diff --git a/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch b/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch index 8ea99e0..a98d34e 100644 --- a/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch +++ b/SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch @@ -1,11 +1,13 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c --- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg 2021-03-25 14:28:38.000000000 +0100 +++ openssl-1.1.1k/ssl/statem/extensions.c 2021-06-24 16:16:19.526181743 +0200 -@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori +@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori #ifndef OPENSSL_NO_SRP static int init_srp(SSL *s, unsigned int context); #endif ++#ifndef OPENSSL_NO_EC +static int init_ec_point_formats(SSL *s, unsigned int context); ++#endif static int init_etm(SSL *s, unsigned int context); static int init_ems(SSL *s, unsigned int context); static int final_ems(SSL *s, unsigned int context, int sent); @@ -18,10 +20,11 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats, final_ec_pt_formats }, -@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int +@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int } #endif ++#ifndef OPENSSL_NO_EC +static int init_ec_point_formats(SSL *s, unsigned int context) +{ + OPENSSL_free(s->ext.peer_ecpointformats); @@ -30,6 +33,7 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl + + return 1; +} ++#endif + static int init_etm(SSL *s, unsigned int context) { diff --git a/SOURCES/openssl-1.1.1-cve-2026-28390.patch b/SOURCES/openssl-1.1.1-cve-2026-28390.patch new file mode 100644 index 0000000..1938fa3 --- /dev/null +++ b/SOURCES/openssl-1.1.1-cve-2026-28390.patch @@ -0,0 +1,81 @@ +From 2ff16c29c115c131fbcf196ab66ca0ef822c7ab0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Pavol=20=C5=BD=C3=A1=C4=8Dik?= +Date: Wed, 13 May 2026 16:22:35 +0200 +Subject: [PATCH] Fix CVE-2026-28390 + +Ensure that if we are missing parameters in +RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo, +we don't segfault when decrypting. +--- + crypto/rsa/rsa_ameth.c | 30 ++++++++++++++++++++---------- + 1 file changed, 20 insertions(+), 10 deletions(-) + +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index fb04554..dfce3e2 100644 +--- a/crypto/rsa/rsa_ameth.c ++++ b/crypto/rsa/rsa_ameth.c +@@ -918,10 +918,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) + X509_ALGOR *cmsalg; + int nid; + int rv = -1; +- unsigned char *label = NULL; ++ const unsigned char *label = NULL; + int labellen = 0; + const EVP_MD *mgf1md = NULL, *md = NULL; + RSA_OAEP_PARAMS *oaep; ++ const ASN1_OBJECT *aoid; ++ const void *parameter = NULL; ++ int ptype = 0; + + pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); + if (pkctx == NULL) +@@ -951,21 +954,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) + goto err; + + if (oaep->pSourceFunc != NULL) { +- X509_ALGOR *plab = oaep->pSourceFunc; ++ X509_ALGOR_get0(&aoid, &ptype, ¶meter, oaep->pSourceFunc); + +- if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) { ++ if (OBJ_obj2nid(aoid) != NID_pSpecified) { + RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE); + goto err; + } +- if (plab->parameter->type != V_ASN1_OCTET_STRING) { ++ if (ptype != V_ASN1_OCTET_STRING) { + RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL); + goto err; + } + +- label = plab->parameter->value.octet_string->data; +- /* Stop label being freed when OAEP parameters are freed */ +- plab->parameter->value.octet_string->data = NULL; +- labellen = plab->parameter->value.octet_string->length; ++ label = ASN1_STRING_get0_data(parameter); ++ labellen = ASN1_STRING_length(parameter); + } + + if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0) +@@ -974,8 +975,17 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) + goto err; + if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) + goto err; +- if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) +- goto err; ++ if (label != NULL) { ++ unsigned char *dup_label = OPENSSL_memdup(label, labellen); ++ ++ if (dup_label == NULL) ++ goto err; ++ ++ if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) { ++ OPENSSL_free(dup_label); ++ goto err; ++ } ++ } + /* Carry on */ + rv = 1; + +-- +2.53.0 + diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec index d758705..dc68037 100644 --- a/SPECS/openssl.spec +++ b/SPECS/openssl.spec @@ -22,7 +22,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 1.1.1k -Release: 16%{?dist} +Release: 17%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -99,17 +99,18 @@ Patch107: openssl-1.1.1-cve-2023-5678.patch # Backport from OpenSSL 3.2/RHEL 9 # Proper fix for CVE-2020-25659 Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch -# Backport from OpenSSL 3.2 +# Backport from OpenSSL 3.0 # Fix for CVE-2024-5535 Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch -# Fix for CVE-2025-9230 Patch110: openssl-1.1.1-cve-2025-9230.patch Patch111: openssl-1.1.1-ticket_lifetime_hint.patch -# Fix for CVE-2025-69419 (next two) +# Fix for CVE-2025-69419 Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch Patch113: openssl-1.1.1-cve-2025-69419.patch Patch114: openssl-1.1.1-cve-2026-45447.patch Patch115: openssl-1.1.1-cve-2024-4741.patch +# Fix for CVE-2026-28390 +Patch116: openssl-1.1.1-cve-2026-28390.patch License: OpenSSL and ASL 2.0 URL: http://www.openssl.org/ @@ -188,68 +189,69 @@ from other formats to the formats used by the OpenSSL toolkit. cp %{SOURCE12} crypto/ec/ cp %{SOURCE13} test/ -%patch -P1 -p1 -b .build %{?_rawbuild} -%patch -P2 -p1 -b .defaults -%patch -P3 -p1 -b .no-html %{?_rawbuild} -%patch -P4 -p1 -b .man-rename +%patch1 -p1 -b .build %{?_rawbuild} +%patch2 -p1 -b .defaults +%patch3 -p1 -b .no-html %{?_rawbuild} +%patch4 -p1 -b .man-rename -%patch -P31 -p1 -b .conf-paths -%patch -P32 -p1 -b .version-add-engines -%patch -P33 -p1 -b .dgst -%patch -P36 -p1 -b .no-brainpool -%patch -P37 -p1 -b .curves -%patch -P38 -p1 -b .no-weak-verify -%patch -P40 -p1 -b .sslv3-abi -%patch -P41 -p1 -b .system-cipherlist -%patch -P42 -p1 -b .fips -%patch -P44 -p1 -b .version-override -%patch -P45 -p1 -b .weak-ciphers -%patch -P46 -p1 -b .seclevel -%patch -P47 -p1 -b .ts-sha256-default -%patch -P48 -p1 -b .fips-post-rand -%patch -P49 -p1 -b .evp-kdf -%patch -P50 -p1 -b .ssh-kdf -%patch -P51 -p1 -b .intel-cet -%patch -P52 -p1 -b .s390x-update -%patch -P53 -p1 -b .crng-test -%patch -P55 -p1 -b .arm-update -%patch -P56 -p1 -b .s390x-ecc -%patch -P60 -p1 -b .krb5-kdf -%patch -P61 -p1 -b .edk2-build -%patch -P62 -p1 -b .fips-curves -%patch -P65 -p1 -b .drbg-selftest -%patch -P66 -p1 -b .fips-dh -%patch -P67 -p1 -b .kdf-selftest -%patch -P69 -p1 -b .alpn-cb -%patch -P70 -p1 -b .rewire-fips-drbg -%patch -P74 -p1 -b .addrconfig -%patch -P75 -p1 -b .tls13-curves -%patch -P76 -p1 -b .cleanup-reneg -%patch -P77 -p1 -b .s390x-aes -%patch -P78 -p1 -b .addr-ipv6 -%patch -P79 -p1 -b .servername-cb -%patch -P80 -p1 -b .s390x-test-aes -%patch -P81 -p1 -b .read-buff -%patch -P82 -p1 -b .cve-2022-0778 -%patch -P83 -p1 -b .replace-expired-certs -%patch -P84 -p1 -b .cve-2022-1292 -%patch -P85 -p1 -b .cve-2022-2068 -%patch -P86 -p1 -b .cve-2022-2097 -%patch -P101 -p1 -b .cve-2022-4304 -%patch -P102 -p1 -b .cve-2022-4450 -%patch -P103 -p1 -b .cve-2023-0215 -%patch -P104 -p1 -b .cve-2023-0286 -%patch -P105 -p1 -b .cve-2023-3446 -%patch -P106 -p1 -b .cve-2023-3817 -%patch -P107 -p1 -b .cve-2023-5678 -%patch -P108 -p1 -b .pkcs15imprejection -%patch -P109 -p1 -b .cve-2024-5535 -%patch -P110 -p1 -b .cve-2025-9230 -%patch -P111 -p1 -b .ticket_lifetime_hint -%patch -P112 -p1 -b .cve-2025-69419-1 -%patch -P113 -p1 -b .cve-2025-69419-2 -%patch -P114 -p1 -b .cve-2026-45447 -%patch -P115 -p1 -b .cve-2024-4741 +%patch31 -p1 -b .conf-paths +%patch32 -p1 -b .version-add-engines +%patch33 -p1 -b .dgst +%patch36 -p1 -b .no-brainpool +%patch37 -p1 -b .curves +%patch38 -p1 -b .no-weak-verify +%patch40 -p1 -b .sslv3-abi +%patch41 -p1 -b .system-cipherlist +%patch42 -p1 -b .fips +%patch44 -p1 -b .version-override +%patch45 -p1 -b .weak-ciphers +%patch46 -p1 -b .seclevel +%patch47 -p1 -b .ts-sha256-default +%patch48 -p1 -b .fips-post-rand +%patch49 -p1 -b .evp-kdf +%patch50 -p1 -b .ssh-kdf +%patch51 -p1 -b .intel-cet +%patch52 -p1 -b .s390x-update +%patch53 -p1 -b .crng-test +%patch55 -p1 -b .arm-update +%patch56 -p1 -b .s390x-ecc +%patch60 -p1 -b .krb5-kdf +%patch61 -p1 -b .edk2-build +%patch62 -p1 -b .fips-curves +%patch65 -p1 -b .drbg-selftest +%patch66 -p1 -b .fips-dh +%patch67 -p1 -b .kdf-selftest +%patch69 -p1 -b .alpn-cb +%patch70 -p1 -b .rewire-fips-drbg +%patch74 -p1 -b .addrconfig +%patch75 -p1 -b .tls13-curves +%patch76 -p1 -b .cleanup-reneg +%patch77 -p1 -b .s390x-aes +%patch78 -p1 -b .addr-ipv6 +%patch79 -p1 -b .servername-cb +%patch80 -p1 -b .s390x-test-aes +%patch81 -p1 -b .read-buff +%patch82 -p1 -b .cve-2022-0778 +%patch83 -p1 -b .replace-expired-certs +%patch84 -p1 -b .cve-2022-1292 +%patch85 -p1 -b .cve-2022-2068 +%patch86 -p1 -b .cve-2022-2097 +%patch101 -p1 -b .cve-2022-4304 +%patch102 -p1 -b .cve-2022-4450 +%patch103 -p1 -b .cve-2023-0215 +%patch104 -p1 -b .cve-2023-0286 +%patch105 -p1 -b .cve-2023-3446 +%patch106 -p1 -b .cve-2023-3817 +%patch107 -p1 -b .cve-2023-5678 +%patch108 -p1 -b .pkcs15imprejection +%patch109 -p1 -b .cve-2024-5535 +%patch110 -p1 -b .cve-2025-9230 +%patch111 -p1 -b .ticket_lifetime_hint +%patch112 -p1 -b .cve-2025-69419-1 +%patch113 -p1 -b .cve-2025-69419-2 +%patch114 -p1 -b .cve-2026-45447 +%patch115 -p1 -b .cve-2024-4741 +%patch116 -p1 -b .cve-2026-28390 %build # Figure out which flags we want to use. @@ -533,69 +535,75 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Thu Jul 02 2026 Otmar Sabela - 1:1.1.1k-17 +- Fixes CVE-2026-28390: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing + Resolves: RHEL-165759 + * Mon Jun 01 2026 Dmitry Belyavskiy - 1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7_verify() - Resolves: RHEL-180978 + Resolves: RHEL-179623 - Fix CVE-2024-4741: Use After Free with SSL_free_buffers - Resolves: RHEL-180983 + Resolves: RHEL-39119 * Thu Feb 12 2026 Antonio Vieiro - 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing - ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients - Resolves: RHEL-149165 - Resolves: RHEL-142715 + Resolves: RHEL-142010 -* Mon Dec 22 2025 Nikita Sanjay Patwa - 1:1.1.1k-14.1 -- Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap +* Mon Dec 08 2025 Nikita Sanjay Patwa - 1:1.1.1k-14 +- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap Fix CVE-2025-9230 - Resolves: RHEL-128615 + Resolves: RHEL-128613 +- Fix bug for ticket_lifetime_hint exceed issue + Resolves: RHEL-119891 -* Tue Sep 17 2024 Maurizio Barbaro - 1:1.1.1k-14 -- Backport fix SSL_select_next proto from OpenSSL 3.2 +* Mon Sep 16 2024 Maurizio Barbaro - 1:1.1.1k-13 +- Backport fix SSL_select_next proto from OpenSSL 3.2 Fix CVE-2024-5535 Resolves: RHEL-45654 * Thu Nov 30 2023 Dmitry Belyavskiy - 1:1.1.1k-12 - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series (a proper fix for CVE-2020-25659) - Resolves: RHEL-17694 + Resolves: RHEL-17696 * Wed Nov 15 2023 Clemens Lang - 1:1.1.1k-11 - Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow - Resolves: RHEL-16536 + Resolves: RHEL-16538 * Thu Oct 19 2023 Clemens Lang - 1:1.1.1k-10 - Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters - Resolves: RHEL-14243 + Resolves: RHEL-14245 - Fix CVE-2023-3817: Excessive time spent checking DH q parameter value - Resolves: RHEL-14237 + Resolves: RHEL-14239 -* Thu May 04 2023 Dmitry Belyavskiy - 1:1.1.1k-9 +* Wed Feb 08 2023 Dmitry Belyavskiy - 1:1.1.1k-9 - Fixed Timing Oracle in RSA Decryption Resolves: CVE-2022-4304 - Fixed Double free after calling PEM_read_bio_ex Resolves: CVE-2022-4450 - Fixed Use-after-free following BIO_new_NDEF Resolves: CVE-2023-0215 - -* Wed Feb 08 2023 Dmitry Belyavskiy - 1:1.1.1k-8 - Fixed X.400 address type confusion in X.509 GeneralName Resolves: CVE-2023-0286 +* Thu Jul 21 2022 Dmitry Belyavskiy - 1:1.1.1k-8 +- Fix no-ec build + Resolves: rhbz#2071020 + * Tue Jul 05 2022 Clemens Lang - 1:1.1.1k-7 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86 Resolves: CVE-2022-2097 - Update expired certificates used in the testsuite - Resolves: rhbz#2100554 + Resolves: rhbz#2092462 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection - Resolves: rhbz#2090371 + Resolves: rhbz#2090372 - Fix CVE-2022-2068: the c_rehash script allows command injection - Resolves: rhbz#2098278 + Resolves: rhbz#2098279 * Wed Mar 23 2022 Clemens Lang - 1:1.1.1k-6 - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates -- Resolves: rhbz#2067145 +- Resolves: rhbz#2067146 * Tue Nov 16 2021 Sahana Prasad - 1:1.1.1k-5 - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings