Bug 2281029 (CVE-2024-4603)

Summary: CVE-2024-4603 openssl: Excessive time spent checking DSA keys and parameters
Product: [Other] Security Response Reporter: Zack Miele <zmiele>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ahrabovs, akostadi, amasferr, aucunnin, bdettelb, caswilli, cbartlet, chazlett, crizzo, csutherl, daniel.johnson1, dfreiber, dkuc, dmayorov, doconnor, drow, fjansen, hkataria, jburrell, jcantril, jclere, jdobes, jlledo, jmitchel, jsamir, jsherril, jtanner, jvasik, kaycoth, kholdawa, kshier, lcouzens, mkudlej, mmakovy, mskarbek, mstoklus, orabin, pjindal, plodge, psegedy, rblanco, rojacob, sidakwo, sthirugn, szappis, teagle, tjochec, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: OpenSSL 3.0.14, OpenSSL 3.1.6, OpenSSL 3.2.2, OpenSSL 3.3.1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2281032, 2281033, 2281034, 2281035, 2281036, 2281037, 2281038, 2281039, 2281040, 2281041    
Bug Blocks: 2281028    

Description Zack Miele 2024-05-17 20:13:56 UTC 
Issue summary: Checking excessively long DSA keys or parameters may be very
slow.

Impact summary: Applications that use the functions EVP_PKEY_param_check()
or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
experience long delays. Where the key or parameters that are being checked
have been obtained from an untrusted source this may lead to a Denial of
Service.

The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform
various checks on DSA parameters. Some of those computations take a long time
if the modulus (`p` parameter) is too large.

Trying to use a very large modulus is slow and OpenSSL will not allow using
public keys with a modulus which is over 10,000 bits in length for signature
verification. However the key and parameter check functions do not limit
the modulus size when performing the checks.

An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check()
and supplies a key or parameters obtained from an untrusted source could be
vulnerable to a Denial of Service attack.

These functions are not called by OpenSSL itself on untrusted DSA keys so
only applications that directly call these functions may be vulnerable.

Also vulnerable are the OpenSSL pkey and pkeyparam command line applications
when using the `-check` option.

The OpenSSL SSL/TLS implementation is not affected by this issue.

The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
Comment 1 Zack Miele 2024-05-17 20:38:45 UTC 
Created edk2 tracking bugs for this issue:

Affects: fedora-38 [bug 2281033]
Affects: fedora-39 [bug 2281036]
Affects: fedora-40 [bug 2281039]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-38 [bug 2281034]
Affects: fedora-39 [bug 2281037]
Affects: fedora-40 [bug 2281040]


Created openssl tracking bugs for this issue:

Affects: fedora-38 [bug 2281035]
Affects: fedora-39 [bug 2281038]
Affects: fedora-40 [bug 2281041]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2281032]
Comment 6 errata-xmlrpc 2024-11-12 09:34:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:9333 https://access.redhat.com/errata/RHSA-2024:9333