From 9675ee88bd91de23719ac724d81d23a50f82d349 Mon Sep 17 00:00:00 2001
From: zhaohang_mskdxl <wb-zh951434@alibaba-inc.com>
Date: Wed, 10 Dec 2025 18:29:53 +0800
Subject: [PATCH] Update code from upstream

---
 0142-CVE-2024-13176-Minerva.patch | 93 +++++++++++++++++++++++++++++++
 openssl.spec                      |  8 ++-
 2 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 0142-CVE-2024-13176-Minerva.patch

diff --git a/0142-CVE-2024-13176-Minerva.patch b/0142-CVE-2024-13176-Minerva.patch
new file mode 100644
index 0000000..4dbe652
--- /dev/null
+++ b/0142-CVE-2024-13176-Minerva.patch
@@ -0,0 +1,93 @@
+diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
+index b876edbfac36e..af52e2ced6914 100644
+--- a/crypto/bn/bn_exp.c
++++ b/crypto/bn/bn_exp.c
+@@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+  * out by Colin Percival,
+  * http://www.daemonology.net/hyperthreading-considered-harmful/)
+  */
+-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                               const BIGNUM *m, BN_CTX *ctx,
+                               BN_MONT_CTX *in_mont)
+ {
+@@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     unsigned int t4 = 0;
+ #endif
+ 
+-    bn_check_top(a);
+-    bn_check_top(p);
+-    bn_check_top(m);
+-
+     if (!BN_is_odd(m)) {
+         ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
+         return 0;
+@@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+             goto err;
+     } else
+ #endif
+-    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
++    if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
+         goto err;
+     ret = 1;
+  err:
+@@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+     return ret;
+ }
+ 
++int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont)
++{
++    bn_check_top(a);
++    bn_check_top(p);
++    bn_check_top(m);
++    if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
++        return 0;
++    bn_correct_top(rr);
++    return 1;
++}
++
+ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+ {
+diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
+index 19384eba186b5..3f8d65c1bf1a1 100644
+--- a/crypto/ec/ec_lib.c
++++ b/crypto/ec/ec_lib.c
+@@ -21,6 +21,7 @@
+ #include <openssl/opensslv.h>
+ #include <openssl/param_build.h>
+ #include "crypto/ec.h"
++#include "crypto/bn.h"
+ #include "internal/nelem.h"
+ #include "ec_local.h"
+ 
+@@ -1265,10 +1266,10 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+     if (!BN_sub(e, group->order, e))
+         goto err;
+     /*-
+-     * Exponent e is public.
+-     * No need for scatter-gather or BN_FLG_CONSTTIME.
++     * Although the exponent is public we want the result to be
++     * fixed top.
+      */
+-    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
++    if (!bn_mod_exp_mont_fixed_top(r, x, e, group->order, ctx, group->mont_data))
+         goto err;
+ 
+     ret = 1;
+diff --git a/include/crypto/bn.h b/include/crypto/bn.h
+index 47d9b44f879f0..bdee28625ce60 100644
+--- a/include/crypto/bn.h
++++ b/include/crypto/bn.h
+@@ -73,6 +73,9 @@ int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+  */
+ int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                           BN_MONT_CTX *mont, BN_CTX *ctx);
++int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
++                              const BIGNUM *m, BN_CTX *ctx,
++                              BN_MONT_CTX *in_mont);
+ int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                          BN_CTX *ctx);
+ int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
diff --git a/openssl.spec b/openssl.spec
index 4845e1a..ccf6008 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -1,4 +1,4 @@
-%define anolis_release 13
+%define anolis_release 14
 %global soversion 3
 
 %define srpmhash() %{lua:
@@ -113,6 +113,7 @@ Patch57: 1007-fix-CVE-2024-4741.patch
 Patch58: 1008-fix-CVE-2024-9143.patch
 
 Patch100: add-sw_64-support.patch
+Patch59: 0142-CVE-2024-13176-Minerva.patch
 
 BuildRequires:  gcc git coreutils perl-interpreter sed zlib-devel /usr/bin/cmp
 BuildRequires:  lksctp-tools-devel
@@ -317,6 +318,11 @@ rm -f $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/{openssl.cnf.dist,ct_log_list.cnf.di
 %doc NEWS.md README.md
 
 %changelog
+* Wed Oct 18 2025 Anolis Bot <anolis-bot@openanolis.com> - 1:3.0.12-14
+- Apply CVE-2024-13176 patch to fix timing side-channel in ECDSA signature computation (Minerva vulnerability)
+- Sync upstream changes from commit d6a9e4cbb65ef6ca9288280c67d18967a6d1e246
+- Resolves: RHEL-70879
+
 * Fri May 23 2025 Ali <shenzhongli@inspur.com> - 1:3.0.12-13
 - fix CVE-2024-9143
 
-- 
Gitee