-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
Low
-
rhel-security-crypto-diamonds
-
0
-
None
-
None
-
None
-
None
-
None
When integrating openssl/ rhel-8.8.0 and rhel-8-main as a submodule in edk2 I run into a build error:
https://gitlab.com/redhat/rhel/src/edk2/-/merge_requests/131
The problem is that commit "Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series"
introduced a bug into the code that makes it unbuildable in our environment.
The following patch iin our .spec file fixes it in my case, but isn't a sustainable solution:
+# Fix missing include for CVE-2022-4304 implicit rejection patch (RHEL-115901)
+# Bug introduced in openssl by
+# commit 05a955aff129 ("Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series")
+sed -i '/#include <openssl\/x509.h>/a #include <openssl/rsa.h>' CryptoPkg/Library/OpensslLib/openssl/crypto/pkcs7/pk7_doit.c