import compat-openssl10-1.0.2o-4.el8_6

This commit is contained in:
CentOS Sources 2022-09-27 06:19:21 -04:00 committed by Stepan Oksanichenko
parent 238fe008fb
commit a2f908afdb
2 changed files with 73 additions and 1 deletions

View File

@ -0,0 +1,66 @@
From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Mon, 28 Feb 2022 18:26:21 +0100
Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
The calculation in some cases does not finish for non-prime p.
This fixes CVE-2022-0778.
Based on patch by David Benjamin <davidben@google.com>.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
---
crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
index 1723d5ded5a8..53b0f559855c 100644
--- a/crypto/bn/bn_sqrt.c
+++ b/crypto/bn/bn_sqrt.c
@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
/*
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
- * Theory", algorithm 1.5.1). 'p' must be prime!
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
+ * an incorrect "result" will be returned.
*/
{
BIGNUM *ret = in;
@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
goto vrfy;
}
- /* find smallest i such that b^(2^i) = 1 */
- i = 1;
- if (!BN_mod_sqr(t, b, p, ctx))
- goto end;
- while (!BN_is_one(t)) {
- i++;
- if (i == e) {
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
- goto end;
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
+ for (i = 1; i < e; i++) {
+ if (i == 1) {
+ if (!BN_mod_sqr(t, b, p, ctx))
+ goto end;
+
+ } else {
+ if (!BN_mod_mul(t, t, t, p, ctx))
+ goto end;
}
- if (!BN_mod_mul(t, t, t, p, ctx))
- goto end;
+ if (BN_is_one(t))
+ break;
+ }
+ /* If not found, a is not a square or p is not prime. */
+ if (i >= e) {
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+ goto end;
}
/* t := y^2^(e - i - 1) */

View File

@ -22,7 +22,7 @@
Summary: Compatibility version of the OpenSSL library Summary: Compatibility version of the OpenSSL library
Name: compat-openssl10 Name: compat-openssl10
Version: 1.0.2o Version: 1.0.2o
Release: 3%{?dist} Release: 4%{?dist}
Epoch: 1 Epoch: 1
# We have to remove certain patented algorithms from the openssl source # We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below. # tarball with the hobble-openssl script which is included below.
@ -92,6 +92,7 @@ Patch99: openssl-1.0.2k-fips-randlock.patch
Patch80: openssl-1.0.2o-wrap-pad.patch Patch80: openssl-1.0.2o-wrap-pad.patch
Patch81: openssl-1.0.2a-padlock64.patch Patch81: openssl-1.0.2a-padlock64.patch
Patch82: openssl-1.0.2m-trusted-first-doc.patch Patch82: openssl-1.0.2m-trusted-first-doc.patch
Patch83: openssl-1.0.2o-cve-2022-0778.patch
License: OpenSSL License: OpenSSL
Group: System Environment/Libraries Group: System Environment/Libraries
@ -194,6 +195,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch80 -p1 -b .wrap %patch80 -p1 -b .wrap
%patch81 -p1 -b .padlock64 %patch81 -p1 -b .padlock64
%patch82 -p1 -b .trusted-first %patch82 -p1 -b .trusted-first
%patch83 -p1 -b .cve-2022-0778
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@ -416,6 +418,10 @@ install -m 644 apps/openssl10.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/openssl10.cn
%postun -p /sbin/ldconfig %postun -p /sbin/ldconfig
%changelog %changelog
* Wed May 04 2022 Clemens Lang <cllang@redhat.com> - 1:1.0.2o-4
- Fix CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Resolves: rhbz#2077417
* Fri Aug 3 2018 Tomáš Mráz <tmraz@redhat.com> 1.0.2o-3 * Fri Aug 3 2018 Tomáš Mráz <tmraz@redhat.com> 1.0.2o-3
- provide and use compat openssl10.cnf as the non-compat one is incompatible - provide and use compat openssl10.cnf as the non-compat one is incompatible