diff --git a/SOURCES/openssl-1.0.2k-cve-2022-0778.patch b/SOURCES/openssl-1.0.2k-cve-2022-0778.patch new file mode 100644 index 0000000..547959b --- /dev/null +++ b/SOURCES/openssl-1.0.2k-cve-2022-0778.patch @@ -0,0 +1,48 @@ +diff -up openssl-1.0.2k/crypto/bn/bn_sqrt.c.cve_2022_0778 openssl-1.0.2k/crypto/bn/bn_sqrt.c +--- openssl-1.0.2k/crypto/bn/bn_sqrt.c.cve_2022_0778 2022-03-23 11:23:25.900783626 +0100 ++++ openssl-1.0.2k/crypto/bn/bn_sqrt.c 2022-03-23 11:27:14.447109005 +0100 +@@ -64,7 +64,8 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BI + /* + * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks + * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number +- * Theory", algorithm 1.5.1). 'p' must be prime! ++ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or ++ * an incorrect "result" will be returned. + */ + { + BIGNUM *ret = in; +@@ -350,18 +351,23 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BI + goto vrfy; + } + +- /* find smallest i such that b^(2^i) = 1 */ +- i = 1; +- if (!BN_mod_sqr(t, b, p, ctx)) +- goto end; +- while (!BN_is_one(t)) { +- i++; +- if (i == e) { +- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); +- goto end; ++ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */ ++ for (i = 1; i < e; i++) { ++ if (i == 1) { ++ if (!BN_mod_sqr(t, b, p, ctx)) ++ goto end; ++ ++ } else { ++ if (!BN_mod_mul(t, t, t, p, ctx)) ++ goto end; + } +- if (!BN_mod_mul(t, t, t, p, ctx)) +- goto end; ++ if (BN_is_one(t)) ++ break; ++ } ++ /* If not found, a is not a square or p is not prime. */ ++ if (i >= e) { ++ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE); ++ goto end; + } + + /* t := y^2^(e - i - 1) */ diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index 0b83f8c..3c55950 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -23,7 +23,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.0.2k -Release: 24%{?dist} +Release: 25%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -114,6 +114,7 @@ Patch112: openssl-1.0.2k-cve-2020-1971.patch Patch113: openssl-1.0.2k-cve-2021-23840.patch Patch114: openssl-1.0.2k-cve-2021-23841.patch Patch115: openssl-1.0.2k-cve-2021-3712.patch +Patch116: openssl-1.0.2k-cve-2022-0778.patch License: OpenSSL Group: System Environment/Libraries @@ -260,6 +261,7 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/ %patch113 -p1 -b .int-overflow %patch114 -p1 -b .null-hash-deref %patch115 -p1 -b .read-buff +%patch116 -p1 -b .cve-2022-0778 sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h @@ -559,6 +561,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.* %postun libs -p /sbin/ldconfig %changelog +* Wed Mar 23 2022 Dmitry Belyavskiy - 1:1.0.2k-25 +- Fixes CVE-2022-2078 Infinite loop in BN_mod_sqrt() reachable when parsing certificates +- Related: rhbz#2067160 + * Thu Jan 13 2022 Sahana Prasad 1.0.2k-24 - Updates patch openssl-1.0.2k-cve-2021-3712.patch to only free on push failure. - Resolves: rhbz#2039993