Hello community, here is the log from the commit of package openssl-1_1 for openSUSE:Factory checked in at 2018-05-13 15:56:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssl-1_1 (Old) and /work/SRC/openSUSE:Factory/.openssl-1_1.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl-1_1" Sun May 13 15:56:45 2018 rev:3 rq:606163 version:1.1.0h Changes: -------- --- /work/SRC/openSUSE:Factory/openssl-1_1/openssl-1_1.changes 2018-03-30 12:01:45.154035547 +0200 +++ /work/SRC/openSUSE:Factory/.openssl-1_1.new/openssl-1_1.changes 2018-05-13 15:56:46.876466436 +0200 @@ -1,0 +2,14 @@ +Thu May 10 09:37:19 UTC 2018 - [email protected] + +- OpenSSL Security Advisory [16 Apr 2018] + * Cache timing vulnerability in RSA Key Generation + (CVE-2018-0737, bsc#1089039) + * add openssl-CVE-2018-0737.patch + +------------------------------------------------------------------- +Thu May 10 09:32:43 UTC 2018 - [email protected] + +- Fix escaping in c_rehash (boo#1091961, bsc#1091963) + * add 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch + +------------------------------------------------------------------- New: ---- 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch openssl-CVE-2018-0737.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssl-1_1.spec ++++++ --- /var/tmp/diff_new_pack.wGRR7N/_old 2018-05-13 15:56:47.688436807 +0200 +++ /var/tmp/diff_new_pack.wGRR7N/_new 2018-05-13 15:56:47.692436661 +0200 @@ -76,6 +76,9 @@ Patch72: 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch # PATCH-FIX-UPSTREAM (boo#1084651) Patch73: 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch +# PATCH-FIX-UPSTREAM (boo#1091961) +Patch74: 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch +Patch75: openssl-CVE-2018-0737.patch BuildRequires: bc BuildRequires: ed BuildRequires: pkgconfig ++++++ 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch ++++++ >From 7ee2a43069913fb7c444c656048996ea92cc465e Mon Sep 17 00:00:00 2001 From: Richard Levitte <[email protected]> Date: Wed, 28 Mar 2018 14:46:27 +0200 Subject: [PATCH] Revert "util/dofile.pl: only quote stuff that actually needs quoting" This wasn't a good solution, too many things depend on the quotes being there consistently. This reverts commit 49cd47eaababc8c57871b929080fc1357e2ad7b8. Fixes #5772 Reviewed-by: Rich Salz <[email protected]> (Merged from https://github.com/openssl/openssl/pull/5773) (cherry picked from commit 00701e5ea84861b74d9d624f21a6b3fcb12e8acd) --- util/dofile.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/util/dofile.pl b/util/dofile.pl index fc72989b0f..a932941cd5 100644 --- a/util/dofile.pl +++ b/util/dofile.pl @@ -99,9 +99,9 @@ package main; # This adds quotes (") around the given string, and escapes any $, @, \, # " and ' by prepending a \ to them. sub quotify1 { - my $s = my $orig = shift @_; + my $s = shift @_; $s =~ s/([\$\@\\"'])/\\$1/g; - $s ne $orig || $s =~ /\s/ ? '"'.$s.'"' : $s; + '"'.$s.'"'; } # quotify_l LIST -- 2.16.3 ++++++ openssl-CVE-2018-0737.patch ++++++ The CVE-2018-0737 fix consists of commits: 9db724cfede4ba7a3668bff533973ee70145ec07 011f82e66f4bf131c733fd41a8390039859aafb2 7150a4720af7913cae16f2e4eaf768b578c0b298 (the three above are included in 1.1.0h) 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 and additional changes to our fips_rsa_keygen() >From 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787 Mon Sep 17 00:00:00 2001 From: Billy Brumley <[email protected]> Date: Wed, 11 Apr 2018 10:10:58 +0300 Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont both get called with BN_FLG_CONSTTIME flag set. CVE-2018-0737 Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Matt Caswell <[email protected]> --- crypto/rsa/rsa_gen.c | 2 ++ 1 file changed, 2 insertions(+) Index: openssl-1.1.0h/crypto/rsa/rsa_gen.c =================================================================== --- openssl-1.1.0h.orig/crypto/rsa/rsa_gen.c 2018-05-10 11:50:53.298706226 +0200 +++ openssl-1.1.0h/crypto/rsa/rsa_gen.c 2018-05-10 12:55:39.394968170 +0200 @@ -123,6 +123,7 @@ static int fips_rsa_builtin_keygen(RSA * int n = 0; int test = 0; int pbits = bits / 2; + unsigned long error = 0; if (FIPS_selftest_failed()) { FIPSerr(FIPS_F_FIPS_RSA_BUILTIN_KEYGEN, FIPS_R_FIPS_SELFTEST_FAILED); @@ -191,6 +192,10 @@ retry: if (!BN_lshift(r3, r3, pbits - 100)) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); + BN_set_flags(r2, BN_FLG_CONSTTIME); + /* generate p and q */ for (i = 0; i < 5 * pbits; i++) { ploop: @@ -205,9 +210,9 @@ retry: if (!BN_sub(r2, rsa->p, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->p, pbits > 1024 ? 4 : 5, ctx, 0, cb); @@ -217,6 +222,15 @@ retry: break; } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } + if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -248,9 +262,9 @@ retry: if (!BN_sub(r2, rsa->q, BN_value_one())) goto err; - if (!BN_gcd(r1, r2, rsa->e, ctx)) - goto err; - if (BN_is_one(r1)) { + ERR_set_mark(); + if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) { + /* GCD == 1 since inverse exists */ int r; r = BN_is_prime_fasttest_ex(rsa->q, pbits > 1024 ? 4 : 5, ctx, 0, cb); @@ -260,6 +274,15 @@ retry: break; } + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) == ERR_LIB_BN + && ERR_GET_REASON(error) == BN_R_NO_INVERSE) { + /* GCD != 1 */ + ERR_pop_to_mark(); + } else { + goto err; + } + if (!BN_GENCB_call(cb, 2, n++)) goto err; } @@ -457,6 +480,8 @@ static int rsa_builtin_keygen(RSA *rsa, if (BN_copy(rsa->e, e_value) == NULL) goto err; + BN_set_flags(rsa->p, BN_FLG_CONSTTIME); + BN_set_flags(rsa->q, BN_FLG_CONSTTIME); BN_set_flags(r2, BN_FLG_CONSTTIME); /* generate p and q */ for (;;) {
