From 1d99f4ef8530af6bb71b1571aceee8764606d51d1f9b28ecc3f8006a7ab99d6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
Date: Thu, 10 May 2018 13:45:22 +0000
Subject: [PATCH] Accepting request 606162 from
 home:vitezslav_cizek:branches:security:tls

- OpenSSL Security Advisory [16 Apr 2018]
  * Cache timing vulnerability in RSA Key Generation
    (CVE-2018-0737, bsc#1089039)
  * add openssl-CVE-2018-0737.patch

- Fix escaping in c_rehash (boo#1091961, bsc#1091963)
  * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch

OBS-URL: https://build.opensuse.org/request/show/606162
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=10
---
 ...le.pl-only-quote-stuff-that-actually.patch |  40 +++++++
 openssl-1_1.changes                           |  14 +++
 openssl-1_1.spec                              |   3 +
 openssl-CVE-2018-0737.patch                   | 112 ++++++++++++++++++
 4 files changed, 169 insertions(+)
 create mode 100644 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
 create mode 100644 openssl-CVE-2018-0737.patch

diff --git a/0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch b/0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
new file mode 100644
index 0000000..7eabfe1
--- /dev/null
+++ b/0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
@@ -0,0 +1,40 @@
+From 7ee2a43069913fb7c444c656048996ea92cc465e Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Wed, 28 Mar 2018 14:46:27 +0200
+Subject: [PATCH] Revert "util/dofile.pl: only quote stuff that actually needs
+ quoting"
+
+This wasn't a good solution, too many things depend on the quotes being
+there consistently.
+
+This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8.
+
+Fixes #5772
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/5773)
+
+(cherry picked from commit 00701e5ea84861b74d9d624f21a6b3fcb12e8acd)
+---
+ util/dofile.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/util/dofile.pl b/util/dofile.pl
+index fc72989b0f..a932941cd5 100644
+--- a/util/dofile.pl
++++ b/util/dofile.pl
+@@ -99,9 +99,9 @@ package main;
+ # This adds quotes (") around the given string, and escapes any $, @, \,
+ # " and ' by prepending a \ to them.
+ sub quotify1 {
+-    my $s = my $orig = shift @_;
++    my $s = shift @_;
+     $s =~ s/([\$\@\\"'])/\\$1/g;
+-    $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s;
++    '"'.$s.'"';
+ }
+ 
+ # quotify_l LIST
+-- 
+2.16.3
+
diff --git a/openssl-1_1.changes b/openssl-1_1.changes
index f317d7c..1f0a56c 100644
--- a/openssl-1_1.changes
+++ b/openssl-1_1.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu May 10 09:37:19 UTC 2018 - vcizek@suse.com
+
+- OpenSSL Security Advisory [16 Apr 2018]
+  * Cache timing vulnerability in RSA Key Generation
+    (CVE-2018-0737, bsc#1089039)
+  * add openssl-CVE-2018-0737.patch
+
+-------------------------------------------------------------------
+Thu May 10 09:32:43 UTC 2018 - vcizek@suse.com
+
+- Fix escaping in c_rehash (boo#1091961, bsc#1091963)
+  * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
+
 -------------------------------------------------------------------
 Wed Mar 28 14:34:49 UTC 2018 - vcizek@suse.com
 
diff --git a/openssl-1_1.spec b/openssl-1_1.spec
index 044bb40..8508a10 100644
--- a/openssl-1_1.spec
+++ b/openssl-1_1.spec
@@ -76,6 +76,9 @@ Patch71:        0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
 Patch72:        0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
 # PATCH-FIX-UPSTREAM (boo#1084651)
 Patch73:        0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
+# PATCH-FIX-UPSTREAM (boo#1091961)
+Patch74:        0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
+Patch75:        openssl-CVE-2018-0737.patch
 BuildRequires:  bc
 BuildRequires:  ed
 BuildRequires:  pkgconfig
diff --git a/openssl-CVE-2018-0737.patch b/openssl-CVE-2018-0737.patch
new file mode 100644
index 0000000..333e870
--- /dev/null
+++ b/openssl-CVE-2018-0737.patch
@@ -0,0 +1,112 @@
+The CVE-2018-0737 fix consists of commits:
+9db724cfede4ba7a3668bff533973ee70145ec07
+011f82e66f4bf131c733fd41a8390039859aafb2
+7150a4720af7913cae16f2e4eaf768b578c0b298
+(the three above are included in 1.1.0h)
+6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
+and additional changes to our fips_rsa_keygen()
+
+From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001
+From: Billy Brumley <bbrumley@gmail.com>
+Date: Wed, 11 Apr 2018 10:10:58 +0300
+Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
+ both get called with BN_FLG_CONSTTIME flag set.
+
+CVE-2018-0737
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/rsa/rsa_gen.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c
+===================================================================
+--- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c	2018-05-10 11:50:53.298706226 +0200
++++ openssl-1.1.0h/crypto/rsa/rsa_gen.c	2018-05-10 12:55:39.394968170 +0200
+@@ -123,6 +123,7 @@ static int fips_rsa_builtin_keygen(RSA *
+     int n = 0;
+     int test = 0;
+     int pbits = bits / 2;
++    unsigned long error = 0;
+ 
+     if (FIPS_selftest_failed()) {
+         FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED);
+@@ -191,6 +192,10 @@ retry:
+     if (!BN_lshift(r3, r3, pbits - 100))
+         goto err;
+ 
++    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
++    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
++    BN_set_flags(r2, BN_FLG_CONSTTIME);
++
+     /* generate p and q */
+     for (i = 0; i < 5 * pbits; i++) {
+  ploop:
+@@ -205,9 +210,9 @@ retry:
+ 
+         if (!BN_sub(r2, rsa->p, BN_value_one()))
+             goto err;
+-        if (!BN_gcd(r1, r2, rsa->e, ctx))
+-            goto err;
+-        if (BN_is_one(r1)) {
++        ERR_set_mark();
++        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
++            /* GCD == 1 since inverse exists */
+             int r;
+             r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0,
+                                         cb);
+@@ -217,6 +222,15 @@ retry:
+                 break;
+         }
+ 
++        error = ERR_peek_last_error();
++        if (ERR_GET_LIB(error) == ERR_LIB_BN
++            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
++            /* GCD != 1 */
++            ERR_pop_to_mark();
++        } else {
++            goto err;
++        }
++
+         if (!BN_GENCB_call(cb, 2, n++))
+             goto err;
+     }
+@@ -248,9 +262,9 @@ retry:
+ 
+         if (!BN_sub(r2, rsa->q, BN_value_one()))
+             goto err;
+-        if (!BN_gcd(r1, r2, rsa->e, ctx))
+-            goto err;
+-        if (BN_is_one(r1)) {
++        ERR_set_mark();
++        if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
++            /* GCD == 1 since inverse exists */
+             int r;
+             r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0,
+                                         cb);
+@@ -260,6 +274,15 @@ retry:
+                 break;
+         }
+ 
++        error = ERR_peek_last_error();
++        if (ERR_GET_LIB(error) == ERR_LIB_BN
++            && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
++            /* GCD != 1 */
++            ERR_pop_to_mark();
++        } else {
++            goto err;
++        }
++
+         if (!BN_GENCB_call(cb, 2, n++))
+             goto err;
+     }
+@@ -457,6 +480,8 @@ static int rsa_builtin_keygen(RSA *rsa,
+     if (BN_copy(rsa->e, e_value) == NULL)
+         goto err;
+ 
++    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
++    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+     BN_set_flags(r2, BN_FLG_CONSTTIME);
+     /* generate p and q */
+     for (;;) {