_dh_key_fromdata(dh, params);
Index: openssl-3.0.1/providers/implementations/keymgmt/dsa_kmgmt.c
===================================================================
--- openssl-3.0.1.orig/providers/implementations/keymgmt/dsa_kmgmt.c
+++ openssl-3.0.1/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -198,8 +198,9 @@ static int dsa_import(void *keydata, int
     if ((selection & DSA_POSSIBLE_SELECTIONS) == 0)
         return 0;
 
-    if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
+    /* a key without parameters is meaningless */
+    ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params);
+
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && ossl_dsa_key_fromdata(dsa, params);

Places

File openssl-CVE-2023-0217-2of4.patch of Package openssl-3.27638

Places