From c9750912e8fc9da4b5470667ba8accd54add3d89 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 12 Jan 2026 05:12:08 +0000 Subject: [PATCH] import UBI openssl-3.5.1-5.el10_1 --- ...-key-share-choice-in-tls1_set_groups.patch | 129 ++++++++++++++++++ openssl.spec | 7 +- 2 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch diff --git a/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch b/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch new file mode 100644 index 0000000..3cde076 --- /dev/null +++ b/0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch @@ -0,0 +1,129 @@ +From 65c2f454e83f78d5ffdfc0a515d35c00fb1060ad Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Fri, 21 Nov 2025 16:00:08 +0100 +Subject: [PATCH] Do not make key share choice in tls1_set_groups() + +tls1_set_groups(), which is used by SSL_CTX_set1_groups() does not check +whether the NIDs passed as argument actually have an implementation +available in any of the currently loaded providers. It is not simple to +add this check, either, because it would require access to the SSL_CTX, +which this function does not receive. There are legacy callers that do +not have an SSL_CTX pointer and are public API. + +This becomes a problem, when an application sets the first group to one +that is not supported by the current configuration, and can trigger +sending of an empty key share. + +Set the first entry of the key share list to 0 (and the key share list +length to 1) to signal to tls1_construct_ctos_key_share that it should +pick the first supported group and generate a key share for that. See +also tls1_get_requested_keyshare_groups, which documents this special +case. + +See: https://issues.redhat.com/browse/RHEL-128018 +Signed-off-by: Clemens Lang + +Reviewed-by: Norbert Pocs +Reviewed-by: Simo Sorce +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/29192) + +(cherry picked from commit 5375e940e22de80ad8c6e865a08db13762242eee) +--- + ssl/t1_lib.c | 8 ++++++- + test/sslapitest.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 60 insertions(+), 1 deletion(-) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 2f71f95438..3a4ebdeeea 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -1119,7 +1119,13 @@ int tls1_set_groups(uint16_t **grpext, size_t *grpextlen, + OPENSSL_free(*tplext); + *grpext = glist; + *grpextlen = ngroups; +- kslist[0] = glist[0]; ++ /* ++ * No * prefix was used, let tls_construct_ctos_key_share choose a key ++ * share. This has the advantage that it will filter unsupported groups ++ * before choosing one, which this function does not do. See also the ++ * comment for tls1_get_requested_keyshare_groups. ++ */ ++ kslist[0] = 0; + *ksext = kslist; + *ksextlen = 1; + tpllist[0] = ngroups; +diff --git a/test/sslapitest.c b/test/sslapitest.c +index b83dd6c552..ab1d08cf8b 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -13269,6 +13269,58 @@ static int test_no_renegotiation(int idx) + return testresult; + } + ++/* ++ * Test that SSL_CTX_set1_groups() when called with a list where the first ++ * entry is unsupported, will send a key_share that uses the next usable entry. ++ */ ++static int test_ssl_set_groups_unsupported_keyshare(void) ++{ ++#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) ++ int testresult = 0; ++ SSL_CTX *sctx = NULL, *cctx = NULL; ++ SSL *serverssl = NULL, *clientssl = NULL; ++ int client_groups[] = { ++ NID_brainpoolP256r1tls13, ++ NID_sect163k1, ++ NID_secp384r1, ++ NID_ffdhe2048, ++ }; ++ ++ if (!TEST_true(create_ssl_ctx_pair(libctx, ++ TLS_server_method(), ++ TLS_client_method(), ++ 0, 0, ++ &sctx, ++ &cctx, ++ cert, ++ privkey))) ++ goto end; ++ ++ if (!TEST_true(SSL_CTX_set1_groups(cctx, ++ client_groups, ++ OSSL_NELEM(client_groups)))) ++ goto end; ++ ++ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, ++ NULL))) ++ goto end; ++ ++ if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) ++ goto end; ++ ++ testresult = 1; ++ end: ++ SSL_free(serverssl); ++ SSL_free(clientssl); ++ SSL_CTX_free(sctx); ++ SSL_CTX_free(cctx); ++ ++ return testresult; ++#else /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ ++ return TEST_skip("No EC and DH support."); ++#endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */ ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") + + int setup_tests(void) +@@ -13598,6 +13650,7 @@ int setup_tests(void) + ADD_TEST(test_quic_tls_early_data); + #endif + ADD_ALL_TESTS(test_no_renegotiation, 2); ++ ADD_TEST(test_ssl_set_groups_unsupported_keyshare); + return 1; + + err: +-- +2.51.0 + diff --git a/openssl.spec b/openssl.spec index ef82803..b8082e7 100644 --- a/openssl.spec +++ b/openssl.spec @@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16)) Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.5.1 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 1 Source0: openssl-%{version}.tar.gz Source1: fips-hmacify.sh @@ -98,6 +98,7 @@ Patch0053: 0053-Allow-hybrid-MLKEM-in-FIPS-mode.patch Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch Patch0056: 0056-Fix-incorrect-check-of-unwrapped-key-size.patch +Patch0057: 0057-Do-not-make-key-share-choice-in-tls1_set_groups.patch License: Apache-2.0 URL: http://www.openssl.org/ @@ -454,6 +455,10 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h %ldconfig_scriptlets libs %changelog +* Thu Dec 11 2025 Pavol Žáčik - 1:3.5.1-5 +- Do not make key share choice in tls1_set_groups() + Resolves: RHEL-130992 + * Wed Oct 22 2025 Pavol Žáčik - 1:3.5.1-4 - Fix CVE-2025-9230 Resolves: RHEL-115885