pool/openssl-3
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-1.2
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 testing:main testing:factory
..
compare: testing:main
Branches Tags
testing:main testing:factory pool:factory pool:slfo-main pool:slfo-1.2

3 Commits
slfo-1.2 ... main

Author SHA256 Message Date
Daniel Garcia
5f909683e2 Merge pull request 'Factory' (#1) from factory into main 2025-10-08 12:57:06 +02:00
Ana Guerrero
00ea7ab7f6 Accepting request 1305335 from security:tls 
- Update to 3.5.3:
  * Added FIPS 140-3 PCT on DH key generation.
  * Fixed the synthesised OPENSSL_VERSION_NUMBER.
- Rebase patches:
  * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
  * openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
  * openssl-FIPS-limit-rsa-encrypt.patch

OBS-URL: https://build.opensuse.org/request/show/1305335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl-3?expand=0&rev=46
 2025-09-18 19:07:54 +00:00
Pedro Monreal Gonzalez
f6c710bc56 - Update to 3.5.3: 
* Added FIPS 140-3 PCT on DH key generation.
  * Fixed the synthesised OPENSSL_VERSION_NUMBER.
- Rebase patches:
  * openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
  * openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
  * openssl-FIPS-limit-rsa-encrypt.patch

OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=155
 2025-09-17 09:11:46 +00:00
36 changed files with 404 additions and 2003 deletions
Expand all files Collapse all files

BIN
openssl-3.5.0.tar.gz LFS
View File

Binary file not shown.

16
openssl-3.5.0.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmf1ITQACgkQIWCU39DL
ge+kyhAAjicxaMPBhcQqgnp3RyZhf4hOwVEzkUu3ouEjdIccz8NMxwV4Kf298ivL
DHF/0HZQuHzIjcO/vQLLG66XCeiS0bDDIxEj457iYDr/lbWvGOqKgH+e5u7fo4iG
f3aRZ/ACVuFXQ9LWjtR0M15HGJ/fKCCJQgIFwZ103tz4ptO6PBtUFK3PNGUpVjbV
00oJ0msl2NDwrKpymVNKp9gXva7RfzIggPDl6MC80m54T7aruXhqur4dxkcyD+pa
WmYKd4659jhCHRlXGZzz8XcLUsa3gQzP8W2RIqMZY8hdaaGnPEZY942s7KwRsdq0
Blr54GBTpK8TLAUfBuFkFejS5bSbGsCGgAt9lP8ZkscRiG5tGdBYV/KUcOD7a1Xa
VnsLlePtWlJGAWZt54JhQz5/dQtI51xJmhzbcHB5mTtDY0SZ7EnHNgTo1UY4cZZd
sI3QhEgCOEh9UCMBQrxpaR9+chFaTd4hlYfbJAZgfI6XZyx8uSvngl3K/22anJmR
Js1q8sE0G4hbtaSM5YecdX+RAMAwfujwqDY6BEM032kAO9eGe0PEnCRC8b23bRxF
Vqmuwv7VpUMxCjo0k5GUC4Bj502r3H9ArPTVTI/E9Elhrc2jGfrU6bPdMmaz3qAi
nKMjtRtsg81LwSlxg2ypi2L+liv6md2QkaQswMS6k+JGRaR5sVc=
=pAni
-----END PGP SIGNATURE-----

BIN
openssl-3.5.3.tar.gz LFS Normal file
View File

Binary file not shown.

16
openssl-3.5.3.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmjJU0kACgkQIWCU39DL
ge+Wrw//b+8N4fLG4Q914hf8n76oRNROq7Z0Y4vY9oZPIb828YrMwg9DsTmyv0/f
BJw7tnrch0e0FA2T8evBwrnER2rcjRLq6g8m84uMV//Ok/FI11fqN0Wph/0wnwo1
PBjjd5fehaU6bSnwbZTLIxYvN9EOoVvP2DRNnYUlTWzvDd0s+3IZIBU5fIbdfRN3
knFqNojcJES5JXr736BUZUH0axrlzQikNU/HTfzihPrVK5G/zl2ywOBijUi7lWJO
WP6t8YRKwvkQllijo9jE8cstpTDqxvuOKJa2FZjeJovNugxSRMDQCtCdsIklVLY9
IusJsO3mmcnQzxRIJkfi5n49A8Hb4QRD63yUc74U4BBXrSr1QjzrThzFfYg8TJnb
h+mOerfV/I6A7jUXGSu1TAJpwJ7KoFAD2vvzk+U2+A93UZyjSZAHdMHsv61mpV0X
ObnDsTiR5wl/y2NfH9KjvSz/ur1RCB50YNq3dbdaMXJUDY7j00t9W3RgAeotXxyL
dzXyFd4ZyE2J3A7l8bi7uES9DvQ8TlUeC2q/EjoeXreauN9Upj9bwgGE/mUwoUwT
Pf1ZY6465KE5i54utbMswui9wEfRR0vKlHe+hJ+ycUVl36fY7nXpOwJKVKbPjoMd
2LO3ywmPxO3hUx2UXdPynZwxtkMdE+SAqGsvXP7WElzmEgd7WE0=
=KeII
-----END PGP SIGNATURE-----

82
openssl-3.changes
View File

@@ -1,51 +1,26 @@
-------------------------------------------------------------------
Tue Jan 27 14:04:21 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
Wed Sep 17 00:56:31 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- Update to 3.5.3:
* Added FIPS 140-3 PCT on DH key generation.
* Fixed the synthesised OPENSSL_VERSION_NUMBER.
- Rebase patches:
* openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
* openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
* openssl-FIPS-limit-rsa-encrypt.patch
-------------------------------------------------------------------
Tue Sep 30 23:12:01 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- Security fix: [bsc#1250233 CVE-2025-9231]
* Fix timing side-channel in SM2 algorithm on 64 bit ARM
* Add patch openssl3-CVE-2025-9231.patch
- Security fix: [bsc#1250234 CVE-2025-9232]
* Fix out-of-bounds read in HTTP client no_proxy handling
* Add patch openssl3-CVE-2025-9232.patch
-------------------------------------------------------------------
Sun Aug 17 23:56:37 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
Tue Aug 5 16:34:57 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.5.2:
* Miscellaneous minor bug fixes.
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
- Rebase patches:
* openssl-FIPS-140-3-keychecks.patch
* openssl-FIPS-NO-DES-support.patch
* openssl-FIPS-enforce-EMS-support.patch
* openssl-disable-fipsinstall.patch
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
@@ -54,6 +29,27 @@ Wed Jul 30 09:17:24 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
- Disable LTO for userspace livepatching [jsc#PED-13245]
-------------------------------------------------------------------
Mon Jul 28 07:45:23 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Use termios instead of obsolete termio
-------------------------------------------------------------------
Mon Jul 7 13:33:21 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.5.1:
* Fix x509 application adds trusted use instead of rejected use.
[bsc#1243564, CVE-2025-4575]
- Remove patches:
* openssl-Fix-P384-on-P8-targets.patch
* openssl-CVE-2025-4575.patch
- Rebase patches:
* openssl-Allow-disabling-of-SHA1-signatures.patch
* openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
* openssl-FIPS-NO-DES-support.patch
- Fix a bogus warning caused by -Wfree-nonheap-object
* Add patch openssl-Fix-Wfree-nonheap-object-warning.patch
-------------------------------------------------------------------
Thu May 29 06:46:14 UTC 2025 - Pedro Monreal <pmonreal@suse.com>

48
openssl-3.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package openssl-3
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2025 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -38,7 +38,7 @@
%define livepatchable 1
Name: openssl-3
Version: 3.5.0
Version: 3.5.3
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
@@ -124,45 +124,11 @@ Patch42: openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
Patch43: openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# PATCH-FIX-FEDORA FIPS: Fix the speed command in FIPS mode for KMAC
Patch44: openssl-FIPS-Fix-openssl-speed-KMAC.patch
# PATCH-FIX-UPSTREAM bsc#1243564 CVE-2025-4575 The x509 application adds trusted use instead of rejected use
Patch45: openssl-CVE-2025-4575.patch
# PATCH-FIX-UPSTREAM bsc#1243014 Fix P-384 curve on lower-than-P9 PPC64 targets
Patch46: openssl-Fix-P384-on-P8-targets.patch
# PATCH-FIX-UPSTREAM bsc#1250232 CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK Unwrap
Patch47: openssl3-CVE-2025-9230.patch
# PATCH-FIX-UPSTREAM bsc#1250233 CVE-2025-9231: Fix timing side-channel in SM2 algorithm on 64 bit ARM
Patch48: openssl3-CVE-2025-9231.patch
# PATCH-FIX-UPSTREAM bsc#1250234 CVE-2025-9232: Fix out-of-bounds read in HTTP client no_proxy handling
Patch49: openssl3-CVE-2025-9232.patch
# PATCH-FIX-UPSTREAM bsc#1256839 CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing
# PATCH-FIX-UPSTREAM bsc#1256840 CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
Patch50: openssl-CVE-2026-22795.patch
# PATCH-FIX-UPSTREAM bsc#1256837 CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Patch51: openssl-CVE-2025-69420.patch
# PATCH-FIX-UPSTREAM bsc#1256838 CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Patch52: openssl-CVE-2025-69421.patch
# PATCH-FIX-UPSTREAM bsc#1256836 CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 function
Patch53: openssl-CVE-2025-69419.patch
# PATCH-FIX-UPSTREAM bsc#1256833 CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation
Patch54: openssl-CVE-2025-66199.patch
# PATCH-FIX-UPSTREAM bsc#1256834 CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes
Patch55: openssl-CVE-2025-68160.patch
# PATCH-FIX-UPSTREAM bsc#1256835 CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
Patch56: openssl-CVE-2025-69418.patch
# PATCH-FIX-UPSTREAM bsc#1256832 CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
Patch57: openssl-CVE-2024-15469.patch
# PATCH-FIX-UPSTREAM bsc#1256830 CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing
Patch58: openssl-CVE-2025-15467.patch
Patch59: openssl-CVE-2025-15467-comments.patch
Patch60: openssl-CVE-2025-15467-test.patch
# PATCH-FIX-UPSTREAM bsc#1256829 CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
Patch61: openssl-CVE-2025-11187.patch
#Patch62: openssl-CVE-2024-11187-testcase.patch
#Patch63: openssl-CVE-2025-11187-malformed-testcase.patch
# PATCH-FIX-UPSTREAM bsc#1256831 CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Patch64: openssl-CVE-2025-15468.patch
# PATCH-FIX-SUSE Fix a bogus warning caused by -Wfree-nonheap-object
Patch45: openssl-Fix-Wfree-nonheap-object-warning.patch
# ulp-macros is available according to SUSE version.
%ifarch x86_64 || ppc64le
%ifarch x86_64
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
BuildRequires: ulp-macros
%endif
@@ -286,7 +252,7 @@ export MACHINE=armv6l
-Wa,--noexecstack \
-Wl,-z,relro,-z,now \
-fno-common \
-DTERMIO \
-DTERMIOS \
-DPURIFY \
-D_GNU_SOURCE \
-DOPENSSL_PEDANTIC_ZEROIZATION \

118
openssl-Allow-disabling-of-SHA1-signatures.patch
View File

@@ -1,7 +1,7 @@
Index: openssl-3.5.0/crypto/context.c
Index: openssl-3.5.1/crypto/context.c
===================================================================
--- openssl-3.5.0.orig/crypto/context.c
+++ openssl-3.5.0/crypto/context.c
--- openssl-3.5.1.orig/crypto/context.c
+++ openssl-3.5.1/crypto/context.c
@@ -85,6 +85,8 @@ struct ossl_lib_ctx_st {
#endif
STACK_OF(SSL_COMP) *comp_methods;
@@ -35,7 +35,7 @@ Index: openssl-3.5.0/crypto/context.c
static void context_deinit_objs(OSSL_LIB_CTX *ctx);
static int context_init(OSSL_LIB_CTX *ctx)
@@ -235,6 +256,10 @@ static int context_init(OSSL_LIB_CTX *ct
@@ -235,6 +254,10 @@ static int context_init(OSSL_LIB_CTX *ct
goto err;
#endif
@@ -46,7 +46,7 @@ Index: openssl-3.5.0/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
@@ -382,6 +407,11 @@ static void context_deinit_objs(OSSL_LIB
@@ -382,6 +405,11 @@ static void context_deinit_objs(OSSL_LIB
}
#endif
@@ -58,7 +58,7 @@ Index: openssl-3.5.0/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
@@ -660,6 +690,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
@@ -660,6 +688,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
case OSSL_LIB_CTX_COMP_METHODS:
return (void *)&ctx->comp_methods;
@@ -68,7 +68,7 @@ Index: openssl-3.5.0/crypto/context.c
default:
return NULL;
}
@@ -714,3 +747,44 @@ void OSSL_LIB_CTX_set_conf_diagnostics(O
@@ -714,3 +745,44 @@ void OSSL_LIB_CTX_set_conf_diagnostics(O
return;
libctx->conf_diagnostics = value;
}
@@ -113,10 +113,10 @@ Index: openssl-3.5.0/crypto/context.c
+ ldsigs->allowed = allow;
+ return 1;
+}
Index: openssl-3.5.0/crypto/evp/evp_cnf.c
Index: openssl-3.5.1/crypto/evp/evp_cnf.c
===================================================================
--- openssl-3.5.0.orig/crypto/evp/evp_cnf.c
+++ openssl-3.5.0/crypto/evp/evp_cnf.c
--- openssl-3.5.1.orig/crypto/evp/evp_cnf.c
+++ openssl-3.5.1/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
@@ -144,10 +144,10 @@ Index: openssl-3.5.0/crypto/evp/evp_cnf.c
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
Index: openssl-3.5.0/crypto/evp/m_sigver.c
Index: openssl-3.5.1/crypto/evp/m_sigver.c
===================================================================
--- openssl-3.5.0.orig/crypto/evp/m_sigver.c
+++ openssl-3.5.0/crypto/evp/m_sigver.c
--- openssl-3.5.1.orig/crypto/evp/m_sigver.c
+++ openssl-3.5.1/crypto/evp/m_sigver.c
@@ -15,6 +15,7 @@
#include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
@@ -156,7 +156,7 @@ Index: openssl-3.5.0/crypto/evp/m_sigver.c
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
@@ -251,6 +252,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -320,6 +321,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
}
}
@@ -173,12 +173,12 @@ Index: openssl-3.5.0/crypto/evp/m_sigver.c
+ }
+
if (ver) {
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
Index: openssl-3.5.0/crypto/evp/pmeth_lib.c
if (ctx->pctx->pmeth->verifyctx_init) {
if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
Index: openssl-3.5.1/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-3.5.0.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.5.0/crypto/evp/pmeth_lib.c
--- openssl-3.5.1.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.5.1/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
@@ -187,7 +187,7 @@ Index: openssl-3.5.0/crypto/evp/pmeth_lib.c
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -954,6 +955,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
@@ -963,6 +964,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
return -2;
}
@@ -208,10 +208,10 @@ Index: openssl-3.5.0/crypto/evp/pmeth_lib.c
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
Index: openssl-3.5.0/doc/man5/config.pod
Index: openssl-3.5.1/doc/man5/config.pod
===================================================================
--- openssl-3.5.0.orig/doc/man5/config.pod
+++ openssl-3.5.0/doc/man5/config.pod
--- openssl-3.5.1.orig/doc/man5/config.pod
+++ openssl-3.5.1/doc/man5/config.pod
@@ -315,6 +315,21 @@ Within the algorithm properties section,
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
@@ -234,10 +234,10 @@ Index: openssl-3.5.0/doc/man5/config.pod
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
Index: openssl-3.5.0/include/crypto/context.h
Index: openssl-3.5.1/include/crypto/context.h
===================================================================
--- openssl-3.5.0.orig/include/crypto/context.h
+++ openssl-3.5.0/include/crypto/context.h
--- openssl-3.5.1.orig/include/crypto/context.h
+++ openssl-3.5.1/include/crypto/context.h
@@ -48,3 +48,11 @@ void ossl_release_default_drbg_ctx(void)
#if defined(OPENSSL_THREADS)
void ossl_threads_ctx_free(void *);
@@ -250,10 +250,10 @@ Index: openssl-3.5.0/include/crypto/context.h
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+#endif
+
Index: openssl-3.5.0/include/internal/cryptlib.h
Index: openssl-3.5.1/include/internal/cryptlib.h
===================================================================
--- openssl-3.5.0.orig/include/internal/cryptlib.h
+++ openssl-3.5.0/include/internal/cryptlib.h
--- openssl-3.5.1.orig/include/internal/cryptlib.h
+++ openssl-3.5.1/include/internal/cryptlib.h
@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
# define OSSL_LIB_CTX_COMP_METHODS 21
@@ -264,10 +264,10 @@ Index: openssl-3.5.0/include/internal/cryptlib.h
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
Index: openssl-3.5.0/include/internal/sslconf.h
Index: openssl-3.5.1/include/internal/sslconf.h
===================================================================
--- openssl-3.5.0.orig/include/internal/sslconf.h
+++ openssl-3.5.0/include/internal/sslconf.h
--- openssl-3.5.1.orig/include/internal/sslconf.h
+++ openssl-3.5.1/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name,
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
@@ -277,20 +277,20 @@ Index: openssl-3.5.0/include/internal/sslconf.h
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
Index: openssl-3.5.0/providers/common/include/prov/securitycheck.h
Index: openssl-3.5.1/providers/common/include/prov/securitycheck.h
===================================================================
--- openssl-3.5.0.orig/providers/common/include/prov/securitycheck.h
+++ openssl-3.5.0/providers/common/include/prov/securitycheck.h
--- openssl-3.5.1.orig/providers/common/include/prov/securitycheck.h
+++ openssl-3.5.1/providers/common/include/prov/securitycheck.h
@@ -37,3 +37,5 @@ int ossl_digest_get_approved_nid(const E
/* Functions that have different implementations for the FIPS_MODULE */
int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md);
int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx);
+
+int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid);
Index: openssl-3.5.0/providers/common/securitycheck.c
Index: openssl-3.5.1/providers/common/securitycheck.c
===================================================================
--- openssl-3.5.0.orig/providers/common/securitycheck.c
+++ openssl-3.5.0/providers/common/securitycheck.c
--- openssl-3.5.1.orig/providers/common/securitycheck.c
+++ openssl-3.5.1/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
@@ -316,10 +316,10 @@ Index: openssl-3.5.0/providers/common/securitycheck.c
+
+ return mdnid;
+}
Index: openssl-3.5.0/providers/common/securitycheck_default.c
Index: openssl-3.5.1/providers/common/securitycheck_default.c
===================================================================
--- openssl-3.5.0.orig/providers/common/securitycheck_default.c
+++ openssl-3.5.0/providers/common/securitycheck_default.c
--- openssl-3.5.1.orig/providers/common/securitycheck_default.c
+++ openssl-3.5.1/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
@@ -328,10 +328,10 @@ Index: openssl-3.5.0/providers/common/securitycheck_default.c
/* Disable the security checks in the default provider */
int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx)
Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c
Index: openssl-3.5.1/providers/implementations/signature/dsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/dsa_sig.c
--- openssl-3.5.1.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/dsa_sig.c
@@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -340,10 +340,10 @@ Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c
if (md == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.1.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c
@@ -197,13 +197,16 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
goto err;
}
@@ -362,10 +362,10 @@ Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
/* XOF digests don't work */
if (EVP_MD_xof(md)) {
ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c
Index: openssl-3.5.1/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/rsa_sig.c
--- openssl-3.5.1.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/rsa_sig.c
@@ -26,6 +26,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
@@ -419,10 +419,10 @@ Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
Index: openssl-3.5.0/ssl/t1_lib.c
Index: openssl-3.5.1/ssl/t1_lib.c
===================================================================
--- openssl-3.5.0.orig/ssl/t1_lib.c
+++ openssl-3.5.0/ssl/t1_lib.c
--- openssl-3.5.1.orig/ssl/t1_lib.c
+++ openssl-3.5.1/ssl/t1_lib.c
@@ -21,6 +21,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -431,7 +431,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -2176,6 +2177,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2178,6 +2179,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
EVP_PKEY *tmpkey = EVP_PKEY_new();
int istls;
int ret = 0;
@@ -439,7 +439,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
if (ctx == NULL)
goto err;
@@ -2193,6 +2195,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2195,6 +2197,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
goto err;
ERR_set_mark();
@@ -447,7 +447,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
/* First fill cache and tls12_sigalgs list from legacy algorithm list */
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
@@ -2213,6 +2216,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2215,6 +2218,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[i].available = 0;
continue;
}
@@ -459,10 +459,10 @@ Index: openssl-3.5.0/ssl/t1_lib.c
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].available = 0;
Index: openssl-3.5.0/util/libcrypto.num
Index: openssl-3.5.1/util/libcrypto.num
===================================================================
--- openssl-3.5.0.orig/util/libcrypto.num
+++ openssl-3.5.0/util/libcrypto.num
--- openssl-3.5.1.orig/util/libcrypto.num
+++ openssl-3.5.1/util/libcrypto.num
@@ -5925,3 +5925,5 @@ OSSL_AA_DIST_POINT_free
OSSL_AA_DIST_POINT_new 6052 3_5_0 EXIST::FUNCTION:
OSSL_AA_DIST_POINT_it 6053 3_5_0 EXIST::FUNCTION:

39
openssl-CVE-2024-11187-testcase.patch
View File

@@ -1,39 +0,0 @@
From a749dcdb7c944c18af8bf1ce3bd2dbe38e5dcb68 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 8 Jan 2026 15:25:18 +0100
Subject: [PATCH] Add testcase for PKCS12 with invalid PBMAC1 key length
---
test/recipes/80-test_pkcs12.t | 10 +++++++---
.../pbmac1_256_256.bad-len.p12 | Bin 0 -> 2702 bytes
2 files changed, 7 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12
Index: openssl-3.5.0/test/recipes/80-test_pkcs12.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_pkcs12.t
+++ openssl-3.5.0/test/recipes/80-test_pkcs12.t
@@ -56,7 +56,7 @@ $ENV{OPENSSL_WIN32_UTF8}=1;
my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-plan tests => $no_fips ? 47 : 53;
+plan tests => $no_fips ? 53 : 59;
# Test different PKCS#12 formats
ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
@@ -235,8 +235,12 @@ unless ($no_fips) {
}
}
-# Test pbmac1 pkcs12 bad files, RFC 9579
-for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12")
+# Test pbmac1 pkcs12 bad files, RFC 9579 and CVE-2025-11187
+for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12",
+ "pbmac1_256_256.no-len.p12", "pbmac1_256_256.bad-len.p12",
+ "pbmac1_256_256.bad-salt-type.p12", "pbmac1_256_256.negative-len.p12",
+ "pbmac1_256_256.no-salt.p12", "pbmac1_256_256.very-big-len.p12",
+ "pbmac1_256_256.zero-len.p12")
{
my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file);
with({ exit_checker => sub { return shift == 1; } },

267
openssl-CVE-2024-15469.patch
View File

@@ -1,267 +0,0 @@
From ef48810aafdc3b8c6c4a85e52314caeec0cb596c Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Wed, 7 Jan 2026 01:21:58 +1100
Subject: [PATCH] Report truncation in oneshot `openssl dgst -sign`
Previously input was silently truncated at 16MB, now if the input is
longer than limit, an error is reported.
The bio_to_mem() apps helper function was changed to return 0 or 1,
and return the size of the result via an output size_t pointer.
Fixes CVE-2025-15469
---
apps/dgst.c | 7 +++---
apps/include/apps.h | 2 +-
apps/lib/apps.c | 55 +++++++++++++++++++++++----------------------
apps/pkeyutl.c | 36 ++++++++++++++---------------
4 files changed, 50 insertions(+), 50 deletions(-)
Index: openssl-3.5.0/apps/dgst.c
===================================================================
--- openssl-3.5.0.orig/apps/dgst.c
+++ openssl-3.5.0/apps/dgst.c
@@ -704,12 +704,11 @@ static int do_fp_oneshot_sign(BIO *out,
{
int res, ret = EXIT_FAILURE;
size_t len = 0;
- int buflen = 0;
- int maxlen = 16 * 1024 * 1024;
+ size_t buflen = 0;
+ size_t maxlen = 16 * 1024 * 1024;
uint8_t *buf = NULL, *sig = NULL;
- buflen = bio_to_mem(&buf, maxlen, in);
- if (buflen <= 0) {
+ if (!bio_to_mem(&buf, &buflen, maxlen, in)) {
BIO_printf(bio_err, "Read error in %s\n", file);
return ret;
}
Index: openssl-3.5.0/apps/include/apps.h
===================================================================
--- openssl-3.5.0.orig/apps/include/apps.h
+++ openssl-3.5.0/apps/include/apps.h
@@ -254,7 +254,7 @@ int parse_yesno(const char *str, int def
X509_NAME *parse_name(const char *str, int chtype, int multirdn,
const char *desc);
void policies_print(X509_STORE_CTX *ctx);
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int x509_ctrl_string(X509 *x, const char *value);
int x509_req_ctrl_string(X509_REQ *x, const char *value);
Index: openssl-3.5.0/apps/lib/apps.c
===================================================================
--- openssl-3.5.0.orig/apps/lib/apps.c
+++ openssl-3.5.0/apps/lib/apps.c
@@ -49,6 +49,7 @@
#include "apps.h"
#include "internal/sockets.h" /* for openssl_fdset() */
+#include "internal/numbers.h" /* for LONG_MAX */
#include "internal/e_os.h"
#ifdef _WIN32
@@ -2059,45 +2060,45 @@ X509_NAME *parse_name(const char *cp, in
}
/*
- * Read whole contents of a BIO into an allocated memory buffer and return
- * it.
+ * Read whole contents of a BIO into an allocated memory buffer.
+ * The return value is one on success, zero on error.
+ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if
+ * the input is longer than `maxlen`, an error is returned.
+ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`.
*/
-
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in)
{
+ unsigned char tbuf[4096];
BIO *mem;
- int len, ret;
- unsigned char tbuf[1024];
+ BUF_MEM *bufm;
+ size_t sz = 0;
+ int len;
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
- return -1;
+ return 0;
for (;;) {
- if ((maxlen != -1) && maxlen < 1024)
- len = maxlen;
- else
- len = 1024;
- len = BIO_read(in, tbuf, len);
- if (len < 0) {
- BIO_free(mem);
- return -1;
- }
- if (len == 0)
+ if ((len = BIO_read(in, tbuf, 4096)) == 0)
break;
- if (BIO_write(mem, tbuf, len) != len) {
+ if (len < 0
+ || BIO_write(mem, tbuf, len) != len
+ || sz > SIZE_MAX - len
+ || ((sz += len) > maxlen && maxlen != 0)) {
BIO_free(mem);
- return -1;
+ return 0;
}
- if (maxlen != -1)
- maxlen -= len;
-
- if (maxlen == 0)
- break;
}
- ret = BIO_get_mem_data(mem, (char **)out);
- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+
+ /* So BIO_free orphans BUF_MEM */
+ (void)BIO_set_close(mem, BIO_NOCLOSE);
+ BIO_get_mem_ptr(mem, &bufm);
BIO_free(mem);
- return ret;
+ *out = (unsigned char *)bufm->data;
+ *outlen = bufm->length;
+ /* Tell BUF_MEM to orphan data */
+ bufm->data = NULL;
+ BUF_MEM_free(bufm);
+ return 1;
}
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
Index: openssl-3.5.0/apps/pkeyutl.c
===================================================================
--- openssl-3.5.0.orig/apps/pkeyutl.c
+++ openssl-3.5.0/apps/pkeyutl.c
@@ -40,7 +40,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen);
static int only_nomd(EVP_PKEY *pkey)
@@ -133,7 +133,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
OPTION_CHOICE o;
- int buf_inlen = 0, siglen = -1;
+ size_t buf_inlen = 0, siglen = 0;
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
@@ -485,31 +485,31 @@ int pkeyutl_main(int argc, char **argv)
if (sigfile != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
+ size_t maxsiglen = 16 * 1024 * 1024;
if (sigbio == NULL) {
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
goto end;
}
- siglen = bio_to_mem(&sig, keysize * 10, sigbio);
- BIO_free(sigbio);
- if (siglen < 0) {
+ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) {
+ BIO_free(sigbio);
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
+ BIO_free(sigbio);
}
/* Raw input data is handled elsewhere */
if (in != NULL && !rawin) {
/* Read the input data */
- buf_inlen = bio_to_mem(&buf_in, -1, in);
- if (buf_inlen < 0) {
+ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
if (rev) {
size_t i;
unsigned char ctmp;
- size_t l = (size_t)buf_inlen;
+ size_t l = buf_inlen;
for (i = 0; i < l / 2; i++) {
ctmp = buf_in[i];
@@ -524,7 +524,8 @@ int pkeyutl_main(int argc, char **argv)
&& (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
if (buf_inlen > EVP_MAX_MD_SIZE) {
BIO_printf(bio_err,
- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
+ "Error: The non-raw input data length %zd is too long - "
+ "max supported hashed size is %d\n",
buf_inlen, EVP_MAX_MD_SIZE);
goto end;
}
@@ -535,8 +536,8 @@ int pkeyutl_main(int argc, char **argv)
rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
NULL, 0);
} else {
- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
- buf_in, (size_t)buf_inlen);
+ rv = EVP_PKEY_verify(ctx, sig, siglen,
+ buf_in, buf_inlen);
}
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
@@ -555,8 +556,8 @@ int pkeyutl_main(int argc, char **argv)
buf_outlen = kdflen;
rv = 1;
} else {
- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
+ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen,
+ buf_in, buf_inlen, NULL, &secretlen);
}
if (rv > 0
&& (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE
@@ -567,8 +568,8 @@ int pkeyutl_main(int argc, char **argv)
if (secretlen > 0)
secret = app_malloc(secretlen, "secret output");
rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
+ buf_out, &buf_outlen,
+ buf_in, buf_inlen, secret, &secretlen);
}
}
if (rv <= 0) {
@@ -837,7 +838,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen)
{
int rv = 0;
@@ -860,7 +861,7 @@ static int do_raw_keyop(int pkey_op, EVP
BIO_printf(bio_err, "Error reading raw input data\n");
goto end;
}
- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len);
+ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len);
break;
case EVP_PKEY_OP_SIGN:
buf_len = BIO_read(in, mbuf, filesize);
@@ -894,7 +895,7 @@ static int do_raw_keyop(int pkey_op, EVP
goto end;
}
}
- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen);
+ rv = EVP_DigestVerifyFinal(mctx, sig, siglen);
break;
case EVP_PKEY_OP_SIGN:
for (;;) {

333
openssl-CVE-2025-11187-malformed-testcase.patch
View File

@@ -1,333 +0,0 @@
From ed778fcfb24d7623e7b2ce9beee4af9243767402 Mon Sep 17 00:00:00 2001
From: Alicja Kario <hkario@redhat.com>
Date: Thu, 8 Jan 2026 19:31:42 +0100
Subject: [PATCH] Additional PKCS12 PBMAC1 malformed testcase files
---
.../pbmac1_256_256.bad-len.p12 | Bin 2702 -> 2703 bytes
.../pbmac1_256_256.bad-salt-type.p12 | Bin 0 -> 2702 bytes
.../pbmac1_256_256.negative-len.p12 | Bin 0 -> 2703 bytes
.../pbmac1_256_256.no-salt.p12 | Bin 0 -> 2692 bytes
.../pbmac1_256_256.very-big-len.p12 | Bin 0 -> 2711 bytes
.../pbmac1_256_256.zero-len.p12 | Bin 0 -> 2702 bytes
6 files changed, 0 insertions(+), 0 deletions(-)
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12
create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-len.p12
index 7548d0f29edd967854aa1a7c9e3a02a09e856f6d..a1acf2fc21b1cb17b40911f7dd126b48c91d50a7 100644
GIT binary patch
delta 69
zcmeAZ?H6S+XyWSL$imBITx*bL;KjzN)#lOmotKf7&%o9|7s2H*P+;N6cek<Fpl4Xj
Q#KghC#Kg!j*_q2508~8>eE<Le
delta 68
zcmeAd?Gt4&XyWSH$imBIRAZ29;K|0R)#lOmotKf7&%nk&2f^hrkZ0k@cek<Fpl4Xj
P#KghC#OOcSh07ZNMgtGS
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt-type.p12
new file mode 100644
index 0000000000000000000000000000000000000000..7f4e1e89ca5c24de74e601dea8f62f68d43c33f8
GIT binary patch
literal 2702
zcmai$c{J3E8^+C;8AJBvTEdKFh|t&CW$ZEbB}?3DkbP%DN@NV#mE7#R30({tLdIUv
zLLv7KWy>y%>?7Olx12h^-#_<{_q^wMp7)&hzt4F90!uO&#0U^rpfG0Hc;omzHV_l2
zguuKDAuw+O1ZEmQfVlpQU?l{I?RU!x3}X1cjDIE|z~P60vH_-m%umS*2t(jnm3$j+
z{xu<BFq{Ekg~9*x4a^K>07PKSF7d`74@L+`7Q$J(d9Bo%UEaqH+K@jKedj%%z&Ont
zw~MX1?(N7}ksYL96y%NVbLMEcuav*erN3UXW=FTT@G#<7hLhhD$vW9@wg5K_p#`pc
z`s+;W%GTwiN^;39a=-eq!KZy?&bghp>D0$Cmk2PqNbvn&4$`_E)ah4oTo{^_&*P&*
z+gWcf%=L-cWa5@Kf&QYsuSPzdGa3s>9sJ3GL<8o0$1&yMCsTZQsqyPc?@7i(Jdrb(
zw^YW0tjZnCwdUug*c(PFRt@Z%w$J1nhmfW*Mu?h&3*lwrp9?;{(~9fp&@oH&A~E<U
zw`KNcl99$AIm}z>>hXgGtTCtKQ?7zae1ViZy-M{xXo*}$1?ff5+o!3eMrD_|uU@GY
zwnE%%7&Azb_4MXnKytwaa7YIw#_i@i9at7&K2Pz{Nv{-nHOp}ME~oQ@m*n&vO-z^b
zrqlL#1~fzSQ#)UrkYgg2ZZm$)p?~2io(Ze)efP>Y4)5=pjgP0uay^iu6JHGcr5+{p
zc(ik)#p@*!9VwIe_IRmM?$$+up`(jUPRPz9uI@|zw?R|f;I1gevtor$h(ajI84=Fl
zrKY_ttt%i8VoLSR!^E$fO;vyD=B4kEl;+9a%7lf8?RL&XF}o;=Z+&-YAV?vh50ShV
z#ulRsF$;^84eUb6vphnBt~V93+`IPz{POBi%5a;?`B<Oo_6=*)kcJxB;=~>?XhY&K
zf~ux&-C|M|?chQiuXc+2C7or#RF!(9CHU!k@28&cQ1E2h0cBzw2DZ=-5AH+Vy6~mb
zPNH{o8TQKucRB1$)~4u#=bh{5Ql+Xk+VXX>Bh<=oS{G;I^G4G)k28_YszY6MB<(g^
zy(f)Rdc2D^qf*gAIXe}_k?8ph1|X06+YE6w!HGsw4l{#5t(#ij{aO>#|FzrgH6C#7
zBM&#r3@z9A34g4kjWO1)Jk;Rt*lt#<mbSo+7l$4-T^K4|Y&}>1c}kQ$e6k!Tj0}t0
zXJSoQTcc-A@>!T9`76q<CaxC~OzR-b33mFY7NXUg=T4<P0SESez$#3#X}%EQY}LTV
z##8LyX4T0-Lt4z#s%yQSWJ}aCyYKcPZq_<iprnshla%sZP!5_HONK71-HXxcmfx&<
z^mM5s9|WHFt##csbSdy7kUddnOL^FfWz{p{Ut?KnM&g^wHYR7q!W&*#%y$6oYiu0b
z&eZ+~y+$ecrl?y>BF<m@yfASB^m{5QP9i>~mK862b`=*UKXR@@b0uN9i?ocEu9H9i
z2)DLkiEBOV6@F@1e-_V1Q*pQUY!sSWH;1j|vTvXSHwt#dqK?fhT4LLXdi-@KH4&C$
z00A2JgBSk-5Ht)zfa1Q}0pG_5cIv-uVr2n=zlVz7P5FNUj%}Z&_N9D3mwyCKotJ5)
zs)XOo#+R6YYs)uAAOy%@zZ{&VMaN67-_fpYnX3$i56Af(<V+CP-1vs`QI>g4L4#hC
z`#Wy>=4~AiTF;8DvfT$?ta@KhfvGuPA6us%XH9EZ&UA9`I(wRIf_p2AT|1Zh6~T=U
z5IA`TuWltHkn!rt*=#3y?x*w<wYiJssRpx6n|fC)DESw9&xqRD_4H&>xu@IdjWL3-
z6Gf`wHd9*kq3YQn8sB_`;K8AP6DM)i!13~ppc(66M2>`{66k|%pr)ij)VJIGS=3wG
z(TO)T+>S9DUJK_$Q?;-dQ_4VFcnD{qshO9xv!u5<WG6Vlo{=#PoWx)sDhq4eyzXnW
zyCuXu9tD@PuIy&4{<6l@<B%q~kx<>qWGnU!!RnQO*<MJCnCz%GzvMOloV_<|^$3kU
z2wmy*9W9^8E}HYa9WL!d2t`tsLrz5H8gCmver`p$=4BksyvH}@Q5XMEfq+pd_Z_3_
zvldQ=g{4P*akW3kQ%1ede(Q|*;DMt1b61yvJ(5PSp7y23E09;3y!yG5^PMaiQ>&{N
zLgjw<(h)Z?Xg9k~EUbHcyqx@?ahKxv@fRtg@H6G(z?xozoIB&e^Sr`pZW>WZl|j>g
z#EkZTHXR-*lTS58FBX}I%rzI1U+IRI=gVx|POoRu4W)w>3V{nPoPR*<oK0Zk`bGqU
z;*$2StuFLu+N51HKBU;|w2PoYa7?J<MA-;wWPd)R<aeB+9dRq=f!K|7Aqv?v{`dM<
zRm$MvcQS5lb=sw+lqSVzJ4`bSE2jP~xQ#c#F7*%A*W9H75+e~}#iGz4Zw?uEDcL@O
zWd)Ta5&{HUH`){ANg$Ue2%Noj;~e!9{@PQKy<A};!gZiB!ft=517s64TM@2sUy|Ye
z{l|t^h_3?|Ifi1F(S`w+M?^ddC!%e)?-qS&t6|r)*2Y)ZTsM{lNpBJ)jvQ`W-Bc3q
zQ4T3lR@2jYXq{1(=*f@LV@HqT`Y+B4Y42~JXTu1&WTzvIik2edV)u}NaIm8m$4B>&
zm(O@ta2J~m%TB`~lu4X&LCsz7hU{p~;@6KV-kfIoRJc|wzN5I*bKp6|ZL0Ie!G+H}
z$Tq`xpY4rw32=XQ@y2IrU%SC)bMDr)C)ik--cUfIYNeFrH)yn)s8C7p)5!4?RHX`_
zH8hJTm?H{ih01HES*_ui2C&H{;j%)`lnc2IC<S5EZoUrso$8|$Ho45~o<qzMqFHWg
z?s=R<*F@CxH<`rggKzkS1@C}H+96B5pAlC-#}Q}M&D_+QVUI7k%)Aci&Ks1sYf85p
z`p@7fy3XTtV{DHF&N0~L<Myk{&hxWDr_4Mn`<0Tdy0gM@=c&m7BkxlD;VHFZW1zNz
zWsMbxj+QvH8_Z*QdVmYkfH?9LkRH(w<DotU9~Y;`EKe<+%B#GVm36>eBT73iAib~k
zYeGktebEpXjqCQUx4(?Rrf<`rmk|0zN0+~OZ=`kTkLMm(wW#?QkIp2sO}Fwpz2<YK
zUU)K9=Pu&~ThF7=gbgHA8aPlW$X|<PK{n!O(qw0qeNxu1f00gAbxv!+XI&T5CMI~K
za5VLVNsi%BNGiW-^=>{jgoJ$(`zWl4<651A76y0qQi<mq?s2TYZD$mnU~g-tKiI8^
z0wjI_mYGlS7YJ{++cWm$b$d_fIN!q@Ruz(-P?|Il2?PKpKMtYnfF>aKQ?ddGFg(ae
z^VfO>#eWw$FbMg7UG9IH9RwLs9&lHk3RcrW4=A*#8um_=J@W}(<PDb>x73SHf=xi+
PmR5F1ds{;TFbMQFNfFkW
literal 0
HcmV?d00001
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.negative-len.p12
new file mode 100644
index 0000000000000000000000000000000000000000..9a4fd459227c52b3c4a5618b874afd717de2afb7
GIT binary patch
literal 2703
zcmai$XEfXi7skz)8AJ54N_2*(`RmK*W%Lq#C4=ali55gKL>FSCcY-WN8G`5}A%z67
zJ0x24I-(DP&09`#-uKIXxaXeddG0y)+wVL8mMR4dA_uTkP#C3Xyk7h<4Tu6%ilsb)
zU@7+iEF}@ZLY#g^uu?3<;=5%E29bSVdOs5oVDm#jX#fL2<fo(tI3aMAYL;DRpSnOW
z7)}OI!{Gn<2Bw6P0bDRj$9O%ED>(!t3ZbvxyIp2RE8*!3Z7vv#y8j^>OFqvWcZ9CF
z<6%o)mE$j|>+gXca-eHYmoC_0(A+8Awj@~@yXw-d!|@*~@M<}4_W@@VwjHj1_3J|H
z=DuB0HNG?qKdgA6{rN<Oe(CUC2H`2pF&vC9X8$mn%WKvR>h-R=C<@9hVDeNW9`1A(
z<$1>JQ7{VYLw`{{k;h-nos0#9&i<t1MFK`F7crHgmvb!9LeqDWKH&7mnC>mu?aNO2
zn^xKwsVpxG(Kb(1ZE0Jz9$YKX3&hQ%bb0E|v_i}IzZ8CcuM*eOqh^@sjwAC)?#dd@
z!t?5VqBH6sDaMZ$Qpa44Pq_su^#W4v4@x%<AO-SlC52Z(@1CWW>6Y6u-nv=OY0C4k
zc}hD))Xjr+g_i-&hT*l5CO>Gq--D*&WO3u4oOMr;kT(gH=(ATCwHDX3)i+qrpHDkx
z8c_}^NbP-jiH`|iiy;4!OWI&6SqQH3djHxhF51T_Cpx}Ul;M#Osp93xUy6|&PbYhK
z+udLBBJYVLzPnhf77x3D)v<Ln&ka0$!q9K+69JlI1ouTsiSZRRRd65#7r5vH)>@DE
zRc?Y@D^hCjeoOqi*IM(ZdVa<+PI?*dA%k5BKj^0a#%CGX>DAaD<Oh;W7~)Aj4yK7w
zhZqLOiu&~-B&ePsL3dh<s2)Ci34V3!JY~E~Rw352wtLqMF{UJsH@>vu88yez=|bgF
z_roaUxO*6odRx8x-brFqsG2g@v;=QWkCRk|9!WQfLr@mVW@I1v_$(dj+!tLoZ_j;S
zo$RD?^oY(%e|wHJs^HK-5-O83SCwcGogh@7s@zzN&!0@&yU5~glN;-6z^QgwXf(CV
zX)v#vPYOkG<Q`U)+(RyBk^%XI-xews6YPmZnP5W*)U37r{jYT~!(aQI-$VmWL-_GF
zk+JnUZ_ZB*#3}On&BsctJqK;_wZg`j>5`!HR;{tJ)sE|pU*@=JLuV^7oV>wtClu5P
z+uNk9Sr%jcBp)f!t;C%YtU&{WGQm>w%1V@C+tQV^Ca~Y&N3`TDjq*z_`VJ*@Y<#EH
zyX*#WXkfdcd~Lmly=bX?R{w(`p1bu9RS4nptt9CJM}&<s%7m=X^yo&EqRFY*fQC9@
z;v?IOq3ym0I*x_jSiBoTtc;1aL{u>|{tcR{ZX&+5e0O${FSPlk@p2E)y-h=R;6NCD
zG^m>r-5MFT#^tc#?T(6LBR!Orwde9IGpTy%c_g(m`-y%FnkNX$TP0?;_g((^N2r-8
zRb0onLC$A7jbhO>L|GRzw-%1M9V6Iw9_=oIeYfzCFY?0BxIMP3LW8y8vM$_Y3cy0+
ze(>U70D=ZXuu#l*+xPo;!mj+6P1IB%@b^&ayD9Ncz_A!oR<$nhcKk=+G`Jg7%L#bj
zZFz<Ay}ceX0l`8>hsEJU6;ia|&VAMD_ND3|_;{T6S?)~5wlm9k0m3A|)qm7|_T<o6
z)2OQlLLAt%kg@#eg;pFIC^Rr)8KUX+rmyP=&Ye#l+@VbqO>pU;vg~G1yve@%5dz0A
zL@Sz#uw}k(63eldV0=cplwZ10nX0|mx~Fl|xU)cO@EW(J<-kBTfpNZ@)DpuEyObj6
z98jc1eUlUOC$cPuv!8wQX{E2&(zdk=@n0|t;K>yblm>mY@KYAljy#QE%_f8$L?zx;
za=t+Ay02X4PE|pp3_3@;LIdfG3=G}P90Wa#Acq0IR^;Sq;3P7uAW>M$-W@OVqkRs>
z=}5S^S#>{o?Z!66fK8g<ZbEG@g$3U!54C#&>R=@;e72|2$l87R1?^z=);SV=7PL9&
zHCZ{6Q@rFB5i0D74dU%w54_|SZ;8-*`oa`@+g&e;@|b1HwITkoBo-xG=`}^tq%N8d
z4$g?&aI(72R8B~z4ZFradM4%a!pU*u7^f7Vp=$kf6Y^S_Su<~TxtA()Zfi>`Nc?wq
zHGX~VZo@kjMGa3c){`H#9Cdns`bDUM^SR80U)`W~?)~Y2WoAx!XQjxbYXA8^VkU>b
z7>rMpOQaegSBv$zmfDK&uhl~<3q*D!G8!q=gGgY>B0#I1{tt+ygFb9pQx~gUQri8s
z!;$n{6?cS;4lHrM>d3Ag5EEoOQ$B&4I9bjt{T(A^S+Sq;h%Y3AqZ4ls|9j)>8X0iO
zdl6@v2Gz2%&Q_`ChZGBBn+86PnBBJlj*X9Ywq1mL6Yufxm2gA-J?KPSghYqf)+J?=
za6BN`j_xr#Qv$v+flVwd<T~MV^zCO{$9bF;JWeCk;g%<BJs@-c#i~%rbV0K8^rt#E
zE8h66(v8KgBXxZ3Cb(RSW}++(9u#kM)zK=OsYX|s-_a8V3GZPA&TT?&?Md?w$OM+k
z$ZM!QHp?tebYn$m&>|->!#9>WR8I~RXiyxEIT^gV#cTKCVvl+K;9y%7x=${Fubwk+
zVs5nQlwXBII%hF5g>?@+nscI*OWr)GdV7`PbJ2DQ|Dn{{z?s_^qk-C68%Gu+e~V1L
z6PmZer9k@PYRDJDP`CCMBgT&HCUmUGU=Scsvsp&<8#GFuo1-+~*}dsYM71oSGPcN5
zxKzQO9VDTeX1a}`7(plNhl+AIbZX_<AS5{vM+Iug_i|5CXvDK}2EL)zc-qA0mR`gO
z^vy)hpNb^TpPfdpta$jg5Wi71dh0R_)1A}T+|5g^8+YBnWaak=_l9)7+m?=K9=?X@
zRCkyr>7fUVF}4BbpAKGE_bM#<Uomv69+plv?avOyC=il;C*G&{z*Fk^ra)bV>q?st
zH5GnJXPE2y{0IZ2ndjV%O?W~xn2GQVd{L4Svp%<WCBOQ1cJ>)%9XIi!5ci?pyA>H#
zzM;g=9oO&GXk~{&XB-fr);yZU=XR$ayJ<a|(|Kp6?eab)lMBf-^Bt`AZ&(}%T1|5e
zE+X!*o%~KBr?!A>GaUi}`D?Y@-<%(bo9(T!O3MEAFWi-y-gy=HqSI>H%nXwdhNze@
zOE*3VNoAF*Jt`ms;?Pa8PlAi-Za3JdpfI<rOWocwPNRJ+dLv0#D+@!-(S9ieAn*gQ
zlq^!eK$!cTpVKDqSh+!`Ssv$7%i=UR(u9FXzz;C^aR{XaQ~-&ek{aNJ!2NZVe{GbM
z`gf57gUK%cugv{VwS(}6SNc9sB!K1BkRy`qayo-^<<C6>R+&R3_)RpTl3+6sxQVGH
Mua$+4HW&o@8(GQMf&c&j
literal 0
HcmV?d00001
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-salt.p12
new file mode 100644
index 0000000000000000000000000000000000000000..c43b4be04307a8c5d2c002d4a31cfdf0ac9217cd
GIT binary patch
literal 2692
zcmai$c{J1u8^_I<8AJBvhA_4vLO*MlvB%h#EOD!e5@U@C3CS3;E4kTs6Vt_@A!O_o
zEfjL^sBGEAjO=5--SfVu&inpz|9H-GzTfY2&hy{rd;tOn9t>gy2pmutyJEa~{5BVe
z4OBv4-+~a>*8l=L10X=I{)}KH1c>8z%MJ`;`M%75CLqA&hk$YcmVm-f$q9%-;CdvX
zRS*B_U@#cY0&v3M|M>=Hhq3_TFn0HNbC4%11f&Szty#NLYR|3g;{mPDAB?{99#3GM
z6pY)#RNnA*Wv$2#R51(m#`L=J)ZbUjU*R)eDWN+toozhLcoyN5_e6?8_M3IU15Id#
z8=m+!6}z;4A&EpO38(aFADVpLQRki6e49>t40DeFQ;J0159CPNw}CqRDh>-nvhoFd
z3>cd$ZH2i$F>7r6@)pov^mnu<Cvrw&0lB?Dc_dMQwa{TqdDzi}5MFNdM$&t-`Jlk<
zsSE2G9|P^mU99zHXXUu-hbxv%oEtYz=9>qTC(&kz>b<jJWzt^?KEKn8Yi~EOO2m>`
z{F7TV`!Xq#=AU@1TbSDM0|lHhC*o5sfl7RVlsi3Yb=@eLTvrwOdC=RZsikIR7x*t-
ztP!(A+^hd+lA`G4eSA)m4=#+8bWvm7Xu8vm;Sdw@k{%hyrYLLKhADSmJ~MD$$=KDx
zaxrf*ZCjvUHzYr`<HZprCSoCy^-B)(t3dHoXoc^)SH5w0|Et;fc&Z}b134z~MgL#g
zQKFAWI#!#pFC|g86%yYbE|8SM&k;;r-5qj*Hy`nJo%fFfP4I&|qf}2x6+R(~B4ww<
zd4m=jx7YP9f;@>SRk!vNzpXV^{%M$(zD-t}rFg3o<{~!Qc=x58qNu)gT_M*&Dha)a
z<n2(d7(<9vXsqJ(PNXu&BNXUHV<E@AdoRE*FCC-|wQ8J+^{HxGwMP!>Xi;pAoDl;K
zWF9l9X6kx4o2EoNAIf~WL)tIt6bHJp)H5x?&)9n>^-Q~p7uzN%6YbK!j(WIvAL`MG
zFP*$BamSElr+i?G$Jv5D!5lc_R?Czt)pXETu2meSk#_aYO~>brq^%uhN;YW@cGi;h
zTOEy_G)x!?&O40AMT_QaRutbx&1SFwd9>fAh|>v|84UGMD+tuSvH9Jv)iHhFx;$Rv
zfvdfgp(cgF#cDsXPqmDXtTjsyb&j`hG-*}I+u%lvLk=3x4wlZhoUZ#aA;BFsUXBx!
z42|1i<4mB_nVI84HWo?#s*1~rE5!uMS_pfBlku^+Xziw%V`)#o*Lyx-RK~e<Ux@Rz
z=wM>wsm^b+YL%eD%~o1fHQtvMOSCe(?)D;X)woq4<qwvV)bibtF1l!2mQK5^bJ5zi
zyY}5ihP2@i!q0o@op(*$3;YNaFXX9G0q$Z&?Tq->7>?@U_{Or;@oA~B`WH5{?LZry
zi)X`)*7u;tECt^f6}}+u_SFxIjuU3y)6lpq?o(=8@xo_Ib#D9<?=m!37M45D$Y}07
z`ty%4dpnM}mi->Fr>1qM@LUXyYxZ6Zq7y6DFnTWcDpF*%U{fmU(8{Jcwv}jfy!NO%
z!uBITfX4mc#XkUohC&EX+;=<R`}n|){g+Lg93b%bQ1!d1{BOW<?A6sjpYP}XufVCr
zT9Pzn{BAY8L<d}1yg3XZKnD7h;0!$`UUub<KB;+z6apWL^V`cABho#DhVqfNd5wVs
z*zuiB4`b`rb_k<;$x+?ugD*zAx4Xd7TBw(+!;iPRB{XL;xo3qtO)=qG3x`u1pY}zO
z)ejIjWeTrtry!j1>dC3>%gX#unMYbP=gLz}rW@CcF4|D@&-R>@aB}MI&Z6;8wlN!G
zL|{j%G}8^XwCH`!Q-KVj*$9!neg8&Y;<AbBg`0s>_Cbgo8Cf;Z2gmEWvL;cxk;k)W
z;TzG3w{$!X(W}_G(-NtA7_=p|zcnnFx6slGYwsrOZ4KEB3UFp+O#>&fIEN_08rE+3
zI&7_r@{dNrmF!7ftW{s>Y~3ztva1PI9c+$Ly9iEf0(xUEEn>XA&iXud_BnS?*75-g
zvlp_|<2zD5mR&UC6&WV)LkN+iE(RY-C^bZyKYngUxPmp0X5SY2=vf>8P=$cjDEIxy
zH0CUv3=K_>`g+y*v_Ki{K6m&@>481fYtOH`_ivMRf{gUfKVE{o(iJq$9iQ#s$e37O
zJ{zL+JJvwj!lcdW2C=aA@!?|fgN7}t-=|;Xh+@yw53g7EnB?3U4Vo1c)AG=XN+JbL
z{t+|M_r-E(xJ)_K5;b3BAwJVoNO@%#R-Ui08kt_lW*EW*s}urfn|c3$IJsHCMvct~
zCdDOf-&)+6&-BS#D12}+_Jq5LNl;9P>sZ+^d3a|wqvUs-suOWN<$=`AbWtkBGXD3v
zSC#7E;&%!jT($b8rPM~%XPazOEK8RD?zq)ALGE=AR_NE{0upZ{q>3e=f!;g{*W?s?
zg%?#clE?@UY{hI_L?D4uo*;ZG{N`!eXZ)3?;@i1mM8ws8QiRjaLOaMIaJnK)<-RP-
z{ritiFA`s0pXV8jT|}7%To@MjEF6n=+_+oxwY8dC*IplA;c&xT5hTAxkU4O<d1*~e
zx?4TCL|x0s;Gum+S)$i*q!Bl21lM<NR#bmy;|v#C)IB?0(yVCVc3kYX<aIdMRgdS>
zwcwY}1eb8<noP@1z#-IeoO(g^UGMtrXx-x1k1F1rVEbH1FP7d^UFhEP8sxV$c;n(O
zWF6?3VZOulM!p2NKRti*3$3@!<cl?b3;hWuR-q>Zkf~fM<@gO6ttBB^67=-;=n;~n
z0q6}*BMN4SB3U8I`e}A_99uso*&<9))Qx&J*9EB}hTO_GK)us^l)|NynccmQUO+S{
zP0T!xlj$6bn%q@LoZQ>R&&_!UG%)r#>io?3`gjg_D{tkdRu6f8#bxHT%Xi$QzNM>0
z*7u#nQ4QTjndX>o8=Py9!>5f`q>eMwfyb=8NPTL_c3oLvxHGimfZ=y3{_vC<sgI!6
zf<>Jrh=HCoy9dm3ak8HeQja+B5|$q}4i%t11s@it$1F}P9LpnJ$;#Seua;mO7Lec9
z_%))U%f9MJOT=~g);V85W70Pm(DMl6qJs;&-m7Wt#-q7=cFkJ;#UoS6T$3%wFTWOY
zqn&*+QF~1R3tP#fGQ><|H0pVfNXTFFWq}UTDDrqmrE^l&uYZw`Rd!73!Kbgzr;UvX
z$l(~;3FACNBaqbNnpIo*v|uvkN$jK0BAzR?E_!I(rSm0TZ}>+s{*E0{OoFqcmGMBA
zDiV<S0a$h+)n6cjT^`T4lUJO*prb+$b2v4~Mxtr*zzx6yF!*r@<p$IM>7SAl5c-Fv
zV36ehHMsxja}ddh@_@VAG_aNds$Zp9)3j%z?3qu{ykMBJw5?He5^M|tx3zPUbapf~
I0fRt)19nW)od5s;
literal 0
HcmV?d00001
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.very-big-len.p12
new file mode 100644
index 0000000000000000000000000000000000000000..6920b89a6c7f1cb9294b399d50ac2d4d6202e25e
GIT binary patch
literal 2711
zcmai$c{J2}AIHs@8AJBvhA_4v6Z+XNV>iaW6StZuG1i!DQ8I??B4yuAD4A#o*{Nuu
zkb6gE%f626BjM?Jo_p#%&p-Ej&gXp3`~Ci$^ZD;}-T;a1E*QiNkl3IwR#cp6+%5-*
z1yn*}-GPu;HvkeV9Uwt2{fb~EB#6Tg%LWW$`th0mN<e_~PXXls%mKMyk{u9%z;!AG
z*4_Q8gTP=o6Tl9G|Mwc070LvN!dTtnOhF#Z5D*H&{dnVIsV%31w>z{he=zFidm@Q>
zl0S9_S9R6Pg}EX-K+z<?3)kz)RhOomzs6&@R<i2IaI*3+;aY@K-;=3&*>5%hcPyz1
zu7Bd|RLt_`*~Cg}NjSAn^APiSPlbDC`)xYy0n9A|Of3?6KaeAC+Xm|JtvD<U&dTTW
z)}wE)wH4-iM{lt3%9=rc)7?|2p2!)A0c7_7<Pt{%mI8;-<zYt?0z{e7tBLO^rh|Mp
zrp|7vehjcFced1-ot5FN8?IQvI5ljY%r_09OkzzC)%!+aWs+YCKEKn6ZEx4JNWfE=
z{E}KT`!cEGrk}Vhn;DvM0|o5SC*qRNgGzjW<eNRpwcTi`To*;zdC=RZDWxW5XL-+`
zdn{suxLx-VlZ^88IzA`P0~aKSJ1aA9HQsE;v55$HN{)=<lNHph!xTC%XbhZ@H*_&G
zU(B0K-R0}o4$e>McyUCHj##+P{3VC6#8*5OQsMLNl}{|u?@~4~t_8(&M}|Ru(f^lb
zr0|20j`b$|OL6oKxrDce3zhQWb|hmLH~XBR?fX1kXZ)^%CV0V}kxHi|3ZIaLk<wG5
z+<^-XyPG=aKpy1eN7ue5eBEfM`cpqIeV3v<OZ8GA%|&draetR^jBN3#?FzmEQjG6K
zB<+T9MC(H=LSj%?I*|%&_tBuM4TWsCZ@&P)Jb#cp)T*ix<Nc^@-4;2hrB1avazYH)
zQ@Bi^YAKuHENWuyJZRIE4oTm{Q*79(QjgSlUqi3G6peO8PnK;^Cf2!s6Mb(#4eH)W
zES<a{c2l2euY6#K%gJnYf-#`sTEmbjRkPPss6h?WD!=L2O~>Vpq;4E$iZ`kacGggI
zTOACZ)K3`j&)bj4L<#3?R}|ks&t@<Id9**K$kXu`=ya733kcM<q3PZ4)zN)lyWC$B
zflIyAp+>pE#cE%XPc`(9%#WAvX&rChYE*wDYeg6>4nAlw8Z4b}K3)4|LX0zPyqq8+
z9um99!XCf6%E%lSurf>ZQ$npItQC{YYap!gj)uqPqBI+4j-@^UU+MXPQyk~eej&=;
ztc8n-YjJv;RU;1#YO+v&^w{eHszg1r>sBw~+GE!Wr0l^;qH?|)(pej8&D3eLV;7}q
z{mr)9K%X}JLGXF+YUeFuw*p@h)f0KDl#jC*rI``;8pl>W9M@2`K0YlGR`<ecwjF3&
z<>1<KrS;wEF-ayiM20Vjx-R+Rv9W@T+p4M;M7>L`D_(f-D9w$3;$DH~O2cyJ=^0I(
zM}IyHv$bK1ZT{XP^3=HY6p@3jdfC>qUU*{761JMlxsDWCFW8odJhZTCifJVq9IrX5
zj<Eg+kf5<YdGT)mK|>%UDB*|g|6{yi$Npv$I~xf6BUJifD*O|09D22N&*b~M{UdN{
z@aC0jQoh&fUt;|)E`|<6NRWX(c{p8%L6ly*sax4JQyB~&iuK*k86&T{3k>BWt@9cJ
z2Jqv1+wO*zt?dwc_p*bE;|Cv{W^Z?axurlaM~5$Wb#qA0WKz!>XDTZGax<G_8;|BW
zq4f_CICYAsX(K0?@#@K`><bFKPZ>w*Gj`=EnCXTMgL76b`9?h_#T*^GyR&G#lWmOp
zXd&2<63uvvB{k~1+Nl7#z-)xj{&&9yZt@Do<!orclx-j)M@m{5^ughZwlpU4+x6pF
zwD7H{glk&vhuC%e+-b2C9URuYrN1>Sh`Z3-0&nXo?PUqs4)k|oW=;hsGC2jKVD%eU
zee8EOg?UFK;qtbXUCfV`R$028Q>EAAA9b)eNPI)E<KwYgbEy&I?X{L?@Uzc3d$Lvz
z(765J<sP4r^0Dlq8PDrsvfiX%@s`D)BQg2<>!uH$+mJ5eO`}+M1wMMz#NAUQVO7h0
zJ~9m13nxQD(j%8HIi2P!qor|%pOhTfSGxTCl3V{SMJv!i_soN3$SZAr!`$)N4z`Sm
zl@+64`MY>MNi$5F#Z_`)&4a_mq&xLHExw<AlOc;dQ#rg+-Gj-wIT|?2FQV?Q6`5EW
zF!?Zgr0<LQ&~TYTiaC0|$V_ymv5@*oKdd}oZvA?CEsK6I1FTpG7&UP}ggCmI!A1>D
zNSNZ1wy(`@jAy!(9W*hh7=OY|2oo3`>@rq1Oc~yr%_zA`P;w-1Cf|_=O&4yVn#bL(
zeO09bE`BHH&QYUVTH4Z}^lY1DifP&0&yBGDCeW?+&f4l_8UKVE2#I1bXn+@&++`V5
zui&DhY9a*zf~}eC3h~8L%i{%4g@>M|eI{OfD!Q91LPlKbuZ(cqTWAN_2TWIlDW*v?
zrKLSEK1Y6iWu9v=W)W@de|A{Zqi`(BVe3}WQfoD*wyiF)!v3l$3M9Khk~(k>J-?wW
z*{u>(qM~k~ch5GXEWz_Q(tr~^Lg=%b71rI`(%`@fyJe?~n-neFh>h75zXAul=x}|y
z9Q5)T|1!a@(YWjc9MUpQP${Us<yDs*rCt2`e#M&;ET0QkizT;}7P|L62YJo)-Z;An
zSOz#`nC@}Bku3qzrsqSy(0bc2Uo3f>SD)Zw<a&YusjB5twm+az>SDqrflqIY9w94L
z0iD5VM8OPMC@WY&H`Qj9z|xOPG7CcqyS5nRIwKWDkURN$=yz)OlR4xwv%9}z7Z8o|
z6En|ar8>tVC%?%hOzwXp&dquG*VDhV)%u$7^l=?<S6$0ZsUGrJB4p;Z%XWmeyj@kk
zUe|Y$(4y};$}q)sTM=9W?LTe3s_f914mf7vS=pzYWYd)uM$n)o`47KK_Jb!smiP#2
zEm+iAhUn=?vbw`O7AO08Aa#fXPeIvX!w^2&Q}AJNdi3JN!m+%{i&<Iwtkq)l!vf0t
z$G#2dsInz3NwL^2pIWE0SX}xR9eM^~Safjqo7Z}3yWwc=zD<+5U-8IP631lo@e8j7
zTxmv6CTcFr;bCieEp!o#lxiIp5()WhzAV6A5=|NJsB%io`u#7;v8s+q9r*O6`P8v7
zJ{baCGk%<FXatgST<y_LJ}roXdlGX$q=@Tcjk6AxaQ;k*=NsNpoS#ESB!lGSU|~4W
zrGx~eegc+NK<PIKf0z3+&ZIRbPw1$?y&QH`ih*#dED#+FgaCFwH=&#W22lMa*#TJy
zJitWz_gY1z|1>!;E9mI&_kX4Ce<~hCJfhtHmL?6Xu7~bdY*I7snJ9ba9XQV)rXXo;
V5S0iUgTSqA9L1d+j4@yk=wB`Z-!=dM
literal 0
HcmV?d00001
diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.zero-len.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0e63eb6077fd94da26ba86f1b6230daab5f5ea3d
GIT binary patch
literal 2702
zcmai$XEfXi7skz)8AJ54LNMA8HGehB=w<X0eI<kForxAL7@`ZY(K|sFqYOcGl8{0|
zVs}Wi=z<Y_^f&vy?@7*n+7I{K^E}Tz=YIR02f)!JgF%!4js^;&7LC`9KcoXufl6`I
z2M`?f4uGR30XT@`&j?nEgP4D}Ou!(D?@RY*0s^dm2q+z(4~YDfv;Y?bu3XKw?c`k-
z00zS;09qLQf8W5=Pzrz>M(q%<3v!`^fJ7mT^*guAOz9;&oS@AGV^R0sN8>2xSmO>b
zHFw-?D64Y(Bz64UF+=tY&FRtwTTB{TrJELHOCuK@hBY|heFZ@^=gltQgvPbQ)vkP-
zk6qujO{yl8h7yJq&b2-t$uKVNzs(>%fjNYM3B?@mM{{{iyFtBPRp&*4*##^fs-*p`
z?xH-8m>nu+VLj+CDo65!E4dS~fY8aG47@17knKFCGUQ^GEm~;mPSSh4?ifqNyzQ>+
zq@PKpwW0FTk`R6Kc-4lMW$WJ60^I=o99joaccK|m&i|$G^E>6Zo*q?$L^nKzcXC(O
za2A1A_Y;F*2U#J0w2(IDN_@&KP^l-7a&J(&aR4QdXCo=R0($#2wM?hnmigArdM*>h
zgXT%C6j4`q_GMls_+>1wwKU~k+r1tP4Hug$|HO=2iiEszh(w>=^-(Kv4I4fEwfwoX
zLzWSxz=G7?7Z-$>u+?zNFS+EeEG6?nRi5u&dB#P1JLW{kcZxDS6e3r=82L*flJm(#
z?{>S}OI}ojNaEY`)oSt38#rwn2eaIO{l`rGR^H*DS!Qrwq?8z6QBwscQgEJ|(SNn|
za98;z$fY8s_U>uox1H9SKh^Rx4)M}U1a}$Sa@bxs<0+p-WT$6if1oc&GGPdjd>BL*
zqXsbuiWT+kLrTy*MuG0M7STL-@B;ku)>+DjF4^m`9<|-urpPfxd4kb}C1TVJ&!7X9
zOWh5nlH=)NLg{Yw@_QwT(V%O}T+$M}G~AC;ulGp0QtgAX(AFcns7EL1P^Z4=vN=1R
zdukL%m7@m?mU^4B<k9Q)4P>D*IWrZB2GMb1^|A7eh4}o5w4L)T-Zr_hz6QKXm$`aV
z%d9%<irIuv6ld;!RY?SDDU$-oC;m2Hv5;U#BFO|9K%l0r?eBiAiy8jb@ANtva2z6h
zXcHM*tMlUe)Ige~tY3em$lkNpCSNOTgq<o0JZse)D_iNf*7#+XhdyMc63fLK6n8{L
zo3Ob_&YEE}(o6D|65UALD#7VDK&TTeG%hViDYPwKN^1i94t~T)&d@2n;AZSl#KgvT
zTE5M05Qhe|8_3tzyW5GD%4hZ8A41%%x35A9pKT;b7dRlTmC(i%eI^Gtq7;meO$XG~
zh~pnGKOfrcyRYp~=!GM=BE`yB=u1QuGUH!kXzIq}Tg$g+7WhJ%Ul=X*0NtB(414y(
z;fI4dDbcNwp{v~XU%lMWahJ&tWM%ERJ<5!$UU(cxEzf*n+<@i@!tz!~neBZSfBq3-
zYC;p&aXQHLRJ&0unvNvvZ0g#=IlE;D+svciMsjQy?(;>S8yL06c2%geH(b<(8BYQ@
zXxtB8{0$&z5CjLsez$$Tj|c41|Jg)K0|I{!rM{aI{{|fMAte>70xySu1x|yTezlx{
z*WH$vXrJ3_!Q&7dWOP^@PEsaE3vS(0scv7a4upS*^E%0$uGn;9`%r*1&TsV_b(=Zb
zchWHI>Vc33*3D%sK6+vlh6W1t4cUh1dc7FyI)ZZNk_Wfw(?k=TJ7_GrnG|kvY=4Bn
z3G>kkCL)(JUp0y4*hw%yC11!d-l$B~T4>!-ziHH2pgDMz$HHP@Ae+cM*G+DT;ecI8
z5w-WI(xOh~#QaEXOJN)*r{1lM6&qSMw!wb$rv8Xr0YPcdM{{2#L9NK+aQ19s=w4Lf
zT}7vJ^tRjbHJ(&u3|hZ)q$?zVu}I&*&D37d-4L?x?_)_xnFdaxunZK1wd~ySG&|Vk
zWS)wIi<?&WQ`Uanq#CeJ6WmUy?WHp3J4VpDC7}0~)52zY8V#-7mY&lOW^bIKFeicQ
zgPs$W(>cY9uHhlV9=Jf>&b5FG9`TlN-6zjYaJSubqo@zrCS4lhA4%fSvX!2bWDVM)
zxuBqo$ghr;*I3Gl>GYvj`A1KroS!>7j2z+>{nb^ho~%P&DY0tg%`ElOWX^7EXa<V^
z?xxDGr`2t6r=qCg$@yCH!<K_iuTQ@SRd79%Irps_)XKd#<-f$rCGVsdnN;mJ_eadc
z@E83L<K+^m`lyv+J?_P}BEl=Rkjes)?eL67Dz!i|Sh5JvY-jufVqvcbo6^w1X_b_A
zf9r4{KU2XUprQjx+^#rqX!*wk+Dw;^<HwJdGE0BQN?BCwraa^e&fx4M=*R!w_^L(*
zT=GuDiLODVtgN$D>e)WkJjJ@cw*z+jjlV<V!>vtcA)mwu1YZdc)X$wk#92sm=<=GR
zY!V&;f^F#>a<C*2Dibb?g$7?EevZEVl>0D`s{-LTQXOV-wAuqQ^IND2kxUn)NKb#F
zeY4`V?+U|M>>5hj$9A0CrD!_JeD8ko*RDExB~z8?DziJfq9EZNoWPlN@U0zb{sEbQ
zQW<%5)kmh8<%zEBNOgMD1a|nw5~s@1-gP=Or$bH#uTJr5L|p74uP+>Iqs;KhIpF0p
z)^+TSHtq5&a7gD2R;IA-zI$^{lv2s-$5n5xP<<}iEaBgmS{*oX9b?v4ePivwX6R?0
zse45CMz|D6UswtLLLBPW`eMl3vDt))6&VZ!1ZvjHXnuo6$@6fQ`ag}Bx<FRT0?K0x
zh{DARj_g1Ql{Ax0EY%1mSuaGC)4o$P&l)Mog*+%wMZJ@IoI)p_l{0XPUPZKt&n`ZX
z6X=_coI4gtoI5#=US4+hX(64`G<xYU4KtiE*4)iYt^45e6`PgcBitL@`F2w}ym|O4
zwo}c1imZznFv8mSn|<1QRo#1i!S9lRYxS^nvPpk-2=+QL*=PJ+iZ?u^o^KM=Rk)_O
z4pCL+r*?w5tj&!uL7EX~u9t<!HG)`(Pr>IU88K_KtC#YtZ)azpP}lL0&I|GH>%Cf0
zQRQD1`FY~{JsT};(U^=q64VNzQG8~5?7p4WqcN3tV$v?}T{1DBOgGoTZugqao~YS0
z+u$tX2HVQ-Bynj8$Tl+|k&wSu%KgmvQTUnO8q1{YU;n~is_C6mhA%j-q)kt=2w_PI
z2{Q~ICLpQoa<vBq!~i^|DfV$tF~jW!Yh^U{mQ|_i8|EpDw|Q?Q8E0v3pfTDng#-kC
z0G66f>K6!Wztc1N<Sk2A=oH(dTv}PYI%k?N5CQlAdOr@K^nel|{!`Kd2ngIyN9or_
zNvZ!9xxZ`RKfByN6ofad(&xSc5iGBY8j)<5(;l2Hf9B!8!WtsMZ>%1b1e=DyjZG|g
MEzPyHz#!0n06<CBdjJ3c
literal 0
HcmV?d00001
--
2.51.0

54
openssl-CVE-2025-11187.patch
View File

@@ -1,54 +0,0 @@
From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 8 Jan 2026 14:31:19 +0100
Subject: [PATCH] pkcs12: Validate salt and keylength in PBMAC1
The keylength value must be present and we accept
EVP_MAX_MD_SIZE at maximum.
The salt ASN.1 type must be OCTET STRING.
Fixes CVE-2025-11187
Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
Reported independently also by Hamza (Metadust).
---
crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/pkcs12/p12_mutl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_mutl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_mutl.c
@@ -122,8 +122,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
goto err;
}
- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
if (pbkdf2_param->prf == NULL) {
kdf_hmac_nid = NID_hmacWithSHA1;
@@ -138,6 +136,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
goto err;
}
+ /* Validate salt is an OCTET STRING choice */
+ if (pbkdf2_param->salt == NULL
+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
+
+ /* RFC 9579 specifies missing key length as invalid */
+ if (pbkdf2_param->keylength != NULL)
+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+
if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);

54
openssl-CVE-2025-15467-comments.patch
View File

@@ -1,54 +0,0 @@
From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:15:42 +0100
Subject: [PATCH] Some comments to clarify functions usage
---
crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
Index: openssl-3.5.0/crypto/asn1/evp_asn1.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/evp_asn1.c
+++ openssl-3.5.0/crypto/asn1/evp_asn1.c
@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_o
oct->flags = 0;
}
+/*
+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
long *num, unsigned char *data, int max_len)
{
@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
return 0;
}
+/*
+ * This function decodes an int-octet sequence and copies the integer to 'num'
+ * and the data of octet to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{
@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(A
return 0;
}
+/*
+ * This function decodes an octet-int sequence and copies the data of octet
+ * to 'data' and the integer to 'num'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{

122
openssl-CVE-2025-15467-test.patch
View File

@@ -1,122 +0,0 @@
From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Sun, 11 Jan 2026 11:35:15 +0100
Subject: [PATCH] Test for handling of AEAD-encrypted CMS with inadmissibly
long IV
---
test/cmsapitest.c | 39 ++++++++++++++++++-
test/recipes/80-test_cmsapi.t | 3 +-
.../encDataWithTooLongIV.pem | 11 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
Index: openssl-3.5.0/test/cmsapitest.c
===================================================================
--- openssl-3.5.0.orig/test/cmsapitest.c
+++ openssl-3.5.0/test/cmsapitest.c
@@ -9,10 +9,10 @@
#include <string.h>
+#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
-#include <openssl/pem.h>
#include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */
#include "testutil.h"
@@ -20,6 +20,7 @@
static X509 *cert = NULL;
static EVP_PKEY *privkey = NULL;
static char *derin = NULL;
+static char *too_long_iv_cms_in = NULL;
static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
{
@@ -385,6 +386,38 @@ end:
return ret;
}
+static int test_cms_aesgcm_iv_too_long(void)
+{
+ int ret = 0;
+ BIO *cmsbio = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ unsigned long err = 0;
+
+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
+ goto end;
+
+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
+ goto end;
+
+ /* Must fail cleanly (no crash) */
+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
+ goto end;
+ err = ERR_peek_last_error();
+ if (!TEST_ulong_ne(err, 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
+ goto end;
+
+ ret = 1;
+end:
+ CMS_ContentInfo_free(cms);
+ BIO_free(cmsbio);
+ BIO_free(out);
+ return ret;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
int setup_tests(void)
@@ -399,7 +432,8 @@ int setup_tests(void)
if (!TEST_ptr(certin = test_get_argument(0))
|| !TEST_ptr(privkeyin = test_get_argument(1))
- || !TEST_ptr(derin = test_get_argument(2)))
+ || !TEST_ptr(derin = test_get_argument(2))
+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
return 0;
certbio = BIO_new_file(certin, "r");
@@ -432,6 +466,7 @@ int setup_tests(void)
ADD_TEST(test_CMS_add1_cert);
ADD_TEST(test_d2i_CMS_bio_NULL);
ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
+ ADD_TEST(test_cms_aesgcm_iv_too_long);
return 1;
}
Index: openssl-3.5.0/test/recipes/80-test_cmsapi.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_cmsapi.t
+++ openssl-3.5.0/test/recipes/80-test_cmsapi.t
@@ -18,5 +18,6 @@ plan tests => 1;
ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
srctop_file("test", "certs", "serverkey.pem"),
- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
"running cmsapitest");
Index: openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
===================================================================
--- /dev/null
+++ openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
@@ -0,0 +1,11 @@
+-----BEGIN CMS-----
+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
+-----END CMS-----

30
openssl-CVE-2025-15467.patch
View File

@@ -1,30 +0,0 @@
From 190ba58c0a1d995d4da8b017054d4b74d138291c Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:13:35 +0100
Subject: [PATCH] Correct handling of AEAD-encrypted CMS with inadmissibly long
IV
Fixes CVE-2025-15467
---
crypto/evp/evp_lib.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9eae1d421c..58fa7ce43b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -228,10 +228,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
if (type == NULL || asn1_params == NULL)
return 0;
- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
- if (i <= 0)
+ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
+ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
return -1;
- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
memcpy(asn1_params->iv, iv, i);
asn1_params->iv_len = i;
--
2.51.0

27
openssl-CVE-2025-15468.patch
View File

@@ -1,27 +0,0 @@
From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001
From: Daniel Kubec <kubec@openssl.org>
Date: Fri, 9 Jan 2026 14:33:24 +0100
Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
dereferencing SSL_CIPHER
Fixes CVE-2025-15468
---
ssl/quic/quic_impl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 87c1370a8d..89c108a973 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
{
const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+ if (ciph == NULL)
+ return NULL;
if ((ciph->algorithm2 & SSL_QUIC) == 0)
return NULL;
--
2.51.0

61
openssl-CVE-2025-4575.patch
View File

@@ -1,61 +0,0 @@
From 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 20 May 2025 16:34:10 +0200
Subject: [PATCH] apps/x509.c: Fix the -addreject option adding trust instead
of rejection
Fixes CVE-2025-4575
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27672)
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
apps/x509.c | 2 +-
test/recipes/25-test_x509.t | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/apps/x509.c
===================================================================
--- openssl-3.5.0.orig/apps/x509.c
+++ openssl-3.5.0/apps/x509.c
@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
prog, opt_arg());
goto opthelp;
}
- if (!sk_ASN1_OBJECT_push(trust, objtmp))
+ if (!sk_ASN1_OBJECT_push(reject, objtmp))
goto end;
trustout = 1;
break;
Index: openssl-3.5.0/test/recipes/25-test_x509.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/25-test_x509.t
+++ openssl-3.5.0/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
setup("test_x509");
-plan tests => 134;
+plan tests => 138;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "
&& run(app(["openssl", "verify", "-no_check_time",
"-trusted", $ca, "-partial_chain", $caout])));
+# test trust decoration
+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
+ "-out", "ca-trusted.pem"])));
+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
+ 1, 'trusted use - E-mail Protection');
+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
+ "-out", "ca-rejected.pem"])));
+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
+ 1, 'rejected use - E-mail Protection');
+
subtest 'x509 -- x.509 v1 certificate' => sub {
tconversion( -type => 'x509', -prefix => 'x509v1',
-in => srctop_file("test", "testx509.pem") );

33
openssl-CVE-2025-66199.patch
View File

@@ -1,33 +0,0 @@
From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Thu, 8 Jan 2026 14:02:54 +0100
Subject: [PATCH] Check the received uncompressed certificate length to prevent
excessive pre-decompression allocation.
The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research).
Fixes: CVE-2025-66199
---
ssl/statem/statem_lib.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e0c853c0d..f82d8dcdac 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
goto err;
}
+ /* Prevent excessive pre-decompression allocation */
+ if (expected_length > sc->max_cert_list) {
+ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto err;
+ }
+
if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
goto err;
--
2.51.0

64
openssl-CVE-2025-68160.patch
View File

@@ -1,64 +0,0 @@
From 701aa270db8ad424cece68702b9bb2e05290af9b Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Wed, 7 Jan 2026 11:52:09 -0500
Subject: [PATCH] Fix heap buffer overflow in BIO_f_linebuffer
When a FIO_f_linebuffer is part of a bio chain, and the next BIO
preforms short writes, the remainder of the unwritten buffer is copied
unconditionally to the internal buffer ctx->obuf, which may not be
sufficiently sized to handle the remaining data, resulting in a buffer
overflow.
Fix it by only copying data when ctx->obuf has space, flushing to the
next BIO to increase available storage if needed.
Fixes CVE-2025-68160
---
crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
Index: openssl-3.5.0/crypto/bio/bf_lbuf.c
===================================================================
--- openssl-3.5.0.orig/crypto/bio/bf_lbuf.c
+++ openssl-3.5.0/crypto/bio/bf_lbuf.c
@@ -186,14 +186,34 @@ static int linebuffer_write(BIO *b, cons
while (foundnl && inl > 0);
/*
* We've written as much as we can. The rest of the input buffer, if
- * any, is text that doesn't and with a NL and therefore needs to be
- * saved for the next trip.
+ * any, is text that doesn't end with a NL and therefore we need to try
+ * free up some space in our obuf so we can make forward progress.
*/
- if (inl > 0) {
- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
- ctx->obuf_len += inl;
- num += inl;
+ while (inl > 0) {
+ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
+ size_t to_copy;
+
+ if (avail == 0) {
+ /* Flush buffered data to make room */
+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return num > 0 ? num : i;
+ }
+ if (i < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+ ctx->obuf_len -= i;
+ continue;
+ }
+
+ to_copy = inl > (int)avail ? avail : (size_t)inl;
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
+ ctx->obuf_len += (int)to_copy;
+ in += to_copy;
+ inl -= (int)to_copy;
+ num += (int)to_copy;
}
+
return num;
}

67
openssl-CVE-2025-69418.patch
View File

@@ -1,67 +0,0 @@
From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 8 Jan 2026 15:04:54 +0100
Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted
trailing bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When ctx->stream (e.g., AESNI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.
CVE-2025-69418
Fixes: https://github.com/openssl/srt/issues/58
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
---
crypto/modes/ocb128.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/modes/ocb128.c
===================================================================
--- openssl-3.5.0.orig/crypto/modes/ocb128.c
+++ openssl-3.5.0/crypto/modes/ocb128.c
@@ -338,7 +338,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -352,6 +352,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keyenc,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
/* Loop through all full blocks to be encrypted */
for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
@@ -430,7 +433,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -444,6 +447,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keydec,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
OCB_BLOCK tmp;

48
openssl-CVE-2025-69419.patch
View File

@@ -1,48 +0,0 @@
From 41be0f216404f14457bbf3b9cc488dba60b49296 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 11 Dec 2025 12:49:00 +0100
Subject: [PATCH] Check return code of UTF8_putc
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
---
crypto/asn1/a_strex.c | 6 ++++--
crypto/pkcs12/p12_utl.c | 5 +++++
2 files changed, 9 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/asn1/a_strex.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/a_strex.c
+++ openssl-3.5.0/crypto/asn1/a_strex.c
@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, in
orflags = CHARTYPE_LAST_ESC_2253;
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
- int utflen;
- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+
+ if (utflen < 0)
+ return -1; /* error happened with UTF8 */
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
Index: openssl-3.5.0/crypto/pkcs12/p12_utl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_utl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_utl.c
@@ -206,6 +206,11 @@ char *OPENSSL_uni2utf8(const unsigned ch
/* re-run the loop emitting UTF-8 string */
for (asclen = 0, i = 0; i < unilen; ) {
j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+ /* when UTF8_putc fails */
+ if (j < 0) {
+ OPENSSL_free(asctmp);
+ return NULL;
+ }
if (j == 4) i += 4;
else i += 2;
asclen += j;

40
openssl-CVE-2025-69420.patch
View File

@@ -1,40 +0,0 @@
From 6453d278557c8719233793730ec500c84aea55d9 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Verify ASN1 object's types before attempting to access them
as a particular type
Issue was reported in ossl_ess_get_signing_cert but is also present in
ossl_ess_get_signing_cert_v2.
Fixes: https://github.com/openssl/srt/issues/61
Fixes CVE-2025-69420
---
crypto/ts/ts_rsp_verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 3876e30f47..40dab687d1 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
@@ -221,7 +221,7 @@ static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
--
2.51.0

28
openssl-CVE-2025-69421.patch
View File

@@ -1,28 +0,0 @@
From 0a2ecb95993b588d2156dd6527459cc3983aabd5 Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 8 Jan 2026 01:24:30 +0900
Subject: [PATCH] Add NULL check to PKCS12_item_decrypt_d2i_ex
Address CVE-2025-69421
Add NULL check for oct parameter
---
crypto/pkcs12/p12_decr.c | 5 +++++
1 file changed, 5 insertions(+)
Index: openssl-3.5.0/crypto/pkcs12/p12_decr.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_decr.c
+++ openssl-3.5.0/crypto/pkcs12/p12_decr.c
@@ -143,6 +143,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X
void *ret;
int outlen = 0;
+ if (oct == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0, libctx, propq))
return NULL;

71
openssl-CVE-2026-22795.patch
View File

@@ -1,71 +0,0 @@
From 572844beca95068394c916626a6d3a490f831a49 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Ensure ASN1 types are checked before use.
Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
---
apps/s_client.c | 3 ++-
crypto/pkcs12/p12_kiss.c | 10 ++++++++--
crypto/pkcs7/pk7_doit.c | 2 ++
3 files changed, 12 insertions(+), 3 deletions(-)
Index: openssl-3.5.0/apps/s_client.c
===================================================================
--- openssl-3.5.0.orig/apps/s_client.c
+++ openssl-3.5.0/apps/s_client.c
@@ -2834,8 +2834,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
atyp = ASN1_generate_nconf(genstr, cnf);
- if (atyp == NULL) {
+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
goto end;
}
Index: openssl-3.5.0/crypto/pkcs12/p12_kiss.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_kiss.c
+++ openssl-3.5.0/crypto/pkcs12/p12_kiss.c
@@ -197,11 +197,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
+ if (attrib->type != V_ASN1_BMPSTRING)
+ return 0;
fname = attrib->value.bmpstring;
+ }
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
+ if (attrib->type != V_ASN1_OCTET_STRING)
+ return 0;
lkid = attrib->value.octet_string;
+ }
switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
Index: openssl-3.5.0/crypto/pkcs7/pk7_doit.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs7/pk7_doit.c
+++ openssl-3.5.0/crypto/pkcs7/pk7_doit.c
@@ -1228,6 +1228,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_att
ASN1_TYPE *astype;
if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
return NULL;
+ if (astype->type != V_ASN1_OCTET_STRING)
+ return NULL;
return astype->value.octet_string;
}

76
openssl-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
View File

@@ -38,10 +38,10 @@ NOTE: Dropped changes in test/recipes/80-test_cms.t
test/recipes/80-test_ssl_old.t | 3 +
11 files changed, 116 insertions(+), 18 deletions(-)
Index: openssl-3.5.0-beta1/crypto/dh/dh_backend.c
Index: openssl-3.5.3/crypto/dh/dh_backend.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_backend.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_backend.c
--- openssl-3.5.3.orig/crypto/dh/dh_backend.c
+++ openssl-3.5.3/crypto/dh/dh_backend.c
@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, cons
if (!dh_ffc_params_fromdata(dh, params))
return 0;
@@ -59,11 +59,11 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_backend.c
param_priv_len =
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
if (param_priv_len != NULL
Index: openssl-3.5.0-beta1/crypto/dh/dh_check.c
Index: openssl-3.5.3/crypto/dh/dh_check.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_check.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_check.c
@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *r
--- openssl-3.5.3.orig/crypto/dh/dh_check.c
+++ openssl-3.5.3/crypto/dh/dh_check.c
@@ -58,13 +58,15 @@ int DH_check_params(const DH *dh, int *r
nid = DH_get_nid((DH *)dh);
if (nid != NID_undef)
return 1;
@@ -84,10 +84,10 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_check.c
}
#else
int DH_check_params(const DH *dh, int *ret)
Index: openssl-3.5.0-beta1/crypto/dh/dh_gen.c
Index: openssl-3.5.3/crypto/dh/dh_gen.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_gen.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_gen.c
--- openssl-3.5.3.orig/crypto/dh/dh_gen.c
+++ openssl-3.5.3/crypto/dh/dh_gen.c
@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret,
int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
BN_GENCB *cb)
@@ -117,10 +117,10 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_gen.c
if (ret > 0)
dh->dirty_cnt++;
return ret;
Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
Index: openssl-3.5.3/crypto/dh/dh_key.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_key.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_key.c
--- openssl-3.5.3.orig/crypto/dh/dh_key.c
+++ openssl-3.5.3/crypto/dh/dh_key.c
@@ -336,8 +336,12 @@ static int generate_key(DH *dh)
goto err;
} else {
@@ -135,8 +135,8 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
+ goto err;
#else
if (dh->params.q == NULL) {
/* secret exponent length, must satisfy 2^(l-1) <= p */
@@ -358,9 +362,7 @@ static int generate_key(DH *dh)
/* secret exponent length, must satisfy 2^l < (p-1)/2 */
@@ -360,9 +364,7 @@ static int generate_key(DH *dh)
if (!BN_clear_bit(priv_key, 0))
goto err;
}
@@ -147,7 +147,7 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
/* Do a partial check for invalid p, q, g */
if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
FFC_PARAM_TYPE_DH, NULL))
@@ -376,6 +378,7 @@ static int generate_key(DH *dh)
@@ -378,6 +380,7 @@ static int generate_key(DH *dh)
priv_key))
goto err;
}
@@ -155,10 +155,10 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
}
}
Index: openssl-3.5.0-beta1/crypto/dh/dh_pmeth.c
Index: openssl-3.5.3/crypto/dh/dh_pmeth.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_pmeth.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_pmeth.c
--- openssl-3.5.3.orig/crypto/dh/dh_pmeth.c
+++ openssl-3.5.3/crypto/dh/dh_pmeth.c
@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_
prime_len, subprime_len, &res,
pcb);
@@ -180,11 +180,11 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_pmeth.c
if (rv <= 0) {
DH_free(ret);
return NULL;
Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/dh_kmgmt.c
Index: openssl-3.5.3/providers/implementations/keymgmt/dh_kmgmt.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/dh_kmgmt.c
+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/dh_kmgmt.c
@@ -420,6 +420,11 @@ static int dh_validate(const void *keyda
--- openssl-3.5.3.orig/providers/implementations/keymgmt/dh_kmgmt.c
+++ openssl-3.5.3/providers/implementations/keymgmt/dh_kmgmt.c
@@ -422,6 +422,11 @@ static int dh_validate(const void *keyda
if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
return 1; /* nothing to validate */
@@ -196,10 +196,10 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/dh_kmgmt.c
if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
/*
* Both of these functions check parameters. DH_check_params_ex()
Index: openssl-3.5.0-beta1/test/endecode_test.c
Index: openssl-3.5.3/test/endecode_test.c
===================================================================
--- openssl-3.5.0-beta1.orig/test/endecode_test.c
+++ openssl-3.5.0-beta1/test/endecode_test.c
--- openssl-3.5.3.orig/test/endecode_test.c
+++ openssl-3.5.3/test/endecode_test.c
@@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const cha
* for testing only. Use a minimum key size of 2048 for security purposes.
*/
@@ -213,10 +213,10 @@ Index: openssl-3.5.0-beta1/test/endecode_test.c
# endif
/*
Index: openssl-3.5.0-beta1/test/evp_libctx_test.c
Index: openssl-3.5.3/test/evp_libctx_test.c
===================================================================
--- openssl-3.5.0-beta1.orig/test/evp_libctx_test.c
+++ openssl-3.5.0-beta1/test/evp_libctx_test.c
--- openssl-3.5.3.orig/test/evp_libctx_test.c
+++ openssl-3.5.3/test/evp_libctx_test.c
@@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid,
if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
@@ -226,10 +226,10 @@ Index: openssl-3.5.0-beta1/test/evp_libctx_test.c
goto err;
if (expected) {
Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.c
Index: openssl-3.5.3/test/helpers/predefined_dhparams.c
===================================================================
--- openssl-3.5.0-beta1.orig/test/helpers/predefined_dhparams.c
+++ openssl-3.5.0-beta1/test/helpers/predefined_dhparams.c
--- openssl-3.5.3.orig/test/helpers/predefined_dhparams.c
+++ openssl-3.5.3/test/helpers/predefined_dhparams.c
@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libct
dhx512_q, sizeof(dhx512_q));
}
@@ -299,10 +299,10 @@ Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.c
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
{
static unsigned char dh1024_p[] = {
Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.h
Index: openssl-3.5.3/test/helpers/predefined_dhparams.h
===================================================================
--- openssl-3.5.0-beta1.orig/test/helpers/predefined_dhparams.h
+++ openssl-3.5.0-beta1/test/helpers/predefined_dhparams.h
--- openssl-3.5.3.orig/test/helpers/predefined_dhparams.h
+++ openssl-3.5.3/test/helpers/predefined_dhparams.h
@@ -12,6 +12,7 @@
#ifndef OPENSSL_NO_DH
EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
@@ -311,10 +311,10 @@ Index: openssl-3.5.0-beta1/test/helpers/predefined_dhparams.h
EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
Index: openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t
Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t
--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.3/test/recipes/80-test_ssl_old.t
@@ -458,6 +458,9 @@ sub testssl {
skip "skipping dhe1024dsa test", 1
if ($no_dh);

60
openssl-FIPS-140-3-keychecks.patch
View File

@@ -9,11 +9,11 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
2 files changed, 61 insertions(+), 4 deletions(-)
Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/rsa_kmgmt.c
+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -433,6 +433,7 @@ struct rsa_gen_ctx {
--- openssl-3.5.2.orig/providers/implementations/keymgmt/rsa_kmgmt.c
+++ openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -451,6 +451,7 @@ struct rsa_gen_ctx {
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
/* ACVP test parameters */
OSSL_PARAM *acvp_test_params;
@@ -21,7 +21,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
#endif
};
@@ -446,6 +447,12 @@ static int rsa_gencb(int p, int n, BN_GE
@@ -464,6 +465,12 @@ static int rsa_gencb(int p, int n, BN_GE
return gctx->cb(params, gctx->cbarg);
}
@@ -34,7 +34,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
static void *gen_init(void *provctx, int selection, int rsa_type,
const OSSL_PARAM params[])
{
@@ -473,6 +480,10 @@ static void *gen_init(void *provctx, int
@@ -491,6 +498,10 @@ static void *gen_init(void *provctx, int
if (!rsa_gen_set_params(gctx, params))
goto err;
@@ -45,7 +45,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
return gctx;
err:
@@ -629,6 +640,11 @@ static void *rsa_gen(void *genctx, OSSL_
@@ -647,6 +658,11 @@ static void *rsa_gen(void *genctx, OSSL_
rsa = rsa_tmp;
rsa_tmp = NULL;
@@ -57,7 +57,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
err:
BN_GENCB_free(gencb);
RSA_free(rsa_tmp);
@@ -644,6 +660,8 @@ static void rsa_gen_cleanup(void *genctx
@@ -662,6 +678,8 @@ static void rsa_gen_cleanup(void *genctx
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
gctx->acvp_test_params = NULL;
@@ -66,10 +66,10 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
#endif
BN_clear_free(gctx->pub_exp);
OPENSSL_free(gctx);
Index: openssl-3.5.0-beta1/providers/implementations/signature/rsa_sig.c
Index: openssl-3.5.2/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.0-beta1/providers/implementations/signature/rsa_sig.c
--- openssl-3.5.2.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.2/providers/implementations/signature/rsa_sig.c
@@ -35,7 +35,7 @@
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
@@ -152,10 +152,10 @@ Index: openssl-3.5.0-beta1/providers/implementations/signature/rsa_sig.c
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
Index: openssl-3.5.2/crypto/dh/dh_key.c
===================================================================
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_key.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_key.c
--- openssl-3.5.2.orig/crypto/dh/dh_key.c
+++ openssl-3.5.2/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
BN_MONT_CTX *mont = NULL;
BIGNUM *z = NULL, *pminus1;
@@ -204,7 +204,7 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
dh->pub_key = pub_key;
dh->priv_key = priv_key;
+#ifdef FIPS_MODULE
+ if (ossl_dh_check_pairwise(dh) <= 0) {
+ if (ossl_dh_check_pairwise(dh, 0) <= 0) {
+ abort();
+ }
+#endif
@@ -212,10 +212,10 @@ Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
dh->dirty_cnt++;
ok = 1;
err:
Index: openssl-3.5.0-beta1/providers/implementations/exchange/ecdh_exch.c
Index: openssl-3.5.2/providers/implementations/exchange/ecdh_exch.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/exchange/ecdh_exch.c
+++ openssl-3.5.0-beta1/providers/implementations/exchange/ecdh_exch.c
--- openssl-3.5.2.orig/providers/implementations/exchange/ecdh_exch.c
+++ openssl-3.5.2/providers/implementations/exchange/ecdh_exch.c
@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
#endif
@@ -242,11 +242,11 @@ Index: openssl-3.5.0-beta1/providers/implementations/exchange/ecdh_exch.c
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/ec_kmgmt.c
+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
@@ -993,9 +993,18 @@ struct ec_gen_ctx {
--- openssl-3.5.2.orig/providers/implementations/keymgmt/ec_kmgmt.c
+++ openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
@@ -1010,9 +1010,18 @@ struct ec_gen_ctx {
EC_GROUP *gen_group;
unsigned char *dhkem_ikm;
size_t dhkem_ikmlen;
@@ -265,7 +265,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
static void *ec_gen_init(void *provctx, int selection,
const OSSL_PARAM params[])
{
@@ -1015,6 +1024,10 @@ static void *ec_gen_init(void *provctx,
@@ -1032,6 +1041,10 @@ static void *ec_gen_init(void *provctx,
gctx = NULL;
}
}
@@ -276,7 +276,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
return gctx;
}
@@ -1326,6 +1339,12 @@ static void *ec_gen(void *genctx, OSSL_C
@@ -1343,6 +1356,12 @@ static void *ec_gen(void *genctx, OSSL_C
if (gctx->ecdh_mode != -1)
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
@@ -289,7 +289,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
if (gctx->group_check != NULL)
ret = ret && ossl_ec_set_check_group_type_from_name(ec,
@@ -1396,7 +1415,10 @@ static void ec_gen_cleanup(void *genctx)
@@ -1413,7 +1432,10 @@ static void ec_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
@@ -301,10 +301,10 @@ Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
EC_GROUP_free(gctx->gen_group);
BN_free(gctx->p);
Index: openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.2.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
@@ -33,7 +33,7 @@
#include "prov/der_ec.h"
#include "crypto/ec.h"
@@ -332,7 +332,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
{
PROV_ECDSA_CTX *ctx;
@@ -604,7 +604,7 @@ int ecdsa_digest_verify_final(void *vctx
@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx
return ok;
}
@@ -341,7 +341,7 @@ Index: openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
@@ -853,6 +853,35 @@ static const OSSL_PARAM *ecdsa_settable_
@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_
return EVP_MD_settable_ctx_params(ctx->md);
}

34
openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
View File

@@ -10,10 +10,10 @@ Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
test/recipes/25-test_verify.t | 7 ++--
4 files changed, 79 insertions(+), 18 deletions(-)
Index: openssl-3.5.0/crypto/x509/x509_vfy.c
Index: openssl-3.5.1/crypto/x509/x509_vfy.c
===================================================================
--- openssl-3.5.0.orig/crypto/x509/x509_vfy.c
+++ openssl-3.5.0/crypto/x509/x509_vfy.c
--- openssl-3.5.1.orig/crypto/x509/x509_vfy.c
+++ openssl-3.5.1/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
@@ -54,10 +54,10 @@ Index: openssl-3.5.0/crypto/x509/x509_vfy.c
+
return secbits >= minbits_table[level - 1];
}
Index: openssl-3.5.0/ssl/t1_lib.c
Index: openssl-3.5.1/ssl/t1_lib.c
===================================================================
--- openssl-3.5.0.orig/ssl/t1_lib.c
+++ openssl-3.5.0/ssl/t1_lib.c
--- openssl-3.5.1.orig/ssl/t1_lib.c
+++ openssl-3.5.1/ssl/t1_lib.c
@@ -21,6 +21,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -66,7 +66,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -2807,19 +2808,27 @@ int tls12_check_peer_sigalg(SSL_CONNECTI
@@ -2809,19 +2810,27 @@ int tls12_check_peer_sigalg(SSL_CONNECTI
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
@@ -107,7 +107,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -3391,6 +3400,14 @@ static int tls12_sigalg_allowed(const SS
@@ -3393,6 +3402,14 @@ static int tls12_sigalg_allowed(const SS
}
}
@@ -122,7 +122,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -4381,6 +4398,8 @@ static int ssl_security_cert_sig(SSL_CON
@@ -4383,6 +4400,8 @@ static int ssl_security_cert_sig(SSL_CON
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
@@ -131,7 +131,7 @@ Index: openssl-3.5.0/ssl/t1_lib.c
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
@@ -4390,6 +4409,25 @@ static int ssl_security_cert_sig(SSL_CON
@@ -4392,6 +4411,25 @@ static int ssl_security_cert_sig(SSL_CON
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
@@ -157,20 +157,20 @@ Index: openssl-3.5.0/ssl/t1_lib.c
if (s != NULL)
return ssl_security(s, op, secbits, nid, x);
else
Index: openssl-3.5.0/test/recipes/25-test_verify.t
Index: openssl-3.5.1/test/recipes/25-test_verify.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/25-test_verify.t
+++ openssl-3.5.0/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
--- openssl-3.5.1.orig/test/recipes/25-test_verify.t
+++ openssl-3.5.1/test/recipes/25-test_verify.t
@@ -30,7 +30,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 194;
+plan tests => 193;
-plan tests => 203;
+plan tests => 202;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -484,8 +484,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root
@@ -485,8 +485,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");

68
openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
View File

@@ -1,7 +1,7 @@
Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c
Index: openssl-3.5.3/providers/implementations/signature/dsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/dsa_sig.c
--- openssl-3.5.3.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.3/providers/implementations/signature/dsa_sig.c
@@ -187,9 +187,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
}
#ifdef FIPS_MODULE
@@ -13,10 +13,10 @@ Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
OSSL_FIPS_IND_SETTABLE1,
Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.5.3/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.3.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.3/providers/implementations/signature/ecdsa_sig.c
@@ -215,9 +215,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
#ifdef FIPS_MODULE
@@ -28,10 +28,10 @@ Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
OSSL_FIPS_IND_SETTABLE1,
Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c
Index: openssl-3.5.3/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.5.0.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/rsa_sig.c
--- openssl-3.5.3.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.3/providers/implementations/signature/rsa_sig.c
@@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ct
}
#ifdef FIPS_MODULE
@@ -59,10 +59,10 @@ Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c
}
if (pmgf1mdname != NULL
Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
===================================================================
--- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
Title = ECDSA tests
@@ -133,12 +133,12 @@ Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-Result = KEYOP_MISMATCH
+Result = PKEY_CTRL_ERROR
Title = XOF disallowed
Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
FIPSversion = >=3.6.0
Sign = P-256
Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
===================================================================
--- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
+++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
@@ -37,34 +37,34 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
Title = ECDSA tests
@@ -260,10 +260,10 @@ Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
Input = "0123456789ABCDEF1234"
-Result = KEYOP_MISMATCH
+Result = KEYOP_INIT_ERROR
Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
===================================================================
--- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -96,6 +96,7 @@ NDL6WCBbets=
Title = RSA tests
@@ -616,10 +616,10 @@ Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Availablein = fips
FIPSversion = >=3.4.0
Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa.txt
Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa.txt
===================================================================
--- openssl-3.5.0.orig/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa.txt
--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa.txt
@@ -268,8 +268,8 @@ TwIDAQAB
PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT
@@ -933,11 +933,11 @@ Index: openssl-3.5.0/test/recipes/30-test_evp_data/evppkey_rsa.txt
Verify=RSA-PSS-8
Ctrl = rsa_padding_mode:pss
Ctrl = rsa_mgf1_md:sha1
Index: openssl-3.5.0/test/recipes/80-test_cms.t
Index: openssl-3.5.3/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.0/test/recipes/80-test_cms.t
@@ -174,7 +174,7 @@ my @smime_pkcs7_tests = (
--- openssl-3.5.3.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.3/test/recipes/80-test_cms.t
@@ -183,7 +183,7 @@ my @smime_pkcs7_tests = (
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
"-certfile", $smroot,
"-signer", $smrsa1, "-out", "{output}.cms" ],
@@ -946,7 +946,7 @@ Index: openssl-3.5.0/test/recipes/80-test_cms.t
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&final_compare
],
@@ -182,7 +182,7 @@ my @smime_pkcs7_tests = (
@@ -191,7 +191,7 @@ my @smime_pkcs7_tests = (
[ "signed zero-length content S/MIME format, RSA key SHA1",
[ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
"-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
@@ -955,10 +955,10 @@ Index: openssl-3.5.0/test/recipes/80-test_cms.t
"-CAfile", $smroot, "-out", "{output}.txt" ],
\&zero_compare
],
Index: openssl-3.5.0/test/recipes/80-test_ssl_old.t
Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.0/test/recipes/80-test_ssl_old.t
--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.3/test/recipes/80-test_ssl_old.t
@@ -465,6 +465,9 @@ sub testssl {
'test sslv2/sslv3 with 1024bit DHE via BIO pair');
}
@@ -977,10 +977,10 @@ Index: openssl-3.5.0/test/recipes/80-test_ssl_old.t
SKIP: {
skip "No IPv4 available on this machine", 4
Index: openssl-3.5.0/apps/openssl.cnf
Index: openssl-3.5.3/apps/openssl.cnf
===================================================================
--- openssl-3.5.0.orig/apps/openssl.cnf
+++ openssl-3.5.0/apps/openssl.cnf
--- openssl-3.5.3.orig/apps/openssl.cnf
+++ openssl-3.5.3/apps/openssl.cnf
@@ -119,7 +119,7 @@ cert_opt = ca_default # Certificate fi
default_days = 365 # how long to certify for

55
openssl-FIPS-NO-DES-support.patch
View File

@@ -12,11 +12,11 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
test/recipes/80-test_cms.t | 2 +-
5 files changed, 14 insertions(+), 13 deletions(-)
Index: openssl-3.5.0-beta1/providers/fips/fipsprov.c
Index: openssl-3.5.2/providers/fips/fipsprov.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/fips/fipsprov.c
+++ openssl-3.5.0-beta1/providers/fips/fipsprov.c
@@ -358,7 +358,8 @@ static const OSSL_ALGORITHM_CAPABLE fips
--- openssl-3.5.2.orig/providers/fips/fipsprov.c
+++ openssl-3.5.2/providers/fips/fipsprov.c
@@ -360,7 +360,8 @@ static const OSSL_ALGORITHM_CAPABLE fips
ossl_cipher_capable_aes_cbc_hmac_sha256),
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
@@ -26,28 +26,11 @@ Index: openssl-3.5.0-beta1/providers/fips/fipsprov.c
ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
#endif /* OPENSSL_NO_DES */
Index: openssl-3.5.0-beta1/providers/fips/self_test_data.inc
Index: openssl-3.5.2/providers/fips/self_test_data.inc
===================================================================
--- openssl-3.5.0-beta1.orig/providers/fips/self_test_data.inc
+++ openssl-3.5.0-beta1/providers/fips/self_test_data.inc
@@ -209,6 +209,7 @@ static const ST_KAT_DIGEST st_kat_digest
/*- CIPHER TEST DATA */
/* DES3 test data */
+#if 0
static const unsigned char des_ede3_cbc_pt[] = {
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
@@ -229,7 +230,7 @@ static const unsigned char des_ede3_cbc_
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
};
-
+#endif
/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
@@ -315,6 +316,7 @@ static const ST_KAT_CIPHER st_kat_cipher
--- openssl-3.5.2.orig/providers/fips/self_test_data.inc
+++ openssl-3.5.2/providers/fips/self_test_data.inc
@@ -293,6 +293,7 @@ static const ST_KAT_CIPHER st_kat_cipher
CIPHER_MODE_DECRYPT,
ITM(aes_128_ecb_key)
},
@@ -55,7 +38,7 @@ Index: openssl-3.5.0-beta1/providers/fips/self_test_data.inc
#ifndef OPENSSL_NO_DES
{
{
@@ -327,6 +329,7 @@ static const ST_KAT_CIPHER st_kat_cipher
@@ -305,6 +306,7 @@ static const ST_KAT_CIPHER st_kat_cipher
ITM(tdes_key)
}
#endif
@@ -63,10 +46,10 @@ Index: openssl-3.5.0-beta1/providers/fips/self_test_data.inc
};
static const char hkdf_digest[] = "SHA256";
Index: openssl-3.5.0-beta1/test/evp_libctx_test.c
Index: openssl-3.5.2/test/evp_libctx_test.c
===================================================================
--- openssl-3.5.0-beta1.orig/test/evp_libctx_test.c
+++ openssl-3.5.0-beta1/test/evp_libctx_test.c
--- openssl-3.5.2.orig/test/evp_libctx_test.c
+++ openssl-3.5.2/test/evp_libctx_test.c
@@ -831,7 +831,9 @@ int setup_tests(void)
ADD_TEST(kem_invalid_keytype);
#endif
@@ -78,10 +61,10 @@ Index: openssl-3.5.0-beta1/test/evp_libctx_test.c
#endif
return 1;
}
Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
--- openssl-3.5.2.orig/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ openssl-3.5.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -14,7 +14,7 @@
Title = DES3 Tests
@@ -131,16 +114,16 @@ Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
# Test that DES3 ECB mode encryption is not FIPS approved
-Availablein = fipss
-Availablein = fips
-FIPSversion = >=3.4.0
+Availablein = none
Cipher = DES-EDE3-ECB
Operation = ENCRYPT
Unapproved = 1
Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t
Index: openssl-3.5.2/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.0-beta1/test/recipes/80-test_cms.t
--- openssl-3.5.2.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.2/test/recipes/80-test_cms.t
@@ -398,7 +398,7 @@ my @smime_cms_tests = (
\&final_compare
],

91
openssl-FIPS-enforce-EMS-support.patch
View File

@@ -19,11 +19,11 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
test/sslapitest.c | 2 +-
9 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index e2c1e69847..009b683b27 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
Index: openssl-3.5.2/doc/man3/SSL_CONF_cmd.pod
===================================================================
--- openssl-3.5.2.orig/doc/man3/SSL_CONF_cmd.pod
+++ openssl-3.5.2/doc/man3/SSL_CONF_cmd.pod
@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended ma
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
@@ -33,11 +33,11 @@ index e2c1e69847..009b683b27 100644
B<CANames>: use CA names extension, enabled by
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 15748c5756..34cbfbb2ad 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the
Index: openssl-3.5.2/doc/man5/fips_config.pod
===================================================================
--- openssl-3.5.2.orig/doc/man5/fips_config.pod
+++ openssl-3.5.2/doc/man5/fips_config.pod
@@ -11,6 +11,19 @@ automatically loaded when the system is
environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
for more information.
@@ -56,12 +56,12 @@ index 15748c5756..34cbfbb2ad 100644
+
=head1 COPYRIGHT
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 0b2232b01c..99b2ad4eb3 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Index: openssl-3.5.2/include/openssl/ssl.h.in
===================================================================
--- openssl-3.5.2.orig/include/openssl/ssl.h.in
+++ openssl-3.5.2/include/openssl/ssl.h.in
@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL
* interoperability with CryptoPro CSP 3.x
*/
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
@@ -69,10 +69,10 @@ index 0b2232b01c..99b2ad4eb3 100644
/*
* Disable RFC8879 certificate compression
* SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
index c1b029de86..47d1cf2d01 100644
--- a/providers/fips/include/fips_indicator_params.inc
+++ b/providers/fips/include/fips_indicator_params.inc
Index: openssl-3.5.2/providers/fips/include/fips_indicator_params.inc
===================================================================
--- openssl-3.5.2.orig/providers/fips/include/fips_indicator_params.inc
+++ openssl-3.5.2/providers/fips/include/fips_indicator_params.inc
@@ -1,5 +1,5 @@
OSSL_FIPS_PARAM(security_checks, SECURITY_CHECKS, 1)
-OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 0)
@@ -80,11 +80,11 @@ index c1b029de86..47d1cf2d01 100644
OSSL_FIPS_PARAM(no_short_mac, NO_SHORT_MAC, 1)
OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0)
OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0)
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 946d20be52..b52c1675fd 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
Index: openssl-3.5.2/ssl/ssl_conf.c
===================================================================
--- openssl-3.5.2.orig/ssl/ssl_conf.c
+++ openssl-3.5.2/ssl/ssl_conf.c
@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cct
SSL_FLAG_TBL("ClientRenegotiation",
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
@@ -92,10 +92,10 @@ index 946d20be52..b52c1675fd 100644
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX),
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index dd771207f6..48db802b1f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
Index: openssl-3.5.2/ssl/statem/extensions_srvr.c
===================================================================
--- openssl-3.5.2.orig/ssl/statem/extensions_srvr.c
+++ openssl-3.5.2/ssl/statem/extensions_srvr.c
@@ -12,6 +12,7 @@
#include "statem_local.h"
#include "internal/cryptlib.h"
@@ -104,7 +104,7 @@ index dd771207f6..48db802b1f 100644
#define COOKIE_STATE_FORMAT_VERSION 1
@@ -1874,8 +1875,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CO
unsigned int context,
X509 *x, size_t chainidx)
{
@@ -119,10 +119,10 @@ index dd771207f6..48db802b1f 100644
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 474ea7bf5b..e0e595e989 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
Index: openssl-3.5.2/ssl/t1_enc.c
===================================================================
--- openssl-3.5.2.orig/ssl/t1_enc.c
+++ openssl-3.5.2/ssl/t1_enc.c
@@ -21,6 +21,7 @@
#include <openssl/obj_mac.h>
#include <openssl/core_names.h>
@@ -148,11 +148,11 @@ index 474ea7bf5b..e0e595e989 100644
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index 50944328cb..edb2e81273 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
===================================================================
--- openssl-3.5.2.orig/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ openssl-3.5.2/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
@@ -169,11 +169,11 @@ index 50944328cb..edb2e81273 100644
FIPSversion = <=3.1.0
KDF = TLS1-PRF
Ctrl.digest = digest:SHA256
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 16155afccb..93766fae23 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void)
Index: openssl-3.5.2/test/sslapitest.c
===================================================================
--- openssl-3.5.2.orig/test/sslapitest.c
+++ openssl-3.5.2/test/sslapitest.c
@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(vo
STACK_OF(X509) *server_chain;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
@@ -182,6 +182,3 @@ index 16155afccb..93766fae23 100644
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), TLS1_VERSION, 0,
--
2.49.0

50
openssl-FIPS-limit-rsa-encrypt.patch
View File

@@ -18,10 +18,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
6 files changed, 164 insertions(+), 43 deletions(-)
mode change 100644 => 100755 test/recipes/80-test_ssl_old.t
Index: openssl-3.5.0-beta1/providers/common/securitycheck.c
Index: openssl-3.5.3/providers/common/securitycheck.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/common/securitycheck.c
+++ openssl-3.5.0-beta1/providers/common/securitycheck.c
--- openssl-3.5.3.orig/providers/common/securitycheck.c
+++ openssl-3.5.3/providers/common/securitycheck.c
@@ -64,6 +64,7 @@ int ossl_rsa_key_op_get_protect(const RS
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
@@ -30,10 +30,10 @@ Index: openssl-3.5.0-beta1/providers/common/securitycheck.c
int ossl_rsa_check_key_size(const RSA *rsa, int protect)
{
int sz = RSA_bits(rsa);
Index: openssl-3.5.0-beta1/providers/fips/include/fips_indicator_params.inc
Index: openssl-3.5.3/providers/fips/include/fips_indicator_params.inc
===================================================================
--- openssl-3.5.0-beta1.orig/providers/fips/include/fips_indicator_params.inc
+++ openssl-3.5.0-beta1/providers/fips/include/fips_indicator_params.inc
--- openssl-3.5.3.orig/providers/fips/include/fips_indicator_params.inc
+++ openssl-3.5.3/providers/fips/include/fips_indicator_params.inc
@@ -13,7 +13,7 @@ OSSL_FIPS_PARAM(sskdf_digest_check, SSKD
OSSL_FIPS_PARAM(x963kdf_digest_check, X963KDF_DIGEST_CHECK, 0)
OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0)
@@ -43,13 +43,13 @@ Index: openssl-3.5.0-beta1/providers/fips/include/fips_indicator_params.inc
OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0)
OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0)
OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0)
Index: openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c
Index: openssl-3.5.3/providers/implementations/asymciphers/rsa_enc.c
===================================================================
--- openssl-3.5.0-beta1.orig/providers/implementations/asymciphers/rsa_enc.c
+++ openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c
@@ -168,6 +168,18 @@ static int rsa_encrypt(void *vprsactx, u
--- openssl-3.5.3.orig/providers/implementations/asymciphers/rsa_enc.c
+++ openssl-3.5.3/providers/implementations/asymciphers/rsa_enc.c
@@ -174,6 +174,18 @@ static int rsa_encrypt(void *vprsactx, u
return 0;
}
#endif
+# ifdef FIPS_MODULE
+ if (prsactx->pad_mode == RSA_NO_PADDING) {
@@ -64,9 +64,9 @@ Index: openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c
+# endif
+
if (out == NULL) {
size_t len = RSA_size(prsactx->rsa);
@@ -230,6 +242,20 @@ static int rsa_decrypt(void *vprsactx, u
*outlen = len;
return 1;
@@ -235,6 +247,20 @@ static int rsa_decrypt(void *vprsactx, u
if (!ossl_prov_is_running())
return 0;
@@ -87,10 +87,10 @@ Index: openssl-3.5.0-beta1/providers/implementations/asymciphers/rsa_enc.c
if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
if (out == NULL) {
*outlen = SSL_MAX_MASTER_KEY_LENGTH;
Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Index: openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
--- openssl-3.5.3.orig/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+++ openssl-3.5.3/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974
Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
@@ -910,11 +910,11 @@ Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
Decrypt=RSA-OAEP-9
Ctrl = rsa_padding_mode:oaep
Ctrl = rsa_mgf1_md:sha1
Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t
Index: openssl-3.5.3/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.0-beta1/test/recipes/80-test_cms.t
@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = (
--- openssl-3.5.3.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.3/test/recipes/80-test_cms.t
@@ -267,7 +267,7 @@ my @smime_pkcs7_tests = (
if ($no_fips || $old_fips) {
push(@smime_pkcs7_tests,
@@ -923,7 +923,7 @@ Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t
[ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
"-aes256", "-stream", "-out", "{output}.cms",
$smrsa1,
@@ -1267,6 +1267,9 @@ sub check_availability {
@@ -1284,6 +1284,9 @@ sub check_availability {
return "$tnam: skipped, DSA disabled\n"
if ($no_dsa && $tnam =~ / DSA/);
@@ -933,10 +933,10 @@ Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t
return "";
}
Index: openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t
Index: openssl-3.5.3/test/recipes/80-test_ssl_old.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.0-beta1/test/recipes/80-test_ssl_old.t
--- openssl-3.5.3.orig/test/recipes/80-test_ssl_old.t
+++ openssl-3.5.3/test/recipes/80-test_ssl_old.t
@@ -561,6 +561,18 @@ sub testssl {
# the default choice if TLSv1.3 enabled
my $flag = $protocol eq "-tls1_3" ? "" : $protocol;

125
openssl-Fix-P384-on-P8-targets.patch
View File

@@ -1,125 +0,0 @@
From a72f753cc5a43e58087358317975f6be46c15e01 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Thu, 17 Apr 2025 08:51:53 -0500
Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
The change adding an asm implementation of p384_felem_reduce incorrectly
uses the accelerated version on both targets that support the intrinsics
*and* targets that don't, instead of falling back to the generics on older
targets. This results in crashes when trying to use P-384 on < Power9.
Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
Closes: #27350
Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27429)
(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
---
crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
1 file changed, 33 insertions(+), 21 deletions(-)
diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
index 2ceb94fe33b7e..9d682f5a02cce 100644
--- a/crypto/ec/ecp_nistp384.c
+++ b/crypto/ec/ecp_nistp384.c
@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
out[i] = acc[i];
}
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+ widefelem tmp;
+
+ felem_square_ref(tmp, in);
+ felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+ widefelem tmp;
+
+ felem_mul_ref(tmp, in1, in2);
+ felem_reduce_ref(out, tmp);
+}
+
#if defined(ECP_NISTP384_ASM)
static void felem_square_wrapper(widefelem out, const felem in);
static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+ felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+ felem_mul_reduce_ref;
+
void p384_felem_square(widefelem out, const felem in);
void p384_felem_mul(widefelem out, const felem in1, const felem in2);
void p384_felem_reduce(felem out, const widefelem in);
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+
# if defined(_ARCH_PPC64)
# include "crypto/ppc_arch.h"
# endif
@@ -710,6 +734,8 @@ static void felem_select(void)
felem_square_p = p384_felem_square;
felem_mul_p = p384_felem_mul;
felem_reduce_p = p384_felem_reduce;
+ felem_square_reduce_p = p384_felem_square_reduce;
+ felem_mul_reduce_p = p384_felem_mul_reduce;
return;
}
@@ -718,7 +744,9 @@ static void felem_select(void)
/* Default */
felem_square_p = felem_square_ref;
felem_mul_p = felem_mul_ref;
- felem_reduce_p = p384_felem_reduce;
+ felem_reduce_p = felem_reduce_ref;
+ felem_square_reduce_p = felem_square_reduce_ref;
+ felem_mul_reduce_p = felem_mul_reduce_ref;
}
static void felem_square_wrapper(widefelem out, const felem in)
@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
# define felem_mul felem_mul_p
# define felem_reduce felem_reduce_p
-void p384_felem_square_reduce(felem out, const felem in);
-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-
-# define felem_square_reduce p384_felem_square_reduce
-# define felem_mul_reduce p384_felem_mul_reduce
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
#else
# define felem_square felem_square_ref
# define felem_mul felem_mul_ref
# define felem_reduce felem_reduce_ref
-static ossl_inline void felem_square_reduce(felem out, const felem in)
-{
- widefelem tmp;
-
- felem_square(tmp, in);
- felem_reduce(out, tmp);
-}
-
-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
-{
- widefelem tmp;
-
- felem_mul(tmp, in1, in2);
- felem_reduce(out, tmp);
-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
#endif
/*-

34
openssl-Fix-Wfree-nonheap-object-warning.patch Normal file
View File

@@ -0,0 +1,34 @@
Index: openssl-3.5.0/crypto/bn/bn_exp.c
===================================================================
--- openssl-3.5.0.orig/crypto/bn/bn_exp.c
+++ openssl-3.5.0/crypto/bn/bn_exp.c
@@ -166,6 +166,20 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
return ret;
}
+/* As per limitations of C, the compiler cannot determine statically that in the
+ * case of BN_RECP_CTX_free, the BN_RECP_CTX.flag will not have a value of
+ * BN_FLG_MALLOCED, thus we hit a warning (-Wfree-nonheap-object) in
+ * BN_mod_exp_recp. Fix that by omiting the check for BN_FLG_MALLOCED.
+ */
+void BN_RECP_CTX_free_static(BN_RECP_CTX *recp)
+{
+ if (recp == NULL)
+ return;
+
+ BN_free(&recp->N);
+ BN_free(&recp->Nr);
+}
+
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
@@ -304,7 +318,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
ret = 1;
err:
BN_CTX_end(ctx);
- BN_RECP_CTX_free(&recp);
+ BN_RECP_CTX_free_static(&recp);
bn_check_top(r);
return ret;
}

87
openssl-disable-fipsinstall.patch
View File

@@ -23,10 +23,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
mode change 100644 => 100755 test/recipes/01-test_fipsmodule_cnf.t
mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t
Index: openssl-3.5.0-beta1/apps/fipsinstall.c
Index: openssl-3.5.2/apps/fipsinstall.c
===================================================================
--- openssl-3.5.0-beta1.orig/apps/fipsinstall.c
+++ openssl-3.5.0-beta1/apps/fipsinstall.c
--- openssl-3.5.2.orig/apps/fipsinstall.c
+++ openssl-3.5.2/apps/fipsinstall.c
@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **ar
EVP_MAC *mac = NULL;
CONF *conf = NULL;
@@ -37,14 +37,15 @@ Index: openssl-3.5.0-beta1/apps/fipsinstall.c
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
Index: openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
Index: openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
===================================================================
--- openssl-3.5.0-beta1.orig/doc/man1/openssl-fipsinstall.pod.in
+++ openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
@@ -8,488 +8,9 @@ openssl-fipsinstall - perform FIPS confi
--- openssl-3.5.2.orig/doc/man1/openssl-fipsinstall.pod.in
+++ openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
@@ -7,485 +7,9 @@ openssl-fipsinstall - perform FIPS confi
=head1 SYNOPSIS
B<openssl fipsinstall>
-B<openssl fipsinstall>
-[B<-help>]
-[B<-in> I<configfilename>]
-[B<-out> I<configfilename>]
@@ -274,9 +275,7 @@ Index: openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
-
-=item B<-hkdf_digest_check>
-
-Configure the module to enable a run-time digest check when deriving a key by
-HKDF.
-See NIST SP 800-56Cr2 for details.
-This option is deprecated.
-
-=item B<-tls13_kdf_digest_check>
-
@@ -298,9 +297,7 @@ Index: openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
-
-=item B<-sskdf_digest_check>
-
-Configure the module to enable a run-time digest check when deriving a key by
-SSKDF.
-See NIST SP 800-56Cr2 for details.
-This option is deprecated.
-
-=item B<-x963kdf_digest_check>
-
@@ -533,11 +530,11 @@ Index: openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
=head1 COPYRIGHT
Index: openssl-3.5.0-beta1/doc/man1/openssl.pod
Index: openssl-3.5.2/doc/man1/openssl.pod
===================================================================
--- openssl-3.5.0-beta1.orig/doc/man1/openssl.pod
+++ openssl-3.5.0-beta1/doc/man1/openssl.pod
@@ -137,10 +137,6 @@ Engine (loadable module) information and
--- openssl-3.5.2.orig/doc/man1/openssl.pod
+++ openssl-3.5.2/doc/man1/openssl.pod
@@ -139,10 +139,6 @@ Engine (loadable module) information and
Error Number to Error String Conversion.
@@ -548,10 +545,10 @@ Index: openssl-3.5.0-beta1/doc/man1/openssl.pod
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
Index: openssl-3.5.0-beta1/doc/man5/config.pod
Index: openssl-3.5.2/doc/man5/config.pod
===================================================================
--- openssl-3.5.0-beta1.orig/doc/man5/config.pod
+++ openssl-3.5.0-beta1/doc/man5/config.pod
--- openssl-3.5.2.orig/doc/man5/config.pod
+++ openssl-3.5.2/doc/man5/config.pod
@@ -582,7 +582,6 @@ configuration files using that syntax wi
=head1 SEE ALSO
@@ -560,11 +557,11 @@ Index: openssl-3.5.0-beta1/doc/man5/config.pod
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
Index: openssl-3.5.2/doc/man5/fips_config.pod
===================================================================
--- openssl-3.5.0-beta1.orig/doc/man5/fips_config.pod
+++ openssl-3.5.0-beta1/doc/man5/fips_config.pod
@@ -6,230 +6,10 @@ fips_config - OpenSSL FIPS configuration
--- openssl-3.5.2.orig/doc/man5/fips_config.pod
+++ openssl-3.5.2/doc/man5/fips_config.pod
@@ -6,224 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
@@ -624,17 +621,11 @@ Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
-
-=item B<install-status>
-
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-This field is deprecated and is no longer used.
-
-=item B<install-mac>
-
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-This field is deprecated and is no longer used.
-
-=back
-
@@ -674,7 +665,7 @@ Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
-
-=item B<hkdf-digest-check>
-
-See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check>
-This option is deprecated.
-
-=item B<tls13-kdf-digest-check>
-
@@ -690,7 +681,7 @@ Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
-
-=item B<sskdf-digest-check>
-
-See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check>
-This option is deprecated.
-
-=item B<x963kdf-digest-check>
-
@@ -799,11 +790,11 @@ Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
=head1 COPYRIGHT
Index: openssl-3.5.0-beta1/doc/man7/OSSL_PROVIDER-FIPS.pod
Index: openssl-3.5.2/doc/man7/OSSL_PROVIDER-FIPS.pod
===================================================================
--- openssl-3.5.0-beta1.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ openssl-3.5.0-beta1/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -575,7 +575,6 @@ want to operate in a FIPS approved manne
--- openssl-3.5.2.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ openssl-3.5.2/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -570,7 +570,6 @@ process.
=head1 SEE ALSO
@@ -811,10 +802,10 @@ Index: openssl-3.5.0-beta1/doc/man7/OSSL_PROVIDER-FIPS.pod
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
Index: openssl-3.5.0-beta1/test/recipes/00-prep_fipsmodule_cnf.t
Index: openssl-3.5.2/test/recipes/00-prep_fipsmodule_cnf.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.5.0-beta1/test/recipes/00-prep_fipsmodule_cnf.t
--- openssl-3.5.2.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.5.2/test/recipes/00-prep_fipsmodule_cnf.t
@@ -29,8 +29,10 @@ my $fipsmoduleconf = bldtop_file('test',
plan tests => 1;
@@ -830,10 +821,10 @@ Index: openssl-3.5.0-beta1/test/recipes/00-prep_fipsmodule_cnf.t
+# '-module', $fipsmodule, '-provider_name', 'fips',
+# '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
+# "fips install");
Index: openssl-3.5.0-beta1/test/recipes/01-test_fipsmodule_cnf.t
Index: openssl-3.5.2/test/recipes/01-test_fipsmodule_cnf.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.5.0-beta1/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.5.2.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.5.2/test/recipes/01-test_fipsmodule_cnf.t
@@ -31,7 +31,8 @@ plan tests => 1;
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
@@ -846,10 +837,10 @@ Index: openssl-3.5.0-beta1/test/recipes/01-test_fipsmodule_cnf.t
+#ok(run(app(['openssl', 'fipsinstall',
+# '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
+# "fipsinstall verify");
Index: openssl-3.5.0-beta1/test/recipes/03-test_fipsinstall.t
Index: openssl-3.5.2/test/recipes/03-test_fipsinstall.t
===================================================================
--- openssl-3.5.0-beta1.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.5.0-beta1/test/recipes/03-test_fipsinstall.t
--- openssl-3.5.2.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.5.2/test/recipes/03-test_fipsinstall.t
@@ -22,6 +22,8 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;

29
openssl3-CVE-2025-9230.patch
View File

@@ -1,29 +0,0 @@
From eb7ca9504a1b9ba7ed50140fc5b81e1e5e9adf59 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 11 Sep 2025 18:10:12 +0200
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
Fixes CVE-2025-9230
The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.
---
crypto/cms/cms_pwri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 106bd98dc7..ba8646f93c 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
- if (inlen < (size_t)(tmp[0] - 4)) {
+ if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}
--
2.51.0

46
openssl3-CVE-2025-9231.patch
View File

@@ -1,46 +0,0 @@
From d874cbd603bb1b254cfe212797f18fc7cdb7cc52 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:40:34 +0200
Subject: [PATCH] SM2: Use constant time modular inversion
Fixes CVE-2025-9231
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/ec/ecp_sm2p256.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c
index aabe74b6e4..d75230a651 100644
--- a/crypto/ec/ecp_sm2p256.c
+++ b/crypto/ec/ecp_sm2p256.c
@@ -747,7 +747,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ec_GFp_simple_point_copy,
ossl_ec_GFp_simple_point_set_to_infinity,
ossl_ec_GFp_simple_point_set_affine_coordinates,
- ecp_sm2p256_get_affine,
+ ossl_ec_GFp_simple_point_get_affine_coordinates,
0, 0, 0,
ossl_ec_GFp_simple_add,
ossl_ec_GFp_simple_dbl,
@@ -763,7 +763,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ecp_sm2p256_field_mul,
ecp_sm2p256_field_sqr,
0 /* field_div */,
- 0 /* field_inv */,
+ ossl_ec_GFp_simple_field_inv,
0 /* field_encode */,
0 /* field_decode */,
0 /* field_set_to_one */,
@@ -779,7 +779,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ecdsa_simple_sign_setup,
ossl_ecdsa_simple_sign_sig,
ossl_ecdsa_simple_verify_sig,
- ecp_sm2p256_inv_mod_ord,
+ 0, /* use constanttime fallback for inverse mod order */
0, /* blind_coordinates */
0, /* ladder_pre */
0, /* ladder_step */
--
2.51.0

28
openssl3-CVE-2025-9232.patch
View File

@@ -1,28 +0,0 @@
From b8427e03e06c5ffde63f2231b7c0663b4c2510cd Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:43:55 +0200
Subject: [PATCH] use_proxy(): Add missing terminating NUL byte
Fixes CVE-2025-9232
There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/http/http_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index fcf8a69e07..022b8c194c 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server)
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
+ host[sl] = '\0';
server = host;
}
--
2.51.0