From 9bc98986acc12f774b47c3c3b2d63c211d0f9ce4f5dfc48717badd05f89911f7 Mon Sep 17 00:00:00 2001 From: Pedro Monreal Gonzalez Date: Thu, 21 Jul 2022 11:29:20 +0000 Subject: [PATCH] Accepting request 990534 from security:tls:unstable OBS-URL: https://build.opensuse.org/request/show/990534 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=42 --- openssl-3.0.2.tar.gz | 3 - openssl-3.0.2.tar.gz.asc | 11 -- openssl-3.0.5.tar.gz | 3 + openssl-3.0.5.tar.gz.asc | 17 +++ openssl-3.changes | 104 +++++++++++++++++- openssl-3.spec | 2 +- ...PROFILE-SYSTEM-system-default-cipher.patch | 70 ++++++------ 7 files changed, 157 insertions(+), 53 deletions(-) delete mode 100644 openssl-3.0.2.tar.gz delete mode 100644 openssl-3.0.2.tar.gz.asc create mode 100644 openssl-3.0.5.tar.gz create mode 100644 openssl-3.0.5.tar.gz.asc diff --git a/openssl-3.0.2.tar.gz b/openssl-3.0.2.tar.gz deleted file mode 100644 index d52d6db..0000000 --- a/openssl-3.0.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:98e91ccead4d4756ae3c9cde5e09191a8e586d9f4d50838e7ec09d6411dfdb63 -size 15038141 diff --git a/openssl-3.0.2.tar.gz.asc b/openssl-3.0.2.tar.gz.asc deleted file mode 100644 index 720781c..0000000 --- a/openssl-3.0.2.tar.gz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEEhlersmDwVrHlGQg52cTSbQ5gRJEFAmIwowMACgkQ2cTSbQ5g -RJFDvAf/RVYnplRE1x9i/ejoJeTAO7YhibCRpnp+UzkpgMrDL1y9Rpw3ZJCYh9Fq -HEotKmbuZvNGPgYUxSov00xnhKcpzTHKiZQA767rZpNL4F+g3SpOh06IB6tJzn1k -dx9oqAmWgIeWLY4kRHXrqqFa95Zu9LNxJ04NuqaaWxeK0/fYl534sYW5DU6uug9u -4NcBamvnPv1+4A3Ow6jdN96tb7O3HuJ14RvGPzgUx1FPv/zU6NE2fgTnVcBzaYIP -5rfB1EQa3+1NTtej+uUQb0i0NxFpgggFMF+qCc5Yrl9i3o8Q+wnbaVw4bNURk9En -gNgfw0J0TG14PgtkF/Q6he++BQoNYQ== -=pMVy ------END PGP SIGNATURE----- diff --git a/openssl-3.0.5.tar.gz b/openssl-3.0.5.tar.gz new file mode 100644 index 0000000..0932ee3 --- /dev/null +++ b/openssl-3.0.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:aa7d8d9bef71ad6525c55ba11e5f4397889ce49c2c9349dcea6d3e4f0b024a7a +size 15074407 diff --git a/openssl-3.0.5.tar.gz.asc b/openssl-3.0.5.tar.gz.asc new file mode 100644 index 0000000..405b275 --- /dev/null +++ b/openssl-3.0.5.tar.gz.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- + +iQJIBAABCgAyFiEEeVOsH7w9yLOykjk+1enkP3357owFAmLD/PsUHGxldml0dGVA +b3BlbnNzbC5vcmcACgkQ1enkP3357oxVbw/8D1VjnQd7LuFKY7cEvhV9tVRMoYXV +ZdVPAHyx6Tj2AK3H+bPMnxnOGGthimCPjtwetZsNZiIofQn9ySIXSBWesfXY1ZuY +heln7Fa+Nb9IzpTPjq8ZQrdoNdpWWff1bW5cZLS7f0dwp/YTQWjk9WfFBKN35poC +BS7LDzBL0u0Yn8yseioz9AhW7EB6Y53FuJQsXE79WReNnvjRwda2krNjh0Dyo8Pm +1RqhX4nvsgYx4Zlo3AgMuzlxnHJG4zAJqJuTYK1gqR8LAJWWQVuozm20MADkScAB +n9LCYnNtvD2trHZB/icXQOKV6vDj6HyH/uXF4afgyAboSoUYeFBzWDrItSvdO7w/ +c7yXe25wK1tZfFWEOxsNIB9wcXJjkt4d28IKHqG2WC8hdfZikPW5Q9WyP+3g0lr4 +sdKBnnG1OXnNtsYxJ9kcobx4HONyuLo/dj5gqjh32J6LlbWVRD1bd/V+VYqTnrTu +ZI8otNi9DIriFFaznr8W6Wto0dX86KSYhdz33rI/ZXLl6k0MiC2VtwtU1L/tAHwS +p8UjilhKLTHe77IPoz24KWlae7AOBSXq7pp/L1mWi8rMKq+bPPMTARCXxy31Mdvg +o0TCrrVayNsUwDuLYM01Eg9+PELDhMr+BZVAMEsXVK3PT2c2pa28j7ASRvaPH6jy +sHq7dMxKkmd4DsE= +=o/SA +-----END PGP SIGNATURE----- diff --git a/openssl-3.changes b/openssl-3.changes index ba1c6d8..baea21b 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,101 @@ +------------------------------------------------------------------- +Thu Jul 21 09:09:07 UTC 2022 - Pedro Monreal + +- Update to 3.0.5: + * The OpenSSL 3.0.4 release introduced a serious bug in the RSA + implementation for X86_64 CPUs supporting the AVX512IFMA instructions. + This issue makes the RSA implementation with 2048 bit private keys + incorrect on such machines and memory corruption will happen during + the computation. As a consequence of the memory corruption an attacker + may be able to trigger a remote code execution on the machine performing + the computation. + SSL/TLS servers or other servers using 2048 bit RSA private keys running + on machines supporting AVX512IFMA instructions of the X86_64 architecture + are affected by this issue. [bsc#1201148, CVE-2022-2274] + * AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised + implementation would not encrypt the entirety of the data under some + circumstances. This could reveal sixteen bytes of data that was + preexisting in the memory that wasn't written. In the special case of + "in place" encryption, sixteen bytes of the plaintext would be revealed. + Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, + they are both unaffected. [bsc#1201099, CVE-2022-2097] +- Rebase patches: + * openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch + +------------------------------------------------------------------- +Mon Jul 18 12:03:55 UTC 2022 - Pedro Monreal + +- Update to 3.0.4: [bsc#1199166, CVE-2022-1292] + * In addition to the c_rehash shell command injection identified in + CVE-2022-1292, further bugs where the c_rehash script does not + properly sanitise shell metacharacters to prevent command injection + have been fixed. + When the CVE-2022-1292 was fixed it was not discovered that there + are other places in the script where the file names of certificates + being hashed were possibly passed to a command executed through the shell. + This script is distributed by some operating systems in a manner where + it is automatically executed. On such operating systems, an attacker + could execute arbitrary commands with the privileges of the script. + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. + * Case insensitive string comparison no longer uses locales. + It has instead been directly implemented. + +------------------------------------------------------------------- +Mon Jul 18 12:03:21 UTC 2022 - Pedro Monreal + +- Update to 3.0.3: + * Case insensitive string comparison is reimplemented via new locale-agnostic + comparison functions OPENSSL_str[n]casecmp always using the POSIX locale for + comparison. The previous implementation had problems when the Turkish locale + was used. + * Fixed a bug in the c_rehash script which was not properly sanitising shell + metacharacters to prevent command injection. This script is distributed by + some operating systems in a manner where it is automatically executed. On + such operating systems, an attacker could execute arbitrary commands with the + privileges of the script. + Use of the c_rehash script is considered obsolete and should be replaced + by the OpenSSL rehash command line tool. [bsc#1199166, CVE-2022-1292] + * Fixed a bug in the function 'OCSP_basic_verify' that verifies the signer + certificate on an OCSP response. The bug caused the function in the case + where the (non-default) flag OCSP_NOCHECKS is used to return a postivie + response (meaning a successful verification) even in the case where the + response signing certificate fails to verify. + It is anticipated that most users of 'OCSP_basic_verify' will not use the + OCSP_NOCHECKS flag. In this case the 'OCSP_basic_verify' function will return + a negative value (indicating a fatal error) in the case of a certificate + verification failure. The normal expected return value in this case would be 0. + This issue also impacts the command line OpenSSL "ocsp" application. When + verifying an ocsp response with the "-no_cert_checks" option the command line + application will report that the verification is successful even though it + has in fact failed. In this case the incorrect successful response will also + be accompanied by error messages showing the failure and contradicting the + apparently successful result. [bsc#1199167, CVE-2022-1343] + * Fixed a bug where the RC4-MD5 ciphersuite incorrectly used the + AAD data as the MAC key. This made the MAC key trivially predictable. + An attacker could exploit this issue by performing a man-in-the-middle attack + to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such + that the modified data would still pass the MAC integrity check. + Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 + endpoint will always be rejected by the recipient and the connection will + fail at that point. Many application protocols require data to be sent from + the client to the server first. Therefore, in such a case, only an OpenSSL + 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. + [bsc#1199168, CVE-2022-1434] + * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory + occuppied by the removed hash table entries. + This function is used when decoding certificates or keys. If a long lived + process periodically decodes certificates or keys its memory usage will + expand without bounds and the process might be terminated by the operating + system causing a denial of service. Also traversing the empty hash table + entries will take increasingly more time. Typically such long lived processes + might be TLS clients or TLS servers configured to accept client certificate + authentication. [bsc#1199169, CVE-2022-1473] + * The functions 'OPENSSL_LH_stats' and 'OPENSSL_LH_stats_bio' now only report + the 'num_items', 'num_nodes' and 'num_alloc_nodes' statistics. All other + statistics are no longer supported. For compatibility, these statistics are + still listed in the output but are now always reported as zero. + ------------------------------------------------------------------- Sat Mar 19 10:05:22 UTC 2022 - Pedro Monreal @@ -211,8 +309,8 @@ Sat May 1 19:58:48 UTC 2021 - Jason Sikes automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC. This is a breaking change from previous OpenSSL versions. Unlike in previous OpenSSL versions, this means that applications must not - call `EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)` to get SM2 computations. - The `EVP_PKEY_set_alias_type` function has now been removed. + call 'EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2)' to get SM2 computations. + The 'EVP_PKEY_set_alias_type' function has now been removed. * Parameter and key generation is also reworked to make it possible to generate EVP_PKEY_SM2 parameters and keys. Applications must now generate SM2 keys directly and must not create an EVP_PKEY_EC key first. @@ -612,7 +710,7 @@ Thu Jun 4 20:24:04 UTC 2020 - Vítězslav Čížek ------------------------------------------------------------------- Sat May 23 14:06:54 UTC 2020 - Jan Engelhardt -- Use find -exec +. Replace `pwd` by simply $PWD. +- Use find -exec +. Replace 'pwd' by simply $PWD. - Drop Obsoletes on libopenssl1*. libopenssl3 has a new SONAME and does not conflict with anything previously. diff --git a/openssl-3.spec b/openssl-3.spec index dd60dd1..07381a3 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -21,7 +21,7 @@ %define _rname openssl Name: openssl-3 # Don't forget to update the version in the "openssl" package! -Version: 3.0.2 +Version: 3.0.5 Release: 0 Summary: Secure Sockets and Transport Layer Security License: Apache-2.0 diff --git a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch index 2f3a8ef..2a54b94 100644 --- a/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch +++ b/openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch @@ -15,10 +15,10 @@ Subject: Add support for PROFILE=SYSTEM system default cipherlist util/libcrypto.num | 1 + 8 files changed, 110 insertions(+), 14 deletions(-) -Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl +Index: openssl-3.0.5/Configurations/unix-Makefile.tmpl =================================================================== ---- openssl-3.0.1.orig/Configurations/unix-Makefile.tmpl -+++ openssl-3.0.1/Configurations/unix-Makefile.tmpl +--- openssl-3.0.5.orig/Configurations/unix-Makefile.tmpl ++++ openssl-3.0.5/Configurations/unix-Makefile.tmpl @@ -315,6 +315,10 @@ MANDIR=$(INSTALLTOP)/share/man DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME) HTMLDIR=$(DOCDIR)/html @@ -38,10 +38,10 @@ Index: openssl-3.0.1/Configurations/unix-Makefile.tmpl (map { "-I".$_} @{$config{CPPINCLUDES}}), @{$config{CPPFLAGS}}) -} CFLAGS={- join(' ', @{$config{CFLAGS}}) -} -Index: openssl-3.0.1/doc/man1/openssl-ciphers.pod.in +Index: openssl-3.0.5/doc/man1/openssl-ciphers.pod.in =================================================================== ---- openssl-3.0.1.orig/doc/man1/openssl-ciphers.pod.in -+++ openssl-3.0.1/doc/man1/openssl-ciphers.pod.in +--- openssl-3.0.5.orig/doc/man1/openssl-ciphers.pod.in ++++ openssl-3.0.5/doc/man1/openssl-ciphers.pod.in @@ -186,6 +186,15 @@ As of OpenSSL 1.0.0, the B cipher s The cipher suites not enabled by B, currently B. @@ -58,10 +58,10 @@ Index: openssl-3.0.1/doc/man1/openssl-ciphers.pod.in =item B "High" encryption cipher suites. This currently means those with key lengths -Index: openssl-3.0.1/include/openssl/ssl.h.in +Index: openssl-3.0.5/include/openssl/ssl.h.in =================================================================== ---- openssl-3.0.1.orig/include/openssl/ssl.h.in -+++ openssl-3.0.1/include/openssl/ssl.h.in +--- openssl-3.0.5.orig/include/openssl/ssl.h.in ++++ openssl-3.0.5/include/openssl/ssl.h.in @@ -210,6 +210,11 @@ extern "C" { * throwing out anonymous and unencrypted ciphersuites! (The latter are not * actually enabled by ALL, but "ALL:RSA" would enable some of them.) @@ -74,10 +74,10 @@ Index: openssl-3.0.1/include/openssl/ssl.h.in /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ # define SSL_SENT_SHUTDOWN 1 -Index: openssl-3.0.1/ssl/ssl_ciph.c +Index: openssl-3.0.5/ssl/ssl_ciph.c =================================================================== ---- openssl-3.0.1.orig/ssl/ssl_ciph.c -+++ openssl-3.0.1/ssl/ssl_ciph.c +--- openssl-3.0.5.orig/ssl/ssl_ciph.c ++++ openssl-3.0.5/ssl/ssl_ciph.c @@ -1436,6 +1436,53 @@ int SSL_set_ciphersuites(SSL *s, const c return ret; } @@ -216,7 +216,7 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c /* Add TLSv1.3 ciphers first - we always prefer those if possible */ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) { const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i); -@@ -1690,6 +1748,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ +@@ -1690,6 +1747,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_ *cipher_list = cipherstack; return cipherstack; @@ -227,14 +227,14 @@ Index: openssl-3.0.1/ssl/ssl_ciph.c + OPENSSL_free(new_rules); +#endif + return NULL; -+ ++ } char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) -Index: openssl-3.0.1/ssl/ssl_lib.c +Index: openssl-3.0.5/ssl/ssl_lib.c =================================================================== ---- openssl-3.0.1.orig/ssl/ssl_lib.c -+++ openssl-3.0.1/ssl/ssl_lib.c +--- openssl-3.0.5.orig/ssl/ssl_lib.c ++++ openssl-3.0.5/ssl/ssl_lib.c @@ -660,7 +660,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx ctx->tls13_ciphersuites, &(ctx->cipher_list), @@ -244,7 +244,7 @@ Index: openssl-3.0.1/ssl/ssl_lib.c if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) { ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); return 0; -@@ -3248,7 +3248,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li +@@ -3271,7 +3271,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *li if (!ssl_create_cipher_list(ret, ret->tls13_ciphersuites, &ret->cipher_list, &ret->cipher_list_by_id, @@ -253,10 +253,10 @@ Index: openssl-3.0.1/ssl/ssl_lib.c || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) { ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS); goto err2; -Index: openssl-3.0.1/test/cipherlist_test.c +Index: openssl-3.0.5/test/cipherlist_test.c =================================================================== ---- openssl-3.0.1.orig/test/cipherlist_test.c -+++ openssl-3.0.1/test/cipherlist_test.c +--- openssl-3.0.5.orig/test/cipherlist_test.c ++++ openssl-3.0.5/test/cipherlist_test.c @@ -246,7 +246,9 @@ end: int setup_tests(void) @@ -267,20 +267,20 @@ Index: openssl-3.0.1/test/cipherlist_test.c ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); return 1; -Index: openssl-3.0.1/util/libcrypto.num +Index: openssl-3.0.5/util/libcrypto.num =================================================================== ---- openssl-3.0.1.orig/util/libcrypto.num -+++ openssl-3.0.1/util/libcrypto.num -@@ -5425,3 +5425,4 @@ ASN1_item_d2i_ex - ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION: - EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION: +--- openssl-3.0.5.orig/util/libcrypto.num ++++ openssl-3.0.5/util/libcrypto.num +@@ -5427,3 +5427,4 @@ EVP_PKEY_get0_provider EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: -+ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: -Index: openssl-3.0.1/Configure + OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: + OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: ++ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION: +Index: openssl-3.0.5/Configure =================================================================== ---- openssl-3.0.1.orig/Configure -+++ openssl-3.0.1/Configure -@@ -27,7 +27,7 @@ use OpenSSL::config; +--- openssl-3.0.5.orig/Configure ++++ openssl-3.0.5/Configure +@@ -28,7 +28,7 @@ use OpenSSL::config; my $orig_death_handler = $SIG{__DIE__}; $SIG{__DIE__} = \&death_handler; @@ -289,7 +289,7 @@ Index: openssl-3.0.1/Configure my $banner = <<"EOF"; -@@ -61,6 +61,10 @@ EOF +@@ -62,6 +62,10 @@ EOF # given with --prefix. # This becomes the value of OPENSSLDIR in Makefile and in C. # (Default: PREFIX/ssl) @@ -300,7 +300,7 @@ Index: openssl-3.0.1/Configure # --banner=".." Output specified text instead of default completion banner # # -w Don't wait after showing a Configure warning -@@ -387,6 +391,7 @@ $config{prefix}=""; +@@ -388,6 +392,7 @@ $config{prefix}=""; $config{openssldir}=""; $config{processor}=""; $config{libdir}=""; @@ -308,7 +308,7 @@ Index: openssl-3.0.1/Configure my $auto_threads=1; # enable threads automatically? true by default my $default_ranlib; -@@ -989,6 +994,10 @@ while (@argvcopy) +@@ -990,6 +995,10 @@ while (@argvcopy) die "FIPS key too long (64 bytes max)\n" if length $1 > 64; }