867fa0b486
Fixes all relevant CVEs with patches from RHEL 7. Additionally made one further tweak for parallel install installation with OpenSSL 3.x.
48 lines
1.5 KiB
Diff
48 lines
1.5 KiB
Diff
--- openssl-1.0.2u/crypto/bn/bn_sqrt.c.cve-2022-0778 2019-12-20 14:02:41.000000000 +0000
|
|
+++ openssl-1.0.2u/crypto/bn/bn_sqrt.c 2022-04-04 21:09:50.952408000 +0000
|
|
@@ -64,7 +64,8 @@
|
|
/*
|
|
* Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
|
|
* algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
|
|
- * Theory", algorithm 1.5.1). 'p' must be prime!
|
|
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
|
|
+ * an incorrect "result" will be returned.
|
|
*/
|
|
{
|
|
BIGNUM *ret = in;
|
|
@@ -350,18 +351,23 @@
|
|
goto vrfy;
|
|
}
|
|
|
|
- /* find smallest i such that b^(2^i) = 1 */
|
|
- i = 1;
|
|
- if (!BN_mod_sqr(t, b, p, ctx))
|
|
- goto end;
|
|
- while (!BN_is_one(t)) {
|
|
- i++;
|
|
- if (i == e) {
|
|
- BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
|
|
- goto end;
|
|
+ /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
|
|
+ for (i = 1; i < e; i++) {
|
|
+ if (i == 1) {
|
|
+ if (!BN_mod_sqr(t, b, p, ctx))
|
|
+ goto end;
|
|
+
|
|
+ } else {
|
|
+ if (!BN_mod_mul(t, t, t, p, ctx))
|
|
+ goto end;
|
|
}
|
|
- if (!BN_mod_mul(t, t, t, p, ctx))
|
|
- goto end;
|
|
+ if (BN_is_one(t))
|
|
+ break;
|
|
+ }
|
|
+ /* If not found, a is not a square or p is not prime. */
|
|
+ if (i >= e) {
|
|
+ BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
|
|
+ goto end;
|
|
}
|
|
|
|
/* t := y^2^(e - i - 1) */
|