diff --git a/.gitignore b/.gitignore index b0257cb..08814e0 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,4 @@ openssl-1.0.0a-usa.tar.bz2 /openssl-3.5.0.tar.gz /openssl-3.5.1.tar.gz /openssl-3.5.5.tar.gz +/openssl-3.5.7.tar.gz diff --git a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch index d53c49a..8d7cae7 100644 --- a/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch +++ b/0006-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch @@ -317,7 +317,7 @@ index 9874e6bad6..76b6befbad 100644 +#endif ADD_TEST(test_default_cipherlist_explicit); ADD_TEST(test_default_cipherlist_clear); - ADD_TEST(test_stdname_cipherlist); + #ifndef OPENSSL_NO_TLS1_3 -- 2.52.0 diff --git a/0058-CVE-2026-31790.patch b/0058-CVE-2026-31790.patch deleted file mode 100644 index 1b556a7..0000000 --- a/0058-CVE-2026-31790.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 001e01db3e996e13ffc72386fe79d03a6683b5ac Mon Sep 17 00:00:00 2001 -From: Nikola Pajkovsky -Date: Thu, 19 Mar 2026 12:16:08 +0100 -Subject: [PATCH 1/2] rsa_kem: validate RSA_public_encrypt() result in RSASVE -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RSA_public_encrypt() returns the number of bytes written on success and --1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM -encapsulation can incorrectly succeed when the underlying RSA public -encrypt operation fails. In that case the code reports success, returns -lengths as if encapsulation completed normally, and leaves the freshly -generated secret available instead of discarding it. - -Tighten the success condition so RSASVE only succeeds when -RSA_public_encrypt() returns a positive value equal to the modulus-sized -output expected for RSA_NO_PADDING. Any other return value is treated as -failure, and the generated secret is cleansed before returning. - -Fixes CVE-2026-31790 -Signed-off-by: Nikola Pajkovsky - -Reviewed-by: Saša Nedvědický -Reviewed-by: Tomas Mraz -MergeDate: Mon Apr 6 19:51:30 2026 ---- - providers/implementations/kem/rsa_kem.c | 20 +++++++++++--------- - 1 file changed, 11 insertions(+), 9 deletions(-) - -diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c -index f7bf368a0d..74dfafddd9 100644 ---- a/providers/implementations/kem/rsa_kem.c -+++ b/providers/implementations/kem/rsa_kem.c -@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, - return 0; - - /* Step(3): out = RSAEP((n,e), z) */ -- ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING); -- if (ret) { -- ret = 1; -- if (outlen != NULL) -- *outlen = nlen; -- if (secretlen != NULL) -- *secretlen = nlen; -- } else { -+ ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa, -+ RSA_NO_PADDING); -+ if (ret <= 0 || ret != (int)nlen) { - OPENSSL_cleanse(secret, nlen); -+ return 0; - } -- return ret; -+ -+ if (outlen != NULL) -+ *outlen = nlen; -+ if (secretlen != NULL) -+ *secretlen = nlen; -+ -+ return 1; - } - - /** --- -2.53.0 - - -From c61bbd3f873d28e098f503f0187459ed488977c9 Mon Sep 17 00:00:00 2001 -From: Nikola Pajkovsky -Date: Mon, 23 Mar 2026 08:41:20 +0100 -Subject: [PATCH 2/2] rsa_kem: test RSA_public_encrypt() result in RSASVE -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -RSA_public_encrypt() returns the number of bytes written on success and --1 on failure. - -Add regression coverage in evp_extra_test using invalid RSA pubkey -which triggers -1 in RSA_public_encrypt() using encapsulation. - -Signed-off-by: Nikola Pajkovsky - -Reviewed-by: Saša Nedvědický -Reviewed-by: Tomas Mraz -MergeDate: Mon Apr 6 19:51:31 2026 ---- - test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 67 insertions(+) - -diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c -index 5ea95c0dfa..573732bfec 100644 ---- a/test/evp_extra_test.c -+++ b/test/evp_extra_test.c -@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void) - #endif - - #ifndef OPENSSL_NO_DEPRECATED_3_0 -+ -+static EVP_PKEY *make_bad_rsa_pubkey(void) -+{ -+ RSA *rsa = NULL; -+ BIGNUM *n = NULL, *e = NULL; -+ EVP_PKEY *pkey = NULL; -+ -+ /* Deliberately invalid public key: n = 17, e = 17 */ -+ if (!TEST_ptr(pkey = EVP_PKEY_new()) -+ || !TEST_ptr(rsa = RSA_new()) -+ || !TEST_ptr(n = BN_new()) -+ || !TEST_ptr(e = BN_new()) -+ || !TEST_true(BN_set_word(n, 17)) -+ || !TEST_true(BN_set_word(e, 17)) -+ || !TEST_true(RSA_set0_key(rsa, n, e, NULL)) -+ || !EVP_PKEY_assign_RSA(pkey, rsa)) -+ goto err; -+ -+ return pkey; -+err: -+ BN_free(n); -+ BN_free(e); -+ RSA_free(rsa); -+ return NULL; -+} -+ - #ifndef OPENSSL_NO_DH - static EVP_PKEY *load_example_dh_key(void) - { -@@ -5898,6 +5924,46 @@ err: - return testresult; - } - -+static int test_rsasve_kem_with_invalid_pub_key(void) -+{ -+ RSA *rsa = NULL; -+ EVP_PKEY *pkey = NULL; -+ EVP_PKEY_CTX *ctx = NULL; -+ unsigned char *ct = NULL; -+ unsigned char *secret = NULL; -+ size_t ctlen = 0, secretlen = 0; -+ int testresult = 0; -+ -+ if (nullprov != NULL) { -+ testresult = TEST_skip("Test does not support a non-default library context"); -+ goto err; -+ } -+ -+ if (!TEST_ptr(pkey = make_bad_rsa_pubkey())) -+ goto err; -+ -+ if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL)) -+ || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1) -+ || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1) -+ || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1) -+ || !TEST_ptr(ct = OPENSSL_malloc(ctlen)) -+ || !TEST_ptr(secret = OPENSSL_malloc(secretlen))) -+ goto err; -+ -+ if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0)) -+ goto err; -+ -+ testresult = 1; -+ -+err: -+ OPENSSL_free(secret); -+ OPENSSL_free(ct); -+ EVP_PKEY_CTX_free(ctx); -+ RSA_free(rsa); -+ EVP_PKEY_free(pkey); -+ return testresult; -+} -+ - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - /* Test we can create a signature keys with an associated ENGINE */ - static int test_signatures_with_engine(int tst) -@@ -6893,6 +6959,7 @@ int setup_tests(void) - ADD_TEST(test_evp_md_cipher_meth); - ADD_TEST(test_custom_md_meth); - ADD_TEST(test_custom_ciph_meth); -+ ADD_TEST(test_rsasve_kem_with_invalid_pub_key); - - #ifndef OPENSSL_NO_DYNAMIC_ENGINE - /* Tests only support the default libctx */ --- -2.53.0 - diff --git a/0059-CVE-2026-28390.patch b/0059-CVE-2026-28390.patch deleted file mode 100644 index 5b85f8b..0000000 --- a/0059-CVE-2026-28390.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 2e39b7a6993be445fddb9fbce316fa756e0397b6 Mon Sep 17 00:00:00 2001 -From: Neil Horman -Date: Wed, 1 Apr 2026 10:56:44 +0200 -Subject: [PATCH] Fix NULL deref in rsa_cms_decrypt -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Very simmilar to CVE-2026-28389, ensure that if we are missing -parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo, -we don't segfault when decrypting. - -Co-authored-by: Tomas Mraz - -Fixes CVE-2026-28390 - -Reviewed-by: Saša Nedvědický -Reviewed-by: Nikola Pajkovsky -MergeDate: Mon Apr 6 19:06:14 2026 ---- - crypto/cms/cms_rsa.c | 31 +++++++++++++++++++------------ - 1 file changed, 19 insertions(+), 12 deletions(-) - -diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c -index 6b65842cc1..34c739a982 100644 ---- a/crypto/cms/cms_rsa.c -+++ b/crypto/cms/cms_rsa.c -@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - X509_ALGOR *cmsalg; - int nid; - int rv = -1; -- unsigned char *label = NULL; -+ const unsigned char *label = NULL; - int labellen = 0; - const EVP_MD *mgf1md = NULL, *md = NULL; - RSA_OAEP_PARAMS *oaep; -+ const ASN1_OBJECT *aoid; -+ const void *parameter = NULL; -+ int ptype = 0; - - pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); - if (pkctx == NULL) -@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - goto err; - - if (oaep->pSourceFunc != NULL) { -- X509_ALGOR *plab = oaep->pSourceFunc; -+ X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc); - -- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { -+ if (OBJ_obj2nid(aoid) != NID_pSpecified) { - ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE); - goto err; - } -- if (plab->parameter->type != V_ASN1_OCTET_STRING) { -+ if (ptype != V_ASN1_OCTET_STRING) { - ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL); - goto err; - } - -- label = plab->parameter->value.octet_string->data; -- /* Stop label being freed when OAEP parameters are freed */ -- plab->parameter->value.octet_string->data = NULL; -- labellen = plab->parameter->value.octet_string->length; -+ label = ASN1_STRING_get0_data(parameter); -+ labellen = ASN1_STRING_length(parameter); - } - - if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) -@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) - goto err; - if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) - goto err; -- if (label != NULL -- && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { -- OPENSSL_free(label); -- goto err; -+ if (label != NULL) { -+ unsigned char *dup_label = OPENSSL_memdup(label, labellen); -+ -+ if (dup_label == NULL) -+ goto err; -+ -+ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) { -+ OPENSSL_free(dup_label); -+ goto err; -+ } - } - /* Carry on */ - rv = 1; --- -2.53.0 - diff --git a/openssl.spec b/openssl.spec index cade5a8..8b76a18 100644 --- a/openssl.spec +++ b/openssl.spec @@ -28,8 +28,8 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl -Version: 3.5.5 -Release: 3%{?dist} +Version: 3.5.7 +Release: 1%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -99,8 +99,6 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch Patch0056: 0056-Add-targets-to-skip-build-of-non-installable-program.patch Patch0057: 0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch -Patch0058: 0058-CVE-2026-31790.patch -Patch0059: 0059-CVE-2026-28390.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -461,6 +459,23 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Fri Jun 12 2026 Pavol Žáčik - 1:3.5.7-1 +- Rebase to OpenSSL 3.5.7 + Resolves: RHEL-179698 + Resolves: RHEL-179694 + Resolves: RHEL-179690 + Resolves: RHEL-179686 + Resolves: RHEL-179673 + Resolves: RHEL-179659 + Resolves: RHEL-179624 + Resolves: RHEL-179554 + Resolves: RHEL-179549 + Resolves: RHEL-179546 + Resolves: RHEL-179541 + Resolves: RHEL-179538 + Resolves: RHEL-179279 + Resolves: RHEL-179271 + * Wed May 13 2026 Pavol Žáčik - 1:3.5.5-3 - Fix CVE-2026-28390 Resolves: RHEL-165705 diff --git a/sources b/sources index 8551fe3..1fa392a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openssl-3.5.5.tar.gz) = 7cf0eb91bac175f7fe0adcafef457790d43fe7f98e2d4bef681c2fd5ca365e1fa5b562c645a60ab602365adedf9d91c074624eea66d3d7e155639fc50d5861ec +SHA512 (openssl-3.5.7.tar.gz) = de5351d2d532e1a3908a738f7d8aae448d32bc60bdb24808c556a24bc37a3f53daedf12b5d432eeb8c235e16939d842f908332ede8a447ca103ad1c493c820d7