From f388f3ed6717edb6838e80479c888c2b689ca3e7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Mar 28 2022 08:37:43 +0000
Subject: import openssl-1.0.2k-25.el7_9


---

diff --git a/SOURCES/openssl-1.0.2k-cve-2022-0778.patch b/SOURCES/openssl-1.0.2k-cve-2022-0778.patch
new file mode 100644
index 0000000..547959b
--- /dev/null
+++ b/SOURCES/openssl-1.0.2k-cve-2022-0778.patch
@@ -0,0 +1,48 @@
+diff -up openssl-1.0.2k/crypto/bn/bn_sqrt.c.cve_2022_0778 openssl-1.0.2k/crypto/bn/bn_sqrt.c
+--- openssl-1.0.2k/crypto/bn/bn_sqrt.c.cve_2022_0778	2022-03-23 11:23:25.900783626 +0100
++++ openssl-1.0.2k/crypto/bn/bn_sqrt.c	2022-03-23 11:27:14.447109005 +0100
+@@ -64,7 +64,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BI
+ /*
+  * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+  * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+- * Theory", algorithm 1.5.1). 'p' must be prime!
++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
++ * an incorrect "result" will be returned.
+  */
+ {
+     BIGNUM *ret = in;
+@@ -350,18 +351,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BI
+             goto vrfy;
+         }
+ 
+-        /* find smallest  i  such that  b^(2^i) = 1 */
+-        i = 1;
+-        if (!BN_mod_sqr(t, b, p, ctx))
+-            goto end;
+-        while (!BN_is_one(t)) {
+-            i++;
+-            if (i == e) {
+-                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+-                goto end;
++        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
++        for (i = 1; i < e; i++) {
++            if (i == 1) {
++                if (!BN_mod_sqr(t, b, p, ctx))
++                    goto end;
++
++            } else {
++                if (!BN_mod_mul(t, t, t, p, ctx))
++                    goto end;
+             }
+-            if (!BN_mod_mul(t, t, t, p, ctx))
+-                goto end;
++            if (BN_is_one(t))
++                break;
++        }
++        /* If not found, a is not a square or p is not prime. */
++        if (i >= e) {
++            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
++            goto end;
+         }
+ 
+         /* t := y^2^(e - i - 1) */
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
index 0b83f8c..3c55950 100644
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.2k
-Release: 24%{?dist}
+Release: 25%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -114,6 +114,7 @@ Patch112: openssl-1.0.2k-cve-2020-1971.patch
 Patch113: openssl-1.0.2k-cve-2021-23840.patch
 Patch114: openssl-1.0.2k-cve-2021-23841.patch
 Patch115: openssl-1.0.2k-cve-2021-3712.patch
+Patch116: openssl-1.0.2k-cve-2022-0778.patch
 
 License: OpenSSL
 Group: System Environment/Libraries
@@ -260,6 +261,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
 %patch113 -p1 -b .int-overflow
 %patch114 -p1 -b .null-hash-deref
 %patch115 -p1 -b .read-buff
+%patch116 -p1 -b .cve-2022-0778
 
 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
 
@@ -559,6 +561,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Wed Mar 23 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.0.2k-25
+- Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates
+- Related: rhbz#2067160
+
 * Thu Jan 13 2022 Sahana Prasad <sahana@redhat.com> 1.0.2k-24
 - Updates patch openssl-1.0.2k-cve-2021-3712.patch to only free on push failure.
 - Resolves: rhbz#2039993