forked from rpms/openssl
Fix segfault in EVP_PKEY_Q_keygen()
When OpenSSL was not previously initialized, EVP_PKEY_Q_keygen() would cause a segmentation fault. Avoid this by backporting a fix from upstream. Resolves: rhbz#2103289 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
5901637dea
commit
c64694b961
@ -0,0 +1,56 @@
|
|||||||
|
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Tomas Mraz <tomas@openssl.org>
|
||||||
|
Date: Thu, 5 May 2022 08:11:24 +0200
|
||||||
|
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
|
||||||
|
strcasecmp
|
||||||
|
|
||||||
|
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/18247)
|
||||||
|
|
||||||
|
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
|
||||||
|
|
||||||
|
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
|
||||||
|
---
|
||||||
|
crypto/evp/evp_lib.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
|
||||||
|
index 3fe4743761..d9b8c0af41 100644
|
||||||
|
--- a/crypto/evp/evp_lib.c
|
||||||
|
+++ b/crypto/evp/evp_lib.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <openssl/dh.h>
|
||||||
|
#include <openssl/ec.h>
|
||||||
|
#include "crypto/evp.h"
|
||||||
|
+#include "crypto/cryptlib.h"
|
||||||
|
#include "internal/provider.h"
|
||||||
|
#include "evp_local.h"
|
||||||
|
|
||||||
|
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
||||||
|
return (ctx->flags & flags);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if !defined(FIPS_MODULE)
|
||||||
|
+
|
||||||
|
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
|
||||||
|
{
|
||||||
|
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
||||||
|
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||||
|
|
||||||
|
va_start(args, type);
|
||||||
|
|
||||||
|
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
|
||||||
|
+
|
||||||
|
if (OPENSSL_strcasecmp(type, "RSA") == 0) {
|
||||||
|
bits = va_arg(args, size_t);
|
||||||
|
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
|
||||||
|
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||||
|
va_end(args);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#endif /* !defined(FIPS_MODULE) */
|
||||||
|
--
|
||||||
|
2.35.3
|
||||||
|
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
|||||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||||
Name: openssl
|
Name: openssl
|
||||||
Version: 3.0.1
|
Version: 3.0.1
|
||||||
Release: 37%{?dist}
|
Release: 38%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# We have to remove certain patented algorithms from the openssl source
|
# We have to remove certain patented algorithms from the openssl source
|
||||||
# tarball with the hobble-openssl script which is included below.
|
# tarball with the hobble-openssl script which is included below.
|
||||||
@ -138,6 +138,8 @@ Patch68: 0068-CVE-2022-2068.patch
|
|||||||
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
|
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
|
||||||
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
|
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
|
||||||
Patch69: 0069-CVE-2022-2097.patch
|
Patch69: 0069-CVE-2022-2097.patch
|
||||||
|
# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
|
||||||
|
Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
|
||||||
|
|
||||||
License: ASL 2.0
|
License: ASL 2.0
|
||||||
URL: http://www.openssl.org/
|
URL: http://www.openssl.org/
|
||||||
@ -468,6 +470,11 @@ install -m644 %{SOURCE9} \
|
|||||||
%ldconfig_scriptlets libs
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38
|
||||||
|
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
|
||||||
|
initialized.
|
||||||
|
Resolves: rhbz#2103289
|
||||||
|
|
||||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
|
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
|
||||||
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||||
Resolves: CVE-2022-2097
|
Resolves: CVE-2022-2097
|
||||||
|
Loading…
Reference in New Issue
Block a user