From 751b9399fcac09ce08f1da80fb1f0c85d0627770 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Thu, 22 May 2025 12:59:35 +0200 Subject: [PATCH] Fix regressions caused by rebase to OpenSSL 3.5 Related: RHEL-80854 --- ...the-addreject-option-adding-trust-in.patch | 62 +++++++++++++++++++ 0059-Fixup-permit-SHA1-as-MGF1-digest.patch | 50 +++++++++++++++ openssl.spec | 10 ++- 3 files changed, 121 insertions(+), 1 deletion(-) create mode 100644 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch create mode 100644 0059-Fixup-permit-SHA1-as-MGF1-digest.patch diff --git a/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch b/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch new file mode 100644 index 0000000..6aee57c --- /dev/null +++ b/0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch @@ -0,0 +1,62 @@ +From 2b18a8b0c5b315083c49664101a103572d5592b6 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 20 May 2025 16:34:10 +0200 +Subject: [PATCH 58/59] apps/x509.c: Fix the -addreject option adding trust + instead of rejection + +Fixes CVE-2025-4575 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/27672) +--- + apps/x509.c | 2 +- + test/recipes/25-test_x509.t | 12 +++++++++++- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/apps/x509.c b/apps/x509.c +index fdae8f383a..0c340c15b3 100644 +--- a/apps/x509.c ++++ b/apps/x509.c +@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv) + prog, opt_arg()); + goto opthelp; + } +- if (!sk_ASN1_OBJECT_push(trust, objtmp)) ++ if (!sk_ASN1_OBJECT_push(reject, objtmp)) + goto end; + trustout = 1; + break; +diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t +index 09b61708ff..dfa0a428f5 100644 +--- a/test/recipes/25-test_x509.t ++++ b/test/recipes/25-test_x509.t +@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; + + setup("test_x509"); + +-plan tests => 134; ++plan tests => 138; + + # Prevent MSys2 filename munging for arguments that look like file paths but + # aren't +@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE", + && run(app(["openssl", "verify", "-no_check_time", + "-trusted", $ca, "-partial_chain", $caout]))); + ++# test trust decoration ++ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection", ++ "-out", "ca-trusted.pem"]))); ++cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection", ++ 1, 'trusted use - E-mail Protection'); ++ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection", ++ "-out", "ca-rejected.pem"]))); ++cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection", ++ 1, 'rejected use - E-mail Protection'); ++ + subtest 'x509 -- x.509 v1 certificate' => sub { + tconversion( -type => 'x509', -prefix => 'x509v1', + -in => srctop_file("test", "testx509.pem") ); +-- +2.49.0 + diff --git a/0059-Fixup-permit-SHA1-as-MGF1-digest.patch b/0059-Fixup-permit-SHA1-as-MGF1-digest.patch new file mode 100644 index 0000000..be1795f --- /dev/null +++ b/0059-Fixup-permit-SHA1-as-MGF1-digest.patch @@ -0,0 +1,50 @@ +From f23d51fb9c5cdc4ac271846ab322390bfd844760 Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Thu, 22 May 2025 10:13:23 +0200 +Subject: [PATCH 59/59] Fixup - permit SHA1 as MGF1 digest + +--- + providers/implementations/signature/rsa_sig.c | 3 +-- + test/recipes/30-test_evp_data/evppkey_rsa.txt | 4 ++-- + 2 files changed, 3 insertions(+), 4 deletions(-) + +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index ac3888a1b9..014b17fe49 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -476,9 +476,8 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } +- /* The default for mgf1 is SHA1 - so check if we allow SHA1 */ ++ /* The default for mgf1 is SHA1 - so allow SHA1 */ + if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0 +- || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0 + || !rsa_check_padding(ctx, NULL, mdname, mdnid)) { + if (mdnid <= 0) + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, +diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt +index 103556c750..6ae973eaac 100644 +--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt ++++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt +@@ -279,7 +279,7 @@ Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A + Result = VERIFY_ERROR + +-# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify ++# Wrong MGF1 digest + Availablein = fips + Verify = RSA-2048 + Ctrl = rsa_padding_mode:pss +@@ -288,7 +288,7 @@ Ctrl = digest:sha256 + Ctrl = rsa_mgf1_md:sha1 + Input="0123456789ABCDEF0123456789ABCDEF" + Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A +-Result = PKEY_CTRL_ERROR ++Result = VERIFY_ERROR + + # Verify using default parameters + Availablein = default +-- +2.49.0 + diff --git a/openssl.spec b/openssl.spec index dfb99b6..0f1c096 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.0 -Release: 2%{?dist} +Release: 3%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -93,6 +93,8 @@ Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch Patch0052: 0052-Fixup-forbid-SHA1.patch Patch0053: 0053-Backport-upstream-27483-for-PKCS11-needs.patch Patch0054: 0054-Red-Hat-9-FIPS-indicator-defines.patch +Patch0058: 0058-apps-x509.c-Fix-the-addreject-option-adding-trust-in.patch +Patch0059: 0059-Fixup-permit-SHA1-as-MGF1-digest.patch #The patches that are different for RHEL9 and 10 start here Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -429,11 +431,17 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco %ldconfig_scriptlets libs %changelog +* Thu May 22 2025 Dmitry Belyavskiy - 1:3.5.0-4 +- Fix regressions caused by rebase to OpenSSL 3.5 + Related: RHEL-80854 + * Fri May 02 2025 Dmitry Belyavskiy - 1:3.5.0-2 - OpenSSL ignores "rh-allow-sha1-signatures = yes" option on RHEL-9 Resolves: RHEL-88910 - PKCS#12 should not default to pbmac1 in FIPS mode in RHEL-9 Resolves: RHEL-88912 + +* Wed May 14 2025 Dmitry Belyavskiy - 1:3.5.0-3 - Fix `openssl speed` running in FIPS mode Resolves: RHEL-89860 - pkeyutl ecdsa signature with sha1 shouldn't work by default