openssl_1_1; 1.1.1m -> 1.1.1.n; openssl_3_0: 3.0.1 -> 3.0.2

[mweinelt]

Description of changes

https://github.com/openssl/openssl/blob/openssl-3.0.2/CHANGES.md#changes-between-301-and-302-15-mar-2022
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1n/CHANGES#L10

Denial of service when parsing elliptic curve certificates with non-prime moduli.

Fixes: CVE-2022-0778

Assuming this will go directly into master/release-21.11 unless people disagree.

  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
     for non-prime moduli.

     Internally this function is used when parsing certificates that contain
     elliptic curve public keys in compressed form or explicit elliptic curve
     parameters with a base point encoded in compressed form.

     It is possible to trigger the infinite loop by crafting a certificate that
     has invalid explicit curve parameters.

     Since certificate parsing happens prior to verification of the certificate
     signature, any process that parses an externally supplied certificate may
     thus be subject to a denial of service attack. The infinite loop can also
     be reached when parsing crafted private keys as they can contain explicit
     elliptic curve parameters.

     Thus vulnerable situations include:

      - TLS clients consuming server certificates
      - TLS servers consuming client certificates
      - Hosting providers taking certificates or private keys from customers
      - Certificate authorities parsing certification requests from subscribers
      - Anything else which parses ASN.1 elliptic curve parameters

     Also any other applications that use the BN_mod_sqrt() where the attacker
     can control the parameter values are vulnerable to this DoS issue.
     (CVE-2022-0778)
     [Tomáš Mráz]

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[vcunat]

If merging directly to master, I think it should be done at once with staging-next. (The other alternative is to merge to staging-next and wait a while for some binaries.)

[vcunat]

The jobs would perhaps appear eventually, but let me:
@ofborg build openssl_1_1 openssl_3_0

[github-actions]

Backport failed for release-21.11, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally.

git fetch origin release-21.11
git worktree add -d .worktree/backport-164281-to-release-21.11 origin/release-21.11
cd .worktree/backport-164281-to-release-21.11
git checkout -b backport-164281-to-release-21.11
ancref=$(git merge-base db0fa0744cf57f566dd325540f4367fb3c81bb9f 72bb369245a84beaa5596f8ed551be470a20d6b2)
git cherry-pick -x $ancref..72bb369245a84beaa5596f8ed551be470a20d6b2

[vcunat]

Both of *-small channels now contain the new versions. The big channels will take longer, some of them maybe even a couple days.