Accepting request 606162 from home:vitezslav_cizek:branches:security:tls
- OpenSSL Security Advisory [16 Apr 2018] * Cache timing vulnerability in RSA Key Generation (CVE-2018-0737, bsc#1089039) * add openssl-CVE-2018-0737.patch - Fix escaping in c_rehash (boo#1091961, bsc#1091963) * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch OBS-URL: https://build.opensuse.org/request/show/606162 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=10
This commit is contained in:
parent
54892abfae
commit
1d99f4ef85
@ -0,0 +1,40 @@
|
|||||||
|
From 7ee2a43069913fb7c444c656048996ea92cc465e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Richard Levitte <levitte@openssl.org>
|
||||||
|
Date: Wed, 28 Mar 2018 14:46:27 +0200
|
||||||
|
Subject: [PATCH] Revert "util/dofile.pl: only quote stuff that actually needs
|
||||||
|
quoting"
|
||||||
|
|
||||||
|
This wasn't a good solution, too many things depend on the quotes being
|
||||||
|
there consistently.
|
||||||
|
|
||||||
|
This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8.
|
||||||
|
|
||||||
|
Fixes #5772
|
||||||
|
|
||||||
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||||
|
(Merged from https://github.com/openssl/openssl/pull/5773)
|
||||||
|
|
||||||
|
(cherry picked from commit 00701e5ea84861b74d9d624f21a6b3fcb12e8acd)
|
||||||
|
---
|
||||||
|
util/dofile.pl | 4 ++--
|
||||||
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/util/dofile.pl b/util/dofile.pl
|
||||||
|
index fc72989b0f..a932941cd5 100644
|
||||||
|
--- a/util/dofile.pl
|
||||||
|
+++ b/util/dofile.pl
|
||||||
|
@@ -99,9 +99,9 @@ package main;
|
||||||
|
# This adds quotes (") around the given string, and escapes any $, @, \,
|
||||||
|
# " and ' by prepending a \ to them.
|
||||||
|
sub quotify1 {
|
||||||
|
- my $s = my $orig = shift @_;
|
||||||
|
+ my $s = shift @_;
|
||||||
|
$s =~ s/([\$\@\\"'])/\\$1/g;
|
||||||
|
- $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
|
||||||
|
+ '"'.$s.'"';
|
||||||
|
}
|
||||||
|
|
||||||
|
# quotify_l LIST
|
||||||
|
--
|
||||||
|
2.16.3
|
||||||
|
|
@ -1,3 +1,17 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 10 09:37:19 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
- OpenSSL Security Advisory [16 Apr 2018]
|
||||||
|
* Cache timing vulnerability in RSA Key Generation
|
||||||
|
(CVE-2018-0737, bsc#1089039)
|
||||||
|
* add openssl-CVE-2018-0737.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 10 09:32:43 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
- Fix escaping in c_rehash (boo#1091961, bsc#1091963)
|
||||||
|
* add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 28 14:34:49 UTC 2018 - vcizek@suse.com
|
Wed Mar 28 14:34:49 UTC 2018 - vcizek@suse.com
|
||||||
|
|
||||||
|
@ -76,6 +76,9 @@ Patch71: 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
|
|||||||
Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
|
Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
|
||||||
# PATCH-FIX-UPSTREAM (boo#1084651)
|
# PATCH-FIX-UPSTREAM (boo#1084651)
|
||||||
Patch73: 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
|
Patch73: 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
|
||||||
|
# PATCH-FIX-UPSTREAM (boo#1091961)
|
||||||
|
Patch74: 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
|
||||||
|
Patch75: openssl-CVE-2018-0737.patch
|
||||||
BuildRequires: bc
|
BuildRequires: bc
|
||||||
BuildRequires: ed
|
BuildRequires: ed
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
|
112
openssl-CVE-2018-0737.patch
Normal file
112
openssl-CVE-2018-0737.patch
Normal file
@ -0,0 +1,112 @@
|
|||||||
|
The CVE-2018-0737 fix consists of commits:
|
||||||
|
9db724cfede4ba7a3668bff533973ee70145ec07
|
||||||
|
011f82e66f4bf131c733fd41a8390039859aafb2
|
||||||
|
7150a4720af7913cae16f2e4eaf768b578c0b298
|
||||||
|
(the three above are included in 1.1.0h)
|
||||||
|
6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
|
||||||
|
and additional changes to our fips_rsa_keygen()
|
||||||
|
|
||||||
|
From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Billy Brumley <bbrumley@gmail.com>
|
||||||
|
Date: Wed, 11 Apr 2018 10:10:58 +0300
|
||||||
|
Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
|
||||||
|
both get called with BN_FLG_CONSTTIME flag set.
|
||||||
|
|
||||||
|
CVE-2018-0737
|
||||||
|
|
||||||
|
Reviewed-by: Rich Salz <rsalz@openssl.org>
|
||||||
|
Reviewed-by: Matt Caswell <matt@openssl.org>
|
||||||
|
---
|
||||||
|
crypto/rsa/rsa_gen.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
|
||||||
|
===================================================================
|
||||||
|
--- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c 2018-05-10 11:50:53.298706226 +0200
|
||||||
|
+++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-05-10 12:55:39.394968170 +0200
|
||||||
|
@@ -123,6 +123,7 @@ static int fips_rsa_builtin_keygen(RSA *
|
||||||
|
int n = 0;
|
||||||
|
int test = 0;
|
||||||
|
int pbits = bits / 2;
|
||||||
|
+ unsigned long error = 0;
|
||||||
|
|
||||||
|
if (FIPS_selftest_failed()) {
|
||||||
|
FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
|
||||||
|
@@ -191,6 +192,10 @@ retry:
|
||||||
|
if (!BN_lshift(r3, r3, pbits - 100))
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
|
||||||
|
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
|
||||||
|
+ BN_set_flags(r2, BN_FLG_CONSTTIME);
|
||||||
|
+
|
||||||
|
/* generate p and q */
|
||||||
|
for (i = 0; i < 5 * pbits; i++) {
|
||||||
|
ploop:
|
||||||
|
@@ -205,9 +210,9 @@ retry:
|
||||||
|
|
||||||
|
if (!BN_sub(r2, rsa->p, BN_value_one()))
|
||||||
|
goto err;
|
||||||
|
- if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||||
|
- goto err;
|
||||||
|
- if (BN_is_one(r1)) {
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
|
||||||
|
+ /* GCD == 1 since inverse exists */
|
||||||
|
int r;
|
||||||
|
r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
|
||||||
|
cb);
|
||||||
|
@@ -217,6 +222,15 @@ retry:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ error = ERR_peek_last_error();
|
||||||
|
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
|
||||||
|
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
|
||||||
|
+ /* GCD != 1 */
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
+ } else {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!BN_GENCB_call(cb, 2, n++))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -248,9 +262,9 @@ retry:
|
||||||
|
|
||||||
|
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
||||||
|
goto err;
|
||||||
|
- if (!BN_gcd(r1, r2, rsa->e, ctx))
|
||||||
|
- goto err;
|
||||||
|
- if (BN_is_one(r1)) {
|
||||||
|
+ ERR_set_mark();
|
||||||
|
+ if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
|
||||||
|
+ /* GCD == 1 since inverse exists */
|
||||||
|
int r;
|
||||||
|
r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
|
||||||
|
cb);
|
||||||
|
@@ -260,6 +274,15 @@ retry:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ error = ERR_peek_last_error();
|
||||||
|
+ if (ERR_GET_LIB(error) == ERR_LIB_BN
|
||||||
|
+ && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
|
||||||
|
+ /* GCD != 1 */
|
||||||
|
+ ERR_pop_to_mark();
|
||||||
|
+ } else {
|
||||||
|
+ goto err;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (!BN_GENCB_call(cb, 2, n++))
|
||||||
|
goto err;
|
||||||
|
}
|
||||||
|
@@ -457,6 +480,8 @@ static int rsa_builtin_keygen(RSA *rsa,
|
||||||
|
if (BN_copy(rsa->e, e_value) == NULL)
|
||||||
|
goto err;
|
||||||
|
|
||||||
|
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
|
||||||
|
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
|
||||||
|
BN_set_flags(r2, BN_FLG_CONSTTIME);
|
||||||
|
/* generate p and q */
|
||||||
|
for (;;) {
|
Loading…
Reference in New Issue
Block a user