import UBI openssl-1.1.1k-14.el8_10

SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch

@@ -1,11 +1,13 @@
 diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
 --- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg	2021-03-25 14:28:38.000000000 +0100
 +++ openssl-1.1.1k/ssl/statem/extensions.c	2021-06-24 16:16:19.526181743 +0200
-@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
+@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori
  #ifndef OPENSSL_NO_SRP
  static int init_srp(SSL *s, unsigned int context);
  #endif
++#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context);
++#endif
  static int init_etm(SSL *s, unsigned int context);
  static int init_ems(SSL *s, unsigned int context);
  static int final_ems(SSL *s, unsigned int context, int sent);
@@ -18,10 +20,11 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
          tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
          final_ec_pt_formats
      },
-@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
+@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int
  }
  #endif
  
++#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context)
 +{
 +	    OPENSSL_free(s->ext.peer_ecpointformats);
@@ -30,6 +33,7 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
 +
 +	    return 1;
 +}
++#endif
 +
  static int init_etm(SSL *s, unsigned int context)
  {

SOURCES/openssl-1.1.1-cve-2025-9230.patch

@@ -0,0 +1,31 @@
+From 5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 Mon Sep 17 00:00:00 2001
+From: Viktor Dukhovni <openssl-users@dukhovni.org>
+Date: Thu, 11 Sep 2025 18:10:12 +0200
+Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
+
+Fixes CVE-2025-9230
+
+The check is off by 8 bytes so it is possible to overread by
+up to 8 bytes and overwrite up to 4 bytes.
+
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
+---
+ crypto/cms/cms_pwri.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
+index a7d609f83791a..ee1b8aa6ed61d 100644
+--- a/crypto/cms/cms_pwri.c
++++ b/crypto/cms/cms_pwri.c
+@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+         /* Check byte failure */
+         goto err;
+     }
+-    if (inlen < (size_t)(tmp[0] - 4)) {
++    if (inlen < 4 + (size_t)tmp[0]) {
+         /* Invalid length value */
+         goto err;
+     }

SOURCES/openssl-1.1.1-ticket_lifetime_hint.patch

@@ -0,0 +1,145 @@
+From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
+From: Todd Short <todd.short@me.com>
+Date: Wed, 23 Mar 2022 18:55:10 -0400
+Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3
+
+For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
+
+Fixes #17948
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17952)
+
+(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
+Modified by:	Maurizio Barbaro <mbarbaro@redhat.com> 
+---
+ doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
+ ssl/statem/statem_srvr.c         | 21 ++++++++----
+ test/sslapitest.c                | 59 ++++++++++++++++++++++++++++++++
+ 3 files changed, 84 insertions(+), 6 deletions(-)
+
+diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
+index c32585e45f924..54592654ffd1f 100644
+--- a/doc/man3/SSL_CTX_set_timeout.pod
++++ b/doc/man3/SSL_CTX_set_timeout.pod
+@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
+ All currently supported protocols have the same default timeout value
+ of 300 seconds.
+ 
++This timeout value is used as the ticket lifetime hint for stateless session
++tickets. It is also used as the timeout value within the ticket itself.
++
++For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
++seconds).
++
++For TLSv1.2, tickets generated during an initial handshake use the value
++as specified. Tickets generated during a resumed handshake have a value
++of 0 for the ticket lifetime hint.
++
+ =head1 RETURN VALUES
+ 
+ SSL_CTX_set_timeout() returns the previously set timeout value.
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index d701c46b43b5a..79cfd1d8353a0 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+ static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                  unsigned char *tick_nonce)
+ {
++    uint32_t timeout = (uint32_t)s->session->timeout;
++
+     /*
+-     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
+-     * unspecified for resumed session (for simplicity).
++     * Ticket lifetime hint:
+      * In TLSv1.3 we reset the "time" field above, and always specify the
+-     * timeout.
++     * timeout, limited to a 1 week period per RFC8446.
++     * For TLSv1.2 this is advisory only and we leave this unspecified for
++     * resumed session (for simplicity).
+      */
+-    if (!WPACKET_put_bytes_u32(pkt,
+-                               (s->hit && !SSL_IS_TLS13(s))
+-                               ? 0 : s->session->timeout)) {
++#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
++
++    if (SSL_IS_TLS13(s)) {
++        if (s->session->timeout > ONE_WEEK_SEC)
++            timeout = ONE_WEEK_SEC;
++    } else if (s->hit)
++        timeout = 0;
++
++    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
+         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                  ERR_R_INTERNAL_ERROR);
+         return 0;
+
+--- a/test/sslapitest.c	2025-10-21 18:44:14.836888120 +0200
++++ b/test/sslapitest.c	2025-10-22 17:39:24.869230280 +0200
+@@ -6656,6 +6656,64 @@
+ 
+     return testresult;
+ }
++
++/*
++ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
++ * 0 = TLSv1.2
++ * 1 = TLSv1.3
++ */
++static int test_ticket_lifetime(int idx)
++{
++    SSL_CTX *cctx = NULL, *sctx = NULL;
++    SSL *clientssl = NULL, *serverssl = NULL;
++    int testresult = 0;
++    int version = TLS1_3_VERSION;
++
++#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
++#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
++
++    if (idx == 0) {
++        version = TLS1_2_VERSION;
++    }
++
++    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
++                                       TLS_client_method(), version, version,
++                                       &sctx, &cctx, cert, privkey)))
++        goto end;
++
++    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
++                                      &clientssl, NULL, NULL)))
++        goto end;
++
++    /*
++     * Set the timeout to be more than 1 week
++     * make sure the returned value is the default
++     */
++    if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
++                      SSL_get_default_timeout(serverssl)))
++        goto end;
++
++    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
++        goto end;
++
++    if (idx == 0) {
++        /* TLSv1.2 uses the set value */
++        if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
++            goto end;
++    } else {
++        /* TLSv1.3 uses the limited value */
++        if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
++            goto end;
++    }
++    testresult = 1;
++
++end:
++    SSL_free(serverssl);
++    SSL_free(clientssl);
++    SSL_CTX_free(sctx);
++    SSL_CTX_free(cctx);
++    return testresult;
++}
+ #endif
+ 
+ int setup_tests(void)

SPECS/openssl.spec

@@ -99,9 +99,11 @@ Patch107: openssl-1.1.1-cve-2023-5678.patch
 # Backport from OpenSSL 3.2/RHEL 9
 # Proper fix for CVE-2020-25659
 Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
-# Backport from OpenSSL 3.2
+# Backport from OpenSSL 3.0
 # Fix for CVE-2024-5535
 Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
+Patch110: openssl-1.1.1-cve-2025-9230.patch
+Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
 
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
@@ -236,6 +238,8 @@ cp %{SOURCE13} test/
 %patch107 -p1 -b .cve-2023-5678
 %patch108 -p1 -b .pkcs15imprejection
 %patch109 -p1 -b .cve-2024-5535
+%patch110 -p1 -b .cve-2025-9230
+%patch111 -p1 -b .ticket_lifetime_hint
 
 %build
 # Figure out which flags we want to use.
@@ -519,52 +523,61 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
-- Backport fix SSL_select_next proto from OpenSSL 3.2
+* Mon Dec 08 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14
+- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap
+  Fix CVE-2025-9230
+  Resolves: RHEL-128613
+- Fix bug for ticket_lifetime_hint exceed issue
+  Resolves: RHEL-119891
+
+* Mon Sep 16 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-13
+- Backport fix SSL_select_next proto from OpenSSL 3.2  
   Fix CVE-2024-5535 
   Resolves: RHEL-45654
 
 * Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
 - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
   (a proper fix for CVE-2020-25659)
-  Resolves: RHEL-17694
+  Resolves: RHEL-17696
 
 * Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
   excessively long X9.42 DH keys or parameters may be very slow
-  Resolves: RHEL-16536
+  Resolves: RHEL-16538
 
 * Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
 - Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
-  Resolves: RHEL-14243
+  Resolves: RHEL-14245
 - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
-  Resolves: RHEL-14237
+  Resolves: RHEL-14239
 
-* Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
+* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
 - Fixed Timing Oracle in RSA Decryption
   Resolves: CVE-2022-4304
 - Fixed Double free after calling PEM_read_bio_ex
   Resolves: CVE-2022-4450
 - Fixed Use-after-free following BIO_new_NDEF
   Resolves: CVE-2023-0215
-
-* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
 - Fixed X.400 address type confusion in X.509 GeneralName
   Resolves: CVE-2023-0286
 
+* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
+- Fix no-ec build
+  Resolves: rhbz#2071020
+
 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
   Resolves: CVE-2022-2097
 - Update expired certificates used in the testsuite
-  Resolves: rhbz#2100554
+  Resolves: rhbz#2092462
 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection
-  Resolves: rhbz#2090371
+  Resolves: rhbz#2090372
 - Fix CVE-2022-2068: the c_rehash script allows command injection
-  Resolves: rhbz#2098278
+  Resolves: rhbz#2098279
 
 * Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
 - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
-- Resolves: rhbz#2067145
+- Resolves: rhbz#2067146
 
 * Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
 - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings