import openssl-1.1.1k-7.el8_6

SOURCES/openssl-1.1.1-cve-2022-0778.patch

@@ -0,0 +1,179 @@
+From 3118eb64934499d93db3230748a452351d1d9a65 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:21 +0100
+Subject: [PATCH] Fix possible infinite loop in BN_mod_sqrt()
+
+The calculation in some cases does not finish for non-prime p.
+
+This fixes CVE-2022-0778.
+
+Based on patch by David Benjamin <davidben@google.com>.
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/bn/bn_sqrt.c | 30 ++++++++++++++++++------------
+ 1 file changed, 18 insertions(+), 12 deletions(-)
+
+From b5fcb7e133725b8b2eb66f63f5142710ed63a6d1 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:30 +0100
+Subject: [PATCH] Add documentation of BN_mod_sqrt()
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ doc/man3/BN_add.pod | 15 +++++++++++++--
+ 1 file changed, 13 insertions(+), 2 deletions(-)
+
+From 3ef5c3034e5c545f34d6929568f3f2b10ac4bdf0 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 28 Feb 2022 18:26:35 +0100
+Subject: [PATCH] Add a negative testcase for BN_mod_sqrt
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ test/bntest.c                          | 11 ++++++++++-
+ test/recipes/10-test_bn_data/bnmod.txt | 12 ++++++++++++
+ 2 files changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/bn/bn_sqrt.c b/crypto/bn/bn_sqrt.c
+index 1723d5ded5a8..53b0f559855c 100644
+--- a/crypto/bn/bn_sqrt.c
++++ b/crypto/bn/bn_sqrt.c
+@@ -14,7 +14,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+ /*
+  * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+  * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+- * Theory", algorithm 1.5.1). 'p' must be prime!
++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
++ * an incorrect "result" will be returned.
+  */
+ {
+     BIGNUM *ret = in;
+@@ -301,18 +302,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+             goto vrfy;
+         }
+ 
+-        /* find smallest  i  such that  b^(2^i) = 1 */
+-        i = 1;
+-        if (!BN_mod_sqr(t, b, p, ctx))
+-            goto end;
+-        while (!BN_is_one(t)) {
+-            i++;
+-            if (i == e) {
+-                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+-                goto end;
++        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
++        for (i = 1; i < e; i++) {
++            if (i == 1) {
++                if (!BN_mod_sqr(t, b, p, ctx))
++                    goto end;
++
++            } else {
++                if (!BN_mod_mul(t, t, t, p, ctx))
++                    goto end;
+             }
+-            if (!BN_mod_mul(t, t, t, p, ctx))
+-                goto end;
++            if (BN_is_one(t))
++                break;
++        }
++        /* If not found, a is not a square or p is not prime. */
++        if (i >= e) {
++            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
++            goto end;
+         }
+ 
+         /* t := y^2^(e - i - 1) */
+diff --git a/doc/man3/BN_add.pod b/doc/man3/BN_add.pod
+index dccd4790ede7..1f5e37a4d183 100644
+--- a/doc/man3/BN_add.pod
++++ b/doc/man3/BN_add.pod
+@@ -3,7 +3,7 @@
+ =head1 NAME
+ 
+ BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+-BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_exp, BN_mod_exp, BN_gcd -
++BN_mod_sub, BN_mod_mul, BN_mod_sqr, BN_mod_sqrt, BN_exp, BN_mod_exp, BN_gcd -
+ arithmetic operations on BIGNUMs
+ 
+ =head1 SYNOPSIS
+@@ -36,6 +36,8 @@ arithmetic operations on BIGNUMs
+ 
+  int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ 
++ BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
++
+  int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ 
+  int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+@@ -87,6 +89,12 @@ L<BN_mod_mul_reciprocal(3)>.
+ BN_mod_sqr() takes the square of I<a> modulo B<m> and places the
+ result in I<r>.
+ 
++BN_mod_sqrt() returns the modular square root of I<a> such that
++C<in^2 = a (mod p)>. The modulus I<p> must be a
++prime, otherwise an error or an incorrect "result" will be returned.
++The result is stored into I<in> which can be NULL. The result will be
++newly allocated in that case.
++
+ BN_exp() raises I<a> to the I<p>-th power and places the result in I<r>
+ (C<r=a^p>). This function is faster than repeated applications of
+ BN_mul().
+@@ -108,7 +116,10 @@ the arguments.
+ 
+ =head1 RETURN VALUES
+ 
+-For all functions, 1 is returned for success, 0 on error. The return
++The BN_mod_sqrt() returns the result (possibly incorrect if I<p> is
++not a prime), or NULL.
++
++For all remaining functions, 1 is returned for success, 0 on error. The return
+ value should always be checked (e.g., C<if (!BN_add(r,a,b)) goto err;>).
+ The error codes can be obtained by L<ERR_get_error(3)>.
+ 
+diff --git a/test/bntest.c b/test/bntest.c
+index 390dd800733e..1cab660bcafb 100644
+--- a/test/bntest.c
++++ b/test/bntest.c
+@@ -1729,8 +1729,17 @@ static int file_modsqrt(STANZA *s)
+             || !TEST_ptr(ret2 = BN_new()))
+         goto err;
+ 
++    if (BN_is_negative(mod_sqrt)) {
++        /* A negative testcase */
++        if (!TEST_ptr_null(BN_mod_sqrt(ret, a, p, ctx)))
++            goto err;
++
++        st = 1;
++        goto err;
++    }
++
+     /* There are two possible answers. */
+-    if (!TEST_true(BN_mod_sqrt(ret, a, p, ctx))
++    if (!TEST_ptr(BN_mod_sqrt(ret, a, p, ctx))
+             || !TEST_true(BN_sub(ret2, p, ret)))
+         goto err;
+ 
+diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
+index 5ea4d031f271..e28cc6bfb02e 100644
+--- a/test/recipes/10-test_bn_data/bnmod.txt
++++ b/test/recipes/10-test_bn_data/bnmod.txt
+@@ -2799,3 +2799,15 @@ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
+ ModSqrt = a1d52989f12f204d3d2167d9b1e6c8a6174c0c786a979a5952383b7b8bd186
+ A = 2eee37cf06228a387788188e650bc6d8a2ff402931443f69156a29155eca07dcb45f3aac238d92943c0c25c896098716baa433f25bd696a142f5a69d5d937e81
+ P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f
++
++# Negative testcases for BN_mod_sqrt()
++
++# This one triggers an infinite loop with unfixed implementation
++# It should just fail.
++ModSqrt = -1
++A = 20a7ee
++P = 460201
++
++ModSqrt = -1
++A = 65bebdb00a96fc814ec44b81f98b59fba3c30203928fa5214c51e0a97091645280c947b005847f239758482b9bfc45b066fde340d1fe32fc9c1bf02e1b2d0ed
++P = 9df9d6cc20b8540411af4e5357ef2b0353cb1f2ab5ffc3e246b41c32f71e951f

SOURCES/openssl-1.1.1-cve-2022-1292.patch

@@ -0,0 +1,74 @@
+From e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 26 Apr 2022 12:40:24 +0200
+Subject: [PATCH] c_rehash: Do not use shell to invoke openssl
+
+Except on VMS where it is safe.
+
+This fixes CVE-2022-1292.
+
+Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23]
+---
+ tools/c_rehash.in | 29 +++++++++++++++++++++++++----
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index fa7c6c9fef91..83c1cc80e08a 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -152,6 +152,23 @@ sub check_file {
+ 	return ($is_cert, $is_crl);
+ }
+ 
++sub compute_hash {
++    my $fh;
++    if ( $^O eq "VMS" ) {
++        # VMS uses the open through shell
++        # The file names are safe there and list form is unsupported
++        if (!open($fh, "-|", join(' ', @_))) {
++            print STDERR "Cannot compute hash on '$fname'\n";
++            return;
++        }
++    } else {
++        if (!open($fh, "-|", @_)) {
++            print STDERR "Cannot compute hash on '$fname'\n";
++            return;
++        }
++    }
++    return (<$fh>, <$fh>);
++}
+ 
+ # Link a certificate to its subject name hash value, each hash is of
+ # the form <hash>.<n> where n is an integer. If the hash value already exists
+@@ -161,10 +178,12 @@ sub check_file {
+ 
+ sub link_hash_cert {
+ 		my $fname = $_[0];
+-		$fname =~ s/\"/\\\"/g;
+-		my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
++		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
++						   "-fingerprint", "-noout",
++						   "-in", $fname);
+ 		chomp $hash;
+ 		chomp $fprint;
++		return if !$hash;
+ 		$fprint =~ s/^.*=//;
+ 		$fprint =~ tr/://d;
+ 		my $suffix = 0;
+@@ -202,10 +221,12 @@ sub link_hash_cert {
+ 
+ sub link_hash_crl {
+ 		my $fname = $_[0];
+-		$fname =~ s/'/'\\''/g;
+-		my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
++		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
++						   "-fingerprint", "-noout",
++						   "-in", $fname);
+ 		chomp $hash;
+ 		chomp $fprint;
++		return if !$hash;
+ 		$fprint =~ s/^.*=//;
+ 		$fprint =~ tr/://d;
+ 		my $suffix = 0;

SOURCES/openssl-1.1.1-cve-2022-2068.patch

@@ -0,0 +1,255 @@
+From 9639817dac8bbbaa64d09efad7464ccc405527c7 Mon Sep 17 00:00:00 2001
+From: Daniel Fiala <daniel@openssl.org>
+Date: Sun, 29 May 2022 20:11:24 +0200
+Subject: [PATCH] Fix file operations in c_rehash.
+
+CVE-2022-2068
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7]
+---
+ tools/c_rehash.in | 216 +++++++++++++++++++++++-----------------------
+ 1 file changed, 107 insertions(+), 109 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index cfd18f5da110..9d2a6f6db73b 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -104,52 +104,78 @@ foreach (@dirlist) {
+ }
+ exit($errorcount);
+ 
++sub copy_file {
++    my ($src_fname, $dst_fname) = @_;
++
++    if (open(my $in, "<", $src_fname)) {
++        if (open(my $out, ">", $dst_fname)) {
++            print $out $_ while (<$in>);
++            close $out;
++        } else {
++            warn "Cannot open $dst_fname for write, $!";
++        }
++        close $in;
++    } else {
++        warn "Cannot open $src_fname for read, $!";
++    }
++}
++
+ sub hash_dir {
+-	my %hashlist;
+-	print "Doing $_[0]\n";
+-	chdir $_[0];
+-	opendir(DIR, ".");
+-	my @flist = sort readdir(DIR);
+-	closedir DIR;
+-	if ( $removelinks ) {
+-		# Delete any existing symbolic links
+-		foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
+-			if (-l $_) {
+-				print "unlink $_" if $verbose;
+-				unlink $_ || warn "Can't unlink $_, $!\n";
+-			}
+-		}
+-	}
+-	FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
+-		# Check to see if certificates and/or CRLs present.
+-		my ($cert, $crl) = check_file($fname);
+-		if (!$cert && !$crl) {
+-			print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+-			next;
+-		}
+-		link_hash_cert($fname) if ($cert);
+-		link_hash_crl($fname) if ($crl);
+-	}
++    my $dir = shift;
++    my %hashlist;
++
++    print "Doing $dir\n";
++
++    if (!chdir $dir) {
++        print STDERR "WARNING: Cannot chdir to '$dir', $!\n";
++        return;
++    }
++
++    opendir(DIR, ".") || print STDERR "WARNING: Cannot opendir '.', $!\n";
++    my @flist = sort readdir(DIR);
++    closedir DIR;
++    if ( $removelinks ) {
++        # Delete any existing symbolic links
++        foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
++            if (-l $_) {
++                print "unlink $_\n" if $verbose;
++                unlink $_ || warn "Can't unlink $_, $!\n";
++            }
++        }
++    }
++    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
++        # Check to see if certificates and/or CRLs present.
++        my ($cert, $crl) = check_file($fname);
++        if (!$cert && !$crl) {
++            print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
++            next;
++        }
++        link_hash_cert($fname) if ($cert);
++        link_hash_crl($fname) if ($crl);
++    }
++
++    chdir $pwd;
+ }
+ 
+ sub check_file {
+-	my ($is_cert, $is_crl) = (0,0);
+-	my $fname = $_[0];
+-	open IN, $fname;
+-	while(<IN>) {
+-		if (/^-----BEGIN (.*)-----/) {
+-			my $hdr = $1;
+-			if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
+-				$is_cert = 1;
+-				last if ($is_crl);
+-			} elsif ($hdr eq "X509 CRL") {
+-				$is_crl = 1;
+-				last if ($is_cert);
+-			}
+-		}
+-	}
+-	close IN;
+-	return ($is_cert, $is_crl);
++    my ($is_cert, $is_crl) = (0,0);
++    my $fname = $_[0];
++
++    open(my $in, "<", $fname);
++    while(<$in>) {
++        if (/^-----BEGIN (.*)-----/) {
++            my $hdr = $1;
++            if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
++                $is_cert = 1;
++                last if ($is_crl);
++            } elsif ($hdr eq "X509 CRL") {
++                $is_crl = 1;
++                last if ($is_cert);
++            }
++        }
++    }
++    close $in;
++    return ($is_cert, $is_crl);
+ }
+ 
+ sub compute_hash {
+@@ -177,76 +203,48 @@ sub compute_hash {
+ # certificate fingerprints
+ 
+ sub link_hash_cert {
+-		my $fname = $_[0];
+-		my ($hash, $fprint) = compute_hash($openssl, "x509", $x509hash,
+-						   "-fingerprint", "-noout",
+-						   "-in", $fname);
+-		chomp $hash;
+-		chomp $fprint;
+-		return if !$hash;
+-		$fprint =~ s/^.*=//;
+-		$fprint =~ tr/://d;
+-		my $suffix = 0;
+-		# Search for an unused hash filename
+-		while(exists $hashlist{"$hash.$suffix"}) {
+-			# Hash matches: if fingerprint matches its a duplicate cert
+-			if ($hashlist{"$hash.$suffix"} eq $fprint) {
+-				print STDERR "WARNING: Skipping duplicate certificate $fname\n";
+-				return;
+-			}
+-			$suffix++;
+-		}
+-		$hash .= ".$suffix";
+-		if ($symlink_exists) {
+-			print "link $fname -> $hash\n" if $verbose;
+-			symlink $fname, $hash || warn "Can't symlink, $!";
+-		} else {
+-			print "copy $fname -> $hash\n" if $verbose;
+-                        if (open($in, "<", $fname)) {
+-                            if (open($out,">", $hash)) {
+-                                print $out $_ while (<$in>);
+-                                close $out;
+-                            } else {
+-                                warn "can't open $hash for write, $!";
+-                            }
+-                            close $in;
+-                        } else {
+-                            warn "can't open $fname for read, $!";
+-                        }
+-		}
+-		$hashlist{$hash} = $fprint;
++    link_hash($_[0], 'cert');
+ }
+ 
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+ 
+ sub link_hash_crl {
+-		my $fname = $_[0];
+-		my ($hash, $fprint) = compute_hash($openssl, "crl", $crlhash,
+-						   "-fingerprint", "-noout",
+-						   "-in", $fname);
+-		chomp $hash;
+-		chomp $fprint;
+-		return if !$hash;
+-		$fprint =~ s/^.*=//;
+-		$fprint =~ tr/://d;
+-		my $suffix = 0;
+-		# Search for an unused hash filename
+-		while(exists $hashlist{"$hash.r$suffix"}) {
+-			# Hash matches: if fingerprint matches its a duplicate cert
+-			if ($hashlist{"$hash.r$suffix"} eq $fprint) {
+-				print STDERR "WARNING: Skipping duplicate CRL $fname\n";
+-				return;
+-			}
+-			$suffix++;
+-		}
+-		$hash .= ".r$suffix";
+-		if ($symlink_exists) {
+-			print "link $fname -> $hash\n" if $verbose;
+-			symlink $fname, $hash || warn "Can't symlink, $!";
+-		} else {
+-			print "cp $fname -> $hash\n" if $verbose;
+-			system ("cp", $fname, $hash);
+-                        warn "Can't copy, $!" if ($? >> 8) != 0;
+-		}
+-		$hashlist{$hash} = $fprint;
++    link_hash($_[0], 'crl');
++}
++
++sub link_hash {
++    my ($fname, $type) = @_;
++    my $is_cert = $type eq 'cert';
++
++    my ($hash, $fprint) = compute_hash($openssl,
++                                       $is_cert ? "x509" : "crl",
++                                       $is_cert ? $x509hash : $crlhash,
++                                       "-fingerprint", "-noout",
++                                       "-in", $fname);
++    chomp $hash;
++    chomp $fprint;
++    return if !$hash;
++    $fprint =~ s/^.*=//;
++    $fprint =~ tr/://d;
++    my $suffix = 0;
++    # Search for an unused hash filename
++    my $crlmark = $is_cert ? "" : "r";
++    while(exists $hashlist{"$hash.$crlmark$suffix"}) {
++        # Hash matches: if fingerprint matches its a duplicate cert
++        if ($hashlist{"$hash.$crlmark$suffix"} eq $fprint) {
++            my $what = $is_cert ? 'certificate' : 'CRL';
++            print STDERR "WARNING: Skipping duplicate $what $fname\n";
++            return;
++        }
++        $suffix++;
++    }
++    $hash .= ".$crlmark$suffix";
++    if ($symlink_exists) {
++        print "link $fname -> $hash\n" if $verbose;
++        symlink $fname, $hash || warn "Can't symlink, $!";
++    } else {
++        print "copy $fname -> $hash\n" if $verbose;
++        copy_file($fname, $hash);
++    }
++    $hashlist{$hash} = $fprint;
+ }

SOURCES/openssl-1.1.1-cve-2022-2097.patch

@@ -0,0 +1,152 @@
+From 919925673d6c9cfed3c1085497f5dfbbed5fc431 Mon Sep 17 00:00:00 2001
+From: Alex Chernyakhovsky <achernya@google.com>
+Date: Thu, 16 Jun 2022 12:00:22 +1000
+Subject: [PATCH] Fix AES OCB encrypt/decrypt for x86 AES-NI
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+aesni_ocb_encrypt and aesni_ocb_decrypt operate by having a fast-path
+that performs operations on 6 16-byte blocks concurrently (the
+"grandloop") and then proceeds to handle the "short" tail (which can
+be anywhere from 0 to 5 blocks) that remain.
+
+As part of initialization, the assembly initializes $len to the true
+length, less 96 bytes and converts it to a pointer so that the $inp
+can be compared to it. Each iteration of "grandloop" checks to see if
+there's a full 96-byte chunk to process, and if so, continues. Once
+this has been exhausted, it falls through to "short", which handles
+the remaining zero to five blocks.
+
+Unfortunately, the jump at the end of "grandloop" had a fencepost
+error, doing a `jb` ("jump below") rather than `jbe` (jump below or
+equal). This should be `jbe`, as $inp is pointing to the *end* of the
+chunk currently being handled. If $inp == $len, that means that
+there's a whole 96-byte chunk waiting to be handled. If $inp > $len,
+then there's 5 or fewer 16-byte blocks left to be handled, and the
+fall-through is intended.
+
+The net effect of `jb` instead of `jbe` is that the last 16-byte block
+of the last 96-byte chunk was completely omitted. The contents of
+`out` in this position were never written to. Additionally, since
+those bytes were never processed, the authentication tag generated is
+also incorrect.
+
+The same fencepost error, and identical logic, exists in both
+aesni_ocb_encrypt and aesni_ocb_decrypt.
+
+This addresses CVE-2022-2097.
+
+Co-authored-by: Alejandro Sedeño <asedeno@google.com>
+Co-authored-by: David Benjamin <davidben@google.com>
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/919925673d6c9cfed3c1085497f5dfbbed5fc431]
+---
+ crypto/aes/asm/aesni-x86.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/aes/asm/aesni-x86.pl b/crypto/aes/asm/aesni-x86.pl
+index fe2b26542ab6..812758e02e04 100644
+--- a/crypto/aes/asm/aesni-x86.pl
++++ b/crypto/aes/asm/aesni-x86.pl
+@@ -2027,7 +2027,7 @@ sub aesni_generate6
+ 	&movdqu		(&QWP(-16*2,$out,$inp),$inout4);
+ 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+ 	&cmp		($inp,$len);			# done yet?
+-	&jb		(&label("grandloop"));
++	&jbe		(&label("grandloop"));
+ 
+ &set_label("short");
+ 	&add		($len,16*6);
+@@ -2453,7 +2453,7 @@ sub aesni_generate6
+ 	&pxor		($rndkey1,$inout5);
+ 	&movdqu		(&QWP(-16*1,$out,$inp),$inout5);
+ 	&cmp		($inp,$len);			# done yet?
+-	&jb		(&label("grandloop"));
++	&jbe		(&label("grandloop"));
+ 
+ &set_label("short");
+ 	&add		($len,16*6);
+From 9131afdca30b6d1650af9ea6179569a80ab8cb06 Mon Sep 17 00:00:00 2001
+From: Alex Chernyakhovsky <achernya@google.com>
+Date: Thu, 16 Jun 2022 12:02:37 +1000
+Subject: [PATCH] AES OCB test vectors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add test vectors for AES OCB for x86 AES-NI multiple of 96 byte issue.
+
+Co-authored-by: Alejandro Sedeño <asedeno@google.com>
+Co-authored-by: David Benjamin <davidben@google.com>
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Upstream-Status: Backport [https://github.com/openssl/openssl/commit/9131afdca30b6d1650af9ea6179569a80ab8cb06]
+---
+ test/recipes/30-test_evp_data/evpciph.txt | 50 +++++++++++++++++++++++
+ 1 file changed, 50 insertions(+)
+
+diff --git a/test/recipes/30-test_evp_data/evpciph.txt b/test/recipes/30-test_evp_data/evpciph.txt
+index 1c02ea1e9c2d..e12670d9a4b4 100644
+--- a/test/recipes/30-test_evp_data/evpciph.txt
++++ b/test/recipes/30-test_evp_data/evpciph.txt
+@@ -1188,6 +1188,56 @@ Ciphertext = 09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A967B21
+ Operation = DECRYPT
+ Result = CIPHERFINAL_ERROR
+ 
++#Test vectors generated to validate aesni_ocb_encrypt on x86
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = C14DFF7D62A13C4A3422456207453190
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B819333
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = D47D84F6FF912C79B6A4223AB9BE2DB8
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC204
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = 41970D13737B7BD1B5FBF49ED4412CA5
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = BE0228651ED4E48A11BDED68D953F3A0
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = 17BC6E10B16E5FDC52836E7D589518C7
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = E84AAC18666116990A3A37B3A5FC55BD
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED
++
++Cipher = aes-128-ocb
++Key = 000102030405060708090A0B0C0D0E0F
++IV = 000000000001020304050607
++Tag = 3E5EA7EE064FE83B313E28D411E91EAD
++Plaintext = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F7071000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D
++Ciphertext = F5186C9CC3506386919B6FD9443956E05B203313F8AB35E916AB36932EBDDCD2945901BABE7CF29404929F322F954C916065FABF8F1E52F4BD7C538C0F96899519DBC6BC504D837D8EBD1436B45D33F528CB642FA2EB2C403FE604C12B8193332374120A78A1171D23ED9E9CB1ADC20412C017AD0CA498827C768DDD99B26E91EDB8681700FF30366F07AEDE8CEACC1F39BE69B91BC808FA7A193F7EEA43137B11CF99263D693AEBDF8ADE1A1D838DED48D9E09F452F8E6FBEB76A3DED47611C
++
+ Title = AES XTS test vectors from IEEE Std 1619-2007
+ 
+ # Using the same key twice for encryption is always banned.

SPECS/openssl.spec

@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1k
-Release: 5%{?dist}
+Release: 7%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -82,6 +82,11 @@ Patch56: openssl-1.1.1-s390x-ecc.patch
 Patch74: openssl-1.1.1-addrconfig.patch
 Patch75: openssl-1.1.1-tls13-curves.patch
 Patch81: openssl-1.1.1-read-buff.patch
+Patch82: openssl-1.1.1-cve-2022-0778.patch
+Patch83: openssl-1.1.1-replace-expired-certs.patch
+Patch84: openssl-1.1.1-cve-2022-1292.patch
+Patch85: openssl-1.1.1-cve-2022-2068.patch
+Patch86: openssl-1.1.1-cve-2022-2097.patch
 
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
@@ -202,7 +207,11 @@ cp %{SOURCE13} test/
 %patch79 -p1 -b .servername-cb
 %patch80 -p1 -b .s390x-test-aes
 %patch81 -p1 -b .read-buff
-
+%patch82 -p1 -b .cve-2022-0778
+%patch83 -p1 -b .replace-expired-certs
+%patch84 -p1 -b .cve-2022-1292
+%patch85 -p1 -b .cve-2022-2068
+%patch86 -p1 -b .cve-2022-2097
 
 %build
 # Figure out which flags we want to use.
@@ -486,9 +495,23 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Fri Nov 12 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
+* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
-- CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
+- Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
-- Resolves: rhbz#2005400
+  Resolves: CVE-2022-2097
+- Update expired certificates used in the testsuite
+  Resolves: rhbz#2100554
+- Fix CVE-2022-1292: openssl: c_rehash script allows command injection
+  Resolves: rhbz#2090371
+- Fix CVE-2022-2068: the c_rehash script allows command injection
+  Resolves: rhbz#2098278
+
+* Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
+- Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
+- Resolves: rhbz#2067145
+
+* Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
+- Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings
+- Resolves: rhbz#2005402
 
 * Fri Jul 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-4
 - Fixes bugs in s390x AES code.