Bug 2134740 (CVE-2022-3358)

Summary: CVE-2022-3358 openssl: Using a Custom Cipher with NID_undef may lead to NULL encryption
Product: [Other] Security Response Reporter: Sandipan Roy <saroy>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: adudiak, bdettelb, berrange, bootloader-eng-team, caswilli, cllang, csutherl, dbelyavs, ddepaula, dffrench, dhalasz, dkuc, drieden, fjansen, gzaronik, ikanias, jary, jburrell, jclere, jferlan, jkoehler, jwong, jwon, kaycoth, kraxel, kshier, micjohns, mmadzin, mturk, ngough, pbonzini, peholase, pjindal, plodge, rgodfrey, rh-spice-bugs, rravi, stcannon, sthirugn, szappis, tfister, tohughes, virt-maint, vkrizan, vkumar, vmugicag
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: OpenSSL 3.0.6 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 17:13:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2134745, 2134746, 2134767    
Bug Blocks: 2134736    

Description Sandipan Roy 2022-10-14 07:39:53 UTC 
OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).

https://www.openssl.org/news/secadv/20221011.txt
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b
Comment 1 Sandipan Roy 2022-10-14 08:01:04 UTC 
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2134746]


Created openssl3 tracking bugs for this issue:

Affects: epel-all [bug 2134745]
Comment 5 errata-xmlrpc 2023-05-09 07:56:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:2523 https://access.redhat.com/errata/RHSA-2023:2523
Comment 6 Product Security DevOps Team 2023-05-09 17:13:50 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-3358