forked from rpms/openssl
import openssl-1.1.1k-7.el8_6
This commit is contained in:
parent
2a9b729c27
commit
6c7584747a
179
SOURCES/openssl-1.1.1-cve-2022-0778.patch
Normal file
179
SOURCES/openssl-1.1.1-cve-2022-0778.patch
Normal file
@ -0,0 +1,179 @@
|
||||
From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Mon, 28 Feb 2022 18:26:21 +0100
|
||||
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
|
||||
|
||||
The calculation in some cases does not finish for non-prime p.
|
||||
|
||||
This fixes CVE-2022-0778.
|
||||
|
||||
Based on patch by David Benjamin <davidben@google.com>.
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
---
|
||||
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
|
||||
1 file changed, 18 insertions(+), 12 deletions(-)
|
||||
|
||||
From b5fcb7e133725b8b2eb66f63f5142710ed63a6d1 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Mon, 28 Feb 2022 18:26:30 +0100
|
||||
Subject: [PATCH] Add documentation of BN_mod_sqrt()
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
---
|
||||
doc/man3/BN_add.pod | 15 +++++++++++++--
|
||||
1 file changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Mon, 28 Feb 2022 18:26:35 +0100
|
||||
Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
---
|
||||
test/bntest.c | 11 ++++++++++-
|
||||
test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
|
||||
2 files changed, 22 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
|
||||
index 1723d5ded5a8..53b0f559855c 100644
|
||||
--- a/crypto/bn/bn_sqrt.c
|
||||
+++ b/crypto/bn/bn_sqrt.c
|
||||
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
/*
|
||||
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
|
||||
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
|
||||
- * Theory", algorithm 1.5.1). 'p' must be prime!
|
||||
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
|
||||
+ * an incorrect "result" will be returned.
|
||||
*/
|
||||
{
|
||||
BIGNUM *ret = in;
|
||||
@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
|
||||
goto vrfy;
|
||||
}
|
||||
|
||||
- /* find smallest i such that b^(2^i) = 1 */
|
||||
- i = 1;
|
||||
- if (!BN_mod_sqr(t, b, p, ctx))
|
||||
- goto end;
|
||||
- while (!BN_is_one(t)) {
|
||||
- i++;
|
||||
- if (i == e) {
|
||||
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
|
||||
- goto end;
|
||||
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
|
||||
+ for (i = 1; i < e; i++) {
|
||||
+ if (i == 1) {
|
||||
+ if (!BN_mod_sqr(t, b, p, ctx))
|
||||
+ goto end;
|
||||
+
|
||||
+ } else {
|
||||
+ if (!BN_mod_mul(t, t, t, p, ctx))
|
||||
+ goto end;
|
||||
}
|
||||
- if (!BN_mod_mul(t, t, t, p, ctx))
|
||||
- goto end;
|
||||
+ if (BN_is_one(t))
|
||||
+ break;
|
||||
+ }
|
||||
+ /* If not found, a is not a square or p is not prime. */
|
||||
+ if (i >= e) {
|
||||
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
/* t := y^2^(e - i - 1) */
|
||||
diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
|
||||
index dccd4790ede7..1f5e37a4d183 100644
|
||||
--- a/doc/man3/BN_add.pod
|
||||
+++ b/doc/man3/BN_add.pod
|
||||
@@ -3,7 +3,7 @@
|
||||
=head1 NAME
|
||||
|
||||
BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
|
||||
-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
|
||||
+BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
|
||||
arithmetic operations on BIGNUMs
|
||||
|
||||
=head1 SYNOPSIS
|
||||
@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
|
||||
|
||||
int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
|
||||
|
||||
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
|
||||
+
|
||||
int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
|
||||
|
||||
int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
|
||||
@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
|
||||
BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
|
||||
result in I<r>.
|
||||
|
||||
+BN_mod_sqrt() returns the modular square root of I<a> such that
|
||||
+C<in^2 = a (mod p)>. The modulus I<p> must be a
|
||||
+prime, otherwise an error or an incorrect "result" will be returned.
|
||||
+The result is stored into I<in> which can be NULL. The result will be
|
||||
+newly allocated in that case.
|
||||
+
|
||||
BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
|
||||
(C<r=a^p>). This function is faster than repeated applications of
|
||||
BN_mul().
|
||||
@@ -108,7 +116,10 @@ the arguments.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
-For all functions, 1 is returned for success, 0 on error. The return
|
||||
+The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
|
||||
+not a prime), or NULL.
|
||||
+
|
||||
+For all remaining functions, 1 is returned for success, 0 on error. The return
|
||||
value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
|
||||
The error codes can be obtained by L<ERR_get_error(3)>.
|
||||
|
||||
diff --git a/test/bntest.c b/test/bntest.c
|
||||
index 390dd800733e..1cab660bcafb 100644
|
||||
--- a/test/bntest.c
|
||||
+++ b/test/bntest.c
|
||||
@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s)
|
||||
|| !TEST_ptr(ret2 = BN_new()))
|
||||
goto err;
|
||||
|
||||
+ if (BN_is_negative(mod_sqrt)) {
|
||||
+ /* A negative testcase */
|
||||
+ if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
|
||||
+ goto err;
|
||||
+
|
||||
+ st = 1;
|
||||
+ goto err;
|
||||
+ }
|
||||
+
|
||||
/* There are two possible answers. */
|
||||
- if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
|
||||
+ if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
|
||||
|| !TEST_true(BN_sub(ret2, p, ret)))
|
||||
goto err;
|
||||
|
||||
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
|
||||
index 5ea4d031f271..e28cc6bfb02e 100644
|
||||
--- a/test/recipes/10-test_bn_data/bnmod.txt
|
||||
+++ b/test/recipes/10-test_bn_data/bnmod.txt
|
||||
@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
||||
ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
|
||||
A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
|
||||
P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
||||
+
|
||||
+# Negative testcases for BN_mod_sqrt()
|
||||
+
|
||||
+# This one triggers an infinite loop with unfixed implementation
|
||||
+# It should just fail.
|
||||
+ModSqrt = -1
|
||||
+A = 20a7ee
|
||||
+P = 460201
|
||||
+
|
||||
+ModSqrt = -1
|
||||
+A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
|
||||
+P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
|
74
SOURCES/openssl-1.1.1-cve-2022-1292.patch
Normal file
74
SOURCES/openssl-1.1.1-cve-2022-1292.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Tue, 26 Apr 2022 12:40:24 +0200
|
||||
Subject: [PATCH] c_rehash: Do not use shell to invoke openssl
|
||||
|
||||
Except on VMS where it is safe.
|
||||
|
||||
This fixes CVE-2022-1292.
|
||||
|
||||
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23]
|
||||
---
|
||||
tools/c_rehash.in | 29 +++++++++++++++++++++++++----
|
||||
1 file changed, 25 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
||||
index fa7c6c9fef91..83c1cc80e08a 100644
|
||||
--- a/tools/c_rehash.in
|
||||
+++ b/tools/c_rehash.in
|
||||
@@ -152,6 +152,23 @@ sub check_file {
|
||||
return ($is_cert, $is_crl);
|
||||
}
|
||||
|
||||
+sub compute_hash {
|
||||
+ my $fh;
|
||||
+ if ( $^O eq "VMS" ) {
|
||||
+ # VMS uses the open through shell
|
||||
+ # The file names are safe there and list form is unsupported
|
||||
+ if (!open($fh, "-|", join(' ', @_))) {
|
||||
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||
+ return;
|
||||
+ }
|
||||
+ } else {
|
||||
+ if (!open($fh, "-|", @_)) {
|
||||
+ print STDERR "Cannot compute hash on '$fname'\n";
|
||||
+ return;
|
||||
+ }
|
||||
+ }
|
||||
+ return (<$fh>, <$fh>);
|
||||
+}
|
||||
|
||||
# Link a certificate to its subject name hash value, each hash is of
|
||||
# the form <hash>.<n> where n is an integer. If the hash value already exists
|
||||
@@ -161,10 +178,12 @@ sub check_file {
|
||||
|
||||
sub link_hash_cert {
|
||||
my $fname = $_[0];
|
||||
- $fname =~ s/\"/\\\"/g;
|
||||
- my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
||||
+ my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
||||
+ "-fingerprint", "-noout",
|
||||
+ "-in", $fname);
|
||||
chomp $hash;
|
||||
chomp $fprint;
|
||||
+ return if !$hash;
|
||||
$fprint =~ s/^.*=//;
|
||||
$fprint =~ tr/://d;
|
||||
my $suffix = 0;
|
||||
@@ -202,10 +221,12 @@ sub link_hash_cert {
|
||||
|
||||
sub link_hash_crl {
|
||||
my $fname = $_[0];
|
||||
- $fname =~ s/'/'\\''/g;
|
||||
- my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
||||
+ my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
||||
+ "-fingerprint", "-noout",
|
||||
+ "-in", $fname);
|
||||
chomp $hash;
|
||||
chomp $fprint;
|
||||
+ return if !$hash;
|
||||
$fprint =~ s/^.*=//;
|
||||
$fprint =~ tr/://d;
|
||||
my $suffix = 0;
|
255
SOURCES/openssl-1.1.1-cve-2022-2068.patch
Normal file
255
SOURCES/openssl-1.1.1-cve-2022-2068.patch
Normal file
@ -0,0 +1,255 @@
|
||||
From 9639817dac8bbbaa64d09efad7464ccc405527c7 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Fiala <daniel@openssl.org>
|
||||
Date: Sun, 29 May 2022 20:11:24 +0200
|
||||
Subject: [PATCH] Fix file operations in c_rehash.
|
||||
|
||||
CVE-2022-2068
|
||||
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
Reviewed-by: Richard Levitte <levitte@openssl.org>
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7]
|
||||
---
|
||||
tools/c_rehash.in | 216 +++++++++++++++++++++++-----------------------
|
||||
1 file changed, 107 insertions(+), 109 deletions(-)
|
||||
|
||||
diff --git a/tools/c_rehash.in b/tools/c_rehash.in
|
||||
index cfd18f5da110..9d2a6f6db73b 100644
|
||||
--- a/tools/c_rehash.in
|
||||
+++ b/tools/c_rehash.in
|
||||
@@ -104,52 +104,78 @@ foreach (@dirlist) {
|
||||
}
|
||||
exit($errorcount);
|
||||
|
||||
+sub copy_file {
|
||||
+ my ($src_fname, $dst_fname) = @_;
|
||||
+
|
||||
+ if (open(my $in, "<", $src_fname)) {
|
||||
+ if (open(my $out, ">", $dst_fname)) {
|
||||
+ print $out $_ while (<$in>);
|
||||
+ close $out;
|
||||
+ } else {
|
||||
+ warn "Cannot open $dst_fname for write, $!";
|
||||
+ }
|
||||
+ close $in;
|
||||
+ } else {
|
||||
+ warn "Cannot open $src_fname for read, $!";
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
sub hash_dir {
|
||||
- my %hashlist;
|
||||
- print "Doing $_[0]\n";
|
||||
- chdir $_[0];
|
||||
- opendir(DIR, ".");
|
||||
- my @flist = sort readdir(DIR);
|
||||
- closedir DIR;
|
||||
- if ( $removelinks ) {
|
||||
- # Delete any existing symbolic links
|
||||
- foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
||||
- if (-l $_) {
|
||||
- print "unlink $_" if $verbose;
|
||||
- unlink $_ || warn "Can't unlink $_, $!\n";
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
- FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
||||
- # Check to see if certificates and/or CRLs present.
|
||||
- my ($cert, $crl) = check_file($fname);
|
||||
- if (!$cert && !$crl) {
|
||||
- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
||||
- next;
|
||||
- }
|
||||
- link_hash_cert($fname) if ($cert);
|
||||
- link_hash_crl($fname) if ($crl);
|
||||
- }
|
||||
+ my $dir = shift;
|
||||
+ my %hashlist;
|
||||
+
|
||||
+ print "Doing $dir\n";
|
||||
+
|
||||
+ if (!chdir $dir) {
|
||||
+ print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
|
||||
+ my @flist = sort readdir(DIR);
|
||||
+ closedir DIR;
|
||||
+ if ( $removelinks ) {
|
||||
+ # Delete any existing symbolic links
|
||||
+ foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
||||
+ if (-l $_) {
|
||||
+ print "unlink $_\n" if $verbose;
|
||||
+ unlink $_ || warn "Can't unlink $_, $!\n";
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
||||
+ # Check to see if certificates and/or CRLs present.
|
||||
+ my ($cert, $crl) = check_file($fname);
|
||||
+ if (!$cert && !$crl) {
|
||||
+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
||||
+ next;
|
||||
+ }
|
||||
+ link_hash_cert($fname) if ($cert);
|
||||
+ link_hash_crl($fname) if ($crl);
|
||||
+ }
|
||||
+
|
||||
+ chdir $pwd;
|
||||
}
|
||||
|
||||
sub check_file {
|
||||
- my ($is_cert, $is_crl) = (0,0);
|
||||
- my $fname = $_[0];
|
||||
- open IN, $fname;
|
||||
- while(<IN>) {
|
||||
- if (/^-----BEGIN (.*)-----/) {
|
||||
- my $hdr = $1;
|
||||
- if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
||||
- $is_cert = 1;
|
||||
- last if ($is_crl);
|
||||
- } elsif ($hdr eq "X509 CRL") {
|
||||
- $is_crl = 1;
|
||||
- last if ($is_cert);
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
- close IN;
|
||||
- return ($is_cert, $is_crl);
|
||||
+ my ($is_cert, $is_crl) = (0,0);
|
||||
+ my $fname = $_[0];
|
||||
+
|
||||
+ open(my $in, "<", $fname);
|
||||
+ while(<$in>) {
|
||||
+ if (/^-----BEGIN (.*)-----/) {
|
||||
+ my $hdr = $1;
|
||||
+ if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
||||
+ $is_cert = 1;
|
||||
+ last if ($is_crl);
|
||||
+ } elsif ($hdr eq "X509 CRL") {
|
||||
+ $is_crl = 1;
|
||||
+ last if ($is_cert);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+ close $in;
|
||||
+ return ($is_cert, $is_crl);
|
||||
}
|
||||
|
||||
sub compute_hash {
|
||||
@@ -177,76 +203,48 @@ sub compute_hash {
|
||||
# certificate fingerprints
|
||||
|
||||
sub link_hash_cert {
|
||||
- my $fname = $_[0];
|
||||
- my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
|
||||
- "-fingerprint", "-noout",
|
||||
- "-in", $fname);
|
||||
- chomp $hash;
|
||||
- chomp $fprint;
|
||||
- return if !$hash;
|
||||
- $fprint =~ s/^.*=//;
|
||||
- $fprint =~ tr/://d;
|
||||
- my $suffix = 0;
|
||||
- # Search for an unused hash filename
|
||||
- while(exists $hashlist{"$hash.$suffix"}) {
|
||||
- # Hash matches: if fingerprint matches its a duplicate cert
|
||||
- if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
||||
- print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
||||
- return;
|
||||
- }
|
||||
- $suffix++;
|
||||
- }
|
||||
- $hash .= ".$suffix";
|
||||
- if ($symlink_exists) {
|
||||
- print "link $fname -> $hash\n" if $verbose;
|
||||
- symlink $fname, $hash || warn "Can't symlink, $!";
|
||||
- } else {
|
||||
- print "copy $fname -> $hash\n" if $verbose;
|
||||
- if (open($in, "<", $fname)) {
|
||||
- if (open($out,">", $hash)) {
|
||||
- print $out $_ while (<$in>);
|
||||
- close $out;
|
||||
- } else {
|
||||
- warn "can't open $hash for write, $!";
|
||||
- }
|
||||
- close $in;
|
||||
- } else {
|
||||
- warn "can't open $fname for read, $!";
|
||||
- }
|
||||
- }
|
||||
- $hashlist{$hash} = $fprint;
|
||||
+ link_hash($_[0], 'cert');
|
||||
}
|
||||
|
||||
# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
||||
|
||||
sub link_hash_crl {
|
||||
- my $fname = $_[0];
|
||||
- my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
|
||||
- "-fingerprint", "-noout",
|
||||
- "-in", $fname);
|
||||
- chomp $hash;
|
||||
- chomp $fprint;
|
||||
- return if !$hash;
|
||||
- $fprint =~ s/^.*=//;
|
||||
- $fprint =~ tr/://d;
|
||||
- my $suffix = 0;
|
||||
- # Search for an unused hash filename
|
||||
- while(exists $hashlist{"$hash.r$suffix"}) {
|
||||
- # Hash matches: if fingerprint matches its a duplicate cert
|
||||
- if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
||||
- print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
||||
- return;
|
||||
- }
|
||||
- $suffix++;
|
||||
- }
|
||||
- $hash .= ".r$suffix";
|
||||
- if ($symlink_exists) {
|
||||
- print "link $fname -> $hash\n" if $verbose;
|
||||
- symlink $fname, $hash || warn "Can't symlink, $!";
|
||||
- } else {
|
||||
- print "cp $fname -> $hash\n" if $verbose;
|
||||
- system ("cp", $fname, $hash);
|
||||
- warn "Can't copy, $!" if ($? >> 8) != 0;
|
||||
- }
|
||||
- $hashlist{$hash} = $fprint;
|
||||
+ link_hash($_[0], 'crl');
|
||||
+}
|
||||
+
|
||||
+sub link_hash {
|
||||
+ my ($fname, $type) = @_;
|
||||
+ my $is_cert = $type eq 'cert';
|
||||
+
|
||||
+ my ($hash, $fprint) = compute_hash($openssl,
|
||||
+ $is_cert ? "x509" : "crl",
|
||||
+ $is_cert ? $x509hash : $crlhash,
|
||||
+ "-fingerprint", "-noout",
|
||||
+ "-in", $fname);
|
||||
+ chomp $hash;
|
||||
+ chomp $fprint;
|
||||
+ return if !$hash;
|
||||
+ $fprint =~ s/^.*=//;
|
||||
+ $fprint =~ tr/://d;
|
||||
+ my $suffix = 0;
|
||||
+ # Search for an unused hash filename
|
||||
+ my $crlmark = $is_cert ? "" : "r";
|
||||
+ while(exists $hashlist{"$hash.$crlmark$suffix"}) {
|
||||
+ # Hash matches: if fingerprint matches its a duplicate cert
|
||||
+ if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
|
||||
+ my $what = $is_cert ? 'certificate' : 'CRL';
|
||||
+ print STDERR "WARNING: Skipping duplicate $what $fname\n";
|
||||
+ return;
|
||||
+ }
|
||||
+ $suffix++;
|
||||
+ }
|
||||
+ $hash .= ".$crlmark$suffix";
|
||||
+ if ($symlink_exists) {
|
||||
+ print "link $fname -> $hash\n" if $verbose;
|
||||
+ symlink $fname, $hash || warn "Can't symlink, $!";
|
||||
+ } else {
|
||||
+ print "copy $fname -> $hash\n" if $verbose;
|
||||
+ copy_file($fname, $hash);
|
||||
+ }
|
||||
+ $hashlist{$hash} = $fprint;
|
||||
}
|
152
SOURCES/openssl-1.1.1-cve-2022-2097.patch
Normal file
152
SOURCES/openssl-1.1.1-cve-2022-2097.patch
Normal file
@ -0,0 +1,152 @@
|
||||
From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Chernyakhovsky <achernya@google.com>
|
||||
Date: Thu, 16 Jun 2022 12:00:22 +1000
|
||||
Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
|
||||
that performs operations on 6 16-byte blocks concurrently (the
|
||||
"grandloop") and then proceeds to handle the "short" tail (which can
|
||||
be anywhere from 0 to 5 blocks) that remain.
|
||||
|
||||
As part of initialization, the assembly initializes $len to the true
|
||||
length, less 96 bytes and converts it to a pointer so that the $inp
|
||||
can be compared to it. Each iteration of "grandloop" checks to see if
|
||||
there's a full 96-byte chunk to process, and if so, continues. Once
|
||||
this has been exhausted, it falls through to "short", which handles
|
||||
the remaining zero to five blocks.
|
||||
|
||||
Unfortunately, the jump at the end of "grandloop" had a fencepost
|
||||
error, doing a `jb` ("jump below") rather than `jbe` (jump below or
|
||||
equal). This should be `jbe`, as $inp is pointing to the *end* of the
|
||||
chunk currently being handled. If $inp == $len, that means that
|
||||
there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
|
||||
then there's 5 or fewer 16-byte blocks left to be handled, and the
|
||||
fall-through is intended.
|
||||
|
||||
The net effect of `jb` instead of `jbe` is that the last 16-byte block
|
||||
of the last 96-byte chunk was completely omitted. The contents of
|
||||
`out` in this position were never written to. Additionally, since
|
||||
those bytes were never processed, the authentication tag generated is
|
||||
also incorrect.
|
||||
|
||||
The same fencepost error, and identical logic, exists in both
|
||||
aesni_ocb_encrypt and aesni_ocb_decrypt.
|
||||
|
||||
This addresses CVE-2022-2097.
|
||||
|
||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
||||
Co-authored-by: David Benjamin <davidben@google.com>
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/919925673d6c9cfed3c1085497f5dfbbed5fc431]
|
||||
---
|
||||
crypto/aes/asm/aesni-x86.pl | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
|
||||
index fe2b26542ab6..812758e02e04 100644
|
||||
--- a/crypto/aes/asm/aesni-x86.pl
|
||||
+++ b/crypto/aes/asm/aesni-x86.pl
|
||||
@@ -2027,7 +2027,7 @@ sub aesni_generate6
|
||||
&movdqu (&QWP(-16*2,$out,$inp),$inout4);
|
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||
&cmp ($inp,$len); # done yet?
|
||||
- &jb (&label("grandloop"));
|
||||
+ &jbe (&label("grandloop"));
|
||||
|
||||
&set_label("short");
|
||||
&add ($len,16*6);
|
||||
@@ -2453,7 +2453,7 @@ sub aesni_generate6
|
||||
&pxor ($rndkey1,$inout5);
|
||||
&movdqu (&QWP(-16*1,$out,$inp),$inout5);
|
||||
&cmp ($inp,$len); # done yet?
|
||||
- &jb (&label("grandloop"));
|
||||
+ &jbe (&label("grandloop"));
|
||||
|
||||
&set_label("short");
|
||||
&add ($len,16*6);
|
||||
From 9131afdca30b6d1650af9ea6179569a80ab8cb06 Mon Sep 17 00:00:00 2001
|
||||
From: Alex Chernyakhovsky <achernya@google.com>
|
||||
Date: Thu, 16 Jun 2022 12:02:37 +1000
|
||||
Subject: [PATCH] AES OCB test vectors
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
|
||||
|
||||
Co-authored-by: Alejandro Sedeño <asedeno@google.com>
|
||||
Co-authored-by: David Benjamin <davidben@google.com>
|
||||
|
||||
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||||
Reviewed-by: Tomas Mraz <tomas@openssl.org>
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/9131afdca30b6d1650af9ea6179569a80ab8cb06]
|
||||
---
|
||||
test/recipes/30-test_evp_data/evpciph.txt | 50 +++++++++++++++++++++++
|
||||
1 file changed, 50 insertions(+)
|
||||
|
||||
diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
|
||||
index 1c02ea1e9c2d..e12670d9a4b4 100644
|
||||
--- a/test/recipes/30-test_evp_data/evpciph.txt
|
||||
+++ b/test/recipes/30-test_evp_data/evpciph.txt
|
||||
@@ -1188,6 +1188,56 @@ Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B21
|
||||
Operation = DECRYPT
|
||||
Result = CIPHERFINAL_ERROR
|
||||
|
||||
+#Test vectors generated to validate aesni_ocb_encrypt on x86
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = C14DFF7D62A13C4A3422456207453190
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = 41970D13737B7BD1B5FBF49ED4412CA5
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = BE0228651ED4E48A11BDED68D953F3A0
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = 17BC6E10B16E5FDC52836E7D589518C7
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = E84AAC18666116990A3A37B3A5FC55BD
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
|
||||
+
|
||||
+Cipher = aes-128-ocb
|
||||
+Key = 000102030405060708090A0B0C0D0E0F
|
||||
+IV = 000000000001020304050607
|
||||
+Tag = 3E5EA7EE064FE83B313E28D411E91EAD
|
||||
+Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
|
||||
+Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
|
||||
+
|
||||
Title = AES XTS test vectors from IEEE Std 1619-2007
|
||||
|
||||
# Using the same key twice for encryption is always banned.
|
1176
SOURCES/openssl-1.1.1-replace-expired-certs.patch
Normal file
1176
SOURCES/openssl-1.1.1-replace-expired-certs.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -22,7 +22,7 @@
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 1.1.1k
|
||||
Release: 5%{?dist}
|
||||
Release: 7%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -82,6 +82,11 @@ Patch56: openssl-1.1.1-s390x-ecc.patch
|
||||
Patch74: openssl-1.1.1-addrconfig.patch
|
||||
Patch75: openssl-1.1.1-tls13-curves.patch
|
||||
Patch81: openssl-1.1.1-read-buff.patch
|
||||
Patch82: openssl-1.1.1-cve-2022-0778.patch
|
||||
Patch83: openssl-1.1.1-replace-expired-certs.patch
|
||||
Patch84: openssl-1.1.1-cve-2022-1292.patch
|
||||
Patch85: openssl-1.1.1-cve-2022-2068.patch
|
||||
Patch86: openssl-1.1.1-cve-2022-2097.patch
|
||||
|
||||
License: OpenSSL and ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -202,7 +207,11 @@ cp %{SOURCE13} test/
|
||||
%patch79 -p1 -b .servername-cb
|
||||
%patch80 -p1 -b .s390x-test-aes
|
||||
%patch81 -p1 -b .read-buff
|
||||
|
||||
%patch82 -p1 -b .cve-2022-0778
|
||||
%patch83 -p1 -b .replace-expired-certs
|
||||
%patch84 -p1 -b .cve-2022-1292
|
||||
%patch85 -p1 -b .cve-2022-2068
|
||||
%patch86 -p1 -b .cve-2022-2097
|
||||
|
||||
%build
|
||||
# Figure out which flags we want to use.
|
||||
@ -486,9 +495,23 @@ export LD_LIBRARY_PATH
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Nov 12 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
|
||||
- CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
|
||||
- Resolves: rhbz#2005400
|
||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
|
||||
- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||
Resolves: CVE-2022-2097
|
||||
- Update expired certificates used in the testsuite
|
||||
Resolves: rhbz#2100554
|
||||
- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
|
||||
Resolves: rhbz#2090371
|
||||
- Fix CVE-2022-2068: the c_rehash script allows command injection
|
||||
Resolves: rhbz#2098278
|
||||
|
||||
* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
|
||||
- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
|
||||
- Resolves: rhbz#2067145
|
||||
|
||||
* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
|
||||
- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
|
||||
- Resolves: rhbz#2005402
|
||||
|
||||
* Fri Jul 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-4
|
||||
- Fixes bugs in s390x AES code.
|
||||
|
Loading…
Reference in New Issue
Block a user