Sync from SUSE:SLFO:Main openssl-3 revision f8ce07e1a28811c02495945876b3b552

2025-06-18 16:34:48 +02:00
parent ae557d2cd2
commit be70d4bb95
4 changed files with 205 additions and 0 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Thu May 29 06:46:14 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix P-384 curve on lower-than-P9 PPC64 targets [bsc#1243014]
+  * Add openssl-Fix-P384-on-P8-targets.patch [a72f753c]
+
+-------------------------------------------------------------------
+Mon May 26 10:16:09 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
+
+- Security fix: [bsc#1243564, CVE-2025-4575]
+  * Fix the x509 application adding trusted use instead of rejected use
+  * Add openssl-CVE-2025-4575.patch
+
 -------------------------------------------------------------------
 Thu May 15 09:41:20 UTC 2025 - Pedro Monreal <pmonreal@suse.com>

@@ -19,6 +32,8 @@ Mon May 12 10:47:50 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
 Fri Apr  4 13:34:27 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>

 - Update to 3.5.0:
+  * Security fixes:
+    - [bsc#1243459, CVE-2025-27587] Minerva side channel vulnerability in P-384
  * Changes:
    - Default encryption cipher for the req, cms, and smime applications
      changed from des-ede3-cbc to aes-256-cbc.
--- a/openssl-3.spec
+++ b/openssl-3.spec
@@ -124,6 +124,10 @@ Patch42:        openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
 Patch43:        openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
 # PATCH-FIX-FEDORA FIPS: Fix the speed command in FIPS mode for KMAC
 Patch44:        openssl-FIPS-Fix-openssl-speed-KMAC.patch
+# PATCH-FIX-UPSTREAM bsc#1243564 CVE-2025-4575 The x509 application adds trusted use instead of rejected use
+Patch45:        openssl-CVE-2025-4575.patch
+# PATCH-FIX-UPSTREAM bsc#1243014 Fix P-384 curve on lower-than-P9 PPC64 targets
+Patch46:        openssl-Fix-P384-on-P8-targets.patch

 # ulp-macros is available according to SUSE version.
 %ifarch x86_64
--- a/openssl-CVE-2025-4575.patch
+++ b/openssl-CVE-2025-4575.patch
@@ -0,0 +1,61 @@
+From 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 20 May 2025 16:34:10 +0200
+Subject: [PATCH] apps/x509.c: Fix the -addreject option adding trust instead
+ of rejection
+
+Fixes CVE-2025-4575
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/27672)
+
+Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
+---
+ apps/x509.c                 |  2 +-
+ test/recipes/25-test_x509.t | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: openssl-3.5.0/apps/x509.c
+===================================================================
+--- openssl-3.5.0.orig/apps/x509.c
+++ openssl-3.5.0/apps/x509.c
+@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
+                            prog, opt_arg());
+                 goto opthelp;
+             }
+-            if (!sk_ASN1_OBJECT_push(trust, objtmp))
+            if (!sk_ASN1_OBJECT_push(reject, objtmp))
+                 goto end;
+             trustout = 1;
+             break;
+Index: openssl-3.5.0/test/recipes/25-test_x509.t
+===================================================================
+--- openssl-3.5.0.orig/test/recipes/25-test_x509.t
+++ openssl-3.5.0/test/recipes/25-test_x509.t
+@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
+ 
+ setup("test_x509");
+ 
+-plan tests => 134;
+plan tests => 138;
+ 
+ # Prevent MSys2 filename munging for arguments that look like file paths but
+ # aren't
+@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "
+ && run(app(["openssl", "verify", "-no_check_time",
+             "-trusted", $ca, "-partial_chain", $caout])));
+ 
+# test trust decoration
+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
+            "-out", "ca-trusted.pem"])));
+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
+              1, 'trusted use - E-mail Protection');
+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
+            "-out", "ca-rejected.pem"])));
+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
+              1, 'rejected use - E-mail Protection');
+
+ subtest 'x509 -- x.509 v1 certificate' => sub {
+     tconversion( -type => 'x509', -prefix => 'x509v1',
+                  -in => srctop_file("test", "testx509.pem") );
--- a/openssl-Fix-P384-on-P8-targets.patch
+++ b/openssl-Fix-P384-on-P8-targets.patch
@@ -0,0 +1,125 @@
+From a72f753cc5a43e58087358317975f6be46c15e01 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Thu, 17 Apr 2025 08:51:53 -0500
+Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
+
+The change adding an asm implementation of p384_felem_reduce incorrectly
+uses the accelerated version on both targets that support the intrinsics
+*and* targets that don't, instead of falling back to the generics on older
+targets.  This results in crashes when trying to use P-384 on < Power9.
+
+Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
+Closes: #27350
+Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/27429)
+
+(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
+---
+ crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
+ 1 file changed, 33 insertions(+), 21 deletions(-)
+
+diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
+index 2ceb94fe33b7e..9d682f5a02cce 100644
+--- a/crypto/ec/ecp_nistp384.c
+++ b/crypto/ec/ecp_nistp384.c
+@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
+         out[i] = acc[i];
+ }
+ 
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+    widefelem tmp;
+
+    felem_square_ref(tmp, in);
+    felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+
+    felem_mul_ref(tmp, in1, in2);
+    felem_reduce_ref(out, tmp);
+}
+
+ #if defined(ECP_NISTP384_ASM)
+ static void felem_square_wrapper(widefelem out, const felem in);
+ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
+@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
+ 
+ static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+ 
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+    felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+    felem_mul_reduce_ref;
+
+ void p384_felem_square(widefelem out, const felem in);
+ void p384_felem_mul(widefelem out, const felem in1, const felem in2);
+ void p384_felem_reduce(felem out, const widefelem in);
+ 
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+
+ # if defined(_ARCH_PPC64)
+ #  include "crypto/ppc_arch.h"
+ # endif
+@@ -710,6 +734,8 @@ static void felem_select(void)
+         felem_square_p = p384_felem_square;
+         felem_mul_p = p384_felem_mul;
+         felem_reduce_p = p384_felem_reduce;
+        felem_square_reduce_p = p384_felem_square_reduce;
+        felem_mul_reduce_p = p384_felem_mul_reduce;
+ 
+         return;
+     }
+@@ -718,7 +744,9 @@ static void felem_select(void)
+     /* Default */
+     felem_square_p = felem_square_ref;
+     felem_mul_p = felem_mul_ref;
+-    felem_reduce_p = p384_felem_reduce;
+    felem_reduce_p = felem_reduce_ref;
+    felem_square_reduce_p = felem_square_reduce_ref;
+    felem_mul_reduce_p = felem_mul_reduce_ref;
+ }
+ 
+ static void felem_square_wrapper(widefelem out, const felem in)
+@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
+ # define felem_mul felem_mul_p
+ # define felem_reduce felem_reduce_p
+ 
+-void p384_felem_square_reduce(felem out, const felem in);
+-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+-
+-# define felem_square_reduce p384_felem_square_reduce
+-# define felem_mul_reduce p384_felem_mul_reduce
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
+ #else
+ # define felem_square felem_square_ref
+ # define felem_mul felem_mul_ref
+ # define felem_reduce felem_reduce_ref
+ 
+-static ossl_inline void felem_square_reduce(felem out, const felem in)
+-{
+-    widefelem tmp;
+-
+-    felem_square(tmp, in);
+-    felem_reduce(out, tmp);
+-}
+-
+-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
+-{
+-    widefelem tmp;
+-
+-    felem_mul(tmp, in1, in2);
+-    felem_reduce(out, tmp);
+-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
+ #endif
+ 
+ /*-