diff mbox series

[kirkstone,1/3] openssl: fix CVE-2024-41996

Message ID 20250711113313.3009782-1-archana.polampalli@windriver.com
State Under Review
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,1/3] openssl: fix CVE-2024-41996 | expand

Commit Message

Polampalli, Archana July 11, 2025, 11:33 a.m. UTC 
From: Archana Polampalli <archana.polampalli@windriver.com>

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol,
when an approved safe prime is used, allows remote attackers (from the client side) to
trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
The client may cause asymmetric resource consumption. The basic attack scenario is that
the client must claim that it can only communicate with DHE, and the server must be
configured to allow DHE and validate the order of the public key.

Reference:
https://github.com/openssl/openssl/pull/25088

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
---
 .../openssl/openssl/CVE-2024-41996.patch      | 48 +++++++++++++++++++
 .../openssl/openssl_3.0.16.bb                 |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
new file mode 100644
index 0000000000..49ec9c0130
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2024-41996.patch
@@ -0,0 +1,48 @@ 
+From e70e34d857d4003199bcb5d3b52ca8102ccc1b98 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 5 Aug 2024 17:54:14 +0200
+Subject: [PATCH] dh_kmgmt.c: Avoid expensive public key validation for known
+ safe-prime groups
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The partial validation is fully sufficient to check the key validity.
+
+Thanks to Szilárd Pfeiffer for reporting the issue.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/25088)
+
+CVE: CVE-2024-41996
+
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e70e34d857d4003199bcb5d3b52ca8102ccc1b98]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ providers/implementations/keymgmt/dh_kmgmt.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index 795a3f2..3e7a811 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -387,9 +387,11 @@ static int dh_validate_public(const DH *dh, int checktype)
+     if (pub_key == NULL)
+         return 0;
+
+-    /* The partial test is only valid for named group's with q = (p - 1) / 2 */
+-    if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK
+-        && ossl_dh_is_named_safe_prime_group(dh))
++    /*
++     * The partial test is only valid for named group's with q = (p - 1) / 2
++     * but for that case it is also fully sufficient to check the key validity.
++     */
++    if (ossl_dh_is_named_safe_prime_group(dh))
+         return ossl_dh_check_pub_key_partial(dh, pub_key, &res);
+
+     return DH_check_pub_key_ex(dh, pub_key);
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb b/meta/recipes-connectivity/openssl/openssl_3.0.16.bb
index a9fffd18ba..3d6993872b 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.0.16.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.0.16.bb
@@ -12,6 +12,7 @@  SRC_URI = "https://github.com/openssl/openssl/releases/download/openssl-${PV}/op
            file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
            file://afalg.patch \
            file://0001-Configure-do-not-tweak-mips-cflags.patch \
+           file://CVE-2024-41996.patch \
            "
 
 SRC_URI:append:class-nativesdk = " \