Redefine sslarch for x86_64_v2 arch

2026-04-14 02:42:00 +00:00 · 2026-04-14 02:42:00 +00:00 · eef0d63fd4
commit eef0d63fd4
parent db7b8ffd45 5e13c4eed2
2 changed files with 192 additions and 2 deletions
--- a/0058-CVE-2026-31790.patch
+++ b/0058-CVE-2026-31790.patch
@ -0,0 +1,185 @@
+From 001e01db3e996e13ffc72386fe79d03a6683b5ac Mon Sep 17 00:00:00 2001
+From: Nikola Pajkovsky <nikolap@openssl.org>
+Date: Thu, 19 Mar 2026 12:16:08 +0100
+Subject: [PATCH 1/2] rsa_kem: validate RSA_public_encrypt() result in RSASVE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RSA_public_encrypt() returns the number of bytes written on success and
+-1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM
+encapsulation can incorrectly succeed when the underlying RSA public
+encrypt operation fails. In that case the code reports success, returns
+lengths as if encapsulation completed normally, and leaves the freshly
+generated secret available instead of discarding it.
+
+Tighten the success condition so RSASVE only succeeds when
+RSA_public_encrypt() returns a positive value equal to the modulus-sized
+output expected for RSA_NO_PADDING. Any other return value is treated as
+failure, and the generated secret is cleansed before returning.
+
+Fixes CVE-2026-31790
+Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Mon Apr  6 19:51:30 2026
+---
+ providers/implementations/kem/rsa_kem.c | 20 +++++++++++---------
+ 1 file changed, 11 insertions(+), 9 deletions(-)
+
+diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
+index f7bf368a0d..74dfafddd9 100644
+--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
+@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
+         return 0;
+ 
+     /* Step(3): out = RSAEP((n,e), z) */
+-    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
+-    if (ret) {
+-        ret = 1;
+-        if (outlen != NULL)
+-            *outlen = nlen;
+-        if (secretlen != NULL)
+-            *secretlen = nlen;
+-    } else {
+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
+        RSA_NO_PADDING);
+    if (ret <= 0 || ret != (int)nlen) {
+         OPENSSL_cleanse(secret, nlen);
+        return 0;
+     }
+-    return ret;
+
+    if (outlen != NULL)
+        *outlen = nlen;
+    if (secretlen != NULL)
+        *secretlen = nlen;
+
+    return 1;
+ }
+ 
+ /**
+-- 
+2.53.0
+
+
+From c61bbd3f873d28e098f503f0187459ed488977c9 Mon Sep 17 00:00:00 2001
+From: Nikola Pajkovsky <nikolap@openssl.org>
+Date: Mon, 23 Mar 2026 08:41:20 +0100
+Subject: [PATCH 2/2] rsa_kem: test RSA_public_encrypt() result in RSASVE
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+RSA_public_encrypt() returns the number of bytes written on success and
+-1 on failure.
+
+Add regression coverage in evp_extra_test using invalid RSA pubkey
+which triggers -1 in RSA_public_encrypt() using encapsulation.
+
+Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
+
+Reviewed-by: Saša Nedvědický <sashan@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Mon Apr  6 19:51:31 2026
+---
+ test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 67 insertions(+)
+
+diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
+index 5ea95c0dfa..573732bfec 100644
+--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
+@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void)
+ #endif
+ 
+ #ifndef OPENSSL_NO_DEPRECATED_3_0
+
+static EVP_PKEY *make_bad_rsa_pubkey(void)
+{
+    RSA *rsa = NULL;
+    BIGNUM *n = NULL, *e = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    /* Deliberately invalid public key: n = 17, e = 17 */
+    if (!TEST_ptr(pkey = EVP_PKEY_new())
+        || !TEST_ptr(rsa = RSA_new())
+        || !TEST_ptr(n = BN_new())
+        || !TEST_ptr(e = BN_new())
+        || !TEST_true(BN_set_word(n, 17))
+        || !TEST_true(BN_set_word(e, 17))
+        || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
+        || !EVP_PKEY_assign_RSA(pkey, rsa))
+        goto err;
+
+    return pkey;
+err:
+    BN_free(n);
+    BN_free(e);
+    RSA_free(rsa);
+    return NULL;
+}
+
+ #ifndef OPENSSL_NO_DH
+ static EVP_PKEY *load_example_dh_key(void)
+ {
+@@ -5898,6 +5924,46 @@ err:
+     return testresult;
+ }
+ 
+static int test_rsasve_kem_with_invalid_pub_key(void)
+{
+    RSA *rsa = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    unsigned char *ct = NULL;
+    unsigned char *secret = NULL;
+    size_t ctlen = 0, secretlen = 0;
+    int testresult = 0;
+
+    if (nullprov != NULL) {
+        testresult = TEST_skip("Test does not support a non-default library context");
+        goto err;
+    }
+
+    if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
+        goto err;
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
+        || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
+        || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
+        || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
+        || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
+        || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
+        goto err;
+
+    if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
+        goto err;
+
+    testresult = 1;
+
+err:
+    OPENSSL_free(secret);
+    OPENSSL_free(ct);
+    EVP_PKEY_CTX_free(ctx);
+    RSA_free(rsa);
+    EVP_PKEY_free(pkey);
+    return testresult;
+}
+
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+ /* Test we can create a signature keys with an associated ENGINE */
+ static int test_signatures_with_engine(int tst)
+@@ -6893,6 +6959,7 @@ int setup_tests(void)
+     ADD_TEST(test_evp_md_cipher_meth);
+     ADD_TEST(test_custom_md_meth);
+     ADD_TEST(test_custom_ciph_meth);
+    ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
+ 
+ #ifndef OPENSSL_NO_DYNAMIC_ENGINE
+     /* Tests only support the default libctx */
+-- 
+2.53.0
+
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.5.5
-Release: 1%{?dist}.alma.1
+Release: 2%{?dist}.alma.1
 Epoch: 1
 Source0: openssl-%{version}.tar.gz
 Source1: fips-hmacify.sh
@ -99,6 +99,7 @@ Patch0054: 0054-Temporarily-disable-SLH-DSA-FIPS-self-tests.patch
 Patch0055: 0055-Add-a-define-to-disable-symver-attributes.patch
 Patch0056: 0056-Add-targets-to-skip-build-of-non-installable-program.patch
 Patch0057: 0057-Disable-RSA-PKCS1.5-FIPS-POST-not-relevant-for-RHEL.patch
+Patch0058: 0058-CVE-2026-31790.patch

 License: Apache-2.0
 URL: http://www.openssl.org/
@ -462,9 +463,13 @@ touch $RPM_BUILD_ROOT/%{_prefix}/include/openssl/engine.h
 %ldconfig_scriptlets libs

 %changelog
-* Fri Jan 30 2026 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.5-1.alma.1
+* Tue Apr 14 2026 Eduard Abdullin <eabdullin@almalinux.org> - 1:3.5.5-2.alma.1
 - Redefine sslarch for x86_64_v2 arch

+* Thu Apr 09 2026 Pavol Žáčik <pzacik@redhat.com> - 1:3.5.5-2
+- Fix CVE-2026-31790
+  Resolves: RHEL-161574
+
 * Tue Jan 27 2026 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.5-1
 - Rebase to OpenSSL 3.5.5
  Resolves: RHEL-122599