Vulnerable OpenSSL included in sgx-dcap-quote-verify-python

sgx-dcap-quote-verify-python includes a statically linked copy of OpenSSL. The version of OpenSSL included in sgx-dcap-quote-verify-python 0.0.1…0.0.2 is vulnerable to a security issue. More details about the OpenSSL vulnerabilities themselves can be found at https://www.openssl.org/news/secadv/20230207.txt.

Analysis

The binding includes OpenSSL version 1.1.1s which is vulnerable to the vulnerabilities disclosed in OpenSSL Security Advisory from the 7th February 2023.
The binding does not directly use OpenSSL. The binding calls the SGX Quote Verification Library which uses OpenSSL.

Explanation

The SGX Quote Verification Library uses OpenSSL as a dependency to perform its cryptographic operations and certificate verification.

The OpenSSL security advisory mentions multiple vulnerabilities but I believe the most concerning would be CVE-2023-0286 “X.400 address type confusion in X.509 GeneralName”. Its severity is rated high and the advisory states that “this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.”

Relying on CRLs obtained from an untrusted party is exactly what can happen when verifying a quote. For instance, the vulnerability could be triggered through the “sgx_qv_verify_quote” function which can take untrusted quote collateral as input. The quote collateral contains a CRL and certificate chains. The Quote Verification Library uses OpenSSL to verify the validity of those in order to establish the authenticity of the quote. Thus the vulnerability could be exploited with corrupted/forged collateral and quote.

Impact

According to the advisory the “vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service”. Transitively I expect the same to be true for the Quote Verification Library.
The denial of service impact is not much of a concern I believe since processing forged collateral would most likely stop the software from proceeding normally anyway (forged collateral should be rejected). The part regarding the ability to read memory contents, could result in information disclosure which is a real concern. The quote verification happens on the relying party end, which might use it to check enclave authenticity before providing sensitive data, this vulnerability could therefore result in the leakage of sensitive data.