Rebase to 3.5.7

Resolves: RHEL-179698
Resolves: RHEL-179694
Resolves: RHEL-179690
Resolves: RHEL-179686
Resolves: RHEL-179673
Resolves: RHEL-179659
Resolves: RHEL-179624
Resolves: RHEL-179554
Resolves: RHEL-179549
Resolves: RHEL-179546
Resolves: RHEL-179541
Resolves: RHEL-179538
Resolves: RHEL-179279
Resolves: RHEL-179271

.gitignore

@@ -65,3 +65,4 @@ openssl-1.0.0a-usa.tar.bz2
 /openssl-3.5.0.tar.gz
 /openssl-3.5.1.tar.gz
 /openssl-3.5.5.tar.gz
+/openssl-3.5.7.tar.gz

0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch

@@ -317,7 +317,7 @@ index 9874e6bad6..76b6befbad 100644
 +#endif
      ADD_TEST(test_default_cipherlist_explicit);
      ADD_TEST(test_default_cipherlist_clear);
-     ADD_TEST(test_stdname_cipherlist);
+ #ifndef OPENSSL_NO_TLS1_3
 -- 
 2.52.0
 

0058-CVE-2026-31790.patch

@@ -1,185 +0,0 @@
-From 001e01db3e996e13ffc72386fe79d03a6683b5ac Mon Sep 17 00:00:00 2001
-From: Nikola Pajkovsky <nikolap@openssl.org>
-Date: Thu, 19 Mar 2026 12:16:08 +0100
-Subject: [PATCH 1/2] rsa_kem: validate RSA_public_encrypt() result in RSASVE
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RSA_public_encrypt() returns the number of bytes written on success and
--1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM
-encapsulation can incorrectly succeed when the underlying RSA public
-encrypt operation fails. In that case the code reports success, returns
-lengths as if encapsulation completed normally, and leaves the freshly
-generated secret available instead of discarding it.
-
-Tighten the success condition so RSASVE only succeeds when
-RSA_public_encrypt() returns a positive value equal to the modulus-sized
-output expected for RSA_NO_PADDING. Any other return value is treated as
-failure, and the generated secret is cleansed before returning.
-
-Fixes CVE-2026-31790
-Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
-MergeDate: Mon Apr  6 19:51:30 2026
----
- providers/implementations/kem/rsa_kem.c | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index f7bf368a0d..74dfafddd9 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
-         return 0;
- 
-     /* Step(3): out = RSAEP((n,e), z) */
--    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
--    if (ret) {
--        ret = 1;
--        if (outlen != NULL)
--            *outlen = nlen;
--        if (secretlen != NULL)
--            *secretlen = nlen;
--    } else {
-+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
-+        RSA_NO_PADDING);
-+    if (ret <= 0 || ret != (int)nlen) {
-         OPENSSL_cleanse(secret, nlen);
-+        return 0;
-     }
--    return ret;
-+
-+    if (outlen != NULL)
-+        *outlen = nlen;
-+    if (secretlen != NULL)
-+        *secretlen = nlen;
-+
-+    return 1;
- }
- 
- /**
--- 
-2.53.0
-
-
-From c61bbd3f873d28e098f503f0187459ed488977c9 Mon Sep 17 00:00:00 2001
-From: Nikola Pajkovsky <nikolap@openssl.org>
-Date: Mon, 23 Mar 2026 08:41:20 +0100
-Subject: [PATCH 2/2] rsa_kem: test RSA_public_encrypt() result in RSASVE
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-RSA_public_encrypt() returns the number of bytes written on success and
--1 on failure.
-
-Add regression coverage in evp_extra_test using invalid RSA pubkey
-which triggers -1 in RSA_public_encrypt() using encapsulation.
-
-Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
-MergeDate: Mon Apr  6 19:51:31 2026
----
- test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 67 insertions(+)
-
-diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
-index 5ea95c0dfa..573732bfec 100644
---- a/test/evp_extra_test.c
-+++ b/test/evp_extra_test.c
-@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void)
- #endif
- 
- #ifndef OPENSSL_NO_DEPRECATED_3_0
-+
-+static EVP_PKEY *make_bad_rsa_pubkey(void)
-+{
-+    RSA *rsa = NULL;
-+    BIGNUM *n = NULL, *e = NULL;
-+    EVP_PKEY *pkey = NULL;
-+
-+    /* Deliberately invalid public key: n = 17, e = 17 */
-+    if (!TEST_ptr(pkey = EVP_PKEY_new())
-+        || !TEST_ptr(rsa = RSA_new())
-+        || !TEST_ptr(n = BN_new())
-+        || !TEST_ptr(e = BN_new())
-+        || !TEST_true(BN_set_word(n, 17))
-+        || !TEST_true(BN_set_word(e, 17))
-+        || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
-+        || !EVP_PKEY_assign_RSA(pkey, rsa))
-+        goto err;
-+
-+    return pkey;
-+err:
-+    BN_free(n);
-+    BN_free(e);
-+    RSA_free(rsa);
-+    return NULL;
-+}
-+
- #ifndef OPENSSL_NO_DH
- static EVP_PKEY *load_example_dh_key(void)
- {
-@@ -5898,6 +5924,46 @@ err:
-     return testresult;
- }
- 
-+static int test_rsasve_kem_with_invalid_pub_key(void)
-+{
-+    RSA *rsa = NULL;
-+    EVP_PKEY *pkey = NULL;
-+    EVP_PKEY_CTX *ctx = NULL;
-+    unsigned char *ct = NULL;
-+    unsigned char *secret = NULL;
-+    size_t ctlen = 0, secretlen = 0;
-+    int testresult = 0;
-+
-+    if (nullprov != NULL) {
-+        testresult = TEST_skip("Test does not support a non-default library context");
-+        goto err;
-+    }
-+
-+    if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
-+        goto err;
-+
-+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
-+        || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
-+        || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
-+        || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
-+        || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
-+        || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
-+        goto err;
-+
-+    if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
-+        goto err;
-+
-+    testresult = 1;
-+
-+err:
-+    OPENSSL_free(secret);
-+    OPENSSL_free(ct);
-+    EVP_PKEY_CTX_free(ctx);
-+    RSA_free(rsa);
-+    EVP_PKEY_free(pkey);
-+    return testresult;
-+}
-+
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- /* Test we can create a signature keys with an associated ENGINE */
- static int test_signatures_with_engine(int tst)
-@@ -6893,6 +6959,7 @@ int setup_tests(void)
-     ADD_TEST(test_evp_md_cipher_meth);
-     ADD_TEST(test_custom_md_meth);
-     ADD_TEST(test_custom_ciph_meth);
-+    ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
- 
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
-     /* Tests only support the default libctx */
--- 
-2.53.0
-

0059-CVE-2026-28390.patch

@@ -1,93 +0,0 @@
-From 2e39b7a6993be445fddb9fbce316fa756e0397b6 Mon Sep 17 00:00:00 2001
-From: Neil Horman <nhorman@openssl.org>
-Date: Wed, 1 Apr 2026 10:56:44 +0200
-Subject: [PATCH] Fix NULL deref in rsa_cms_decrypt
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Very simmilar to CVE-2026-28389, ensure that if we are missing
-parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo,
-we don't segfault when decrypting.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
-
-Fixes CVE-2026-28390
-
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
-MergeDate: Mon Apr  6 19:06:14 2026
----
- crypto/cms/cms_rsa.c | 31 +++++++++++++++++++------------
- 1 file changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
-index 6b65842cc1..34c739a982 100644
---- a/crypto/cms/cms_rsa.c
-+++ b/crypto/cms/cms_rsa.c
-@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-     X509_ALGOR *cmsalg;
-     int nid;
-     int rv = -1;
--    unsigned char *label = NULL;
-+    const unsigned char *label = NULL;
-     int labellen = 0;
-     const EVP_MD *mgf1md = NULL, *md = NULL;
-     RSA_OAEP_PARAMS *oaep;
-+    const ASN1_OBJECT *aoid;
-+    const void *parameter = NULL;
-+    int ptype = 0;
- 
-     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-     if (pkctx == NULL)
-@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-         goto err;
- 
-     if (oaep->pSourceFunc != NULL) {
--        X509_ALGOR *plab = oaep->pSourceFunc;
-+        X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
- 
--        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
-+        if (OBJ_obj2nid(aoid) != NID_pSpecified) {
-             ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
-             goto err;
-         }
--        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
-+        if (ptype != V_ASN1_OCTET_STRING) {
-             ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
-             goto err;
-         }
- 
--        label = plab->parameter->value.octet_string->data;
--        /* Stop label being freed when OAEP parameters are freed */
--        plab->parameter->value.octet_string->data = NULL;
--        labellen = plab->parameter->value.octet_string->length;
-+        label = ASN1_STRING_get0_data(parameter);
-+        labellen = ASN1_STRING_length(parameter);
-     }
- 
-     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
-@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-         goto err;
-     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
-         goto err;
--    if (label != NULL
--        && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
--        OPENSSL_free(label);
--        goto err;
-+    if (label != NULL) {
-+        unsigned char *dup_label = OPENSSL_memdup(label, labellen);
-+
-+        if (dup_label == NULL)
-+            goto err;
-+
-+        if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
-+            OPENSSL_free(dup_label);
-+            goto err;
-+        }
-     }
-     /* Carry on */
-     rv = 1;
--- 
-2.53.0
-

openssl.spec

@@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16))
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
-Version: 3.5.5
-Release: 3%{?dist}
+Version: 3.5.7
+Release: 1%{?dist}
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@@ -99,8 +99,6 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
 Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
 Patch0056: 0056-Add-targets-to-skip-build-of-non-installable-program.patch
 Patch0057: 0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch
-Patch0058: 0058-CVE-2026-31790.patch
-Patch0059: 0059-CVE-2026-28390.patch
 
 License: Apache-2.0
 URL: http://www.openssl.org/
@@ -461,6 +459,23 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri Jun 12 2026 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.7-1
+- Rebase to OpenSSL 3.5.7
+  Resolves: RHEL-179698
+  Resolves: RHEL-179694
+  Resolves: RHEL-179690
+  Resolves: RHEL-179686
+  Resolves: RHEL-179673
+  Resolves: RHEL-179659
+  Resolves: RHEL-179624
+  Resolves: RHEL-179554
+  Resolves: RHEL-179549
+  Resolves: RHEL-179546
+  Resolves: RHEL-179541
+  Resolves: RHEL-179538
+  Resolves: RHEL-179279
+  Resolves: RHEL-179271
+
 * Wed May 13 2026 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.5-3
 - Fix CVE-2026-28390
   Resolves: RHEL-165705

sources

@@ -1 +1 @@
-SHA512 (openssl-3.5.5.tar.gz) = 7cf0eb91bac175f7fe0adcafef457790d43fe7f98e2d4bef681c2fd5ca365e1fa5b562c645a60ab602365adedf9d91c074624eea66d3d7e155639fc50d5861ec
+SHA512 (openssl-3.5.7.tar.gz) = de5351d2d532e1a3908a738f7d8aae448d32bc60bdb24808c556a24bc37a3f53daedf12b5d432eeb8c235e16939d842f908332ede8a447ca103ad1c493c820d7