libreswan/libreswan-4.12-CVE-2026-50721.patch
Daiki Ueno 459896cfac Backport fixes for CVE-2026-12413, CVE-2026-50721 and CVE-2026-50722
Resolves: RHEL-190146
Resolves: RHEL-190140
Resolves: RHEL-190132
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2026-07-09 11:35:34 +00:00

84 lines
2.6 KiB
Diff

From c3d8386105c66636d7a47c0a3912389ff2fa0f7d Mon Sep 17 00:00:00 2001
From: Andrew Cagney <cagney@gnu.org>
Date: Thu, 9 Jul 2026 14:46:10 +0900
Subject: [PATCH 1/3] crypto: in RSA_authenticate_hash_signature_raw_rsa() use
PK11_Verify()
---
lib/libswan/pubkey_rsa.c | 52 ++++++----------------------------------
1 file changed, 7 insertions(+), 45 deletions(-)
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index 38b44ab61d..d2f36cb3da 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -402,58 +402,20 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
*expected_hash);
}
- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
-
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- dbg("NSS RSA verify: decrypting signature is failed");
- *fatal_diag = NULL;
- return false;
- }
- if (DBGP(DBG_CRYPT)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
+ const SECItem signature_secitem =
+ same_shunk_as_secitem(signature, siBuffer);
+ const SECItem expected_hash_secitem =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- dbg("RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
+ dbg("NSS RSA verify: decrypting signature is failed");
*fatal_diag = NULL;
return false;
}
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.54.0