Fix regressions caused by rebase to OpenSSL 3.5

Related: RHEL-80854
2025-05-22 12:59:35 +02:00 · 2025-05-22 12:59:35 +02:00 · 751b9399fc
commit 751b9399fc
parent d791b13cf1
3 changed files with 121 additions and 1 deletions
--- a/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
+++ b/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
@ -0,0 +1,62 @@
+From 2b18a8b0c5b315083c49664101a103572d5592b6 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 20 May 2025 16:34:10 +0200
+Subject: [PATCH 58/59] apps/x509.c: Fix the -addreject option adding trust
+ instead of rejection
+
+Fixes CVE-2025-4575
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/27672)
+---
+ apps/x509.c                 |  2 +-
+ test/recipes/25-test_x509.t | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index fdae8f383a..0c340c15b3 100644
+--- a/apps/x509.c
+++ b/apps/x509.c
+@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
+                            prog, opt_arg());
+                 goto opthelp;
+             }
+-            if (!sk_ASN1_OBJECT_push(trust, objtmp))
+            if (!sk_ASN1_OBJECT_push(reject, objtmp))
+                 goto end;
+             trustout = 1;
+             break;
+diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
+index 09b61708ff..dfa0a428f5 100644
+--- a/test/recipes/25-test_x509.t
+++ b/test/recipes/25-test_x509.t
+@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+ 
+ setup("test_x509");
+ 
+-plan tests => 134;
+plan tests => 138;
+ 
+ # Prevent MSys2 filename munging for arguments that look like file paths but
+ # aren't
+@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
+ && run(app(["openssl", "verify", "-no_check_time",
+             "-trusted", $ca, "-partial_chain", $caout])));
+ 
+# test trust decoration
+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
+            "-out", "ca-trusted.pem"])));
+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
+              1, 'trusted use - E-mail Protection');
+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
+            "-out", "ca-rejected.pem"])));
+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
+              1, 'rejected use - E-mail Protection');
+
+ subtest 'x509 -- x.509 v1 certificate' => sub {
+     tconversion( -type => 'x509', -prefix => 'x509v1',
+                  -in => srctop_file("test", "testx509.pem") );
+-- 
+2.49.0
+
--- a/0059-Fixup-permit-SHA1-as-MGF1-digest.patch
+++ b/0059-Fixup-permit-SHA1-as-MGF1-digest.patch
@ -0,0 +1,50 @@
+From f23d51fb9c5cdc4ac271846ab322390bfd844760 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Thu, 22 May 2025 10:13:23 +0200
+Subject: [PATCH 59/59] Fixup - permit SHA1 as MGF1 digest
+
+---
+ providers/implementations/signature/rsa_sig.c | 3 +--
+ test/recipes/30-test_evp_data/evppkey_rsa.txt | 4 ++--
+ 2 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index ac3888a1b9..014b17fe49 100644
+--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
+@@ -476,9 +476,8 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
+                        "%s could not be fetched", mdname);
+         return 0;
+     }
+-    /* The default for mgf1 is SHA1 - so check if we allow SHA1 */
+    /* The default for mgf1 is SHA1 - so allow SHA1 */
+     if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0
+-        || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0
+         || !rsa_check_padding(ctx, NULL, mdname, mdnid)) {
+         if (mdnid <= 0)
+             ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+index 103556c750..6ae973eaac 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
+++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+@@ -279,7 +279,7 @@ Input="0123456789ABCDEF0123456789ABCDEF"
+ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+ Result = VERIFY_ERROR
+ 
+-# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify
+# Wrong MGF1 digest
+ Availablein = fips
+ Verify = RSA-2048
+ Ctrl = rsa_padding_mode:pss
+@@ -288,7 +288,7 @@ Ctrl = digest:sha256
+ Ctrl = rsa_mgf1_md:sha1
+ Input="0123456789ABCDEF0123456789ABCDEF"
+ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+-Result = PKEY_CTRL_ERROR
+Result = VERIFY_ERROR
+ 
+ # Verify using default parameters
+ Availablein = default
+-- 
+2.49.0
+
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.5.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@ -93,6 +93,8 @@ Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
 Patch0052: 0052-Fixup-forbid-SHA1.patch
 Patch0053: 0053-Backport-upstream-27483-for-PKCS11-needs.patch
 Patch0054: 0054-Red-Hat-9-FIPS-indicator-defines.patch
+Patch0058: 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch
+Patch0059: 0059-Fixup-permit-SHA1-as-MGF1-digest.patch

 #The patches that are different for RHEL9 and 10 start here
 Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@ -429,11 +431,17 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
 %ldconfig_scriptlets libs

 %changelog
+* Thu May 22 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-4
+- Fix regressions caused by rebase to OpenSSL 3.5
+  Related: RHEL-80854
+
 * Fri May 02 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-2
 - OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9
  Resolves: RHEL-88910
 - PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9
  Resolves: RHEL-88912
+
+* Wed May 14 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-3
 - Fix `openssl speed` running in FIPS mode
  Resolves: RHEL-89860
 - pkeyutl ecdsa signature with sha1 shouldn't work by default