Skip to content

openssl_3: apply patch for CVE-2023-2975 #243625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vcunat merged 1 commit into from
Jul 17, 2023
Merged

openssl_3: apply patch for CVE-2023-2975 #243625

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions pkgs/development/libraries/openssl/3.0/CVE-2023-2975.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
From 6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 4 Jul 2023 17:30:35 +0200
Subject: [PATCH] Do not ignore empty associated data with AES-SIV mode

The AES-SIV mode allows for multiple associated data items
authenticated separately with any of these being 0 length.

The provided implementation ignores such empty associated data
which is incorrect in regards to the RFC 5297 and is also
a security issue because such empty associated data then become
unauthenticated if an application expects to authenticate them.

Fixes CVE-2023-2975

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)

(cherry picked from commit c426c281cfc23ab182f7d7d7a35229e7db1494d9)
---
.../implementations/ciphers/cipher_aes_siv.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/providers/implementations/ciphers/cipher_aes_siv.c b/providers/implementations/ciphers/cipher_aes_siv.c
index 45010b90db2a..b396c8651a32 100644
--- a/providers/implementations/ciphers/cipher_aes_siv.c
+++ b/providers/implementations/ciphers/cipher_aes_siv.c
@@ -120,14 +120,18 @@ static int siv_cipher(void *vctx, unsigned char *out, size_t *outl,
if (!ossl_prov_is_running())
return 0;

- if (inl == 0) {
- *outl = 0;
- return 1;
- }
+ /* Ignore just empty encryption/decryption call and not AAD. */
+ if (out != NULL) {
+ if (inl == 0) {
+ if (outl != NULL)
+ *outl = 0;
+ return 1;
+ }

- if (outsize < inl) {
- ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
- return 0;
+ if (outsize < inl) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+ return 0;
+ }
}

if (ctx->hw->cipher(ctx, out, in, inl) <= 0)
3 changes: 3 additions & 0 deletions pkgs/development/libraries/openssl/default.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,6 +251,9 @@ in {
# This patch disables build-time detection.
./3.0/openssl-disable-kernel-detection.patch

# https://www.openssl.org/news/secadv/20230714.txt
./3.0/CVE-2023-2975.patch

(if stdenv.hostPlatform.isDarwin
then ./use-etc-ssl-certs-darwin.patch
else ./use-etc-ssl-certs.patch)
Expand Down