Fix segfault in EVP_PKEY_Q_keygen()
When OpenSSL was not previously initialized, EVP_PKEY_Q_keygen() would cause a segmentation fault. Avoid this by backporting a fix from upstream. Resolves: rhbz#2103289 Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
parent
5901637dea
commit
c64694b961
@ -0,0 +1,56 @@
|
||||
From edceec7fe0c9a5534ae155c8398c63dd7dd95483 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tomas@openssl.org>
|
||||
Date: Thu, 5 May 2022 08:11:24 +0200
|
||||
Subject: [PATCH] EVP_PKEY_Q_keygen: Call OPENSSL_init_crypto to init
|
||||
strcasecmp
|
||||
|
||||
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
|
||||
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||
(Merged from https://github.com/openssl/openssl/pull/18247)
|
||||
|
||||
(cherry picked from commit b807c2fbab2128cf3746bb2ebd51cbe3bb6914a9)
|
||||
|
||||
Upstream-Status: Backport [https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483]
|
||||
---
|
||||
crypto/evp/evp_lib.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
|
||||
index 3fe4743761..d9b8c0af41 100644
|
||||
--- a/crypto/evp/evp_lib.c
|
||||
+++ b/crypto/evp/evp_lib.c
|
||||
@@ -24,6 +24,7 @@
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/ec.h>
|
||||
#include "crypto/evp.h"
|
||||
+#include "crypto/cryptlib.h"
|
||||
#include "internal/provider.h"
|
||||
#include "evp_local.h"
|
||||
|
||||
@@ -1094,6 +1095,8 @@ int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
|
||||
return (ctx->flags & flags);
|
||||
}
|
||||
|
||||
+#if !defined(FIPS_MODULE)
|
||||
+
|
||||
int EVP_PKEY_CTX_set_group_name(EVP_PKEY_CTX *ctx, const char *name)
|
||||
{
|
||||
OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
|
||||
@@ -1169,6 +1172,8 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||
|
||||
va_start(args, type);
|
||||
|
||||
+ OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
|
||||
+
|
||||
if (OPENSSL_strcasecmp(type, "RSA") == 0) {
|
||||
bits = va_arg(args, size_t);
|
||||
params[0] = OSSL_PARAM_construct_size_t(OSSL_PKEY_PARAM_RSA_BITS, &bits);
|
||||
@@ -1189,3 +1194,5 @@ EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq,
|
||||
va_end(args);
|
||||
return ret;
|
||||
}
|
||||
+
|
||||
+#endif /* !defined(FIPS_MODULE) */
|
||||
--
|
||||
2.35.3
|
||||
|
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
|
||||
Summary: Utilities from the general purpose cryptography library with TLS implementation
|
||||
Name: openssl
|
||||
Version: 3.0.1
|
||||
Release: 37%{?dist}
|
||||
Release: 38%{?dist}
|
||||
Epoch: 1
|
||||
# We have to remove certain patented algorithms from the openssl source
|
||||
# tarball with the hobble-openssl script which is included below.
|
||||
@ -138,6 +138,8 @@ Patch68: 0068-CVE-2022-2068.patch
|
||||
# https://github.com/openssl/openssl/commit/a98f339ddd7e8f487d6e0088d4a9a42324885a93
|
||||
# https://github.com/openssl/openssl/commit/52d50d52c2f1f4b70d37696bfa74fe5e581e7ba8
|
||||
Patch69: 0069-CVE-2022-2097.patch
|
||||
# https://github.com/openssl/openssl/commit/edceec7fe0c9a5534ae155c8398c63dd7dd95483
|
||||
Patch70: 0070-EVP_PKEY_Q_keygen-Call-OPENSSL_init_crypto-to-init-s.patch
|
||||
|
||||
License: ASL 2.0
|
||||
URL: http://www.openssl.org/
|
||||
@ -468,6 +470,11 @@ install -m644 %{SOURCE9} \
|
||||
%ldconfig_scriptlets libs
|
||||
|
||||
%changelog
|
||||
* Thu Jul 14 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-38
|
||||
- Fix segfault in EVP_PKEY_Q_keygen() when OpenSSL was not previously
|
||||
initialized.
|
||||
Resolves: rhbz#2103289
|
||||
|
||||
* Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-37
|
||||
- CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
|
||||
Resolves: CVE-2022-2097
|
||||
|
Loading…
Reference in New Issue
Block a user