876787 – (CVE-2022-3358) <dev-libs/openssl-{1.1.1r, 3.0.6}: NULL encryption with custom cipher with NID_undef

Bug 876787 (CVE-2022-3358) - <dev-libs/openssl-{1.1.1r, 3.0.6}: NULL encryption with custom cipher with NID_undef

Summary: <dev-libs/openssl-{1.1.1r, 3.0.6}: NULL encryption with custom cipher with NI...

Status:	RESOLVED FIXED

Alias:	CVE-2022-3358

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://www.openssl.org/news/secadv/2...
Whiteboard:	A4 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2022-10-11 18:41 UTC by John Helmert III
Modified:	2024-02-04 08:05 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-10-11 18:41:01 UTC

CVE-2022-3358:

OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

Fix is 1.1.1r, 3.0.6.

Comment 1 Sam James archtester

2022-10-11 23:57:40 UTC

commit f99733502c417e043f89f01042abec3b854d203c (origin/master, origin/HEAD)
Author: Patrick McLean <chutzpah@gentoo.org>
Date:   Tue Oct 11 15:59:14 2022 -0700

    dev-libs/openssl: add 3.0.6

    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

commit 6e33789090395e63bac19f152782c3b85f5ed1b4
Author: Patrick McLean <chutzpah@gentoo.org>
Date:   Tue Oct 11 15:53:12 2022 -0700

    dev-libs/openssl: add 1.1.1r

    Signed-off-by: Patrick McLean <chutzpah@gentoo.org>

Comment 2 Sam James archtester

2022-10-12 23:43:17 UTC

commit 17e29d72ab7d349ac79c15291d47eb1a8499265b
Author: Sam James <sam@gentoo.org>
Date:   Thu Oct 13 00:40:05 2022 +0100

    dev-libs/openssl: drop yanked, masked versions

    Especially important given many will be unmasking 3.x generally.

    Signed-off-by: Sam James <sam@gentoo.org>

commit 9163b1239929bfe249d49bb24e5ccb13c27d683e
Author: Sam James <sam@gentoo.org>
Date:   Wed Oct 12 18:28:59 2022 +0100

    profiles: add link to openssl regression/bug

    Bug: https://github.com/openssl/openssl/issues/19389
    Signed-off-by: Sam James <sam@gentoo.org>

commit ea4f4da1ba175ad6e07c74d27429c0d037f41f0c
Author: Sam James <sam@gentoo.org>
Date:   Wed Oct 12 15:40:10 2022 +0100

    profiles: mask "withdrawn" openssls with a "significant regression"

    Upstream has withdrawn these releases because of a (yet unexplained)
    "significant regression".

    See https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html.

    Signed-off-by: Sam James <sam@gentoo.org>

Comment 3 John Helmert III archtester

2022-10-14 03:39:08 UTC

GLSA request filed, though we're still waiting for fixed versions here. If it takes a while we can just drop it from the GLSA if necessary.

Comment 4 Larry the Git Cow gentoo-dev

2022-10-16 14:39:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9db8cdf286ccec973fe12c1ebbb6ac75afd7e305

commit 9db8cdf286ccec973fe12c1ebbb6ac75afd7e305
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-10-16 14:31:06 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:39:36 +0000

    [ GLSA 202210-02 ] Drop bug 876787, unfixed
    
    Bug: https://bugs.gentoo.org/876787
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-02.xml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

https://gitweb.gentoo.org/data/glsa.git/commit/?id=143e8d174e14e346f2c37e8a31a4be211ac3e24c

commit 143e8d174e14e346f2c37e8a31a4be211ac3e24c
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-10-16 14:27:07 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:39:36 +0000

    [ GLSA 202210-02 ] OpenSSL: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/741570
    Bug: https://bugs.gentoo.org/809980
    Bug: https://bugs.gentoo.org/832339
    Bug: https://bugs.gentoo.org/835343
    Bug: https://bugs.gentoo.org/842489
    Bug: https://bugs.gentoo.org/856592
    Bug: https://bugs.gentoo.org/876787
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202210-02.xml | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 56 insertions(+)

Comment 5 Larry the Git Cow gentoo-dev

2022-10-16 14:52:46 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=530086715f82de12009538347725dbfd14e6b0a8

commit 530086715f82de12009538347725dbfd14e6b0a8
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2022-10-14 03:47:09 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-10-16 14:52:19 +0000

    profiles: mask <openssl-1.1.1
    
    Bug: https://bugs.gentoo.org/876787
    Bug: https://bugs.gentoo.org/741570
    Bug: https://bugs.gentoo.org/809980
    Bug: https://bugs.gentoo.org/832339
    Bug: https://bugs.gentoo.org/835343
    Bug: https://bugs.gentoo.org/842489
    Bug: https://bugs.gentoo.org/856592
    Closes: https://github.com/gentoo/gentoo/pull/22909
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 profiles/package.mask | 5 +++++
 1 file changed, 5 insertions(+)

Comment 6 Larry the Git Cow gentoo-dev

2024-02-04 08:03:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=f353a9a7c6ffd4dd54f9b93774d103942a88892e

commit f353a9a7c6ffd4dd54f9b93774d103942a88892e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-04 08:02:53 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-02-04 08:03:15 +0000

    [ GLSA 202402-08 ] OpenSSL: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/876787
    Bug: https://bugs.gentoo.org/893446
    Bug: https://bugs.gentoo.org/902779
    Bug: https://bugs.gentoo.org/903545
    Bug: https://bugs.gentoo.org/907413
    Bug: https://bugs.gentoo.org/910556
    Bug: https://bugs.gentoo.org/911560
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202402-08.xml | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)