testing/openssl-3
SHA256
8
0
Fork 0
forked from pool/openssl-3
Code Pull Requests Activity

Compare commits

merge into: testing:main
Branches Tags
testing:main testing:factory pool:slfo-main pool:slfo-1.2 pool:factory
...
pull from: pool:slfo-main
Branches Tags
pool:slfo-main pool:slfo-1.2 pool:factory testing:main testing:factory

2 Commits
main ... slfo-main

Author SHA256 Message Date
Pedro Monreal
82d9d402fb Remove not needed test patches 2026-02-04 16:16:57 +01:00
Adrian Schröter
be5aa8e361 Sync changes to SLFO-1.2 branch 2025-08-20 10:00:00 +02:00
31 changed files with 1535 additions and 299 deletions
Expand all files Collapse all files

BIN
openssl-3.5.0.tar.gz LFS Normal file
View File

Binary file not shown.

16
openssl-3.5.0.tar.gz.asc Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmf1ITQACgkQIWCU39DL
ge+kyhAAjicxaMPBhcQqgnp3RyZhf4hOwVEzkUu3ouEjdIccz8NMxwV4Kf298ivL
DHF/0HZQuHzIjcO/vQLLG66XCeiS0bDDIxEj457iYDr/lbWvGOqKgH+e5u7fo4iG
f3aRZ/ACVuFXQ9LWjtR0M15HGJ/fKCCJQgIFwZ103tz4ptO6PBtUFK3PNGUpVjbV
00oJ0msl2NDwrKpymVNKp9gXva7RfzIggPDl6MC80m54T7aruXhqur4dxkcyD+pa
WmYKd4659jhCHRlXGZzz8XcLUsa3gQzP8W2RIqMZY8hdaaGnPEZY942s7KwRsdq0
Blr54GBTpK8TLAUfBuFkFejS5bSbGsCGgAt9lP8ZkscRiG5tGdBYV/KUcOD7a1Xa
VnsLlePtWlJGAWZt54JhQz5/dQtI51xJmhzbcHB5mTtDY0SZ7EnHNgTo1UY4cZZd
sI3QhEgCOEh9UCMBQrxpaR9+chFaTd4hlYfbJAZgfI6XZyx8uSvngl3K/22anJmR
Js1q8sE0G4hbtaSM5YecdX+RAMAwfujwqDY6BEM032kAO9eGe0PEnCRC8b23bRxF
Vqmuwv7VpUMxCjo0k5GUC4Bj502r3H9ArPTVTI/E9Elhrc2jGfrU6bPdMmaz3qAi
nKMjtRtsg81LwSlxg2ypi2L+liv6md2QkaQswMS6k+JGRaR5sVc=
=pAni
-----END PGP SIGNATURE-----

BIN
openssl-3.5.2.tar.gz LFS
View File

Binary file not shown.

16
openssl-3.5.2.tar.gz.asc
View File

@@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEulRzorBYewf7J88tIWCU39DLge8FAmiR9TgACgkQIWCU39DL
ge+F9Q//RUI2si/uXrElduJnTC5J1Yd+/gGqsUTU6/JXu66e9xRATCdvILFAuOV/
wfChf9IFP1YRO+qwJO47rFgMn90sV8zlmS3hFxWIxIzvTnT3+icHmJvxbbAuG6PS
1/5aY3Sntcnhx0mNfp249E7YemsBl2oIMtGiZQNUoObsUN+u0BFwnG5GiMkNfOiu
xsoOs89ZYWXZ3Qu2UNS0vIGuKKzll8Prh9B8GmO3I4/Fowdpc/++IPZgQAqVV6n6
2vI3fTY2LRRfYRdAzyRM/fxSEPPTSdYWlmCXeuOlbiCCorIB3jLAU9qcU0q4SGCS
bXtRep5Kl7Kqnu2M7YwvAzZU6u45H766p0oc69DePgqyD21/AxnspNeZEAsnGY15
gPjOBOK/0wBzwx8Ko+WvERGAOQ68oLVIwRJA0CUtoxc+4uNAgo0DEAC/iJdu7y+I
qrlGRsgurIkTXopnVkZzVvp/4ctJUg40zKmk4lCgJhCgnupeDtgmc3P0Xsdl14Zl
9D2z0NZi9KVcXtangt7YFz+QUZz3+UI6TU+zHyX9nQWmyBPVtRwdx1gk2VVwH0sx
G3kokS+GkzsZL+Dc605ER4Y0VCSfsh7B5KfNmDaQK7wMmbBM7Sy7MrvhOvnywkBp
oDmgGrE5waeIUVyhaa10jR+ErbYYeNti2kdc8QR1ptcEDch7Rck=
=oBWA
-----END PGP SIGNATURE-----

77
openssl-3.changes
View File

@@ -1,15 +1,51 @@
-------------------------------------------------------------------
Tue Aug 5 16:34:57 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
Tue Jan 27 14:04:21 UTC 2026 - Lucas Mulling <lucas.mulling@suse.com>
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
-------------------------------------------------------------------
Wed Oct 1 00:08:17 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- Security fix: [bsc#1250233 CVE-2025-9231]
* Fix timing side-channel in SM2 algorithm on 64 bit ARM
* Add patch openssl3-CVE-2025-9231.patch
- Security fix: [bsc#1250234 CVE-2025-9232]
* Fix out-of-bounds read in HTTP client no_proxy handling
* Add patch openssl3-CVE-2025-9232.patch
-------------------------------------------------------------------
Sun Aug 17 23:56:37 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.5.2:
* Miscellaneous minor bug fixes.
* The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
- Rebase patches:
* openssl-FIPS-140-3-keychecks.patch
* openssl-FIPS-NO-DES-support.patch
* openssl-FIPS-enforce-EMS-support.patch
* openssl-disable-fipsinstall.patch
- Move ssl configuration files to the libopenssl package [bsc#1247463]
- Don't install unneeded NOTES
@@ -18,27 +54,6 @@ Wed Jul 30 09:17:24 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
- Disable LTO for userspace livepatching [jsc#PED-13245]
-------------------------------------------------------------------
Mon Jul 28 07:45:23 UTC 2025 - Andreas Schwab <schwab@suse.de>
- Use termios instead of obsolete termio
-------------------------------------------------------------------
Mon Jul 7 13:33:21 UTC 2025 - Lucas Mulling <lucas.mulling@suse.com>
- Update to 3.5.1:
* Fix x509 application adds trusted use instead of rejected use.
[bsc#1243564, CVE-2025-4575]
- Remove patches:
* openssl-Fix-P384-on-P8-targets.patch
* openssl-CVE-2025-4575.patch
- Rebase patches:
* openssl-Allow-disabling-of-SHA1-signatures.patch
* openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
* openssl-FIPS-NO-DES-support.patch
- Fix a bogus warning caused by -Wfree-nonheap-object
* Add patch openssl-Fix-Wfree-nonheap-object-warning.patch
-------------------------------------------------------------------
Thu May 29 06:46:14 UTC 2025 - Pedro Monreal <pmonreal@suse.com>

46
openssl-3.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package openssl-3
#
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -38,7 +38,7 @@
%define livepatchable 1
Name: openssl-3
Version: 3.5.2
Version: 3.5.0
Release: 0
Summary: Secure Sockets and Transport Layer Security
License: Apache-2.0
@@ -124,11 +124,43 @@ Patch42: openssl-FIPS-Deny-SHA-1-sigver-in-FIPS-provider.patch
Patch43: openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
# PATCH-FIX-FEDORA FIPS: Fix the speed command in FIPS mode for KMAC
Patch44: openssl-FIPS-Fix-openssl-speed-KMAC.patch
# PATCH-FIX-SUSE Fix a bogus warning caused by -Wfree-nonheap-object
Patch45: openssl-Fix-Wfree-nonheap-object-warning.patch
# PATCH-FIX-UPSTREAM bsc#1243564 CVE-2025-4575 The x509 application adds trusted use instead of rejected use
Patch45: openssl-CVE-2025-4575.patch
# PATCH-FIX-UPSTREAM bsc#1243014 Fix P-384 curve on lower-than-P9 PPC64 targets
Patch46: openssl-Fix-P384-on-P8-targets.patch
# PATCH-FIX-UPSTREAM bsc#1250232 CVE-2025-9230: Fix out-of-bounds read & write in RFC 3211 KEK Unwrap
Patch47: openssl3-CVE-2025-9230.patch
# PATCH-FIX-UPSTREAM bsc#1250233 CVE-2025-9231: Fix timing side-channel in SM2 algorithm on 64 bit ARM
Patch48: openssl3-CVE-2025-9231.patch
# PATCH-FIX-UPSTREAM bsc#1250234 CVE-2025-9232: Fix out-of-bounds read in HTTP client no_proxy handling
Patch49: openssl3-CVE-2025-9232.patch
# PATCH-FIX-UPSTREAM bsc#1256839 CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing
# PATCH-FIX-UPSTREAM bsc#1256840 CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
Patch50: openssl-CVE-2026-22795.patch
# PATCH-FIX-UPSTREAM bsc#1256837 CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function
Patch51: openssl-CVE-2025-69420.patch
# PATCH-FIX-UPSTREAM bsc#1256838 CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
Patch52: openssl-CVE-2025-69421.patch
# PATCH-FIX-UPSTREAM bsc#1256836 CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 function
Patch53: openssl-CVE-2025-69419.patch
# PATCH-FIX-UPSTREAM bsc#1256833 CVE-2025-66199: TLS 1.3 CompressedCertificate excessive memory allocation
Patch54: openssl-CVE-2025-66199.patch
# PATCH-FIX-UPSTREAM bsc#1256834 CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes
Patch55: openssl-CVE-2025-68160.patch
# PATCH-FIX-UPSTREAM bsc#1256835 CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
Patch56: openssl-CVE-2025-69418.patch
# PATCH-FIX-UPSTREAM bsc#1256832 CVE-2025-15469: 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
Patch57: openssl-CVE-2025-15469.patch
# PATCH-FIX-UPSTREAM bsc#1256830 CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing
Patch58: openssl-CVE-2025-15467.patch
Patch59: openssl-CVE-2025-15467-comments.patch
Patch60: openssl-CVE-2025-15467-test.patch
# PATCH-FIX-UPSTREAM bsc#1256829 CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
Patch61: openssl-CVE-2025-11187.patch
# PATCH-FIX-UPSTREAM bsc#1256831 CVE-2025-15468: NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
Patch62: openssl-CVE-2025-15468.patch
# ulp-macros is available according to SUSE version.
%ifarch x86_64
%ifarch x86_64 || ppc64le
%if 0%{?sle_version} >= 150400 || 0%{?suse_version} >= 1540
BuildRequires: ulp-macros
%endif
@@ -252,7 +284,7 @@ export MACHINE=armv6l
-Wa,--noexecstack \
-Wl,-z,relro,-z,now \
-fno-common \
-DTERMIOS \
-DTERMIO \
-DPURIFY \
-D_GNU_SOURCE \
-DOPENSSL_PEDANTIC_ZEROIZATION \

118
openssl-Allow-disabling-of-SHA1-signatures.patch
View File

@@ -1,7 +1,7 @@
Index: openssl-3.5.1/crypto/context.c
Index: openssl-3.5.0/crypto/context.c
===================================================================
--- openssl-3.5.1.orig/crypto/context.c
+++ openssl-3.5.1/crypto/context.c
--- openssl-3.5.0.orig/crypto/context.c
+++ openssl-3.5.0/crypto/context.c
@@ -85,6 +85,8 @@ struct ossl_lib_ctx_st {
#endif
STACK_OF(SSL_COMP) *comp_methods;
@@ -35,7 +35,7 @@ Index: openssl-3.5.1/crypto/context.c
static void context_deinit_objs(OSSL_LIB_CTX *ctx);
static int context_init(OSSL_LIB_CTX *ctx)
@@ -235,6 +254,10 @@ static int context_init(OSSL_LIB_CTX *ct
@@ -235,6 +256,10 @@ static int context_init(OSSL_LIB_CTX *ct
goto err;
#endif
@@ -46,7 +46,7 @@ Index: openssl-3.5.1/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
@@ -382,6 +405,11 @@ static void context_deinit_objs(OSSL_LIB
@@ -382,6 +407,11 @@ static void context_deinit_objs(OSSL_LIB
}
#endif
@@ -58,7 +58,7 @@ Index: openssl-3.5.1/crypto/context.c
/* Low priority. */
#ifndef FIPS_MODULE
if (ctx->child_provider != NULL) {
@@ -660,6 +688,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
@@ -660,6 +690,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX
case OSSL_LIB_CTX_COMP_METHODS:
return (void *)&ctx->comp_methods;
@@ -68,7 +68,7 @@ Index: openssl-3.5.1/crypto/context.c
default:
return NULL;
}
@@ -714,3 +745,44 @@ void OSSL_LIB_CTX_set_conf_diagnostics(O
@@ -714,3 +747,44 @@ void OSSL_LIB_CTX_set_conf_diagnostics(O
return;
libctx->conf_diagnostics = value;
}
@@ -113,10 +113,10 @@ Index: openssl-3.5.1/crypto/context.c
+ ldsigs->allowed = allow;
+ return 1;
+}
Index: openssl-3.5.1/crypto/evp/evp_cnf.c
Index: openssl-3.5.0/crypto/evp/evp_cnf.c
===================================================================
--- openssl-3.5.1.orig/crypto/evp/evp_cnf.c
+++ openssl-3.5.1/crypto/evp/evp_cnf.c
--- openssl-3.5.0.orig/crypto/evp/evp_cnf.c
+++ openssl-3.5.0/crypto/evp/evp_cnf.c
@@ -10,6 +10,7 @@
#include <stdio.h>
#include <openssl/crypto.h>
@@ -144,10 +144,10 @@ Index: openssl-3.5.1/crypto/evp/evp_cnf.c
} else {
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value);
Index: openssl-3.5.1/crypto/evp/m_sigver.c
Index: openssl-3.5.0/crypto/evp/m_sigver.c
===================================================================
--- openssl-3.5.1.orig/crypto/evp/m_sigver.c
+++ openssl-3.5.1/crypto/evp/m_sigver.c
--- openssl-3.5.0.orig/crypto/evp/m_sigver.c
+++ openssl-3.5.0/crypto/evp/m_sigver.c
@@ -15,6 +15,7 @@
#include "internal/provider.h"
#include "internal/numbers.h" /* includes SIZE_MAX */
@@ -156,7 +156,7 @@ Index: openssl-3.5.1/crypto/evp/m_sigver.c
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
{
@@ -320,6 +321,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
@@ -251,6 +252,18 @@ static int do_sigver_init(EVP_MD_CTX *ct
}
}
@@ -173,12 +173,12 @@ Index: openssl-3.5.1/crypto/evp/m_sigver.c
+ }
+
if (ver) {
if (ctx->pctx->pmeth->verifyctx_init) {
if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
Index: openssl-3.5.1/crypto/evp/pmeth_lib.c
if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
Index: openssl-3.5.0/crypto/evp/pmeth_lib.c
===================================================================
--- openssl-3.5.1.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.5.1/crypto/evp/pmeth_lib.c
--- openssl-3.5.0.orig/crypto/evp/pmeth_lib.c
+++ openssl-3.5.0/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@
#include "internal/ffc.h"
#include "internal/numbers.h"
@@ -187,7 +187,7 @@ Index: openssl-3.5.1/crypto/evp/pmeth_lib.c
#include "evp_local.h"
#ifndef FIPS_MODULE
@@ -963,6 +964,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
@@ -954,6 +955,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_
return -2;
}
@@ -208,10 +208,10 @@ Index: openssl-3.5.1/crypto/evp/pmeth_lib.c
if (fallback)
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
Index: openssl-3.5.1/doc/man5/config.pod
Index: openssl-3.5.0/doc/man5/config.pod
===================================================================
--- openssl-3.5.1.orig/doc/man5/config.pod
+++ openssl-3.5.1/doc/man5/config.pod
--- openssl-3.5.0.orig/doc/man5/config.pod
+++ openssl-3.5.0/doc/man5/config.pod
@@ -315,6 +315,21 @@ Within the algorithm properties section,
The value may be anything that is acceptable as a property query
string for EVP_set_default_properties().
@@ -234,10 +234,10 @@ Index: openssl-3.5.1/doc/man5/config.pod
=item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is
Index: openssl-3.5.1/include/crypto/context.h
Index: openssl-3.5.0/include/crypto/context.h
===================================================================
--- openssl-3.5.1.orig/include/crypto/context.h
+++ openssl-3.5.1/include/crypto/context.h
--- openssl-3.5.0.orig/include/crypto/context.h
+++ openssl-3.5.0/include/crypto/context.h
@@ -48,3 +48,11 @@ void ossl_release_default_drbg_ctx(void)
#if defined(OPENSSL_THREADS)
void ossl_threads_ctx_free(void *);
@@ -250,10 +250,10 @@ Index: openssl-3.5.1/include/crypto/context.h
+} OSSL_LEGACY_DIGEST_SIGNATURES;
+#endif
+
Index: openssl-3.5.1/include/internal/cryptlib.h
Index: openssl-3.5.0/include/internal/cryptlib.h
===================================================================
--- openssl-3.5.1.orig/include/internal/cryptlib.h
+++ openssl-3.5.1/include/internal/cryptlib.h
--- openssl-3.5.0.orig/include/internal/cryptlib.h
+++ openssl-3.5.0/include/internal/cryptlib.h
@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st {
# define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
# define OSSL_LIB_CTX_COMP_METHODS 21
@@ -264,10 +264,10 @@ Index: openssl-3.5.1/include/internal/cryptlib.h
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
Index: openssl-3.5.1/include/internal/sslconf.h
Index: openssl-3.5.0/include/internal/sslconf.h
===================================================================
--- openssl-3.5.1.orig/include/internal/sslconf.h
+++ openssl-3.5.1/include/internal/sslconf.h
--- openssl-3.5.0.orig/include/internal/sslconf.h
+++ openssl-3.5.0/include/internal/sslconf.h
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name,
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
char **arg);
@@ -277,20 +277,20 @@ Index: openssl-3.5.1/include/internal/sslconf.h
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
+ int loadconfig);
#endif
Index: openssl-3.5.1/providers/common/include/prov/securitycheck.h
Index: openssl-3.5.0/providers/common/include/prov/securitycheck.h
===================================================================
--- openssl-3.5.1.orig/providers/common/include/prov/securitycheck.h
+++ openssl-3.5.1/providers/common/include/prov/securitycheck.h
--- openssl-3.5.0.orig/providers/common/include/prov/securitycheck.h
+++ openssl-3.5.0/providers/common/include/prov/securitycheck.h
@@ -37,3 +37,5 @@ int ossl_digest_get_approved_nid(const E
/* Functions that have different implementations for the FIPS_MODULE */
int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md);
int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx);
+
+int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid);
Index: openssl-3.5.1/providers/common/securitycheck.c
Index: openssl-3.5.0/providers/common/securitycheck.c
===================================================================
--- openssl-3.5.1.orig/providers/common/securitycheck.c
+++ openssl-3.5.1/providers/common/securitycheck.c
--- openssl-3.5.0.orig/providers/common/securitycheck.c
+++ openssl-3.5.0/providers/common/securitycheck.c
@@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/obj_mac.h>
@@ -316,10 +316,10 @@ Index: openssl-3.5.1/providers/common/securitycheck.c
+
+ return mdnid;
+}
Index: openssl-3.5.1/providers/common/securitycheck_default.c
Index: openssl-3.5.0/providers/common/securitycheck_default.c
===================================================================
--- openssl-3.5.1.orig/providers/common/securitycheck_default.c
+++ openssl-3.5.1/providers/common/securitycheck_default.c
--- openssl-3.5.0.orig/providers/common/securitycheck_default.c
+++ openssl-3.5.0/providers/common/securitycheck_default.c
@@ -15,6 +15,7 @@
#include <openssl/obj_mac.h>
#include "prov/securitycheck.h"
@@ -328,10 +328,10 @@ Index: openssl-3.5.1/providers/common/securitycheck_default.c
/* Disable the security checks in the default provider */
int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx)
Index: openssl-3.5.1/providers/implementations/signature/dsa_sig.c
Index: openssl-3.5.0/providers/implementations/signature/dsa_sig.c
===================================================================
--- openssl-3.5.1.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/dsa_sig.c
--- openssl-3.5.0.orig/providers/implementations/signature/dsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/dsa_sig.c
@@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ct
md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@@ -340,10 +340,10 @@ Index: openssl-3.5.1/providers/implementations/signature/dsa_sig.c
if (md == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
Index: openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.5.1.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.0.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/ecdsa_sig.c
@@ -197,13 +197,16 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX
goto err;
}
@@ -362,10 +362,10 @@ Index: openssl-3.5.1/providers/implementations/signature/ecdsa_sig.c
/* XOF digests don't work */
if (EVP_MD_xof(md)) {
ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
Index: openssl-3.5.1/providers/implementations/signature/rsa_sig.c
Index: openssl-3.5.0/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.5.1.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.1/providers/implementations/signature/rsa_sig.c
--- openssl-3.5.0.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.0/providers/implementations/signature/rsa_sig.c
@@ -26,6 +26,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
@@ -419,10 +419,10 @@ Index: openssl-3.5.1/providers/implementations/signature/rsa_sig.c
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
Index: openssl-3.5.1/ssl/t1_lib.c
Index: openssl-3.5.0/ssl/t1_lib.c
===================================================================
--- openssl-3.5.1.orig/ssl/t1_lib.c
+++ openssl-3.5.1/ssl/t1_lib.c
--- openssl-3.5.0.orig/ssl/t1_lib.c
+++ openssl-3.5.0/ssl/t1_lib.c
@@ -21,6 +21,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -431,7 +431,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
#include "internal/nelem.h"
#include "internal/sizes.h"
#include "internal/tlsgroups.h"
@@ -2178,6 +2179,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2176,6 +2177,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
EVP_PKEY *tmpkey = EVP_PKEY_new();
int istls;
int ret = 0;
@@ -439,7 +439,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
if (ctx == NULL)
goto err;
@@ -2195,6 +2197,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2193,6 +2195,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
goto err;
ERR_set_mark();
@@ -447,7 +447,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
/* First fill cache and tls12_sigalgs list from legacy algorithm list */
for (i = 0, lu = sigalg_lookup_tbl;
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
@@ -2215,6 +2218,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
@@ -2213,6 +2216,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
cache[i].available = 0;
continue;
}
@@ -459,10 +459,10 @@ Index: openssl-3.5.1/ssl/t1_lib.c
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
cache[i].available = 0;
Index: openssl-3.5.1/util/libcrypto.num
Index: openssl-3.5.0/util/libcrypto.num
===================================================================
--- openssl-3.5.1.orig/util/libcrypto.num
+++ openssl-3.5.1/util/libcrypto.num
--- openssl-3.5.0.orig/util/libcrypto.num
+++ openssl-3.5.0/util/libcrypto.num
@@ -5925,3 +5925,5 @@ OSSL_AA_DIST_POINT_free
OSSL_AA_DIST_POINT_new 6052 3_5_0 EXIST::FUNCTION:
OSSL_AA_DIST_POINT_it 6053 3_5_0 EXIST::FUNCTION:

54
openssl-CVE-2025-11187.patch Normal file
View File

@@ -0,0 +1,54 @@
From a26d82c5b141c706bc97455cde511e710c2510a9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 8 Jan 2026 14:31:19 +0100
Subject: [PATCH] pkcs12: Validate salt and keylength in PBMAC1
The keylength value must be present and we accept
EVP_MAX_MD_SIZE at maximum.
The salt ASN.1 type must be OCTET STRING.
Fixes CVE-2025-11187
Reported by Stanislav Fort (Aisle Research) and Petr Simecek (Aisle Research).
Reported independently also by Hamza (Metadust).
---
crypto/pkcs12/p12_mutl.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/pkcs12/p12_mutl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_mutl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_mutl.c
@@ -122,8 +122,6 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
goto err;
}
- keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
- pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
if (pbkdf2_param->prf == NULL) {
kdf_hmac_nid = NID_hmacWithSHA1;
@@ -138,6 +136,22 @@ static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_C
goto err;
}
+ /* Validate salt is an OCTET STRING choice */
+ if (pbkdf2_param->salt == NULL
+ || pbkdf2_param->salt->type != V_ASN1_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
+
+ /* RFC 9579 specifies missing key length as invalid */
+ if (pbkdf2_param->keylength != NULL)
+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
+ if (keylen <= 0 || keylen > EVP_MAX_MD_SIZE) {
+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
+ goto err;
+ }
+
if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);

54
openssl-CVE-2025-15467-comments.patch Normal file
View File

@@ -0,0 +1,54 @@
From 6fb47957bfb0aef2deaa7df7aebd4eb52ffe20ce Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:15:42 +0100
Subject: [PATCH] Some comments to clarify functions usage
---
crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
Index: openssl-3.5.0/crypto/asn1/evp_asn1.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/evp_asn1.c
+++ openssl-3.5.0/crypto/asn1/evp_asn1.c
@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_o
oct->flags = 0;
}
+/*
+ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum,
long *num, unsigned char *data, int max_len)
{
@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_T
return 0;
}
+/*
+ * This function decodes an int-octet sequence and copies the integer to 'num'
+ * and the data of octet to 'data'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{
@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(A
return 0;
}
+/*
+ * This function decodes an octet-int sequence and copies the data of octet
+ * to 'data' and the integer to 'num'.
+ * If the length of 'data' > 'max_len', copies only the first 'max_len'
+ * bytes, but returns the full length of 'oct'; this allows distinguishing
+ * whether all the data was copied.
+ */
int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num,
unsigned char *data, int max_len)
{

122
openssl-CVE-2025-15467-test.patch Normal file
View File

@@ -0,0 +1,122 @@
From 1e8f5c7cd2c46b25a2877e8f3f4bbf954fbcdf77 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Sun, 11 Jan 2026 11:35:15 +0100
Subject: [PATCH] Test for handling of AEAD-encrypted CMS with inadmissibly
long IV
---
test/cmsapitest.c | 39 ++++++++++++++++++-
test/recipes/80-test_cmsapi.t | 3 +-
.../encDataWithTooLongIV.pem | 11 ++++++
3 files changed, 50 insertions(+), 3 deletions(-)
create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
Index: openssl-3.5.0/test/cmsapitest.c
===================================================================
--- openssl-3.5.0.orig/test/cmsapitest.c
+++ openssl-3.5.0/test/cmsapitest.c
@@ -9,10 +9,10 @@
#include <string.h>
+#include <openssl/pem.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
#include <openssl/x509.h>
-#include <openssl/pem.h>
#include "../crypto/cms/cms_local.h" /* for d.signedData and d.envelopedData */
#include "testutil.h"
@@ -20,6 +20,7 @@
static X509 *cert = NULL;
static EVP_PKEY *privkey = NULL;
static char *derin = NULL;
+static char *too_long_iv_cms_in = NULL;
static int test_encrypt_decrypt(const EVP_CIPHER *cipher)
{
@@ -385,6 +386,38 @@ end:
return ret;
}
+static int test_cms_aesgcm_iv_too_long(void)
+{
+ int ret = 0;
+ BIO *cmsbio = NULL, *out = NULL;
+ CMS_ContentInfo *cms = NULL;
+ unsigned long err = 0;
+
+ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r")))
+ goto end;
+
+ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL)))
+ goto end;
+
+ /* Must fail cleanly (no crash) */
+ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0)))
+ goto end;
+ err = ERR_peek_last_error();
+ if (!TEST_ulong_ne(err, 0))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS))
+ goto end;
+ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR))
+ goto end;
+
+ ret = 1;
+end:
+ CMS_ContentInfo_free(cms);
+ BIO_free(cmsbio);
+ BIO_free(out);
+ return ret;
+}
+
OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n")
int setup_tests(void)
@@ -399,7 +432,8 @@ int setup_tests(void)
if (!TEST_ptr(certin = test_get_argument(0))
|| !TEST_ptr(privkeyin = test_get_argument(1))
- || !TEST_ptr(derin = test_get_argument(2)))
+ || !TEST_ptr(derin = test_get_argument(2))
+ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3)))
return 0;
certbio = BIO_new_file(certin, "r");
@@ -432,6 +466,7 @@ int setup_tests(void)
ADD_TEST(test_CMS_add1_cert);
ADD_TEST(test_d2i_CMS_bio_NULL);
ADD_ALL_TESTS(test_d2i_CMS_decode, 2);
+ ADD_TEST(test_cms_aesgcm_iv_too_long);
return 1;
}
Index: openssl-3.5.0/test/recipes/80-test_cmsapi.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/80-test_cmsapi.t
+++ openssl-3.5.0/test/recipes/80-test_cmsapi.t
@@ -18,5 +18,6 @@ plan tests => 1;
ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"),
srctop_file("test", "certs", "serverkey.pem"),
- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"),
+ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])),
"running cmsapitest");
Index: openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
===================================================================
--- /dev/null
+++ openssl-3.5.0/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem
@@ -0,0 +1,11 @@
+-----BEGIN CMS-----
+MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G
+A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V
+b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV
+NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd
+sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2
+CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu
+GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P
+AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl
+paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO
+-----END CMS-----

30
openssl-CVE-2025-15467.patch Normal file
View File

@@ -0,0 +1,30 @@
From 190ba58c0a1d995d4da8b017054d4b74d138291c Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Mon, 12 Jan 2026 12:13:35 +0100
Subject: [PATCH] Correct handling of AEAD-encrypted CMS with inadmissibly long
IV
Fixes CVE-2025-15467
---
crypto/evp/evp_lib.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c
index 9eae1d421c..58fa7ce43b 100644
--- a/crypto/evp/evp_lib.c
+++ b/crypto/evp/evp_lib.c
@@ -228,10 +228,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
if (type == NULL || asn1_params == NULL)
return 0;
- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH);
- if (i <= 0)
+ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH);
+ if (i <= 0 || i > EVP_MAX_IV_LENGTH)
return -1;
- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i);
memcpy(asn1_params->iv, iv, i);
asn1_params->iv_len = i;
--
2.51.0

27
openssl-CVE-2025-15468.patch Normal file
View File

@@ -0,0 +1,27 @@
From 7da6afe3dac7d65b30f87f2c5d305b6e699bc5dc Mon Sep 17 00:00:00 2001
From: Daniel Kubec <kubec@openssl.org>
Date: Fri, 9 Jan 2026 14:33:24 +0100
Subject: [PATCH] ossl_quic_get_cipher_by_char(): Add a NULL guard before
dereferencing SSL_CIPHER
Fixes CVE-2025-15468
---
ssl/quic/quic_impl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 87c1370a8d..89c108a973 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -5222,6 +5222,8 @@ const SSL_CIPHER *ossl_quic_get_cipher_by_char(const unsigned char *p)
{
const SSL_CIPHER *ciph = ssl3_get_cipher_by_char(p);
+ if (ciph == NULL)
+ return NULL;
if ((ciph->algorithm2 & SSL_QUIC) == 0)
return NULL;
--
2.51.0

267
openssl-CVE-2025-15469.patch Normal file
View File

@@ -0,0 +1,267 @@
From ef48810aafdc3b8c6c4a85e52314caeec0cb596c Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Wed, 7 Jan 2026 01:21:58 +1100
Subject: [PATCH] Report truncation in oneshot `openssl dgst -sign`
Previously input was silently truncated at 16MB, now if the input is
longer than limit, an error is reported.
The bio_to_mem() apps helper function was changed to return 0 or 1,
and return the size of the result via an output size_t pointer.
Fixes CVE-2025-15469
---
apps/dgst.c | 7 +++---
apps/include/apps.h | 2 +-
apps/lib/apps.c | 55 +++++++++++++++++++++++----------------------
apps/pkeyutl.c | 36 ++++++++++++++---------------
4 files changed, 50 insertions(+), 50 deletions(-)
Index: openssl-3.5.0/apps/dgst.c
===================================================================
--- openssl-3.5.0.orig/apps/dgst.c
+++ openssl-3.5.0/apps/dgst.c
@@ -704,12 +704,11 @@ static int do_fp_oneshot_sign(BIO *out,
{
int res, ret = EXIT_FAILURE;
size_t len = 0;
- int buflen = 0;
- int maxlen = 16 * 1024 * 1024;
+ size_t buflen = 0;
+ size_t maxlen = 16 * 1024 * 1024;
uint8_t *buf = NULL, *sig = NULL;
- buflen = bio_to_mem(&buf, maxlen, in);
- if (buflen <= 0) {
+ if (!bio_to_mem(&buf, &buflen, maxlen, in)) {
BIO_printf(bio_err, "Read error in %s\n", file);
return ret;
}
Index: openssl-3.5.0/apps/include/apps.h
===================================================================
--- openssl-3.5.0.orig/apps/include/apps.h
+++ openssl-3.5.0/apps/include/apps.h
@@ -254,7 +254,7 @@ int parse_yesno(const char *str, int def
X509_NAME *parse_name(const char *str, int chtype, int multirdn,
const char *desc);
void policies_print(X509_STORE_CTX *ctx);
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in);
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
int x509_ctrl_string(X509 *x, const char *value);
int x509_req_ctrl_string(X509_REQ *x, const char *value);
Index: openssl-3.5.0/apps/lib/apps.c
===================================================================
--- openssl-3.5.0.orig/apps/lib/apps.c
+++ openssl-3.5.0/apps/lib/apps.c
@@ -49,6 +49,7 @@
#include "apps.h"
#include "internal/sockets.h" /* for openssl_fdset() */
+#include "internal/numbers.h" /* for LONG_MAX */
#include "internal/e_os.h"
#ifdef _WIN32
@@ -2059,45 +2060,45 @@ X509_NAME *parse_name(const char *cp, in
}
/*
- * Read whole contents of a BIO into an allocated memory buffer and return
- * it.
+ * Read whole contents of a BIO into an allocated memory buffer.
+ * The return value is one on success, zero on error.
+ * If `maxlen` is non-zero, at most `maxlen` bytes are returned, or else, if
+ * the input is longer than `maxlen`, an error is returned.
+ * If `maxlen` is zero, the limit is effectively `SIZE_MAX`.
*/
-
-int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+int bio_to_mem(unsigned char **out, size_t *outlen, size_t maxlen, BIO *in)
{
+ unsigned char tbuf[4096];
BIO *mem;
- int len, ret;
- unsigned char tbuf[1024];
+ BUF_MEM *bufm;
+ size_t sz = 0;
+ int len;
mem = BIO_new(BIO_s_mem());
if (mem == NULL)
- return -1;
+ return 0;
for (;;) {
- if ((maxlen != -1) && maxlen < 1024)
- len = maxlen;
- else
- len = 1024;
- len = BIO_read(in, tbuf, len);
- if (len < 0) {
- BIO_free(mem);
- return -1;
- }
- if (len == 0)
+ if ((len = BIO_read(in, tbuf, 4096)) == 0)
break;
- if (BIO_write(mem, tbuf, len) != len) {
+ if (len < 0
+ || BIO_write(mem, tbuf, len) != len
+ || sz > SIZE_MAX - len
+ || ((sz += len) > maxlen && maxlen != 0)) {
BIO_free(mem);
- return -1;
+ return 0;
}
- if (maxlen != -1)
- maxlen -= len;
-
- if (maxlen == 0)
- break;
}
- ret = BIO_get_mem_data(mem, (char **)out);
- BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+
+ /* So BIO_free orphans BUF_MEM */
+ (void)BIO_set_close(mem, BIO_NOCLOSE);
+ BIO_get_mem_ptr(mem, &bufm);
BIO_free(mem);
- return ret;
+ *out = (unsigned char *)bufm->data;
+ *outlen = bufm->length;
+ /* Tell BUF_MEM to orphan data */
+ bufm->data = NULL;
+ BUF_MEM_free(bufm);
+ return 1;
}
int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
Index: openssl-3.5.0/apps/pkeyutl.c
===================================================================
--- openssl-3.5.0.orig/apps/pkeyutl.c
+++ openssl-3.5.0/apps/pkeyutl.c
@@ -40,7 +40,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen);
static int only_nomd(EVP_PKEY *pkey)
@@ -133,7 +133,7 @@ int pkeyutl_main(int argc, char **argv)
char hexdump = 0, asn1parse = 0, rev = 0, *prog;
unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
OPTION_CHOICE o;
- int buf_inlen = 0, siglen = -1;
+ size_t buf_inlen = 0, siglen = 0;
int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
int engine_impl = 0;
@@ -485,31 +485,31 @@ int pkeyutl_main(int argc, char **argv)
if (sigfile != NULL) {
BIO *sigbio = BIO_new_file(sigfile, "rb");
+ size_t maxsiglen = 16 * 1024 * 1024;
if (sigbio == NULL) {
BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
goto end;
}
- siglen = bio_to_mem(&sig, keysize * 10, sigbio);
- BIO_free(sigbio);
- if (siglen < 0) {
+ if (!bio_to_mem(&sig, &siglen, maxsiglen, sigbio)) {
+ BIO_free(sigbio);
BIO_printf(bio_err, "Error reading signature data\n");
goto end;
}
+ BIO_free(sigbio);
}
/* Raw input data is handled elsewhere */
if (in != NULL && !rawin) {
/* Read the input data */
- buf_inlen = bio_to_mem(&buf_in, -1, in);
- if (buf_inlen < 0) {
+ if (!bio_to_mem(&buf_in, &buf_inlen, 0, in)) {
BIO_printf(bio_err, "Error reading input Data\n");
goto end;
}
if (rev) {
size_t i;
unsigned char ctmp;
- size_t l = (size_t)buf_inlen;
+ size_t l = buf_inlen;
for (i = 0; i < l / 2; i++) {
ctmp = buf_in[i];
@@ -524,7 +524,8 @@ int pkeyutl_main(int argc, char **argv)
&& (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY)) {
if (buf_inlen > EVP_MAX_MD_SIZE) {
BIO_printf(bio_err,
- "Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
+ "Error: The non-raw input data length %zd is too long - "
+ "max supported hashed size is %d\n",
buf_inlen, EVP_MAX_MD_SIZE);
goto end;
}
@@ -535,8 +536,8 @@ int pkeyutl_main(int argc, char **argv)
rv = do_raw_keyop(pkey_op, mctx, pkey, in, filesize, sig, siglen,
NULL, 0);
} else {
- rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
- buf_in, (size_t)buf_inlen);
+ rv = EVP_PKEY_verify(ctx, sig, siglen,
+ buf_in, buf_inlen);
}
if (rv == 1) {
BIO_puts(out, "Signature Verified Successfully\n");
@@ -555,8 +556,8 @@ int pkeyutl_main(int argc, char **argv)
buf_outlen = kdflen;
rv = 1;
} else {
- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
+ rv = do_keyop(ctx, pkey_op, NULL, &buf_outlen,
+ buf_in, buf_inlen, NULL, &secretlen);
}
if (rv > 0
&& (secretlen > 0 || (pkey_op != EVP_PKEY_OP_ENCAPSULATE
@@ -567,8 +568,8 @@ int pkeyutl_main(int argc, char **argv)
if (secretlen > 0)
secret = app_malloc(secretlen, "secret output");
rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
- buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
+ buf_out, &buf_outlen,
+ buf_in, buf_inlen, secret, &secretlen);
}
}
if (rv <= 0) {
@@ -837,7 +838,7 @@ static int do_keyop(EVP_PKEY_CTX *ctx, i
static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
EVP_PKEY *pkey, BIO *in,
- int filesize, unsigned char *sig, int siglen,
+ int filesize, unsigned char *sig, size_t siglen,
unsigned char **out, size_t *poutlen)
{
int rv = 0;
@@ -860,7 +861,7 @@ static int do_raw_keyop(int pkey_op, EVP
BIO_printf(bio_err, "Error reading raw input data\n");
goto end;
}
- rv = EVP_DigestVerify(mctx, sig, (size_t)siglen, mbuf, buf_len);
+ rv = EVP_DigestVerify(mctx, sig, siglen, mbuf, buf_len);
break;
case EVP_PKEY_OP_SIGN:
buf_len = BIO_read(in, mbuf, filesize);
@@ -894,7 +895,7 @@ static int do_raw_keyop(int pkey_op, EVP
goto end;
}
}
- rv = EVP_DigestVerifyFinal(mctx, sig, (size_t)siglen);
+ rv = EVP_DigestVerifyFinal(mctx, sig, siglen);
break;
case EVP_PKEY_OP_SIGN:
for (;;) {

61
openssl-CVE-2025-4575.patch Normal file
View File

@@ -0,0 +1,61 @@
From 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 20 May 2025 16:34:10 +0200
Subject: [PATCH] apps/x509.c: Fix the -addreject option adding trust instead
of rejection
Fixes CVE-2025-4575
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27672)
Signed-off-by: Lucas Mulling <lucas.mulling@suse.com>
---
apps/x509.c | 2 +-
test/recipes/25-test_x509.t | 12 +++++++++++-
2 files changed, 12 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/apps/x509.c
===================================================================
--- openssl-3.5.0.orig/apps/x509.c
+++ openssl-3.5.0/apps/x509.c
@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
prog, opt_arg());
goto opthelp;
}
- if (!sk_ASN1_OBJECT_push(trust, objtmp))
+ if (!sk_ASN1_OBJECT_push(reject, objtmp))
goto end;
trustout = 1;
break;
Index: openssl-3.5.0/test/recipes/25-test_x509.t
===================================================================
--- openssl-3.5.0.orig/test/recipes/25-test_x509.t
+++ openssl-3.5.0/test/recipes/25-test_x509.t
@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_fil
setup("test_x509");
-plan tests => 134;
+plan tests => 138;
# Prevent MSys2 filename munging for arguments that look like file paths but
# aren't
@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "
&& run(app(["openssl", "verify", "-no_check_time",
"-trusted", $ca, "-partial_chain", $caout])));
+# test trust decoration
+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
+ "-out", "ca-trusted.pem"])));
+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
+ 1, 'trusted use - E-mail Protection');
+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
+ "-out", "ca-rejected.pem"])));
+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
+ 1, 'rejected use - E-mail Protection');
+
subtest 'x509 -- x.509 v1 certificate' => sub {
tconversion( -type => 'x509', -prefix => 'x509v1',
-in => srctop_file("test", "testx509.pem") );

33
openssl-CVE-2025-66199.patch Normal file
View File

@@ -0,0 +1,33 @@
From 04a93ac145041e3ef0121a2688cf7c1b23780519 Mon Sep 17 00:00:00 2001
From: Igor Ustinov <igus68@gmail.com>
Date: Thu, 8 Jan 2026 14:02:54 +0100
Subject: [PATCH] Check the received uncompressed certificate length to prevent
excessive pre-decompression allocation.
The patch was proposed by Tomas Dulka and Stanislav Fort (Aisle Research).
Fixes: CVE-2025-66199
---
ssl/statem/statem_lib.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 9e0c853c0d..f82d8dcdac 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -2877,6 +2877,12 @@ MSG_PROCESS_RETURN tls13_process_compressed_certificate(SSL_CONNECTION *sc,
goto err;
}
+ /* Prevent excessive pre-decompression allocation */
+ if (expected_length > sc->max_cert_list) {
+ SSLfatal(sc, SSL_AD_ILLEGAL_PARAMETER, SSL_R_EXCESSIVE_MESSAGE_SIZE);
+ goto err;
+ }
+
if (PACKET_remaining(pkt) != comp_length || comp_length == 0) {
SSLfatal(sc, SSL_AD_DECODE_ERROR, SSL_R_BAD_DECOMPRESSION);
goto err;
--
2.51.0

64
openssl-CVE-2025-68160.patch Normal file
View File

@@ -0,0 +1,64 @@
From 701aa270db8ad424cece68702b9bb2e05290af9b Mon Sep 17 00:00:00 2001
From: Neil Horman <nhorman@openssl.org>
Date: Wed, 7 Jan 2026 11:52:09 -0500
Subject: [PATCH] Fix heap buffer overflow in BIO_f_linebuffer
When a FIO_f_linebuffer is part of a bio chain, and the next BIO
preforms short writes, the remainder of the unwritten buffer is copied
unconditionally to the internal buffer ctx->obuf, which may not be
sufficiently sized to handle the remaining data, resulting in a buffer
overflow.
Fix it by only copying data when ctx->obuf has space, flushing to the
next BIO to increase available storage if needed.
Fixes CVE-2025-68160
---
crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
Index: openssl-3.5.0/crypto/bio/bf_lbuf.c
===================================================================
--- openssl-3.5.0.orig/crypto/bio/bf_lbuf.c
+++ openssl-3.5.0/crypto/bio/bf_lbuf.c
@@ -186,14 +186,34 @@ static int linebuffer_write(BIO *b, cons
while (foundnl && inl > 0);
/*
* We've written as much as we can. The rest of the input buffer, if
- * any, is text that doesn't and with a NL and therefore needs to be
- * saved for the next trip.
+ * any, is text that doesn't end with a NL and therefore we need to try
+ * free up some space in our obuf so we can make forward progress.
*/
- if (inl > 0) {
- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
- ctx->obuf_len += inl;
- num += inl;
+ while (inl > 0) {
+ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len;
+ size_t to_copy;
+
+ if (avail == 0) {
+ /* Flush buffered data to make room */
+ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+ if (i <= 0) {
+ BIO_copy_next_retry(b);
+ return num > 0 ? num : i;
+ }
+ if (i < ctx->obuf_len)
+ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+ ctx->obuf_len -= i;
+ continue;
+ }
+
+ to_copy = inl > (int)avail ? avail : (size_t)inl;
+ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy);
+ ctx->obuf_len += (int)to_copy;
+ in += to_copy;
+ inl -= (int)to_copy;
+ num += (int)to_copy;
}
+
return num;
}

67
openssl-CVE-2025-69418.patch Normal file
View File

@@ -0,0 +1,67 @@
From 1a556ff619473af9e179b202284a961590d5a2bd Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 8 Jan 2026 15:04:54 +0100
Subject: [PATCH] Fix OCB AES-NI/HW stream path unauthenticated/unencrypted
trailing bytes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
When ctx->stream (e.g., AESNI or ARMv8 CE) is available, the fast path
encrypts/decrypts full blocks but does not advance in/out pointers. The
tail-handling code then operates on the base pointers, effectively reprocessing
the beginning of the buffer while leaving the actual trailing bytes
unencrypted (encryption) or using the wrong plaintext (decryption). The
authentication checksum excludes the true tail.
CVE-2025-69418
Fixes: https://github.com/openssl/srt/issues/58
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
---
crypto/modes/ocb128.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/modes/ocb128.c
===================================================================
--- openssl-3.5.0.orig/crypto/modes/ocb128.c
+++ openssl-3.5.0/crypto/modes/ocb128.c
@@ -338,7 +338,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -352,6 +352,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keyenc,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
/* Loop through all full blocks to be encrypted */
for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
@@ -430,7 +433,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
if (num_blocks && all_num_blocks == (size_t)all_num_blocks
&& ctx->stream != NULL) {
- size_t max_idx = 0, top = (size_t)all_num_blocks;
+ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0;
/*
* See how many L_{i} entries we need to process data at hand
@@ -444,6 +447,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT
ctx->stream(in, out, num_blocks, ctx->keydec,
(size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
(const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+ processed_bytes = num_blocks * 16;
+ in += processed_bytes;
+ out += processed_bytes;
} else {
OCB_BLOCK tmp;

48
openssl-CVE-2025-69419.patch Normal file
View File

@@ -0,0 +1,48 @@
From 41be0f216404f14457bbf3b9cc488dba60b49296 Mon Sep 17 00:00:00 2001
From: Norbert Pocs <norbertp@openssl.org>
Date: Thu, 11 Dec 2025 12:49:00 +0100
Subject: [PATCH] Check return code of UTF8_putc
Signed-off-by: Norbert Pocs <norbertp@openssl.org>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29376)
---
crypto/asn1/a_strex.c | 6 ++++--
crypto/pkcs12/p12_utl.c | 5 +++++
2 files changed, 9 insertions(+), 2 deletions(-)
Index: openssl-3.5.0/crypto/asn1/a_strex.c
===================================================================
--- openssl-3.5.0.orig/crypto/asn1/a_strex.c
+++ openssl-3.5.0/crypto/asn1/a_strex.c
@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, in
orflags = CHARTYPE_LAST_ESC_2253;
if (type & BUF_TYPE_CONVUTF8) {
unsigned char utfbuf[6];
- int utflen;
- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+
+ if (utflen < 0)
+ return -1; /* error happened with UTF8 */
for (i = 0; i < utflen; i++) {
/*
* We don't need to worry about setting orflags correctly
Index: openssl-3.5.0/crypto/pkcs12/p12_utl.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_utl.c
+++ openssl-3.5.0/crypto/pkcs12/p12_utl.c
@@ -206,6 +206,11 @@ char *OPENSSL_uni2utf8(const unsigned ch
/* re-run the loop emitting UTF-8 string */
for (asclen = 0, i = 0; i < unilen; ) {
j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+ /* when UTF8_putc fails */
+ if (j < 0) {
+ OPENSSL_free(asctmp);
+ return NULL;
+ }
if (j == 4) i += 4;
else i += 2;
asclen += j;

40
openssl-CVE-2025-69420.patch Normal file
View File

@@ -0,0 +1,40 @@
From 6453d278557c8719233793730ec500c84aea55d9 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Verify ASN1 object's types before attempting to access them
as a particular type
Issue was reported in ossl_ess_get_signing_cert but is also present in
ossl_ess_get_signing_cert_v2.
Fixes: https://github.com/openssl/srt/issues/61
Fixes CVE-2025-69420
---
crypto/ts/ts_rsp_verify.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
index 3876e30f47..40dab687d1 100644
--- a/crypto/ts/ts_rsp_verify.c
+++ b/crypto/ts/ts_rsp_verify.c
@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si)
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
@@ -221,7 +221,7 @@ static ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO
const unsigned char *p;
attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
- if (attr == NULL)
+ if (attr == NULL || attr->type != V_ASN1_SEQUENCE)
return NULL;
p = attr->value.sequence->data;
return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
--
2.51.0

28
openssl-CVE-2025-69421.patch Normal file
View File

@@ -0,0 +1,28 @@
From 0a2ecb95993b588d2156dd6527459cc3983aabd5 Mon Sep 17 00:00:00 2001
From: Andrew Dinh <andrewd@openssl.org>
Date: Thu, 8 Jan 2026 01:24:30 +0900
Subject: [PATCH] Add NULL check to PKCS12_item_decrypt_d2i_ex
Address CVE-2025-69421
Add NULL check for oct parameter
---
crypto/pkcs12/p12_decr.c | 5 +++++
1 file changed, 5 insertions(+)
Index: openssl-3.5.0/crypto/pkcs12/p12_decr.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_decr.c
+++ openssl-3.5.0/crypto/pkcs12/p12_decr.c
@@ -143,6 +143,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X
void *ret;
int outlen = 0;
+ if (oct == NULL) {
+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER);
+ return NULL;
+ }
+
if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0, libctx, propq))
return NULL;

71
openssl-CVE-2026-22795.patch Normal file
View File

@@ -0,0 +1,71 @@
From 572844beca95068394c916626a6d3a490f831a49 Mon Sep 17 00:00:00 2001
From: Bob Beck <beck@openssl.org>
Date: Wed, 7 Jan 2026 11:29:48 -0700
Subject: [PATCH] Ensure ASN1 types are checked before use.
Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8
this fix includes the other fixes in that commit, as well as fixes for others found by a scan
for a similar unvalidated access paradigm in the tree.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29582)
---
apps/s_client.c | 3 ++-
crypto/pkcs12/p12_kiss.c | 10 ++++++++--
crypto/pkcs7/pk7_doit.c | 2 ++
3 files changed, 12 insertions(+), 3 deletions(-)
Index: openssl-3.5.0/apps/s_client.c
===================================================================
--- openssl-3.5.0.orig/apps/s_client.c
+++ openssl-3.5.0/apps/s_client.c
@@ -2834,8 +2834,9 @@ int s_client_main(int argc, char **argv)
goto end;
}
atyp = ASN1_generate_nconf(genstr, cnf);
- if (atyp == NULL) {
+ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) {
NCONF_free(cnf);
+ ASN1_TYPE_free(atyp);
BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
goto end;
}
Index: openssl-3.5.0/crypto/pkcs12/p12_kiss.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs12/p12_kiss.c
+++ openssl-3.5.0/crypto/pkcs12/p12_kiss.c
@@ -197,11 +197,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag
ASN1_BMPSTRING *fname = NULL;
ASN1_OCTET_STRING *lkid = NULL;
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) {
+ if (attrib->type != V_ASN1_BMPSTRING)
+ return 0;
fname = attrib->value.bmpstring;
+ }
- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) {
+ if (attrib->type != V_ASN1_OCTET_STRING)
+ return 0;
lkid = attrib->value.octet_string;
+ }
switch (PKCS12_SAFEBAG_get_nid(bag)) {
case NID_keyBag:
Index: openssl-3.5.0/crypto/pkcs7/pk7_doit.c
===================================================================
--- openssl-3.5.0.orig/crypto/pkcs7/pk7_doit.c
+++ openssl-3.5.0/crypto/pkcs7/pk7_doit.c
@@ -1228,6 +1228,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_att
ASN1_TYPE *astype;
if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
return NULL;
+ if (astype->type != V_ASN1_OCTET_STRING)
+ return NULL;
return astype->value.octet_string;
}

60
openssl-FIPS-140-3-keychecks.patch
View File

@@ -9,11 +9,11 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
2 files changed, 61 insertions(+), 4 deletions(-)
Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
===================================================================
--- openssl-3.5.2.orig/providers/implementations/keymgmt/rsa_kmgmt.c
+++ openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -451,6 +451,7 @@ struct rsa_gen_ctx {
--- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/rsa_kmgmt.c
+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -433,6 +433,7 @@ struct rsa_gen_ctx {
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
/* ACVP test parameters */
OSSL_PARAM *acvp_test_params;
@@ -21,7 +21,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
#endif
};
@@ -464,6 +465,12 @@ static int rsa_gencb(int p, int n, BN_GE
@@ -446,6 +447,12 @@ static int rsa_gencb(int p, int n, BN_GE
return gctx->cb(params, gctx->cbarg);
}
@@ -34,7 +34,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
static void *gen_init(void *provctx, int selection, int rsa_type,
const OSSL_PARAM params[])
{
@@ -491,6 +498,10 @@ static void *gen_init(void *provctx, int
@@ -473,6 +480,10 @@ static void *gen_init(void *provctx, int
if (!rsa_gen_set_params(gctx, params))
goto err;
@@ -45,7 +45,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
return gctx;
err:
@@ -647,6 +658,11 @@ static void *rsa_gen(void *genctx, OSSL_
@@ -629,6 +640,11 @@ static void *rsa_gen(void *genctx, OSSL_
rsa = rsa_tmp;
rsa_tmp = NULL;
@@ -57,7 +57,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
err:
BN_GENCB_free(gencb);
RSA_free(rsa_tmp);
@@ -662,6 +678,8 @@ static void rsa_gen_cleanup(void *genctx
@@ -644,6 +660,8 @@ static void rsa_gen_cleanup(void *genctx
#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
gctx->acvp_test_params = NULL;
@@ -66,10 +66,10 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/rsa_kmgmt.c
#endif
BN_clear_free(gctx->pub_exp);
OPENSSL_free(gctx);
Index: openssl-3.5.2/providers/implementations/signature/rsa_sig.c
Index: openssl-3.5.0-beta1/providers/implementations/signature/rsa_sig.c
===================================================================
--- openssl-3.5.2.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.2/providers/implementations/signature/rsa_sig.c
--- openssl-3.5.0-beta1.orig/providers/implementations/signature/rsa_sig.c
+++ openssl-3.5.0-beta1/providers/implementations/signature/rsa_sig.c
@@ -35,7 +35,7 @@
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
@@ -152,10 +152,10 @@ Index: openssl-3.5.2/providers/implementations/signature/rsa_sig.c
const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
Index: openssl-3.5.2/crypto/dh/dh_key.c
Index: openssl-3.5.0-beta1/crypto/dh/dh_key.c
===================================================================
--- openssl-3.5.2.orig/crypto/dh/dh_key.c
+++ openssl-3.5.2/crypto/dh/dh_key.c
--- openssl-3.5.0-beta1.orig/crypto/dh/dh_key.c
+++ openssl-3.5.0-beta1/crypto/dh/dh_key.c
@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *k
BN_MONT_CTX *mont = NULL;
BIGNUM *z = NULL, *pminus1;
@@ -204,7 +204,7 @@ Index: openssl-3.5.2/crypto/dh/dh_key.c
dh->pub_key = pub_key;
dh->priv_key = priv_key;
+#ifdef FIPS_MODULE
+ if (ossl_dh_check_pairwise(dh, 0) <= 0) {
+ if (ossl_dh_check_pairwise(dh) <= 0) {
+ abort();
+ }
+#endif
@@ -212,10 +212,10 @@ Index: openssl-3.5.2/crypto/dh/dh_key.c
dh->dirty_cnt++;
ok = 1;
err:
Index: openssl-3.5.2/providers/implementations/exchange/ecdh_exch.c
Index: openssl-3.5.0-beta1/providers/implementations/exchange/ecdh_exch.c
===================================================================
--- openssl-3.5.2.orig/providers/implementations/exchange/ecdh_exch.c
+++ openssl-3.5.2/providers/implementations/exchange/ecdh_exch.c
--- openssl-3.5.0-beta1.orig/providers/implementations/exchange/ecdh_exch.c
+++ openssl-3.5.0-beta1/providers/implementations/exchange/ecdh_exch.c
@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, u
#endif
@@ -242,11 +242,11 @@ Index: openssl-3.5.2/providers/implementations/exchange/ecdh_exch.c
retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
Index: openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
===================================================================
--- openssl-3.5.2.orig/providers/implementations/keymgmt/ec_kmgmt.c
+++ openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
@@ -1010,9 +1010,18 @@ struct ec_gen_ctx {
--- openssl-3.5.0-beta1.orig/providers/implementations/keymgmt/ec_kmgmt.c
+++ openssl-3.5.0-beta1/providers/implementations/keymgmt/ec_kmgmt.c
@@ -993,9 +993,18 @@ struct ec_gen_ctx {
EC_GROUP *gen_group;
unsigned char *dhkem_ikm;
size_t dhkem_ikmlen;
@@ -265,7 +265,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
static void *ec_gen_init(void *provctx, int selection,
const OSSL_PARAM params[])
{
@@ -1032,6 +1041,10 @@ static void *ec_gen_init(void *provctx,
@@ -1015,6 +1024,10 @@ static void *ec_gen_init(void *provctx,
gctx = NULL;
}
}
@@ -276,7 +276,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
return gctx;
}
@@ -1343,6 +1356,12 @@ static void *ec_gen(void *genctx, OSSL_C
@@ -1326,6 +1339,12 @@ static void *ec_gen(void *genctx, OSSL_C
if (gctx->ecdh_mode != -1)
ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
@@ -289,7 +289,7 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
if (gctx->group_check != NULL)
ret = ret && ossl_ec_set_check_group_type_from_name(ec,
@@ -1413,7 +1432,10 @@ static void ec_gen_cleanup(void *genctx)
@@ -1396,7 +1415,10 @@ static void ec_gen_cleanup(void *genctx)
if (gctx == NULL)
return;
@@ -301,10 +301,10 @@ Index: openssl-3.5.2/providers/implementations/keymgmt/ec_kmgmt.c
OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
EC_GROUP_free(gctx->gen_group);
BN_free(gctx->p);
Index: openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
Index: openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
===================================================================
--- openssl-3.5.2.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.0-beta1.orig/providers/implementations/signature/ecdsa_sig.c
+++ openssl-3.5.0-beta1/providers/implementations/signature/ecdsa_sig.c
@@ -33,7 +33,7 @@
#include "prov/der_ec.h"
#include "crypto/ec.h"
@@ -332,7 +332,7 @@ Index: openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
{
PROV_ECDSA_CTX *ctx;
@@ -612,7 +612,7 @@ int ecdsa_digest_verify_final(void *vctx
@@ -604,7 +604,7 @@ int ecdsa_digest_verify_final(void *vctx
return ok;
}
@@ -341,7 +341,7 @@ Index: openssl-3.5.2/providers/implementations/signature/ecdsa_sig.c
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
@@ -861,6 +861,35 @@ static const OSSL_PARAM *ecdsa_settable_
@@ -853,6 +853,35 @@ static const OSSL_PARAM *ecdsa_settable_
return EVP_MD_settable_ctx_params(ctx->md);
}

34
openssl-FIPS-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
View File

@@ -10,10 +10,10 @@ Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
test/recipes/25-test_verify.t | 7 ++--
4 files changed, 79 insertions(+), 18 deletions(-)
Index: openssl-3.5.1/crypto/x509/x509_vfy.c
Index: openssl-3.5.0/crypto/x509/x509_vfy.c
===================================================================
--- openssl-3.5.1.orig/crypto/x509/x509_vfy.c
+++ openssl-3.5.1/crypto/x509/x509_vfy.c
--- openssl-3.5.0.orig/crypto/x509/x509_vfy.c
+++ openssl-3.5.0/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@
#include <openssl/objects.h>
#include <openssl/core_names.h>
@@ -54,10 +54,10 @@ Index: openssl-3.5.1/crypto/x509/x509_vfy.c
+
return secbits >= minbits_table[level - 1];
}
Index: openssl-3.5.1/ssl/t1_lib.c
Index: openssl-3.5.0/ssl/t1_lib.c
===================================================================
--- openssl-3.5.1.orig/ssl/t1_lib.c
+++ openssl-3.5.1/ssl/t1_lib.c
--- openssl-3.5.0.orig/ssl/t1_lib.c
+++ openssl-3.5.0/ssl/t1_lib.c
@@ -21,6 +21,7 @@
#include <openssl/bn.h>
#include <openssl/provider.h>
@@ -66,7 +66,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
#include "internal/sslconf.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
@@ -2809,19 +2810,27 @@ int tls12_check_peer_sigalg(SSL_CONNECTI
@@ -2807,19 +2808,27 @@ int tls12_check_peer_sigalg(SSL_CONNECTI
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0;
}
@@ -107,7 +107,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
}
/* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu;
@@ -3393,6 +3402,14 @@ static int tls12_sigalg_allowed(const SS
@@ -3391,6 +3400,14 @@ static int tls12_sigalg_allowed(const SS
}
}
@@ -122,7 +122,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
/* Finally see if security callback allows it */
secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -4383,6 +4400,8 @@ static int ssl_security_cert_sig(SSL_CON
@@ -4381,6 +4398,8 @@ static int ssl_security_cert_sig(SSL_CON
{
/* Lookup signature algorithm digest */
int secbits, nid, pknid;
@@ -131,7 +131,7 @@ Index: openssl-3.5.1/ssl/t1_lib.c
/* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
@@ -4392,6 +4411,25 @@ static int ssl_security_cert_sig(SSL_CON
@@ -4390,6 +4409,25 @@ static int ssl_security_cert_sig(SSL_CON
/* If digest NID not defined use signature NID */
if (nid == NID_undef)
nid = pknid;
@@ -157,20 +157,20 @@ Index: openssl-3.5.1/ssl/t1_lib.c
if (s != NULL)
return ssl_security(s, op, secbits, nid, x);
else
Index: openssl-3.5.1/test/recipes/25-test_verify.t
Index: openssl-3.5.0/test/recipes/25-test_verify.t
===================================================================
--- openssl-3.5.1.orig/test/recipes/25-test_verify.t
+++ openssl-3.5.1/test/recipes/25-test_verify.t
@@ -30,7 +30,7 @@ sub verify {
--- openssl-3.5.0.orig/test/recipes/25-test_verify.t
+++ openssl-3.5.0/test/recipes/25-test_verify.t
@@ -29,7 +29,7 @@ sub verify {
run(app([@args]));
}
-plan tests => 203;
+plan tests => 202;
-plan tests => 194;
+plan tests => 193;
# Canonical success
ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -485,8 +485,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root
@@ -484,8 +484,9 @@ ok(verify("ee-pss-sha1-cert", "", ["root
ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
"CA with PSS signature using SHA256");

55
openssl-FIPS-NO-DES-support.patch
View File

@@ -12,11 +12,11 @@ Signed-off-by: Simo Sorce <simo@redhat.com>
test/recipes/80-test_cms.t | 2 +-
5 files changed, 14 insertions(+), 13 deletions(-)
Index: openssl-3.5.2/providers/fips/fipsprov.c
Index: openssl-3.5.0-beta1/providers/fips/fipsprov.c
===================================================================
--- openssl-3.5.2.orig/providers/fips/fipsprov.c
+++ openssl-3.5.2/providers/fips/fipsprov.c
@@ -360,7 +360,8 @@ static const OSSL_ALGORITHM_CAPABLE fips
--- openssl-3.5.0-beta1.orig/providers/fips/fipsprov.c
+++ openssl-3.5.0-beta1/providers/fips/fipsprov.c
@@ -358,7 +358,8 @@ static const OSSL_ALGORITHM_CAPABLE fips
ossl_cipher_capable_aes_cbc_hmac_sha256),
ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
ossl_cipher_capable_aes_cbc_hmac_sha256),
@@ -26,11 +26,28 @@ Index: openssl-3.5.2/providers/fips/fipsprov.c
ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
#endif /* OPENSSL_NO_DES */
Index: openssl-3.5.2/providers/fips/self_test_data.inc
Index: openssl-3.5.0-beta1/providers/fips/self_test_data.inc
===================================================================
--- openssl-3.5.2.orig/providers/fips/self_test_data.inc
+++ openssl-3.5.2/providers/fips/self_test_data.inc
@@ -293,6 +293,7 @@ static const ST_KAT_CIPHER st_kat_cipher
--- openssl-3.5.0-beta1.orig/providers/fips/self_test_data.inc
+++ openssl-3.5.0-beta1/providers/fips/self_test_data.inc
@@ -209,6 +209,7 @@ static const ST_KAT_DIGEST st_kat_digest
/*- CIPHER TEST DATA */
/* DES3 test data */
+#if 0
static const unsigned char des_ede3_cbc_pt[] = {
0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
@@ -229,7 +230,7 @@ static const unsigned char des_ede3_cbc_
0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
};
-
+#endif
/* AES-256 GCM test data */
static const unsigned char aes_256_gcm_key[] = {
0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
@@ -315,6 +316,7 @@ static const ST_KAT_CIPHER st_kat_cipher
CIPHER_MODE_DECRYPT,
ITM(aes_128_ecb_key)
},
@@ -38,7 +55,7 @@ Index: openssl-3.5.2/providers/fips/self_test_data.inc
#ifndef OPENSSL_NO_DES
{
{
@@ -305,6 +306,7 @@ static const ST_KAT_CIPHER st_kat_cipher
@@ -327,6 +329,7 @@ static const ST_KAT_CIPHER st_kat_cipher
ITM(tdes_key)
}
#endif
@@ -46,10 +63,10 @@ Index: openssl-3.5.2/providers/fips/self_test_data.inc
};
static const char hkdf_digest[] = "SHA256";
Index: openssl-3.5.2/test/evp_libctx_test.c
Index: openssl-3.5.0-beta1/test/evp_libctx_test.c
===================================================================
--- openssl-3.5.2.orig/test/evp_libctx_test.c
+++ openssl-3.5.2/test/evp_libctx_test.c
--- openssl-3.5.0-beta1.orig/test/evp_libctx_test.c
+++ openssl-3.5.0-beta1/test/evp_libctx_test.c
@@ -831,7 +831,9 @@ int setup_tests(void)
ADD_TEST(kem_invalid_keytype);
#endif
@@ -61,10 +78,10 @@ Index: openssl-3.5.2/test/evp_libctx_test.c
#endif
return 1;
}
Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt
Index: openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
===================================================================
--- openssl-3.5.2.orig/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ openssl-3.5.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt
--- openssl-3.5.0-beta1.orig/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+++ openssl-3.5.0-beta1/test/recipes/30-test_evp_data/evpciph_des3_common.txt
@@ -14,7 +14,7 @@
Title = DES3 Tests
@@ -114,16 +131,16 @@ Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpciph_des3_common.txt
Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
# Test that DES3 ECB mode encryption is not FIPS approved
-Availablein = fips
-Availablein = fipss
-FIPSversion = >=3.4.0
+Availablein = none
Cipher = DES-EDE3-ECB
Operation = ENCRYPT
Unapproved = 1
Index: openssl-3.5.2/test/recipes/80-test_cms.t
Index: openssl-3.5.0-beta1/test/recipes/80-test_cms.t
===================================================================
--- openssl-3.5.2.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.2/test/recipes/80-test_cms.t
--- openssl-3.5.0-beta1.orig/test/recipes/80-test_cms.t
+++ openssl-3.5.0-beta1/test/recipes/80-test_cms.t
@@ -398,7 +398,7 @@ my @smime_cms_tests = (
\&final_compare
],

91
openssl-FIPS-enforce-EMS-support.patch
View File

@@ -19,11 +19,11 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
test/sslapitest.c | 2 +-
9 files changed, 46 insertions(+), 5 deletions(-)
Index: openssl-3.5.2/doc/man3/SSL_CONF_cmd.pod
===================================================================
--- openssl-3.5.2.orig/doc/man3/SSL_CONF_cmd.pod
+++ openssl-3.5.2/doc/man3/SSL_CONF_cmd.pod
@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended ma
diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
index e2c1e69847..009b683b27 100644
--- a/doc/man3/SSL_CONF_cmd.pod
+++ b/doc/man3/SSL_CONF_cmd.pod
@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
@@ -33,11 +33,11 @@ Index: openssl-3.5.2/doc/man3/SSL_CONF_cmd.pod
B<CANames>: use CA names extension, enabled by
default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
Index: openssl-3.5.2/doc/man5/fips_config.pod
===================================================================
--- openssl-3.5.2.orig/doc/man5/fips_config.pod
+++ openssl-3.5.2/doc/man5/fips_config.pod
@@ -11,6 +11,19 @@ automatically loaded when the system is
diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
index 15748c5756..34cbfbb2ad 100644
--- a/doc/man5/fips_config.pod
+++ b/doc/man5/fips_config.pod
@@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the
environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
for more information.
@@ -56,12 +56,12 @@ Index: openssl-3.5.2/doc/man5/fips_config.pod
+
=head1 COPYRIGHT
Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
Index: openssl-3.5.2/include/openssl/ssl.h.in
===================================================================
--- openssl-3.5.2.orig/include/openssl/ssl.h.in
+++ openssl-3.5.2/include/openssl/ssl.h.in
@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
index 0b2232b01c..99b2ad4eb3 100644
--- a/include/openssl/ssl.h.in
+++ b/include/openssl/ssl.h.in
@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
* interoperability with CryptoPro CSP 3.x
*/
# define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
@@ -69,10 +69,10 @@ Index: openssl-3.5.2/include/openssl/ssl.h.in
/*
* Disable RFC8879 certificate compression
* SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
Index: openssl-3.5.2/providers/fips/include/fips_indicator_params.inc
===================================================================
--- openssl-3.5.2.orig/providers/fips/include/fips_indicator_params.inc
+++ openssl-3.5.2/providers/fips/include/fips_indicator_params.inc
diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
index c1b029de86..47d1cf2d01 100644
--- a/providers/fips/include/fips_indicator_params.inc
+++ b/providers/fips/include/fips_indicator_params.inc
@@ -1,5 +1,5 @@
OSSL_FIPS_PARAM(security_checks, SECURITY_CHECKS, 1)
-OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 0)
@@ -80,11 +80,11 @@ Index: openssl-3.5.2/providers/fips/include/fips_indicator_params.inc
OSSL_FIPS_PARAM(no_short_mac, NO_SHORT_MAC, 1)
OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0)
OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0)
Index: openssl-3.5.2/ssl/ssl_conf.c
===================================================================
--- openssl-3.5.2.orig/ssl/ssl_conf.c
+++ openssl-3.5.2/ssl/ssl_conf.c
@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cct
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 946d20be52..b52c1675fd 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
SSL_FLAG_TBL("ClientRenegotiation",
SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
@@ -92,10 +92,10 @@ Index: openssl-3.5.2/ssl/ssl_conf.c
SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX),
Index: openssl-3.5.2/ssl/statem/extensions_srvr.c
===================================================================
--- openssl-3.5.2.orig/ssl/statem/extensions_srvr.c
+++ openssl-3.5.2/ssl/statem/extensions_srvr.c
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index dd771207f6..48db802b1f 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -12,6 +12,7 @@
#include "statem_local.h"
#include "internal/cryptlib.h"
@@ -104,7 +104,7 @@ Index: openssl-3.5.2/ssl/statem/extensions_srvr.c
#define COOKIE_STATE_FORMAT_VERSION 1
@@ -1886,8 +1887,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CO
@@ -1874,8 +1875,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
unsigned int context,
X509 *x, size_t chainidx)
{
@@ -119,10 +119,10 @@ Index: openssl-3.5.2/ssl/statem/extensions_srvr.c
if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
|| !WPACKET_put_bytes_u16(pkt, 0)) {
Index: openssl-3.5.2/ssl/t1_enc.c
===================================================================
--- openssl-3.5.2.orig/ssl/t1_enc.c
+++ openssl-3.5.2/ssl/t1_enc.c
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 474ea7bf5b..e0e595e989 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -21,6 +21,7 @@
#include <openssl/obj_mac.h>
#include <openssl/core_names.h>
@@ -148,11 +148,11 @@ Index: openssl-3.5.2/ssl/t1_enc.c
else
ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
EVP_KDF_CTX_free(kctx);
Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
===================================================================
--- openssl-3.5.2.orig/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ openssl-3.5.2/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3
diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
index 50944328cb..edb2e81273 100644
--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
@@ -169,11 +169,11 @@ Index: openssl-3.5.2/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
FIPSversion = <=3.1.0
KDF = TLS1-PRF
Ctrl.digest = digest:SHA256
Index: openssl-3.5.2/test/sslapitest.c
===================================================================
--- openssl-3.5.2.orig/test/sslapitest.c
+++ openssl-3.5.2/test/sslapitest.c
@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(vo
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 16155afccb..93766fae23 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void)
STACK_OF(X509) *server_chain;
SSL_CTX *cctx = NULL, *sctx = NULL;
SSL *clientssl = NULL, *serverssl = NULL;
@@ -182,3 +182,6 @@ Index: openssl-3.5.2/test/sslapitest.c
if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
TLS_client_method(), TLS1_VERSION, 0,
--
2.49.0

125
openssl-Fix-P384-on-P8-targets.patch Normal file
View File

@@ -0,0 +1,125 @@
From a72f753cc5a43e58087358317975f6be46c15e01 Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Thu, 17 Apr 2025 08:51:53 -0500
Subject: [PATCH] Fix P-384 curve on lower-than-P9 PPC64 targets
The change adding an asm implementation of p384_felem_reduce incorrectly
uses the accelerated version on both targets that support the intrinsics
*and* targets that don't, instead of falling back to the generics on older
targets. This results in crashes when trying to use P-384 on < Power9.
Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
Closes: #27350
Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27429)
(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
---
crypto/ec/ecp_nistp384.c | 54 ++++++++++++++++++++++++----------------
1 file changed, 33 insertions(+), 21 deletions(-)
diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
index 2ceb94fe33b7e..9d682f5a02cce 100644
--- a/crypto/ec/ecp_nistp384.c
+++ b/crypto/ec/ecp_nistp384.c
@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
out[i] = acc[i];
}
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+ widefelem tmp;
+
+ felem_square_ref(tmp, in);
+ felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+ widefelem tmp;
+
+ felem_mul_ref(tmp, in1, in2);
+ felem_reduce_ref(out, tmp);
+}
+
#if defined(ECP_NISTP384_ASM)
static void felem_square_wrapper(widefelem out, const felem in);
static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+ felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+ felem_mul_reduce_ref;
+
void p384_felem_square(widefelem out, const felem in);
void p384_felem_mul(widefelem out, const felem in1, const felem in2);
void p384_felem_reduce(felem out, const widefelem in);
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+
# if defined(_ARCH_PPC64)
# include "crypto/ppc_arch.h"
# endif
@@ -710,6 +734,8 @@ static void felem_select(void)
felem_square_p = p384_felem_square;
felem_mul_p = p384_felem_mul;
felem_reduce_p = p384_felem_reduce;
+ felem_square_reduce_p = p384_felem_square_reduce;
+ felem_mul_reduce_p = p384_felem_mul_reduce;
return;
}
@@ -718,7 +744,9 @@ static void felem_select(void)
/* Default */
felem_square_p = felem_square_ref;
felem_mul_p = felem_mul_ref;
- felem_reduce_p = p384_felem_reduce;
+ felem_reduce_p = felem_reduce_ref;
+ felem_square_reduce_p = felem_square_reduce_ref;
+ felem_mul_reduce_p = felem_mul_reduce_ref;
}
static void felem_square_wrapper(widefelem out, const felem in)
@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
# define felem_mul felem_mul_p
# define felem_reduce felem_reduce_p
-void p384_felem_square_reduce(felem out, const felem in);
-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
-
-# define felem_square_reduce p384_felem_square_reduce
-# define felem_mul_reduce p384_felem_mul_reduce
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
#else
# define felem_square felem_square_ref
# define felem_mul felem_mul_ref
# define felem_reduce felem_reduce_ref
-static ossl_inline void felem_square_reduce(felem out, const felem in)
-{
- widefelem tmp;
-
- felem_square(tmp, in);
- felem_reduce(out, tmp);
-}
-
-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
-{
- widefelem tmp;
-
- felem_mul(tmp, in1, in2);
- felem_reduce(out, tmp);
-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
#endif
/*-

34
openssl-Fix-Wfree-nonheap-object-warning.patch
View File

@@ -1,34 +0,0 @@
Index: openssl-3.5.0/crypto/bn/bn_exp.c
===================================================================
--- openssl-3.5.0.orig/crypto/bn/bn_exp.c
+++ openssl-3.5.0/crypto/bn/bn_exp.c
@@ -166,6 +166,20 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *
return ret;
}
+/* As per limitations of C, the compiler cannot determine statically that in the
+ * case of BN_RECP_CTX_free, the BN_RECP_CTX.flag will not have a value of
+ * BN_FLG_MALLOCED, thus we hit a warning (-Wfree-nonheap-object) in
+ * BN_mod_exp_recp. Fix that by omiting the check for BN_FLG_MALLOCED.
+ */
+void BN_RECP_CTX_free_static(BN_RECP_CTX *recp)
+{
+ if (recp == NULL)
+ return;
+
+ BN_free(&recp->N);
+ BN_free(&recp->Nr);
+}
+
int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx)
{
@@ -304,7 +318,7 @@ int BN_mod_exp_recp(BIGNUM *r, const BIG
ret = 1;
err:
BN_CTX_end(ctx);
- BN_RECP_CTX_free(&recp);
+ BN_RECP_CTX_free_static(&recp);
bn_check_top(r);
return ret;
}

87
openssl-disable-fipsinstall.patch
View File

@@ -23,10 +23,10 @@ From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
mode change 100644 => 100755 test/recipes/01-test_fipsmodule_cnf.t
mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t
Index: openssl-3.5.2/apps/fipsinstall.c
Index: openssl-3.5.0-beta1/apps/fipsinstall.c
===================================================================
--- openssl-3.5.2.orig/apps/fipsinstall.c
+++ openssl-3.5.2/apps/fipsinstall.c
--- openssl-3.5.0-beta1.orig/apps/fipsinstall.c
+++ openssl-3.5.0-beta1/apps/fipsinstall.c
@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **ar
EVP_MAC *mac = NULL;
CONF *conf = NULL;
@@ -37,15 +37,14 @@ Index: openssl-3.5.2/apps/fipsinstall.c
if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
goto end;
Index: openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
Index: openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
===================================================================
--- openssl-3.5.2.orig/doc/man1/openssl-fipsinstall.pod.in
+++ openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
@@ -7,485 +7,9 @@ openssl-fipsinstall - perform FIPS confi
--- openssl-3.5.0-beta1.orig/doc/man1/openssl-fipsinstall.pod.in
+++ openssl-3.5.0-beta1/doc/man1/openssl-fipsinstall.pod.in
@@ -8,488 +8,9 @@ openssl-fipsinstall - perform FIPS confi
=head1 SYNOPSIS
-B<openssl fipsinstall>
B<openssl fipsinstall>
-[B<-help>]
-[B<-in> I<configfilename>]
-[B<-out> I<configfilename>]
@@ -275,7 +274,9 @@ Index: openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
-
-=item B<-hkdf_digest_check>
-
-This option is deprecated.
-Configure the module to enable a run-time digest check when deriving a key by
-HKDF.
-See NIST SP 800-56Cr2 for details.
-
-=item B<-tls13_kdf_digest_check>
-
@@ -297,7 +298,9 @@ Index: openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
-
-=item B<-sskdf_digest_check>
-
-This option is deprecated.
-Configure the module to enable a run-time digest check when deriving a key by
-SSKDF.
-See NIST SP 800-56Cr2 for details.
-
-=item B<-x963kdf_digest_check>
-
@@ -530,11 +533,11 @@ Index: openssl-3.5.2/doc/man1/openssl-fipsinstall.pod.in
=head1 COPYRIGHT
Index: openssl-3.5.2/doc/man1/openssl.pod
Index: openssl-3.5.0-beta1/doc/man1/openssl.pod
===================================================================
--- openssl-3.5.2.orig/doc/man1/openssl.pod
+++ openssl-3.5.2/doc/man1/openssl.pod
@@ -139,10 +139,6 @@ Engine (loadable module) information and
--- openssl-3.5.0-beta1.orig/doc/man1/openssl.pod
+++ openssl-3.5.0-beta1/doc/man1/openssl.pod
@@ -137,10 +137,6 @@ Engine (loadable module) information and
Error Number to Error String Conversion.
@@ -545,10 +548,10 @@ Index: openssl-3.5.2/doc/man1/openssl.pod
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
Index: openssl-3.5.2/doc/man5/config.pod
Index: openssl-3.5.0-beta1/doc/man5/config.pod
===================================================================
--- openssl-3.5.2.orig/doc/man5/config.pod
+++ openssl-3.5.2/doc/man5/config.pod
--- openssl-3.5.0-beta1.orig/doc/man5/config.pod
+++ openssl-3.5.0-beta1/doc/man5/config.pod
@@ -582,7 +582,6 @@ configuration files using that syntax wi
=head1 SEE ALSO
@@ -557,11 +560,11 @@ Index: openssl-3.5.2/doc/man5/config.pod
L<ASN1_generate_nconf(3)>,
L<EVP_set_default_properties(3)>,
L<CONF_modules_load(3)>,
Index: openssl-3.5.2/doc/man5/fips_config.pod
Index: openssl-3.5.0-beta1/doc/man5/fips_config.pod
===================================================================
--- openssl-3.5.2.orig/doc/man5/fips_config.pod
+++ openssl-3.5.2/doc/man5/fips_config.pod
@@ -6,224 +6,10 @@ fips_config - OpenSSL FIPS configuration
--- openssl-3.5.0-beta1.orig/doc/man5/fips_config.pod
+++ openssl-3.5.0-beta1/doc/man5/fips_config.pod
@@ -6,230 +6,10 @@ fips_config - OpenSSL FIPS configuration
=head1 DESCRIPTION
@@ -621,11 +624,17 @@ Index: openssl-3.5.2/doc/man5/fips_config.pod
-
-=item B<install-status>
-
-This field is deprecated and is no longer used.
-An indicator that the self-tests were successfully run.
-This should only be written after the module has
-successfully passed its self tests during installation.
-If this field is not present, then the self tests will run when the module
-loads.
-
-=item B<install-mac>
-
-This field is deprecated and is no longer used.
-A MAC of the value of the B<install-status> option, to prevent accidental
-changes to that value.
-It is written-to at the same time as B<install-status> is updated.
-
-=back
-
@@ -665,7 +674,7 @@ Index: openssl-3.5.2/doc/man5/fips_config.pod
-
-=item B<hkdf-digest-check>
-
-This option is deprecated.
-See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check>
-
-=item B<tls13-kdf-digest-check>
-
@@ -681,7 +690,7 @@ Index: openssl-3.5.2/doc/man5/fips_config.pod
-
-=item B<sskdf-digest-check>
-
-This option is deprecated.
-See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check>
-
-=item B<x963kdf-digest-check>
-
@@ -790,11 +799,11 @@ Index: openssl-3.5.2/doc/man5/fips_config.pod
=head1 COPYRIGHT
Index: openssl-3.5.2/doc/man7/OSSL_PROVIDER-FIPS.pod
Index: openssl-3.5.0-beta1/doc/man7/OSSL_PROVIDER-FIPS.pod
===================================================================
--- openssl-3.5.2.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ openssl-3.5.2/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -570,7 +570,6 @@ process.
--- openssl-3.5.0-beta1.orig/doc/man7/OSSL_PROVIDER-FIPS.pod
+++ openssl-3.5.0-beta1/doc/man7/OSSL_PROVIDER-FIPS.pod
@@ -575,7 +575,6 @@ want to operate in a FIPS approved manne
=head1 SEE ALSO
@@ -802,10 +811,10 @@ Index: openssl-3.5.2/doc/man7/OSSL_PROVIDER-FIPS.pod
L<fips_config(5)>,
L<OSSL_SELF_TEST_set_callback(3)>,
L<OSSL_SELF_TEST_new(3)>,
Index: openssl-3.5.2/test/recipes/00-prep_fipsmodule_cnf.t
Index: openssl-3.5.0-beta1/test/recipes/00-prep_fipsmodule_cnf.t
===================================================================
--- openssl-3.5.2.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.5.2/test/recipes/00-prep_fipsmodule_cnf.t
--- openssl-3.5.0-beta1.orig/test/recipes/00-prep_fipsmodule_cnf.t
+++ openssl-3.5.0-beta1/test/recipes/00-prep_fipsmodule_cnf.t
@@ -29,8 +29,10 @@ my $fipsmoduleconf = bldtop_file('test',
plan tests => 1;
@@ -821,10 +830,10 @@ Index: openssl-3.5.2/test/recipes/00-prep_fipsmodule_cnf.t
+# '-module', $fipsmodule, '-provider_name', 'fips',
+# '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
+# "fips install");
Index: openssl-3.5.2/test/recipes/01-test_fipsmodule_cnf.t
Index: openssl-3.5.0-beta1/test/recipes/01-test_fipsmodule_cnf.t
===================================================================
--- openssl-3.5.2.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.5.2/test/recipes/01-test_fipsmodule_cnf.t
--- openssl-3.5.0-beta1.orig/test/recipes/01-test_fipsmodule_cnf.t
+++ openssl-3.5.0-beta1/test/recipes/01-test_fipsmodule_cnf.t
@@ -31,7 +31,8 @@ plan tests => 1;
my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
@@ -837,10 +846,10 @@ Index: openssl-3.5.2/test/recipes/01-test_fipsmodule_cnf.t
+#ok(run(app(['openssl', 'fipsinstall',
+# '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
+# "fipsinstall verify");
Index: openssl-3.5.2/test/recipes/03-test_fipsinstall.t
Index: openssl-3.5.0-beta1/test/recipes/03-test_fipsinstall.t
===================================================================
--- openssl-3.5.2.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.5.2/test/recipes/03-test_fipsinstall.t
--- openssl-3.5.0-beta1.orig/test/recipes/03-test_fipsinstall.t
+++ openssl-3.5.0-beta1/test/recipes/03-test_fipsinstall.t
@@ -22,6 +22,8 @@ use lib srctop_dir('Configurations');
use lib bldtop_dir('.');
use platform;

29
openssl3-CVE-2025-9230.patch Normal file
View File

@@ -0,0 +1,29 @@
From eb7ca9504a1b9ba7ed50140fc5b81e1e5e9adf59 Mon Sep 17 00:00:00 2001
From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Thu, 11 Sep 2025 18:10:12 +0200
Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
Fixes CVE-2025-9230
The check is off by 8 bytes so it is possible to overread by
up to 8 bytes and overwrite up to 4 bytes.
---
crypto/cms/cms_pwri.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 106bd98dc7..ba8646f93c 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -243,7 +243,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Check byte failure */
goto err;
}
- if (inlen < (size_t)(tmp[0] - 4)) {
+ if (inlen < 4 + (size_t)tmp[0]) {
/* Invalid length value */
goto err;
}
--
2.51.0

46
openssl3-CVE-2025-9231.patch Normal file
View File

@@ -0,0 +1,46 @@
From d874cbd603bb1b254cfe212797f18fc7cdb7cc52 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:40:34 +0200
Subject: [PATCH] SM2: Use constant time modular inversion
Fixes CVE-2025-9231
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/ec/ecp_sm2p256.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/crypto/ec/ecp_sm2p256.c b/crypto/ec/ecp_sm2p256.c
index aabe74b6e4..d75230a651 100644
--- a/crypto/ec/ecp_sm2p256.c
+++ b/crypto/ec/ecp_sm2p256.c
@@ -747,7 +747,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ec_GFp_simple_point_copy,
ossl_ec_GFp_simple_point_set_to_infinity,
ossl_ec_GFp_simple_point_set_affine_coordinates,
- ecp_sm2p256_get_affine,
+ ossl_ec_GFp_simple_point_get_affine_coordinates,
0, 0, 0,
ossl_ec_GFp_simple_add,
ossl_ec_GFp_simple_dbl,
@@ -763,7 +763,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ecp_sm2p256_field_mul,
ecp_sm2p256_field_sqr,
0 /* field_div */,
- 0 /* field_inv */,
+ ossl_ec_GFp_simple_field_inv,
0 /* field_encode */,
0 /* field_decode */,
0 /* field_set_to_one */,
@@ -779,7 +779,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
ossl_ecdsa_simple_sign_setup,
ossl_ecdsa_simple_sign_sig,
ossl_ecdsa_simple_verify_sig,
- ecp_sm2p256_inv_mod_ord,
+ 0, /* use constanttime fallback for inverse mod order */
0, /* blind_coordinates */
0, /* ladder_pre */
0, /* ladder_step */
--
2.51.0

28
openssl3-CVE-2025-9232.patch Normal file
View File

@@ -0,0 +1,28 @@
From b8427e03e06c5ffde63f2231b7c0663b4c2510cd Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Thu, 11 Sep 2025 18:43:55 +0200
Subject: [PATCH] use_proxy(): Add missing terminating NUL byte
Fixes CVE-2025-9232
There is a missing terminating NUL byte after strncpy() call.
Issue and a proposed fix reported by Stanislav Fort (Aisle Research).
---
crypto/http/http_lib.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index fcf8a69e07..022b8c194c 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -263,6 +263,7 @@ static int use_proxy(const char *no_proxy, const char *server)
/* strip leading '[' and trailing ']' from escaped IPv6 address */
sl -= 2;
strncpy(host, server + 1, sl);
+ host[sl] = '\0';
server = host;
}
--
2.51.0