pool/openssl-3
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
...
pull from: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

2 Commits
slfo-1.2 ... slfo-main

Author SHA256 Message Date
Angel Yankov
ba6b12e9c0 Enable md2 for jsc#PED-15723 2026-02-27 11:28:34 +02:00
Pedro Monreal
82d9d402fb Remove not needed test patches 2026-02-04 16:16:57 +01:00
18 changed files with 1114 additions and 14 deletions
Expand all files Collapse all files

56
openssl-3.changes
View File

@@ -1,3 +1,59 @@
-------------------------------------------------------------------
Tue Feb 24 13:39:25 UTC 2026 - Angel Yankov <angel.yankov@suse.com>
- Enable MD2 in legacy provider ( jsc#PED-15724 )
-------------------------------------------------------------------
Tue Jan 27 14:04:21 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
-------------------------------------------------------------------
Wed Oct 1 00:08:17 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- Security fix: [bsc#1250233 CVE-2025-9231]
* Fix timing side-channel in SM2 algorithm on 64 bit ARM
* Add patch openssl3-CVE-2025-9231.patch
- Security fix: [bsc#1250234 CVE-2025-9232]
* Fix out-of-bounds read in HTTP client no_proxy handling
* Add patch openssl3-CVE-2025-9232.patch
-------------------------------------------------------------------
Sun Aug 17 23:56:37 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
-------------------------------------------------------------------
Wed Jul 30 09:17:24 UTC 2025 - Pedro Monreal <pmonreal@suse.com>

64
openssl-3.spec
View File

@@ -128,9 +128,39 @@ Patch44: openssl-FIPS-Fix-openssl-speed-KMAC.patch
Patch45: openssl-CVE-2025-4575.patch
# PATCH-FIX-UPSTREAM bsc#1243014 Fix P-384 curve on lower-than-P9 PPC64 targets
Patch46: openssl-Fix-P384-on-P8-targets.patch
# PATCH-FIX-UPSTREAM bsc#1250232 CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK Unwrap
Patch47: openssl3-CVE-2025-9230.patch
# PATCH-FIX-UPSTREAM bsc#1250233 CVE-2025-9231: Fix timing side-channel in SM2 algorithm on 64 bit ARM
Patch48: openssl3-CVE-2025-9231.patch
# PATCH-FIX-UPSTREAM bsc#1250234 CVE-2025-9232: Fix out-of-bounds read in HTTP client no_proxy handling
Patch49: openssl3-CVE-2025-9232.patch
# PATCH-FIX-UPSTREAM bsc#1256839 CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing
# PATCH-FIX-UPSTREAM bsc#1256840 CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
Patch50: openssl-CVE-2026-22795.patch
# PATCH-FIX-UPSTREAM bsc#1256837 CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Patch51: openssl-CVE-2025-69420.patch
# PATCH-FIX-UPSTREAM bsc#1256838 CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Patch52: openssl-CVE-2025-69421.patch
# PATCH-FIX-UPSTREAM bsc#1256836 CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 function
Patch53: openssl-CVE-2025-69419.patch
# PATCH-FIX-UPSTREAM bsc#1256833 CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation
Patch54: openssl-CVE-2025-66199.patch
# PATCH-FIX-UPSTREAM bsc#1256834 CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes
Patch55: openssl-CVE-2025-68160.patch
# PATCH-FIX-UPSTREAM bsc#1256835 CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
Patch56: openssl-CVE-2025-69418.patch
# PATCH-FIX-UPSTREAM bsc#1256832 CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
Patch57: openssl-CVE-2025-15469.patch
# PATCH-FIX-UPSTREAM bsc#1256830 CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing
Patch58: openssl-CVE-2025-15467.patch
Patch59: openssl-CVE-2025-15467-comments.patch
Patch60: openssl-CVE-2025-15467-test.patch
# PATCH-FIX-UPSTREAM bsc#1256829 CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
Patch61: openssl-CVE-2025-11187.patch
# PATCH-FIX-UPSTREAM bsc#1256831 CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Patch62: openssl-CVE-2025-15468.patch
# ulp-macros is available according to SUSE version.
%ifarch x86_64
%ifarch x86_64 || ppc64le
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
BuildRequires: ulp-macros
%endif
@@ -234,6 +264,7 @@ export MACHINE=armv6l
%ifarch x86_64 aarch64 ppc64le
enable-ec_nistp_64_gcc_128 \
%endif
enable-md2 \
enable-fips \
enable-fips-jitter \
enable-jitter \
@@ -327,6 +358,11 @@ rm -f %{buildroot}%{_libdir}/*.a
rm -f %{buildroot}%{ssletcdir}/openssl.cnf.dist
rm -f %{buildroot}%{ssletcdir}/ct_log_list.cnf.dist
# Remove unneeded NOTES files
for file in NOTES-ANDROID.md NOTES-DJGPP.md NOTES-NONSTOP.md NOTES-VMS.md NOTES-WINDOWS.md ; do
rm -f %{_datadir}/packages/libopenssl-3-devel/${file}
done
# Make a copy of the default openssl.cnf file
cp %{buildroot}%{ssletcdir}/openssl.cnf %{buildroot}%{ssletcdir}/openssl-orig.cnf
@@ -390,9 +426,21 @@ fi
%{_libdir}/ossl-modules/legacy.so
%{_libdir}/.libssl.so.%{sover}.hmac
%{_libdir}/.libcrypto.so.%{sover}.hmac
%dir %{ssletcdir}
%attr(700,root,root) %{ssletcdir}/private
%config %{ssletcdir}/openssl-orig.cnf
%config (noreplace) %{ssletcdir}/openssl.cnf
%config (noreplace) %{ssletcdir}/ct_log_list.cnf
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%dir %{_localstatedir}/lib/ca-certificates/
%dir %{_localstatedir}/lib/ca-certificates/openssl
%files -n libopenssl-3-fips-provider
%{_libdir}/ossl-modules/fips.so
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
%config %{ssletcdir}/fips_local.cnf
%endif
%files -n libopenssl-3-devel
%doc NOTES*.md CONTRIBUTING.md HACKING.md AUTHORS.md ACKNOWLEDGEMENTS.md
@@ -413,18 +461,6 @@ fi
%files
%license LICENSE.txt
%doc CHANGES.md NEWS.md README.md
%dir %{ssletcdir}
%config %{ssletcdir}/openssl-orig.cnf
%config (noreplace) %{ssletcdir}/openssl.cnf
%config (noreplace) %{ssletcdir}/ct_log_list.cnf
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150600
%config %{ssletcdir}/fips_local.cnf
%endif
%attr(700,root,root) %{ssletcdir}/private
%dir %{_datadir}/ssl
%{_datadir}/ssl/misc
%dir %{_localstatedir}/lib/ca-certificates/
%dir %{_localstatedir}/lib/ca-certificates/openssl
%{_bindir}/%{_rname}
%{_bindir}/c_rehash
%{_mandir}/man1/*

54
openssl-CVE-2025-11187.patch Normal file
View File

@@ -0,0 +1,54 @@
From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 8 Jan 2026 14:31:19 +0100
Subject: [PATCH] pkcs12: Validate salt and keylength in PBMAC1
The keylength value must be present and we accept
EVP_MAX_MD_SIZE at maximum.
The salt ASN.1 type must be OCTET STRING.
Fixes CVE-2025-11187
Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
Reported independently also by Hamza (Metadust).
---
crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/pkcs12/p12_mutl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_mutl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_mutl.c
@@ -122,8 +122,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
goto err;
}
- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
if (pbkdf2_param->prf == NULL) {
kdf_hmac_nid = NID_hmacWithSHA1;
@@ -138,6 +136,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
goto err;
}
+ /* Validate salt is an OCTET STRING choice */
+ if (pbkdf2_param->salt == NULL
+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
+
+ /* RFC 9579 specifies missing key length as invalid */
+ if (pbkdf2_param->keylength != NULL)
+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+
if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);

54
openssl-CVE-2025-15467-comments.patch Normal file
View File

@@ -0,0 +1,54 @@
From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:15:42 +0100
Subject: [PATCH] Some comments to clarify functions usage
---
crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
Index: openssl-3.5.0/crypto/asn1/evp_asn1.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/evp_asn1.c
+++ openssl-3.5.0/crypto/asn1/evp_asn1.c
@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_o
oct->flags = 0;
}
+/*
+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
long *num, unsigned char *data, int max_len)
{
@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
return 0;
}
+/*
+ * This function decodes an int-octet sequence and copies the integer to 'num'
+ * and the data of octet to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{
@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(A
return 0;
}
+/*
+ * This function decodes an octet-int sequence and copies the data of octet
+ * to 'data' and the integer to 'num'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{

122
openssl-CVE-2025-15467-test.patch Normal file
View File

@@ -0,0 +1,122 @@
From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Sun, 11 Jan 2026 11:35:15 +0100
Subject: [PATCH] Test for handling of AEAD-encrypted CMS with inadmissibly
long IV
---
test/cmsapitest.c | 39 ++++++++++++++++++-
test/recipes/80-test_cmsapi.t | 3 +-
.../encDataWithTooLongIV.pem | 11 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
Index: openssl-3.5.0/test/cmsapitest.c
===================================================================
--- openssl-3.5.0.orig/test/cmsapitest.c
+++ openssl-3.5.0/test/cmsapitest.c
@@ -9,10 +9,10 @@
#include <string.h>
+#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
-#include <openssl/pem.h>
#include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */
#include "testutil.h"
@@ -20,6 +20,7 @@
static X509 *cert = NULL;
static EVP_PKEY *privkey = NULL;
static char *derin = NULL;
+static char *too_long_iv_cms_in = NULL;
static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
{
@@ -385,6 +386,38 @@ end:
return ret;
}
+static int test_cms_aesgcm_iv_too_long(void)
+{
+ int ret = 0;
+ BIO *cmsbio = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ unsigned long err = 0;
+
+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
+ goto end;
+
+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
+ goto end;
+
+ /* Must fail cleanly (no crash) */
+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
+ goto end;
+ err = ERR_peek_last_error();
+ if (!TEST_ulong_ne(err, 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
+ goto end;
+
+ ret = 1;
+end:
+ CMS_ContentInfo_free(cms);
+ BIO_free(cmsbio);
+ BIO_free(out);
+ return ret;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
int setup_tests(void)
@@ -399,7 +432,8 @@ int setup_tests(void)
if (!TEST_ptr(certin = test_get_argument(0))
|| !TEST_ptr(privkeyin = test_get_argument(1))
- || !TEST_ptr(derin = test_get_argument(2)))
+ || !TEST_ptr(derin = test_get_argument(2))
+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
return 0;
certbio = BIO_new_file(certin, "r");
@@ -432,6 +466,7 @@ int setup_tests(void)
ADD_TEST(test_CMS_add1_cert);
ADD_TEST(test_d2i_CMS_bio_NULL);
ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
+ ADD_TEST(test_cms_aesgcm_iv_too_long);
return 1;
}
Index: openssl-3.5.0/test/recipes/80-test_cmsapi.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_cmsapi.t
+++ openssl-3.5.0/test/recipes/80-test_cmsapi.t
@@ -18,5 +18,6 @@ plan tests => 1;
ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
srctop_file("test", "certs", "serverkey.pem"),
- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
"running cmsapitest");
Index: openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
===================================================================
--- /dev/null
+++ openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
@@ -0,0 +1,11 @@
+-----BEGIN CMS-----
+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
+-----END CMS-----

30
openssl-CVE-2025-15467.patch Normal file
View File

@@ -0,0 +1,30 @@
From 190ba58c0a1d995d4da8b017054d4b74d138291c Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:13:35 +0100
Subject: [PATCH] Correct handling of AEAD-encrypted CMS with inadmissibly long
IV
Fixes CVE-2025-15467
---
crypto/evp/evp_lib.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9eae1d421c..58fa7ce43b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -228,10 +228,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
if (type == NULL || asn1_params == NULL)
return 0;
- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
- if (i <= 0)
+ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
+ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
return -1;
- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
memcpy(asn1_params->iv, iv, i);
asn1_params->iv_len = i;
--
2.51.0

27
openssl-CVE-2025-15468.patch Normal file
View File

@@ -0,0 +1,27 @@
From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001
From: Daniel Kubec <kubec@openssl.org>
Date: Fri, 9 Jan 2026 14:33:24 +0100
Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
dereferencing SSL_CIPHER
Fixes CVE-2025-15468
---
ssl/quic/quic_impl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 87c1370a8d..89c108a973 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
{
const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+ if (ciph == NULL)
+ return NULL;
if ((ciph->algorithm2 & SSL_QUIC) == 0)
return NULL;
--
2.51.0

267
openssl-CVE-2025-15469.patch Normal file
View File

@@ -0,0 +1,267 @@
From ef48810aafdc3b8c6c4a85e52314caeec0cb596c Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Wed, 7 Jan 2026 01:21:58 +1100
Subject: [PATCH] Report truncation in oneshot `openssl dgst -sign`
Previously input was silently truncated at 16MB, now if the input is
longer than limit, an error is reported.
The bio_to_mem() apps helper function was changed to return 0 or 1,
and return the size of the result via an output size_t pointer.
Fixes CVE-2025-15469
---
apps/dgst.c | 7 +++---
apps/include/apps.h | 2 +-
apps/lib/apps.c | 55 +++++++++++++++++++++++----------------------
apps/pkeyutl.c | 36 ++++++++++++++---------------
4 files changed, 50 insertions(+), 50 deletions(-)
Index: openssl-3.5.0/apps/dgst.c
===================================================================
--- openssl-3.5.0.orig/apps/dgst.c
+++ openssl-3.5.0/apps/dgst.c
@@ -704,12 +704,11 @@ static int do_fp_oneshot_sign(BIO *out,
{
int res, ret = EXIT_FAILURE;
size_t len = 0;
- int buflen = 0;
- int maxlen = 16 * 1024 * 1024;
+ size_t buflen = 0;
+ size_t maxlen = 16 * 1024 * 1024;
uint8_t *buf = NULL, *sig = NULL;
- buflen = bio_to_mem(&buf, maxlen, in);
- if (buflen <= 0) {
+ if (!bio_to_mem(&buf, &buflen, maxlen, in)) {
BIO_printf(bio_err, "Read error in %s\n", file);
return ret;
}
Index: openssl-3.5.0/apps/include/apps.h
===================================================================
--- openssl-3.5.0.orig/apps/include/apps.h
+++ openssl-3.5.0/apps/include/apps.h
@@ -254,7 +254,7 @@ int parse_yesno(const char *str, int def
X509_NAME *parse_name(const char *str, int chtype, int multirdn,
const char *desc);
void policies_print(X509_STORE_CTX *ctx);
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int x509_ctrl_string(X509 *x, const char *value);
int x509_req_ctrl_string(X509_REQ *x, const char *value);
Index: openssl-3.5.0/apps/lib/apps.c
===================================================================
--- openssl-3.5.0.orig/apps/lib/apps.c
+++ openssl-3.5.0/apps/lib/apps.c
@@ -49,6 +49,7 @@
#include "apps.h"
#include "internal/sockets.h" /* for openssl_fdset() */
+#include "internal/numbers.h" /* for LONG_MAX */
#include "internal/e_os.h"
#ifdef _WIN32
@@ -2059,45 +2060,45 @@ X509_NAME *parse_name(const char *cp, in
}
/*
- * Read whole contents of a BIO into an allocated memory buffer and return
- * it.
+ * Read whole contents of a BIO into an allocated memory buffer.
+ * The return value is one on success, zero on error.
+ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if
+ * the input is longer than `maxlen`, an error is returned.
+ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`.
*/
-
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in)
{
+ unsigned char tbuf[4096];
BIO *mem;
- int len, ret;
- unsigned char tbuf[1024];
+ BUF_MEM *bufm;
+ size_t sz = 0;
+ int len;
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
- return -1;
+ return 0;
for (;;) {
- if ((maxlen != -1) && maxlen < 1024)
- len = maxlen;
- else
- len = 1024;
- len = BIO_read(in, tbuf, len);
- if (len < 0) {
- BIO_free(mem);
- return -1;
- }
- if (len == 0)
+ if ((len = BIO_read(in, tbuf, 4096)) == 0)
break;
- if (BIO_write(mem, tbuf, len) != len) {
+ if (len < 0
+ || BIO_write(mem, tbuf, len) != len
+ || sz > SIZE_MAX - len
+ || ((sz += len) > maxlen && maxlen != 0)) {
BIO_free(mem);
- return -1;
+ return 0;
}
- if (maxlen != -1)
- maxlen -= len;
-
- if (maxlen == 0)
- break;
}
- ret = BIO_get_mem_data(mem, (char **)out);
- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+
+ /* So BIO_free orphans BUF_MEM */
+ (void)BIO_set_close(mem, BIO_NOCLOSE);
+ BIO_get_mem_ptr(mem, &bufm);
BIO_free(mem);
- return ret;
+ *out = (unsigned char *)bufm->data;
+ *outlen = bufm->length;
+ /* Tell BUF_MEM to orphan data */
+ bufm->data = NULL;
+ BUF_MEM_free(bufm);
+ return 1;
}
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
Index: openssl-3.5.0/apps/pkeyutl.c
===================================================================
--- openssl-3.5.0.orig/apps/pkeyutl.c
+++ openssl-3.5.0/apps/pkeyutl.c
@@ -40,7 +40,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen);
static int only_nomd(EVP_PKEY *pkey)
@@ -133,7 +133,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
OPTION_CHOICE o;
- int buf_inlen = 0, siglen = -1;
+ size_t buf_inlen = 0, siglen = 0;
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
@@ -485,31 +485,31 @@ int pkeyutl_main(int argc, char **argv)
if (sigfile != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
+ size_t maxsiglen = 16 * 1024 * 1024;
if (sigbio == NULL) {
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
goto end;
}
- siglen = bio_to_mem(&sig, keysize * 10, sigbio);
- BIO_free(sigbio);
- if (siglen < 0) {
+ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) {
+ BIO_free(sigbio);
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
+ BIO_free(sigbio);
}
/* Raw input data is handled elsewhere */
if (in != NULL && !rawin) {
/* Read the input data */
- buf_inlen = bio_to_mem(&buf_in, -1, in);
- if (buf_inlen < 0) {
+ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
if (rev) {
size_t i;
unsigned char ctmp;
- size_t l = (size_t)buf_inlen;
+ size_t l = buf_inlen;
for (i = 0; i < l / 2; i++) {
ctmp = buf_in[i];
@@ -524,7 +524,8 @@ int pkeyutl_main(int argc, char **argv)
&& (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
if (buf_inlen > EVP_MAX_MD_SIZE) {
BIO_printf(bio_err,
- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
+ "Error: The non-raw input data length %zd is too long - "
+ "max supported hashed size is %d\n",
buf_inlen, EVP_MAX_MD_SIZE);
goto end;
}
@@ -535,8 +536,8 @@ int pkeyutl_main(int argc, char **argv)
rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
NULL, 0);
} else {
- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
- buf_in, (size_t)buf_inlen);
+ rv = EVP_PKEY_verify(ctx, sig, siglen,
+ buf_in, buf_inlen);
}
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
@@ -555,8 +556,8 @@ int pkeyutl_main(int argc, char **argv)
buf_outlen = kdflen;
rv = 1;
} else {
- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
+ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen,
+ buf_in, buf_inlen, NULL, &secretlen);
}
if (rv > 0
&& (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE
@@ -567,8 +568,8 @@ int pkeyutl_main(int argc, char **argv)
if (secretlen > 0)
secret = app_malloc(secretlen, "secret output");
rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
+ buf_out, &buf_outlen,
+ buf_in, buf_inlen, secret, &secretlen);
}
}
if (rv <= 0) {
@@ -837,7 +838,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen)
{
int rv = 0;
@@ -860,7 +861,7 @@ static int do_raw_keyop(int pkey_op, EVP
BIO_printf(bio_err, "Error reading raw input data\n");
goto end;
}
- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len);
+ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len);
break;
case EVP_PKEY_OP_SIGN:
buf_len = BIO_read(in, mbuf, filesize);
@@ -894,7 +895,7 @@ static int do_raw_keyop(int pkey_op, EVP
goto end;
}
}
- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen);
+ rv = EVP_DigestVerifyFinal(mctx, sig, siglen);
break;
case EVP_PKEY_OP_SIGN:
for (;;) {

33
openssl-CVE-2025-66199.patch Normal file
View File

@@ -0,0 +1,33 @@
From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Thu, 8 Jan 2026 14:02:54 +0100
Subject: [PATCH] Check the received uncompressed certificate length to prevent
excessive pre-decompression allocation.
The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research).
Fixes: CVE-2025-66199
---
ssl/statem/statem_lib.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e0c853c0d..f82d8dcdac 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
goto err;
}
+ /* Prevent excessive pre-decompression allocation */
+ if (expected_length > sc->max_cert_list) {
+ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto err;
+ }
+
if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
goto err;
--
2.51.0

64
openssl-CVE-2025-68160.patch Normal file
View File

@@ -0,0 +1,64 @@
From 701aa270db8ad424cece68702b9bb2e05290af9b Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Wed, 7 Jan 2026 11:52:09 -0500
Subject: [PATCH] Fix heap buffer overflow in BIO_f_linebuffer
When a FIO_f_linebuffer is part of a bio chain, and the next BIO
preforms short writes, the remainder of the unwritten buffer is copied
unconditionally to the internal buffer ctx->obuf, which may not be
sufficiently sized to handle the remaining data, resulting in a buffer
overflow.
Fix it by only copying data when ctx->obuf has space, flushing to the
next BIO to increase available storage if needed.
Fixes CVE-2025-68160
---
crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
Index: openssl-3.5.0/crypto/bio/bf_lbuf.c
===================================================================
--- openssl-3.5.0.orig/crypto/bio/bf_lbuf.c
+++ openssl-3.5.0/crypto/bio/bf_lbuf.c
@@ -186,14 +186,34 @@ static int linebuffer_write(BIO *b, cons
while (foundnl && inl > 0);
/*
* We've written as much as we can. The rest of the input buffer, if
- * any, is text that doesn't and with a NL and therefore needs to be
- * saved for the next trip.
+ * any, is text that doesn't end with a NL and therefore we need to try
+ * free up some space in our obuf so we can make forward progress.
*/
- if (inl > 0) {
- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
- ctx->obuf_len += inl;
- num += inl;
+ while (inl > 0) {
+ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
+ size_t to_copy;
+
+ if (avail == 0) {
+ /* Flush buffered data to make room */
+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return num > 0 ? num : i;
+ }
+ if (i < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+ ctx->obuf_len -= i;
+ continue;
+ }
+
+ to_copy = inl > (int)avail ? avail : (size_t)inl;
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
+ ctx->obuf_len += (int)to_copy;
+ in += to_copy;
+ inl -= (int)to_copy;
+ num += (int)to_copy;
}
+
return num;
}

67
openssl-CVE-2025-69418.patch Normal file
View File

@@ -0,0 +1,67 @@
From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 8 Jan 2026 15:04:54 +0100
Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted
trailing bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When ctx->stream (e.g., AESNI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.
CVE-2025-69418
Fixes: https://github.com/openssl/srt/issues/58
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
---
crypto/modes/ocb128.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/modes/ocb128.c
===================================================================
--- openssl-3.5.0.orig/crypto/modes/ocb128.c
+++ openssl-3.5.0/crypto/modes/ocb128.c
@@ -338,7 +338,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -352,6 +352,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keyenc,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
/* Loop through all full blocks to be encrypted */
for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
@@ -430,7 +433,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -444,6 +447,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keydec,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
OCB_BLOCK tmp;

48
openssl-CVE-2025-69419.patch Normal file
View File

@@ -0,0 +1,48 @@
From 41be0f216404f14457bbf3b9cc488dba60b49296 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 11 Dec 2025 12:49:00 +0100
Subject: [PATCH] Check return code of UTF8_putc
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
---
crypto/asn1/a_strex.c | 6 ++++--
crypto/pkcs12/p12_utl.c | 5 +++++
2 files changed, 9 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/asn1/a_strex.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/a_strex.c
+++ openssl-3.5.0/crypto/asn1/a_strex.c
@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, in
orflags = CHARTYPE_LAST_ESC_2253;
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
- int utflen;
- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+
+ if (utflen < 0)
+ return -1; /* error happened with UTF8 */
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
Index: openssl-3.5.0/crypto/pkcs12/p12_utl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_utl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_utl.c
@@ -206,6 +206,11 @@ char *OPENSSL_uni2utf8(const unsigned ch
/* re-run the loop emitting UTF-8 string */
for (asclen = 0, i = 0; i < unilen; ) {
j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+ /* when UTF8_putc fails */
+ if (j < 0) {
+ OPENSSL_free(asctmp);
+ return NULL;
+ }
if (j == 4) i += 4;
else i += 2;
asclen += j;

40
openssl-CVE-2025-69420.patch Normal file
View File

@@ -0,0 +1,40 @@
From 6453d278557c8719233793730ec500c84aea55d9 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Verify ASN1 object's types before attempting to access them
as a particular type
Issue was reported in ossl_ess_get_signing_cert but is also present in
ossl_ess_get_signing_cert_v2.
Fixes: https://github.com/openssl/srt/issues/61
Fixes CVE-2025-69420
---
crypto/ts/ts_rsp_verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 3876e30f47..40dab687d1 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
@@ -221,7 +221,7 @@ static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
--
2.51.0

28
openssl-CVE-2025-69421.patch Normal file
View File

@@ -0,0 +1,28 @@
From 0a2ecb95993b588d2156dd6527459cc3983aabd5 Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 8 Jan 2026 01:24:30 +0900
Subject: [PATCH] Add NULL check to PKCS12_item_decrypt_d2i_ex
Address CVE-2025-69421
Add NULL check for oct parameter
---
crypto/pkcs12/p12_decr.c | 5 +++++
1 file changed, 5 insertions(+)
Index: openssl-3.5.0/crypto/pkcs12/p12_decr.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_decr.c
+++ openssl-3.5.0/crypto/pkcs12/p12_decr.c
@@ -143,6 +143,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X
void *ret;
int outlen = 0;
+ if (oct == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0, libctx, propq))
return NULL;

71
openssl-CVE-2026-22795.patch Normal file
View File

@@ -0,0 +1,71 @@
From 572844beca95068394c916626a6d3a490f831a49 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Ensure ASN1 types are checked before use.
Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
---
apps/s_client.c | 3 ++-
crypto/pkcs12/p12_kiss.c | 10 ++++++++--
crypto/pkcs7/pk7_doit.c | 2 ++
3 files changed, 12 insertions(+), 3 deletions(-)
Index: openssl-3.5.0/apps/s_client.c
===================================================================
--- openssl-3.5.0.orig/apps/s_client.c
+++ openssl-3.5.0/apps/s_client.c
@@ -2834,8 +2834,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
atyp = ASN1_generate_nconf(genstr, cnf);
- if (atyp == NULL) {
+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
goto end;
}
Index: openssl-3.5.0/crypto/pkcs12/p12_kiss.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_kiss.c
+++ openssl-3.5.0/crypto/pkcs12/p12_kiss.c
@@ -197,11 +197,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
+ if (attrib->type != V_ASN1_BMPSTRING)
+ return 0;
fname = attrib->value.bmpstring;
+ }
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
+ if (attrib->type != V_ASN1_OCTET_STRING)
+ return 0;
lkid = attrib->value.octet_string;
+ }
switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
Index: openssl-3.5.0/crypto/pkcs7/pk7_doit.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs7/pk7_doit.c
+++ openssl-3.5.0/crypto/pkcs7/pk7_doit.c
@@ -1228,6 +1228,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_att
ASN1_TYPE *astype;
if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
return NULL;
+ if (astype->type != V_ASN1_OCTET_STRING)
+ return NULL;
return astype->value.octet_string;
}

29
openssl3-CVE-2025-9230.patch Normal file
View File

@@ -0,0 +1,29 @@
From eb7ca9504a1b9ba7ed50140fc5b81e1e5e9adf59 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 11 Sep 2025 18:10:12 +0200
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
Fixes CVE-2025-9230
The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.
---
crypto/cms/cms_pwri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 106bd98dc7..ba8646f93c 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
- if (inlen < (size_t)(tmp[0] - 4)) {
+ if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}
--
2.51.0

46
openssl3-CVE-2025-9231.patch Normal file
View File

@@ -0,0 +1,46 @@
From d874cbd603bb1b254cfe212797f18fc7cdb7cc52 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:40:34 +0200
Subject: [PATCH] SM2: Use constant time modular inversion
Fixes CVE-2025-9231
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/ec/ecp_sm2p256.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c
index aabe74b6e4..d75230a651 100644
--- a/crypto/ec/ecp_sm2p256.c
+++ b/crypto/ec/ecp_sm2p256.c
@@ -747,7 +747,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ec_GFp_simple_point_copy,
ossl_ec_GFp_simple_point_set_to_infinity,
ossl_ec_GFp_simple_point_set_affine_coordinates,
- ecp_sm2p256_get_affine,
+ ossl_ec_GFp_simple_point_get_affine_coordinates,
0, 0, 0,
ossl_ec_GFp_simple_add,
ossl_ec_GFp_simple_dbl,
@@ -763,7 +763,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ecp_sm2p256_field_mul,
ecp_sm2p256_field_sqr,
0 /* field_div */,
- 0 /* field_inv */,
+ ossl_ec_GFp_simple_field_inv,
0 /* field_encode */,
0 /* field_decode */,
0 /* field_set_to_one */,
@@ -779,7 +779,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ecdsa_simple_sign_setup,
ossl_ecdsa_simple_sign_sig,
ossl_ecdsa_simple_verify_sig,
- ecp_sm2p256_inv_mod_ord,
+ 0, /* use constanttime fallback for inverse mod order */
0, /* blind_coordinates */
0, /* ladder_pre */
0, /* ladder_step */
--
2.51.0

28
openssl3-CVE-2025-9232.patch Normal file
View File

@@ -0,0 +1,28 @@
From b8427e03e06c5ffde63f2231b7c0663b4c2510cd Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:43:55 +0200
Subject: [PATCH] use_proxy(): Add missing terminating NUL byte
Fixes CVE-2025-9232
There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/http/http_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index fcf8a69e07..022b8c194c 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server)
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
+ host[sl] = '\0';
server = host;
}
--
2.51.0