Accepting request 990534 from security:tls:unstable

OBS-URL: https://build.opensuse.org/request/show/990534
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=42

openssl-3.0.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63
-size 15038141

openssl-3.0.2.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwowMACgkQ2cTSbQ5g
-RJFDvAf/RVYnplRE1x9i/ejoJeTAO7YhibCRpnp+UzkpgMrDL1y9Rpw3ZJCYh9Fq
-HEotKmbuZvNGPgYUxSov00xnhKcpzTHKiZQA767rZpNL4F+g3SpOh06IB6tJzn1k
-dx9oqAmWgIeWLY4kRHXrqqFa95Zu9LNxJ04NuqaaWxeK0/fYl534sYW5DU6uug9u
-4NcBamvnPv1+4A3Ow6jdN96tb7O3HuJ14RvGPzgUx1FPv/zU6NE2fgTnVcBzaYIP
-5rfB1EQa3+1NTtej+uUQb0i0NxFpgggFMF+qCc5Yrl9i3o8Q+wnbaVw4bNURk9En
-gNgfw0J0TG14PgtkF/Q6he++BQoNYQ==
-=pMVy
------END PGP SIGNATURE-----

openssl-3.0.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a
+size 15074407

openssl-3.0.5.tar.gz.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJIBAABCgAyFiEEeVOsH7w9yLOykjk+1enkP3357owFAmLD/PsUHGxldml0dGVA
+b3BlbnNzbC5vcmcACgkQ1enkP3357oxVbw/8D1VjnQd7LuFKY7cEvhV9tVRMoYXV
+ZdVPAHyx6Tj2AK3H+bPMnxnOGGthimCPjtwetZsNZiIofQn9ySIXSBWesfXY1ZuY
+heln7Fa+Nb9IzpTPjq8ZQrdoNdpWWff1bW5cZLS7f0dwp/YTQWjk9WfFBKN35poC
+BS7LDzBL0u0Yn8yseioz9AhW7EB6Y53FuJQsXE79WReNnvjRwda2krNjh0Dyo8Pm
+1RqhX4nvsgYx4Zlo3AgMuzlxnHJG4zAJqJuTYK1gqR8LAJWWQVuozm20MADkScAB
+n9LCYnNtvD2trHZB/icXQOKV6vDj6HyH/uXF4afgyAboSoUYeFBzWDrItSvdO7w/
+c7yXe25wK1tZfFWEOxsNIB9wcXJjkt4d28IKHqG2WC8hdfZikPW5Q9WyP+3g0lr4
+sdKBnnG1OXnNtsYxJ9kcobx4HONyuLo/dj5gqjh32J6LlbWVRD1bd/V+VYqTnrTu
+ZI8otNi9DIriFFaznr8W6Wto0dX86KSYhdz33rI/ZXLl6k0MiC2VtwtU1L/tAHwS
+p8UjilhKLTHe77IPoz24KWlae7AOBSXq7pp/L1mWi8rMKq+bPPMTARCXxy31Mdvg
+o0TCrrVayNsUwDuLYM01Eg9+PELDhMr+BZVAMEsXVK3PT2c2pa28j7ASRvaPH6jy
+sHq7dMxKkmd4DsE=
+=o/SA
+-----END PGP SIGNATURE-----

openssl-3.changes

@@ -1,3 +1,101 @@
+-------------------------------------------------------------------
+Thu Jul 21 09:09:07 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.5:
+  * The OpenSSL 3.0.4 release introduced a serious bug in the RSA
+    implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
+    This issue makes the RSA implementation with 2048 bit private keys
+    incorrect on such machines and memory corruption will happen during
+    the computation. As a consequence of the memory corruption an attacker
+    may be able to trigger a remote code execution on the machine performing
+    the computation.
+    SSL/TLS servers or other servers using 2048 bit RSA private keys running
+    on machines supporting AVX512IFMA instructions of the X86_64 architecture
+    are affected by this issue. [bsc#1201148, CVE-2022-2274]
+  * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+    implementation would not encrypt the entirety of the data under some
+    circumstances.  This could reveal sixteen bytes of data that was
+    preexisting in the memory that wasn't written.  In the special case of
+    "in place" encryption, sixteen bytes of the plaintext would be revealed.
+    Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+    they are both unaffected. [bsc#1201099, CVE-2022-2097]
+- Rebase patches:
+  * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+
+-------------------------------------------------------------------
+Mon Jul 18 12:03:55 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.4: [bsc#1199166, CVE-2022-1292]
+  * In addition to the c_rehash shell command injection identified in
+    CVE-2022-1292, further bugs where the c_rehash script does not
+    properly sanitise shell metacharacters to prevent command injection
+    have been fixed.
+    When the CVE-2022-1292 was fixed it was not discovered that there
+    are other places in the script where the file names of certificates
+    being hashed were possibly passed to a command executed through the shell.
+    This script is distributed by some operating systems in a manner where
+    it is automatically executed.  On such operating systems, an attacker
+    could execute arbitrary commands with the privileges of the script.
+    Use of the c_rehash script is considered obsolete and should be replaced
+    by the OpenSSL rehash command line tool.
+  * Case insensitive string comparison no longer uses locales.
+    It has instead been directly implemented.
+
+-------------------------------------------------------------------
+Mon Jul 18 12:03:21 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to 3.0.3:
+  * Case insensitive string comparison is reimplemented via new locale-agnostic
+    comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for
+    comparison. The previous implementation had problems when the Turkish locale
+    was used.
+  * Fixed a bug in the c_rehash script which was not properly sanitising shell
+    metacharacters to prevent command injection.  This script is distributed by
+    some operating systems in a manner where it is automatically executed.  On
+    such operating systems, an attacker could execute arbitrary commands with the
+    privileges of the script.
+    Use of the c_rehash script is considered obsolete and should be replaced
+    by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292]
+  * Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer
+    certificate on an OCSP response. The bug caused the function in the case
+    where the (non-default) flag OCSP_NOCHECKS is used to return a postivie
+    response (meaning a successful verification) even in the case where the
+    response signing certificate fails to verify.
+    It is anticipated that most users of 'OCSP_basic_verify' will not use the
+    OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return
+    a negative value (indicating a fatal error) in the case of a certificate
+    verification failure. The normal expected return value in this case would be 0.
+    This issue also impacts the command line OpenSSL "ocsp" application. When
+    verifying an ocsp response with the "-no_cert_checks" option the command line
+    application will report that the verification is successful even though it
+    has in fact failed. In this case the incorrect successful response will also
+    be accompanied by error messages showing the failure and contradicting the
+    apparently successful result. [bsc#1199167, CVE-2022-1343]
+  * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the
+    AAD data as the MAC key. This made the MAC key trivially predictable.
+    An attacker could exploit this issue by performing a man-in-the-middle attack
+    to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such
+    that the modified data would still pass the MAC integrity check.
+    Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0
+    endpoint will always be rejected by the recipient and the connection will
+    fail at that point. Many application protocols require data to be sent from
+    the client to the server first. Therefore, in such a case, only an OpenSSL
+    3.0 server would be impacted when talking to a non-OpenSSL 3.0 client.
+    [bsc#1199168, CVE-2022-1434]
+  * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
+    occuppied by the removed hash table entries.
+    This function is used when decoding certificates or keys. If a long lived
+    process periodically decodes certificates or keys its memory usage will
+    expand without bounds and the process might be terminated by the operating
+    system causing a denial of service. Also traversing the empty hash table
+    entries will take increasingly more time. Typically such long lived processes
+    might be TLS clients or TLS servers configured to accept client certificate
+    authentication. [bsc#1199169, CVE-2022-1473]
+  * The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report
+    the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other
+    statistics are no longer supported. For compatibility, these statistics are
+    still listed in the output but are now always reported as zero.
+
 -------------------------------------------------------------------
 Sat Mar 19 10:05:22 UTC 2022 - Pedro Monreal <pmonreal@suse.com>
 
@@ -211,8 +309,8 @@ Sat May  1 19:58:48 UTC 2021 - Jason Sikes <jsikes@suse.com>
     automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking
     change from previous OpenSSL versions.
     Unlike in previous OpenSSL versions, this means that applications must not
-    call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations.
-    The `EVP_PKEY_set_alias_type` function has now been removed.
+    call 'EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)' to get SM2 computations.
+    The 'EVP_PKEY_set_alias_type' function has now been removed.
   * Parameter and key generation is also reworked to make it possible
     to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate
     SM2 keys directly and must not create an EVP_PKEY_EC key first.
@@ -612,7 +710,7 @@ Thu Jun  4 20:24:04 UTC 2020 - Vítězslav Čížek <vcizek@suse.com>
 -------------------------------------------------------------------
 Sat May 23 14:06:54 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
 
-- Use find -exec +. Replace `pwd` by simply $PWD.
+- Use find -exec +. Replace 'pwd' by simply $PWD.
 - Drop Obsoletes on libopenssl1*. libopenssl3 has a new SONAME and
   does not conflict with anything previously.
 

openssl-3.spec

@@ -21,7 +21,7 @@
 %define _rname  openssl
 Name:           openssl-3
 # Don't forget to update the version in the "openssl" package!
-Version:        3.0.2
+Version:        3.0.5
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        Apache-2.0

openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch

@@ -15,10 +15,10 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist
  util/libcrypto.num                |  1 +
  8 files changed, 110 insertions(+), 14 deletions(-)
 
-Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl
+Index: openssl-3.0.5/Configurations/unix-Makefile.tmpl
 ===================================================================
---- openssl-3.0.1.orig/Configurations/unix-Makefile.tmpl
-+++ openssl-3.0.1/Configurations/unix-Makefile.tmpl
+--- openssl-3.0.5.orig/Configurations/unix-Makefile.tmpl
++++ openssl-3.0.5/Configurations/unix-Makefile.tmpl
 @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man
  DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
  HTMLDIR=$(DOCDIR)/html
@@ -38,10 +38,10 @@ Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl
                                    (map { "-I".$_} @{$config{CPPINCLUDES}}),
                                    @{$config{CPPFLAGS}}) -}
  CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-Index: openssl-3.0.1/doc/man1/openssl-ciphers.pod.in
+Index: openssl-3.0.5/doc/man1/openssl-ciphers.pod.in
 ===================================================================
---- openssl-3.0.1.orig/doc/man1/openssl-ciphers.pod.in
-+++ openssl-3.0.1/doc/man1/openssl-ciphers.pod.in
+--- openssl-3.0.5.orig/doc/man1/openssl-ciphers.pod.in
++++ openssl-3.0.5/doc/man1/openssl-ciphers.pod.in
 @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher s
  
  The cipher suites not enabled by B<ALL>, currently B<eNULL>.
@@ -58,10 +58,10 @@ Index: openssl-3.0.1/doc/man1/openssl-ciphers.pod.in
  =item B<HIGH>
  
  "High" encryption cipher suites. This currently means those with key lengths
-Index: openssl-3.0.1/include/openssl/ssl.h.in
+Index: openssl-3.0.5/include/openssl/ssl.h.in
 ===================================================================
---- openssl-3.0.1.orig/include/openssl/ssl.h.in
-+++ openssl-3.0.1/include/openssl/ssl.h.in
+--- openssl-3.0.5.orig/include/openssl/ssl.h.in
++++ openssl-3.0.5/include/openssl/ssl.h.in
 @@ -210,6 +210,11 @@ extern "C" {
   * throwing out anonymous and unencrypted ciphersuites! (The latter are not
   * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
@@ -74,10 +74,10 @@ Index: openssl-3.0.1/include/openssl/ssl.h.in
  
  /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
  # define SSL_SENT_SHUTDOWN       1
-Index: openssl-3.0.1/ssl/ssl_ciph.c
+Index: openssl-3.0.5/ssl/ssl_ciph.c
 ===================================================================
---- openssl-3.0.1.orig/ssl/ssl_ciph.c
-+++ openssl-3.0.1/ssl/ssl_ciph.c
+--- openssl-3.0.5.orig/ssl/ssl_ciph.c
++++ openssl-3.0.5/ssl/ssl_ciph.c
 @@ -1436,6 +1436,53 @@ int SSL_set_ciphersuites(SSL *s, const c
      return ret;
  }
@@ -216,7 +216,7 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c
      /* Add TLSv1.3 ciphers first - we always prefer those if possible */
      for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
          const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
-@@ -1690,6 +1748,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
+@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
      *cipher_list = cipherstack;
  
      return cipherstack;
@@ -227,14 +227,14 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c
 +    OPENSSL_free(new_rules);
 +#endif
 +    return NULL;
-+  
++
  }
  
  char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-Index: openssl-3.0.1/ssl/ssl_lib.c
+Index: openssl-3.0.5/ssl/ssl_lib.c
 ===================================================================
---- openssl-3.0.1.orig/ssl/ssl_lib.c
-+++ openssl-3.0.1/ssl/ssl_lib.c
+--- openssl-3.0.5.orig/ssl/ssl_lib.c
++++ openssl-3.0.5/ssl/ssl_lib.c
 @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx
                                  ctx->tls13_ciphersuites,
                                  &(ctx->cipher_list),
@@ -244,7 +244,7 @@ Index: openssl-3.0.1/ssl/ssl_lib.c
      if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
          ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
          return 0;
-@@ -3248,7 +3248,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
+@@ -3271,7 +3271,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li
      if (!ssl_create_cipher_list(ret,
                                  ret->tls13_ciphersuites,
                                  &ret->cipher_list, &ret->cipher_list_by_id,
@@ -253,10 +253,10 @@ Index: openssl-3.0.1/ssl/ssl_lib.c
          || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
          ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
          goto err2;
-Index: openssl-3.0.1/test/cipherlist_test.c
+Index: openssl-3.0.5/test/cipherlist_test.c
 ===================================================================
---- openssl-3.0.1.orig/test/cipherlist_test.c
-+++ openssl-3.0.1/test/cipherlist_test.c
+--- openssl-3.0.5.orig/test/cipherlist_test.c
++++ openssl-3.0.5/test/cipherlist_test.c
 @@ -246,7 +246,9 @@ end:
  
  int setup_tests(void)
@@ -267,20 +267,20 @@ Index: openssl-3.0.1/test/cipherlist_test.c
      ADD_TEST(test_default_cipherlist_explicit);
      ADD_TEST(test_default_cipherlist_clear);
      return 1;
-Index: openssl-3.0.1/util/libcrypto.num
+Index: openssl-3.0.5/util/libcrypto.num
 ===================================================================
---- openssl-3.0.1.orig/util/libcrypto.num
-+++ openssl-3.0.1/util/libcrypto.num
-@@ -5425,3 +5425,4 @@ ASN1_item_d2i_ex
- ASN1_TIME_print_ex                      5553	3_0_0	EXIST::FUNCTION:
- EVP_PKEY_get0_provider                  5554	3_0_0	EXIST::FUNCTION:
+--- openssl-3.0.5.orig/util/libcrypto.num
++++ openssl-3.0.5/util/libcrypto.num
+@@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider
  EVP_PKEY_CTX_get0_provider              5555	3_0_0	EXIST::FUNCTION:
-+ossl_safe_getenv                        ?	3_0_0	EXIST::FUNCTION:
-Index: openssl-3.0.1/Configure
+ OPENSSL_strcasecmp                      5556	3_0_3	EXIST::FUNCTION:
+ OPENSSL_strncasecmp                     5557	3_0_3	EXIST::FUNCTION:
++ossl_safe_getenv                        ?	3_0_0   EXIST::FUNCTION:
+Index: openssl-3.0.5/Configure
 ===================================================================
---- openssl-3.0.1.orig/Configure
-+++ openssl-3.0.1/Configure
-@@ -27,7 +27,7 @@ use OpenSSL::config;
+--- openssl-3.0.5.orig/Configure
++++ openssl-3.0.5/Configure
+@@ -28,7 +28,7 @@ use OpenSSL::config;
  my $orig_death_handler = $SIG{__DIE__};
  $SIG{__DIE__} = \&death_handler;
  
@@ -289,7 +289,7 @@ Index: openssl-3.0.1/Configure
  
  my $banner = <<"EOF";
  
-@@ -61,6 +61,10 @@ EOF
+@@ -62,6 +62,10 @@ EOF
  #               given with --prefix.
  #               This becomes the value of OPENSSLDIR in Makefile and in C.
  #               (Default: PREFIX/ssl)
@@ -300,7 +300,7 @@ Index: openssl-3.0.1/Configure
  # --banner=".." Output specified text instead of default completion banner
  #
  # -w            Don't wait after showing a Configure warning
-@@ -387,6 +391,7 @@ $config{prefix}="";
+@@ -388,6 +392,7 @@ $config{prefix}="";
  $config{openssldir}="";
  $config{processor}="";
  $config{libdir}="";
@@ -308,7 +308,7 @@ Index: openssl-3.0.1/Configure
  my $auto_threads=1;    # enable threads automatically? true by default
  my $default_ranlib;
  
-@@ -989,6 +994,10 @@ while (@argvcopy)
+@@ -990,6 +995,10 @@ while (@argvcopy)
                          die "FIPS key too long (64 bytes max)\n"
                             if length $1 > 64;
                          }