SOURCES/openssl-1.1.1-cleanup-peer-point-reneg.patch

@@ -1,11 +1,13 @@
 diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl/statem/extensions.c
 --- openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg	2021-03-25 14:28:38.000000000 +0100
 +++ openssl-1.1.1k/ssl/statem/extensions.c	2021-06-24 16:16:19.526181743 +0200
-@@ -42,6 +42,7 @@ static int tls_parse_certificate_authori
+@@ -42,6 +42,9 @@ static int tls_parse_certificate_authori
  #ifndef OPENSSL_NO_SRP
  static int init_srp(SSL *s, unsigned int context);
  #endif
++#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context);
++#endif
  static int init_etm(SSL *s, unsigned int context);
  static int init_ems(SSL *s, unsigned int context);
  static int final_ems(SSL *s, unsigned int context, int sent);
@@ -18,10 +20,11 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
          tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
          final_ec_pt_formats
      },
-@@ -1164,6 +1165,15 @@ static int init_srp(SSL *s, unsigned int
+@@ -1164,6 +1165,17 @@ static int init_srp(SSL *s, unsigned int
  }
  #endif
  
++#ifndef OPENSSL_NO_EC
 +static int init_ec_point_formats(SSL *s, unsigned int context)
 +{
 +	    OPENSSL_free(s->ext.peer_ecpointformats);
@@ -30,6 +33,7 @@ diff -up openssl-1.1.1k/ssl/statem/extensions.c.cleanup-reneg openssl-1.1.1k/ssl
 +
 +	    return 1;
 +}
++#endif
 +
  static int init_etm(SSL *s, unsigned int context)
  {

SOURCES/openssl-1.1.1-cve-2023-3446.patch

@@ -1,127 +0,0 @@
-From 8780a896543a654e757db1b9396383f9d8095528 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 6 Jul 2023 16:36:35 +0100
-Subject: [PATCH] Fix DH_check() excessive time with over sized modulus
-
-The DH_check() function checks numerous aspects of the key or parameters
-that have been supplied. Some of those checks use the supplied modulus
-value even if it is excessively large.
-
-There is already a maximum DH modulus size (10,000 bits) over which
-OpenSSL will not generate or derive keys. DH_check() will however still
-perform various tests for validity on such a large modulus. We introduce a
-new maximum (32,768) over which DH_check() will just fail.
-
-An application that calls DH_check() and supplies a key or parameters
-obtained from an untrusted source could be vulnerable to a Denial of
-Service attack.
-
-The function DH_check() is itself called by a number of other OpenSSL
-functions. An application calling any of those other functions may
-similarly be affected. The other functions affected by this are
-DH_check_ex() and EVP_PKEY_param_check().
-
-CVE-2023-3446
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21452)
-
-Upstream-Status: Backport [8780a896543a654e757db1b9396383f9d8095528]
----
- crypto/dh/dh_check.c    | 6 ++++++
- crypto/dh/dh_err.c      | 3 ++-
- crypto/err/openssl.txt  | 3 ++-
- include/openssl/dh.h    | 3 +++
- include/openssl/dherr.h | 3 ++-
- 5 files changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 4ac169e75c..e5f9dd5030 100644
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -101,6 +101,12 @@ int DH_check(const DH *dh, int *ret)
-     BN_CTX *ctx = NULL;
-     BIGNUM *t1 = NULL, *t2 = NULL;
- 
-+    /* Don't do any checks at all with an excessively large modulus */
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     if (!DH_check_params(dh, ret))
-         return 0;
- 
-diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
-index 7285587b4a..92800d3fcc 100644
---- a/crypto/dh/dh_err.c
-+++ b/crypto/dh/dh_err.c
-@@ -1,6 +1,6 @@
- /*
-  * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
-  *
-  * Licensed under the OpenSSL license (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-@@ -18,6 +18,7 @@ static const ERR_STRING_DATA DH_str_functs[] = {
-     {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
-      "dh_builtin_genparams"},
-+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK, 0), "DH_check"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
-     {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
-diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
-index 9f91a4a811..c0a3cd720b 100644
---- a/crypto/err/openssl.txt
-+++ b/crypto/err/openssl.txt
-@@ -402,6 +402,7 @@ CT_F_SCT_SET_VERSION:104:SCT_set_version
- DH_F_COMPUTE_KEY:102:compute_key
- DH_F_DHPARAMS_PRINT_FP:101:DHparams_print_fp
- DH_F_DH_BUILTIN_GENPARAMS:106:dh_builtin_genparams
-+DH_F_DH_CHECK:126:DH_check
- DH_F_DH_CHECK_EX:121:DH_check_ex
- DH_F_DH_CHECK_PARAMS_EX:122:DH_check_params_ex
- DH_F_DH_CHECK_PUB_KEY_EX:123:DH_check_pub_key_ex
-diff --git a/include/openssl/dh.h b/include/openssl/dh.h
-index 3527540cdd..892e31559d 100644
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -29,6 +29,9 @@ extern "C" {
- # ifndef OPENSSL_DH_MAX_MODULUS_BITS
- #  define OPENSSL_DH_MAX_MODULUS_BITS    10000
- # endif
-+# ifndef OPENSSL_DH_CHECK_MAX_MODULUS_BITS
-+#  define OPENSSL_DH_CHECK_MAX_MODULUS_BITS  32768
-+# endif
- 
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
- # define OPENSSL_DH_FIPS_MIN_MODULUS_BITS_GEN 2048
- 
-diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
-index 916b3bed0b..528c819856 100644
---- a/include/openssl/dherr.h
-+++ b/include/openssl/dherr.h
-@@ -1,6 +1,6 @@
- /*
-  * Generated by util/mkerr.pl DO NOT EDIT
-- * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
-  *
-  * Licensed under the OpenSSL license (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-@@ -30,6 +30,7 @@ int ERR_load_DH_strings(void);
- #  define DH_F_COMPUTE_KEY                                 102
- #  define DH_F_DHPARAMS_PRINT_FP                           101
- #  define DH_F_DH_BUILTIN_GENPARAMS                        106
-+#  define DH_F_DH_CHECK                                    126
- #  define DH_F_DH_CHECK_EX                                 121
- #  define DH_F_DH_CHECK_PARAMS_EX                          122
- #  define DH_F_DH_CHECK_PUB_KEY_EX                         123
--- 
-2.41.0
-

SOURCES/openssl-1.1.1-cve-2023-3817.patch

@@ -1,60 +0,0 @@
-From 91ddeba0f2269b017dc06c46c993a788974b1aa5 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Fri, 21 Jul 2023 11:39:41 +0200
-Subject: [PATCH] DH_check(): Do not try checking q properties if it is
- obviously invalid
-
-If  |q| >= |p| then the q value is obviously wrong as q
-is supposed to be a prime divisor of p-1.
-
-We check if p is overly large so this added test implies that
-q is not large either when performing subsequent tests using that
-q value.
-
-Otherwise if it is too large these additional checks of the q value
-such as the primality test can then trigger DoS by doing overly long
-computations.
-
-Fixes CVE-2023-3817
-
-Reviewed-by: Paul Dale <pauli@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/21551)
-
-Upstream-Status: Backport [91ddeba0f2269b017dc06c46c993a788974b1aa5]
----
- crypto/dh/dh_check.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 2001d2e7cb..9ae96991eb 100644
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -105,7 +105,7 @@ int DH_check_ex(const DH *dh)
- /* Note: according to documentation - this only checks the params */
- int DH_check(const DH *dh, int *ret)
- {
--    int ok = 0, r;
-+    int ok = 0, r, q_good = 0;
-     BN_CTX *ctx = NULL;
-     BIGNUM *t1 = NULL, *t2 = NULL;
- 
-@@ -130,7 +130,14 @@ int DH_check(const DH *dh, int *ret)
-     if (t2 == NULL)
-         goto err;
- 
--    if (dh->q) {
-+    if (dh->q != NULL) {
-+        if (BN_ucmp(dh->p, dh->q) > 0)
-+            q_good = 1;
-+        else
-+            *ret |= DH_CHECK_INVALID_Q_VALUE;
-+    }
-+
-+    if (q_good) {
-         if (BN_cmp(dh->g, BN_value_one()) <= 0)
-             *ret |= DH_NOT_SUITABLE_GENERATOR;
-         else if (BN_cmp(dh->g, dh->p) >= 0)
--- 
-2.41.0
-

SOURCES/openssl-1.1.1-cve-2023-5678.patch

@@ -1,154 +0,0 @@
-From 0814467cc1b6a2839877277d3efa69cdd4582dd7 Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Fri, 20 Oct 2023 09:18:19 +0200
-Subject: [PATCH] Make DH_check_pub_key() and DH_generate_key() safer yet
-
-We already check for an excessively large P in DH_generate_key(), but not in
-DH_check_pub_key(), and none of them check for an excessively large Q.
-
-This change adds all the missing excessive size checks of P and Q.
-
-It's to be noted that behaviours surrounding excessively sized P and Q
-differ.  DH_check() raises an error on the excessively sized P, but only
-sets a flag for the excessively sized Q.  This behaviour is mimicked in
-DH_check_pub_key().
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Hugo Landau <hlandau@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/22518)
-
-(cherry picked from commit ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6)
-Backported-by: Clemens Lang <cllang@redhat.com>
----
- crypto/dh/dh_check.c    | 17 +++++++++++++++++
- crypto/dh/dh_err.c      |  1 +
- crypto/dh/dh_key.c      | 10 ++++++++++
- crypto/err/openssl.txt  |  1 +
- include/openssl/dh.h    |  6 ++++--
- include/openssl/dherr.h |  1 +
- 6 files changed, 34 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index ae1b03bc92..424a3bb4cd 100644
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -198,10 +198,27 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
-     BN_CTX *ctx = NULL;
- 
-     *ret = 0;
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;
-     BN_CTX_start(ctx);
-+
-+    /* Don't do any checks at all with an excessively large modulus */
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_DH_CHECK, DH_R_MODULUS_TOO_LARGE);
-+        *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID;
-+        goto err;
-+    }
-+    if (dh->q != NULL && BN_ucmp(dh->p, dh->q) < 0) {
-+        *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID;
-+        /* This may look strange here, but returning 1 after setting ret is
-+         * correct. See also the behavior of the pub_key^q == 1 mod p check
-+         * further down, which behaves in the same way. */
-+        ok = 1;
-+        goto err;
-+    }
-+
-     tmp = BN_CTX_get(ctx);
-     if (tmp == NULL || !BN_set_word(tmp, 1))
-         goto err;
-diff --git a/crypto/dh/dh_err.c b/crypto/dh/dh_err.c
-index 92800d3fcc..b3b1e7a706 100644
---- a/crypto/dh/dh_err.c
-+++ b/crypto/dh/dh_err.c
-@@ -87,6 +87,7 @@ static const ERR_STRING_DATA DH_str_reasons[] = {
-     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
-     "parameter encoding error"},
-     {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
-+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"},
-     {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
-     {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
-     "unable to check generator"},
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 117f2fa883..9f5e6f6d4c 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -140,6 +140,11 @@ static int generate_key(DH *dh)
-         return 0;
-     }
- 
-+    if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_Q_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;
-@@ -250,6 +255,12 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-         DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
-         goto err;
-     }
-+
-+    if (dh->q != NULL && BN_num_bits(dh->q) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_COMPUTE_KEY, DH_R_Q_TOO_LARGE);
-+        goto err;
-+    }
-+
- #ifdef OPENSSL_FIPS
-     if (FIPS_mode()
-         && (BN_num_bits(dh->p) < OPENSSL_DH_FIPS_MIN_MODULUS_BITS)) {
-diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
-index c0a3cd720b..5e0ff47516 100644
---- a/crypto/err/openssl.txt
-+++ b/crypto/err/openssl.txt
-@@ -2151,6 +2151,7 @@DH_R_NO_PARAMETERS_SET:107:no parameters set
- DH_R_NO_PRIVATE_VALUE:100:no private value
- DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error
- DH_R_PEER_KEY_ERROR:111:peer key error
-+DH_R_Q_TOO_LARGE:130:q too large
- DH_R_SHARED_INFO_ERROR:113:shared info error
- DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator
- DSA_R_BAD_Q_VALUE:102:bad q value
-diff --git a/include/openssl/dh.h b/include/openssl/dh.h
-index 6c6ff3636a..b7df43b44f 100644
---- a/include/openssl/dh.h
-+++ b/include/openssl/dh.h
-@@ -72,14 +72,16 @@ DECLARE_ASN1_ITEM(DHparams)
- /* #define DH_GENERATOR_3       3 */
- # define DH_GENERATOR_5          5
- 
--/* DH_check error codes */
-+/* DH_check error codes, some of them shared with DH_check_pub_key */
- # define DH_CHECK_P_NOT_PRIME            0x01
- # define DH_CHECK_P_NOT_SAFE_PRIME       0x02
- # define DH_UNABLE_TO_CHECK_GENERATOR    0x04
- # define DH_NOT_SUITABLE_GENERATOR       0x08
- # define DH_CHECK_Q_NOT_PRIME            0x10
--# define DH_CHECK_INVALID_Q_VALUE        0x20
-+# define DH_CHECK_INVALID_Q_VALUE        0x20 /* +DH_check_pub_key */
- # define DH_CHECK_INVALID_J_VALUE        0x40
-+/* DH_MODULUS_TOO_SMALL is 0x80 upstream */
-+# define DH_MODULUS_TOO_LARGE            0x100 /* +DH_check_pub_key */
- 
- /* DH_check_pub_key error codes */
- # define DH_CHECK_PUBKEY_TOO_SMALL       0x01
-diff --git a/include/openssl/dherr.h b/include/openssl/dherr.h
-index 528c819856..d66c35aa8e 100644
---- a/include/openssl/dherr.h
-+++ b/include/openssl/dherr.h
-@@ -87,6 +87,7 @@ int ERR_load_DH_strings(void);
- #  define DH_R_NON_FIPS_METHOD                             202
- #  define DH_R_PARAMETER_ENCODING_ERROR                    105
- #  define DH_R_PEER_KEY_ERROR                              111
-+#  define DH_R_Q_TOO_LARGE                                 130
- #  define DH_R_SHARED_INFO_ERROR                           113
- #  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
- 
--- 
-2.41.0
-

SOURCES/openssl-1.1.1-cve-2025-69419.patch

@@ -1,80 +0,0 @@
-diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
-index 17f7372026c3b..01e2269444cba 100644
---- a/crypto/asn1/a_strex.c
-+++ b/crypto/asn1/a_strex.c
-@@ -198,8 +198,10 @@ static int do_buf(unsigned char *buf, int buflen,
-             orflags = CHARTYPE_LAST_ESC_2253;
-         if (type & BUF_TYPE_CONVUTF8) {
-             unsigned char utfbuf[6];
--            int utflen;
--            utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
-+            int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
-+
-+            if (utflen < 0)
-+                return -1; /* error happened with UTF8 */
-             for (i = 0; i < utflen; i++) {
-                 /*
-                  * We don't need to worry about setting orflags correctly
-
-diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
-index 50adce6b26fd2..8b5f2909e8d96 100644
---- a/crypto/pkcs12/p12_utl.c
-+++ b/crypto/pkcs12/p12_utl.c
-@@ -213,6 +213,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
-     /* re-run the loop emitting UTF-8 string */
-     for (asclen = 0, i = 0; i < unilen; ) {
-         j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
-+        /* when UTF8_putc fails */
-+        if (j < 0) {
-+            OPENSSL_free(asctmp);
-+            return NULL;
-+        }
-         if (j == 4) i += 4;
-         else        i += 2;
-         asclen += j;
-
-From 06f1b7338403a56a645de93b95fc68f3ab165fd5 Mon Sep 17 00:00:00 2001
-From: Maurizio Barbaro <mbarbaro@redhat.com>
-Date: Tue, 10 Feb 2026 10:39:46 +0100
-Subject: [PATCH 1/1] asn1_internal_test
-
-Signed-off-by: Maurizio Barbaro <mbarbaro@redhat.com>
----
- test/asn1_internal_test.c | 17 +++++++++++++++++
- 1 file changed, 17 insertions(+)
-
-diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
-index ccfb75a..92ed921 100644
---- a/test/asn1_internal_test.c
-+++ b/test/asn1_internal_test.c
-@@ -147,10 +147,27 @@ static int test_unicode_range(void)
-     return ok;
- }
- 
-+static int test_mbstring_ncopy(void)
-+{
-+    ASN1_STRING *str = NULL;
-+    const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE };
-+    int inlen = 4;
-+    int inform = MBSTRING_UNIV;
-+
-+    if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1)
-+        || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1)
-+        || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1)
-+        || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1))
-+        return 0;
-+
-+    return 1;
-+}
-+
- int setup_tests(void)
- {
-     ADD_TEST(test_tbl_standard);
-     ADD_TEST(test_standard_methods);
-     ADD_TEST(test_unicode_range);
-+    ADD_TEST(test_mbstring_ncopy);
-     return 1;
- }
--- 
-2.52.0
-

SOURCES/openssl-1.1.1-cve-2025-9230.patch

@@ -1,31 +0,0 @@
-From 5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Thu, 11 Sep 2025 18:10:12 +0200
-Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
-
-Fixes CVE-2025-9230
-
-The check is off by 8 bytes so it is possible to overread by
-up to 8 bytes and overwrite up to 4 bytes.
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
----
- crypto/cms/cms_pwri.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
-index a7d609f83791a..ee1b8aa6ed61d 100644
---- a/crypto/cms/cms_pwri.c
-+++ b/crypto/cms/cms_pwri.c
-@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-         /* Check byte failure */
-         goto err;
-     }
--    if (inlen < (size_t)(tmp[0] - 4)) {
-+    if (inlen < 4 + (size_t)tmp[0]) {
-         /* Invalid length value */
-         goto err;
-     }

SOURCES/openssl-1.1.1-fix-ssl-select-next-proto.patch

@@ -1,255 +0,0 @@
-From d1d4b56fe0c9a4200276d630f62108e1165e0990 Mon Sep 17 00:00:00 2001
-From: Maurizio Barbaro <mbarbaro@redhat.com>
-Date: Mon, 16 Sep 2024 10:53:53 +0200
-Subject: [PATCH] Backport openssl: SSL_select_next_proto buffer overread from 3.2
-
-Ensure that the provided client list is non-NULL and starts with a valid
-entry. When called from the ALPN callback the client list should already
-have been validated by OpenSSL so this should not cause a problem. When
-called from the NPN callback the client list is locally configured and
-will not have already been validated. Therefore SSL_select_next_proto
-should not assume that it is correctly formatted.
-
-We implement stricter checking of the client protocol list. We also do the
-same for the server list while we are about it.
-
-CVE-2024-5535
-
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 31 May 2024 11:14:33 +0100
-Merged from: https://github.com/openssl/openssl/pull/24717.
-
-Backported-by: Maurizio Barbaro <mbarbaro@redhat.com> 
-we did't ported test changes because rely on internal testing framework.
-
----
- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +++++++----
- ssl/ssl_lib.c                           | 64 +++++++++++++++----------
- ssl/statem/extensions_clnt.c            | 30 +++++++++++-
- ssl/statem/extensions_srvr.c            |  3 +-
- 4 files changed, 89 insertions(+), 36 deletions(-)
-
-diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-index e90caec..a3f8dfd 100644
---- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-@@ -43,7 +43,7 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
-                            const unsigned char *server,
-                            unsigned int server_len,
-                            const unsigned char *client,
--                           unsigned int client_len)
-+                           unsigned int client_len);
-  void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                              unsigned *len);
- 
-@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
- SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
- set the list of protocols available to be negotiated. The B<protos> must be in
- protocol-list format, described below. The length of B<protos> is specified in
--B<protos_len>.
-+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
-+protocols and no ALPN extension will be sent to the server.
- 
- SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
- server to select which protocol to use for the incoming connection. When B<cb>
-@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
- described below. The first item in the B<server>, B<server_len> list that
- matches an item in the B<client>, B<client_len> list is selected, and returned
- in B<out>, B<outlen>. The B<out> value will point into either B<server> or
--B<client>, so it should be copied immediately. If no match is found, the first
--item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
--function can also be used in the NPN callback.
-+B<client>, so it should be copied immediately. The client list must include at
-+least one valid (nonempty) protocol entry in the list.
-+
-+The SSL_select_next_proto() helper function can be useful from either the ALPN
-+callback or the NPN callback (described below). If no match is found, the first
-+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
-+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
-+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
-+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
-+SSL_select_next_proto().
- 
- SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
- client needs to select a protocol from the server's provided list, and a
-@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
- The length of the protocol name must be written into B<outlen>. The
- server's advertised protocols are provided in B<in> and B<inlen>. The
- callback can assume that B<in> is syntactically valid. The client must
--select a protocol. It is fatal to the connection if this callback returns
--a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
--set via SSL_CTX_set_next_proto_select_cb().
-+select a protocol (although it may be an empty, zero length protocol). It is
-+fatal to the connection if this callback returns a value other than
-+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
-+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
- 
- SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
- when a TLS server needs a list of supported protocols for Next Protocol
-@@ -149,7 +158,8 @@ A match was found and is returned in B<out>, B<outlen>.
- =item OPENSSL_NPN_NO_OVERLAP
- 
- No match was found. The first item in B<client>, B<client_len> is returned in
--B<out>, B<outlen>.
-+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
-+B<client> is invalid).
- 
- =back
- 
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index c71c686..21e6c45 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2739,38 +2739,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                           unsigned int server_len,
-                           const unsigned char *client, unsigned int client_len)
- {
--    unsigned int i, j;
--    const unsigned char *result;
--    int status = OPENSSL_NPN_UNSUPPORTED;
-+    PACKET cpkt, csubpkt, spkt, ssubpkt;
-+    if (!PACKET_buf_init(&cpkt, client, client_len)
-+            || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
-+            || PACKET_remaining(&csubpkt) == 0) {
-+        *out = NULL;
-+        *outlen = 0;
-+        return OPENSSL_NPN_NO_OVERLAP;
-+    }
-+
-+    /*
-+     * Set the default opportunistic protocol. Will be overwritten if we find
-+     * a match.
-+     */
-+    *out = (unsigned char *)PACKET_data(&csubpkt);
-+    *outlen = (unsigned char)PACKET_remaining(&csubpkt);
- 
-     /*
-      * For each protocol in server preference order, see if we support it.
-      */
--    for (i = 0; i < server_len;) {
--        for (j = 0; j < client_len;) {
--            if (server[i] == client[j] &&
--                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
--                /* We found a match */
--                result = &server[i];
--                status = OPENSSL_NPN_NEGOTIATED;
--                goto found;
-+    if (PACKET_buf_init(&spkt, server, server_len)) {
-+       while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
-+            if (PACKET_remaining(&ssubpkt) == 0)
-+                continue; /* Invalid - ignore it */
-+            if (PACKET_buf_init(&cpkt, client, client_len)) {
-+                while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
-+                    if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
-+                                     PACKET_remaining(&ssubpkt))) {
-+                        /* We found a match */
-+                        *out = (unsigned char *)PACKET_data(&ssubpkt);
-+                        *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
-+                        return OPENSSL_NPN_NEGOTIATED;
-+                    }
-+                }
-+                /* Ignore spurious trailing bytes in the client list */
-+            } else {
-+                /* This should never happen */
-+                return OPENSSL_NPN_NO_OVERLAP;
-             }
--            j += client[j];
--            j++;
-         }
--        i += server[i];
--        i++;
-+        /* Ignore spurious trailing bytes in the server list */
-     }
- 
--    /* There's no overlap between our protocols and the server's list. */
--    result = client;
--    status = OPENSSL_NPN_NO_OVERLAP;
--
-- found:
--    *out = (unsigned char *)result + 1;
--    *outlen = result[0];
--    return status;
--}
-+    /*
-+     * There's no overlap between our protocols and the server's list. We use
-+     * the default opportunistic protocol selected earlier
-+     */
-+    return OPENSSL_NPN_NO_OVERLAP;
-+ } 
- 
- #ifndef OPENSSL_NO_NEXTPROTONEG
- /*
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index ce8a757..cfde733 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -1585,8 +1585,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-     if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
-                                   PACKET_data(pkt),
-                                   PACKET_remaining(pkt),
--                                  s->ctx->ext.npn_select_cb_arg) !=
--             SSL_TLSEXT_ERR_OK) {
-+                                  s->ctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
-+           || selected_len == 0) {           
-         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
-                  SSL_R_BAD_EXTENSION);
-         return 0;
-@@ -1617,6 +1617,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-                         size_t chainidx)
- {
-     size_t len;
-+    PACKET confpkt, protpkt;
-+    int valid = 0;
- 
-     /* We must have requested it. */
-     if (!s->s3->alpn_sent) {
-@@ -1637,6 +1639,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-                  SSL_R_BAD_EXTENSION);
-         return 0;
-     }
-+
-+    /* It must be a protocol that we sent */
-+    if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
-+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, 
-+                 ERR_R_INTERNAL_ERROR);
-+        return 0;
-+    }
-+    while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
-+        if (PACKET_remaining(&protpkt) != len)
-+            continue;
-+        if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
-+            /* Valid protocol found */
-+            valid = 1;
-+            break;
-+        }
-+    }
-+
-+    if (!valid) {
-+        /* The protocol sent from the server does not match one we advertised */
-+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
-+                 SSL_R_BAD_EXTENSION);
-+        return 0;
-+    }
-+
-     OPENSSL_free(s->s3->alpn_selected);
-     s->s3->alpn_selected = OPENSSL_malloc(len);
-     if (s->s3->alpn_selected == NULL) {
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 3c7395c..4e3cbf8 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -1559,9 +1559,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
-             return EXT_RETURN_FAIL;
-         }
-         s->s3->npn_seen = 1;
-+        return EXT_RETURN_SENT;
-     }
- 
--    return EXT_RETURN_SENT;
-+    return EXT_RETURN_NOT_SENT;
- }
- #endif
- 
--- 
-2.46.0
-

SOURCES/openssl-1.1.1-hardening-from-openssl-3.0.1.patch

@@ -1,387 +0,0 @@
-From 23c0f08fa39a825003c9d7eb0c28260939e0d3ef Mon Sep 17 00:00:00 2001
-From: Maurizio Barbaro <mbarbaro@redhat.com>
-Date: Tue, 10 Feb 2026 11:48:41 +0100
-Subject: [PATCH 1/1] hardening-from-openssl-3.0.1
-
-Signed-off-by: Maurizio Barbaro <mbarbaro@redhat.com>
----
- crypto/asn1/a_mbstr.c      | 58 ++++++++++++++++++++++++----
- crypto/asn1/a_utf8.c       | 77 +++++++-------------------------------
- include/internal/unicode.h | 31 +++++++++++++++
- test/asn1_internal_test.c  | 41 ++++++++++++++++++++
- 4 files changed, 135 insertions(+), 72 deletions(-)
- create mode 100644 include/internal/unicode.h
-
-diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c
-index bdb697a..6ef4137 100644
---- a/crypto/asn1/a_mbstr.c
-+++ b/crypto/asn1/a_mbstr.c
-@@ -1,7 +1,7 @@
- /*
-- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
-  *
-- * Licensed under the OpenSSL license (the "License").  You may not use
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-  * in the file LICENSE in the source distribution or at
-  * https://www.openssl.org/source/license.html
-@@ -10,6 +10,7 @@
- #include <stdio.h>
- #include "crypto/ctype.h"
- #include "internal/cryptlib.h"
-+#include "internal/unicode.h"
- #include <openssl/asn1.h>
- 
- static int traverse_string(const unsigned char *p, int len, int inform,
-@@ -49,12 +50,15 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-     ASN1_STRING *dest;
-     unsigned char *p;
-     int nchar;
--    char strbuf[32];
-+    char strbuf[32];    
-+
-     int (*cpyfunc) (unsigned long, void *) = NULL;
-     if (len == -1)
-         len = strlen((const char *)in);
-     if (!mask)
-         mask = DIRSTRING_TYPE;
-+    if (len < 0)
-+        return -1;
- 
-     /* First do a string check and work out the number of characters */
-     switch (inform) {
-@@ -116,7 +120,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-         return -1;
-     }
- 
--    /* Now work out output format and string type */
-+    /*
-+     * Now work out output format and string type.
-+     * These checks should be in sync with the checks in type_str.
-+     */
-     outform = MBSTRING_ASC;
-     if (mask & B_ASN1_NUMERICSTRING)
-         str_type = V_ASN1_NUMERICSTRING;
-@@ -182,7 +189,11 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
- 
-     case MBSTRING_UTF8:
-         outlen = 0;
--        traverse_string(in, len, inform, out_utf8, &outlen);
-+        ret = traverse_string(in, len, inform, out_utf8, &outlen);
-+        if (ret < 0) {
-+	    ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
-+            return -1;
-+        }
-         cpyfunc = cpy_utf8;
-         break;
-     }
-@@ -247,6 +258,9 @@ static int traverse_string(const unsigned char *p, int len, int inform,
- static int in_utf8(unsigned long value, void *arg)
- {
-     int *nchar;
-+
-+    if (!is_unicode_valid(value))
-+        return -2;
-     nchar = arg;
-     (*nchar)++;
-     return 1;
-@@ -256,9 +270,13 @@ static int in_utf8(unsigned long value, void *arg)
- 
- static int out_utf8(unsigned long value, void *arg)
- {
--    int *outlen;
-+    int *outlen, len;
-+
-+    len = UTF8_putc(NULL, -1, value);
-+    if (len <= 0)
-+        return len;
-     outlen = arg;
--    *outlen += UTF8_putc(NULL, -1, value);
-+    *outlen += len;
-     return 1;
- }
- 
-@@ -269,9 +287,29 @@ static int out_utf8(unsigned long value, void *arg)
- 
- static int type_str(unsigned long value, void *arg)
- {
--    unsigned long types = *((unsigned long *)arg);
-+    unsigned long usable_types = *((unsigned long *)arg);
-+    unsigned long types = usable_types;
-     const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
- 
-+    /*
-+     * Clear out all the types which are not checked later. If any of those
-+     * is present in the mask, then the UTF8 type will be added and checked
-+     * below.
-+     */
-+    types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING
-+        | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING
-+        | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING;
-+
-+    /*
-+     * If any other types were in the input mask, they're effectively treated
-+     * as UTF8
-+     */
-+    if (types != usable_types)
-+        types |= B_ASN1_UTF8STRING;
-+
-+    /*
-+     * These checks should be in sync with ASN1_mbstring_ncopy.
-+     */
-     if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
-                                             || native == ' '))
-         types &= ~B_ASN1_NUMERICSTRING;
-@@ -283,6 +321,8 @@ static int type_str(unsigned long value, void *arg)
-         types &= ~B_ASN1_T61STRING;
-     if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
-         types &= ~B_ASN1_BMPSTRING;
-+    if ((types & B_ASN1_UTF8STRING) && !is_unicode_valid(value))
-+        types &= ~B_ASN1_UTF8STRING;
-     if (!types)
-         return -1;
-     *((unsigned long *)arg) = types;
-@@ -338,6 +378,8 @@ static int cpy_utf8(unsigned long value, void *arg)
-     p = arg;
-     /* We already know there is enough room so pass 0xff as the length */
-     ret = UTF8_putc(*p, 0xff, value);
-+    if (ret < 0)
-+        return ret;
-     *p += ret;
-     return 1;
- }
-diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c
-index e2dc09f..6572726 100644
---- a/crypto/asn1/a_utf8.c
-+++ b/crypto/asn1/a_utf8.c
-@@ -1,7 +1,7 @@
- /*
-- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
-+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
-  *
-- * Licensed under the OpenSSL license (the "License").  You may not use
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-  * this file except in compliance with the License.  You can obtain a copy
-  * in the file LICENSE in the source distribution or at
-  * https://www.openssl.org/source/license.html
-@@ -9,6 +9,7 @@
- 
- #include <stdio.h>
- #include "internal/cryptlib.h"
-+#include "internal/unicode.h"
- #include <openssl/asn1.h>
- 
- /* UTF8 utilities */
-@@ -58,6 +59,8 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-         value |= *p++ & 0x3f;
-         if (value < 0x800)
-             return -4;
-+        if (is_unicode_surrogate(value))
-+            return -2;
-         ret = 3;
-     } else if ((*p & 0xf8) == 0xf0) {
-         if (len < 4)
-@@ -73,40 +76,6 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
-         if (value < 0x10000)
-             return -4;
-         ret = 4;
--    } else if ((*p & 0xfc) == 0xf8) {
--        if (len < 5)
--            return -1;
--        if (((p[1] & 0xc0) != 0x80)
--            || ((p[2] & 0xc0) != 0x80)
--            || ((p[3] & 0xc0) != 0x80)
--            || ((p[4] & 0xc0) != 0x80))
--            return -3;
--        value = ((unsigned long)(*p++ & 0x3)) << 24;
--        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
--        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
--        value |= (*p++ & 0x3f) << 6;
--        value |= *p++ & 0x3f;
--        if (value < 0x200000)
--            return -4;
--        ret = 5;
--    } else if ((*p & 0xfe) == 0xfc) {
--        if (len < 6)
--            return -1;
--        if (((p[1] & 0xc0) != 0x80)
--            || ((p[2] & 0xc0) != 0x80)
--            || ((p[3] & 0xc0) != 0x80)
--            || ((p[4] & 0xc0) != 0x80)
--            || ((p[5] & 0xc0) != 0x80))
--            return -3;
--        value = ((unsigned long)(*p++ & 0x1)) << 30;
--        value |= ((unsigned long)(*p++ & 0x3f)) << 24;
--        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
--        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
--        value |= (*p++ & 0x3f) << 6;
--        value |= *p++ & 0x3f;
--        if (value < 0x4000000)
--            return -4;
--        ret = 6;
-     } else
-         return -2;
-     *val = value;
-@@ -116,15 +85,15 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
- /*
-  * This takes a character 'value' and writes the UTF8 encoded value in 'str'
-  * where 'str' is a buffer containing 'len' characters. Returns the number of
-- * characters written or -1 if 'len' is too small. 'str' can be set to NULL
-- * in which case it just returns the number of characters. It will need at
-- * most 6 characters.
-+ * characters written, -1 if 'len' is too small or -2 if 'value' is out of
-+ * range. 'str' can be set to NULL in which case it just returns the number of
-+ * characters. It will need at most 4 characters.
-  */
- 
- int UTF8_putc(unsigned char *str, int len, unsigned long value)
- {
-     if (!str)
--        len = 6;                /* Maximum we will need */
-+        len = 4;                /* Maximum we will need */
-     else if (len <= 0)
-         return -1;
-     if (value < 0x80) {
-@@ -142,6 +111,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
-         return 2;
-     }
-     if (value < 0x10000) {
-+        if (is_unicode_surrogate(value))
-+            return -2;
-         if (len < 3)
-             return -1;
-         if (str) {
-@@ -151,7 +122,7 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
-         }
-         return 3;
-     }
--    if (value < 0x200000) {
-+    if (value < UNICODE_LIMIT) {
-         if (len < 4)
-             return -1;
-         if (str) {
-@@ -162,27 +133,5 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value)
-         }
-         return 4;
-     }
--    if (value < 0x4000000) {
--        if (len < 5)
--            return -1;
--        if (str) {
--            *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
--            *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
--            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
--            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
--            *str = (unsigned char)((value & 0x3f) | 0x80);
--        }
--        return 5;
--    }
--    if (len < 6)
--        return -1;
--    if (str) {
--        *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
--        *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
--        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
--        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
--        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
--        *str = (unsigned char)((value & 0x3f) | 0x80);
--    }
--    return 6;
-+    return -2;
- }
-diff --git a/include/internal/unicode.h b/include/internal/unicode.h
-new file mode 100644
-index 0000000..a6de835
---- /dev/null
-+++ b/include/internal/unicode.h
-@@ -0,0 +1,31 @@
-+/*
-+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef OSSL_INTERNAL_UNICODE_H
-+# define OSSL_INTERNAL_UNICODE_H
-+# pragma once
-+
-+typedef enum {
-+    SURROGATE_MIN = 0xd800UL,
-+    SURROGATE_MAX = 0xdfffUL,
-+    UNICODE_MAX = 0x10ffffUL,
-+    UNICODE_LIMIT
-+} UNICODE_CONSTANTS;
-+
-+static ossl_unused ossl_inline int is_unicode_surrogate(unsigned long value)
-+{
-+    return value >= SURROGATE_MIN && value <= SURROGATE_MAX;
-+}
-+
-+static ossl_unused ossl_inline int is_unicode_valid(unsigned long value)
-+{
-+    return value <= UNICODE_MAX && !is_unicode_surrogate(value);
-+}
-+
-+#endif
-diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
-index 865e058..ccfb75a 100644
---- a/test/asn1_internal_test.c
-+++ b/test/asn1_internal_test.c
-@@ -107,9 +107,50 @@ static int test_standard_methods(void)
-     return 0;
- }
- 
-+/**********************************************************************
-+ *
-+ * Tests of the Unicode code point range
-+ *
-+ ***/
-+
-+static int test_unicode(const unsigned char *univ, size_t len, int expected)
-+{
-+    const unsigned char *end = univ + len;
-+    int ok = 1;
-+
-+    for (; univ < end; univ += 4) {
-+        if (!TEST_int_eq(ASN1_mbstring_copy(NULL, univ, 4, MBSTRING_UNIV,
-+                                            B_ASN1_UTF8STRING),
-+                         expected))
-+            ok = 0;
-+    }
-+    return ok;
-+}
-+
-+static int test_unicode_range(void)
-+{
-+    const unsigned char univ_ok[] = "\0\0\0\0"
-+                                    "\0\0\xd7\xff"
-+                                    "\0\0\xe0\x00"
-+                                    "\0\x10\xff\xff";
-+    const unsigned char univ_bad[] = "\0\0\xd8\x00"
-+                                     "\0\0\xdf\xff"
-+                                     "\0\x11\x00\x00"
-+                                     "\x80\x00\x00\x00"
-+                                     "\xff\xff\xff\xff";
-+    int ok = 1;
-+
-+    if (!test_unicode(univ_ok, sizeof univ_ok - 1, V_ASN1_UTF8STRING))
-+        ok = 0;
-+    if (!test_unicode(univ_bad, sizeof univ_bad - 1, -1))
-+        ok = 0;
-+    return ok;
-+}
-+
- int setup_tests(void)
- {
-     ADD_TEST(test_tbl_standard);
-     ADD_TEST(test_standard_methods);
-+    ADD_TEST(test_unicode_range);
-     return 1;
- }
--- 
-2.52.0
-

SOURCES/openssl-1.1.1-ticket_lifetime_hint.patch

@@ -1,145 +0,0 @@
-From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
-From: Todd Short <todd.short@me.com>
-Date: Wed, 23 Mar 2022 18:55:10 -0400
-Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3
-
-For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
-
-Fixes #17948
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/17952)
-
-(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
-Modified by:	Maurizio Barbaro <mbarbaro@redhat.com> 
----
- doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
- ssl/statem/statem_srvr.c         | 21 ++++++++----
- test/sslapitest.c                | 59 ++++++++++++++++++++++++++++++++
- 3 files changed, 84 insertions(+), 6 deletions(-)
-
-diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
-index c32585e45f924..54592654ffd1f 100644
---- a/doc/man3/SSL_CTX_set_timeout.pod
-+++ b/doc/man3/SSL_CTX_set_timeout.pod
-@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
- All currently supported protocols have the same default timeout value
- of 300 seconds.
- 
-+This timeout value is used as the ticket lifetime hint for stateless session
-+tickets. It is also used as the timeout value within the ticket itself.
-+
-+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
-+seconds).
-+
-+For TLSv1.2, tickets generated during an initial handshake use the value
-+as specified. Tickets generated during a resumed handshake have a value
-+of 0 for the ticket lifetime hint.
-+
- =head1 RETURN VALUES
- 
- SSL_CTX_set_timeout() returns the previously set timeout value.
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index d701c46b43b5a..79cfd1d8353a0 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
- static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
-                                  unsigned char *tick_nonce)
- {
-+    uint32_t timeout = (uint32_t)s->session->timeout;
-+
-     /*
--     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
--     * unspecified for resumed session (for simplicity).
-+     * Ticket lifetime hint:
-      * In TLSv1.3 we reset the "time" field above, and always specify the
--     * timeout.
-+     * timeout, limited to a 1 week period per RFC8446.
-+     * For TLSv1.2 this is advisory only and we leave this unspecified for
-+     * resumed session (for simplicity).
-      */
--    if (!WPACKET_put_bytes_u32(pkt,
--                               (s->hit && !SSL_IS_TLS13(s))
--                               ? 0 : s->session->timeout)) {
-+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
-+
-+    if (SSL_IS_TLS13(s)) {
-+        if (s->session->timeout > ONE_WEEK_SEC)
-+            timeout = ONE_WEEK_SEC;
-+    } else if (s->hit)
-+        timeout = 0;
-+
-+    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
-                  ERR_R_INTERNAL_ERROR);
-         return 0;
-
---- a/test/sslapitest.c	2025-10-21 18:44:14.836888120 +0200
-+++ b/test/sslapitest.c	2025-10-22 17:39:24.869230280 +0200
-@@ -6656,6 +6656,64 @@
- 
-     return testresult;
- }
-+
-+/*
-+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
-+ * 0 = TLSv1.2
-+ * 1 = TLSv1.3
-+ */
-+static int test_ticket_lifetime(int idx)
-+{
-+    SSL_CTX *cctx = NULL, *sctx = NULL;
-+    SSL *clientssl = NULL, *serverssl = NULL;
-+    int testresult = 0;
-+    int version = TLS1_3_VERSION;
-+
-+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
-+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
-+
-+    if (idx == 0) {
-+        version = TLS1_2_VERSION;
-+    }
-+
-+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-+                                       TLS_client_method(), version, version,
-+                                       &sctx, &cctx, cert, privkey)))
-+        goto end;
-+
-+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
-+                                      &clientssl, NULL, NULL)))
-+        goto end;
-+
-+    /*
-+     * Set the timeout to be more than 1 week
-+     * make sure the returned value is the default
-+     */
-+    if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
-+                      SSL_get_default_timeout(serverssl)))
-+        goto end;
-+
-+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
-+        goto end;
-+
-+    if (idx == 0) {
-+        /* TLSv1.2 uses the set value */
-+        if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
-+            goto end;
-+    } else {
-+        /* TLSv1.3 uses the limited value */
-+        if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
-+            goto end;
-+    }
-+    testresult = 1;
-+
-+end:
-+    SSL_free(serverssl);
-+    SSL_free(clientssl);
-+    SSL_CTX_free(sctx);
-+    SSL_CTX_free(cctx);
-+    return testresult;
-+}
- #endif
- 
- int setup_tests(void)

SPECS/openssl.spec

@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1k
-Release: 15%{?dist}
+Release: 9%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -92,22 +92,6 @@ Patch101: openssl-1.1.1-cve-2022-4304-RSA-oracle.patch
 Patch102: openssl-1.1.1-cve-2022-4450-PEM-bio.patch
 Patch103: openssl-1.1.1-cve-2023-0215-BIO-UAF.patch
 Patch104: openssl-1.1.1-cve-2023-0286-X400.patch
-# OpenSSL 1.1.1v CVEs
-Patch105: openssl-1.1.1-cve-2023-3446.patch
-Patch106: openssl-1.1.1-cve-2023-3817.patch
-Patch107: openssl-1.1.1-cve-2023-5678.patch
-# Backport from OpenSSL 3.2/RHEL 9
-# Proper fix for CVE-2020-25659
-Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
-# Backport from OpenSSL 3.2
-# Fix for CVE-2024-5535
-Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
-# Fix for CVE-2025-9230
-Patch110: openssl-1.1.1-cve-2025-9230.patch
-Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
-# Fix for CVE-2025-69419 (next two)
-Patch112: openssl-1.1.1-hardening-from-openssl-3.0.1.patch
-Patch113: openssl-1.1.1-cve-2025-69419.patch
 
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
@@ -186,66 +170,57 @@ from other formats to the formats used by the OpenSSL toolkit.
 cp %{SOURCE12} crypto/ec/
 cp %{SOURCE13} test/
 
-%patch -P1 -p1 -b .build   %{?_rawbuild}
+%patch1 -p1 -b .build   %{?_rawbuild}
-%patch -P2 -p1 -b .defaults
+%patch2 -p1 -b .defaults
-%patch -P3 -p1 -b .no-html  %{?_rawbuild}
+%patch3 -p1 -b .no-html  %{?_rawbuild}
-%patch -P4 -p1 -b .man-rename
+%patch4 -p1 -b .man-rename
 
-%patch -P31 -p1 -b .conf-paths
+%patch31 -p1 -b .conf-paths
-%patch -P32 -p1 -b .version-add-engines
+%patch32 -p1 -b .version-add-engines
-%patch -P33 -p1 -b .dgst
+%patch33 -p1 -b .dgst
-%patch -P36 -p1 -b .no-brainpool
+%patch36 -p1 -b .no-brainpool
-%patch -P37 -p1 -b .curves
+%patch37 -p1 -b .curves
-%patch -P38 -p1 -b .no-weak-verify
+%patch38 -p1 -b .no-weak-verify
-%patch -P40 -p1 -b .sslv3-abi
+%patch40 -p1 -b .sslv3-abi
-%patch -P41 -p1 -b .system-cipherlist
+%patch41 -p1 -b .system-cipherlist
-%patch -P42 -p1 -b .fips
+%patch42 -p1 -b .fips
-%patch -P44 -p1 -b .version-override
+%patch44 -p1 -b .version-override
-%patch -P45 -p1 -b .weak-ciphers
+%patch45 -p1 -b .weak-ciphers
-%patch -P46 -p1 -b .seclevel
+%patch46 -p1 -b .seclevel
-%patch -P47 -p1 -b .ts-sha256-default
+%patch47 -p1 -b .ts-sha256-default
-%patch -P48 -p1 -b .fips-post-rand
+%patch48 -p1 -b .fips-post-rand
-%patch -P49 -p1 -b .evp-kdf
+%patch49 -p1 -b .evp-kdf
-%patch -P50 -p1 -b .ssh-kdf
+%patch50 -p1 -b .ssh-kdf
-%patch -P51 -p1 -b .intel-cet
+%patch51 -p1 -b .intel-cet
-%patch -P52 -p1 -b .s390x-update
+%patch52 -p1 -b .s390x-update
-%patch -P53 -p1 -b .crng-test
+%patch53 -p1 -b .crng-test
-%patch -P55 -p1 -b .arm-update
+%patch55 -p1 -b .arm-update
-%patch -P56 -p1 -b .s390x-ecc
+%patch56 -p1 -b .s390x-ecc
-%patch -P60 -p1 -b .krb5-kdf
+%patch60 -p1 -b .krb5-kdf
-%patch -P61 -p1 -b .edk2-build
+%patch61 -p1 -b .edk2-build
-%patch -P62 -p1 -b .fips-curves
+%patch62 -p1 -b .fips-curves
-%patch -P65 -p1 -b .drbg-selftest
+%patch65 -p1 -b .drbg-selftest
-%patch -P66 -p1 -b .fips-dh
+%patch66 -p1 -b .fips-dh
-%patch -P67 -p1 -b .kdf-selftest
+%patch67 -p1 -b .kdf-selftest
-%patch -P69 -p1 -b .alpn-cb
+%patch69 -p1 -b .alpn-cb
-%patch -P70 -p1 -b .rewire-fips-drbg
+%patch70 -p1 -b .rewire-fips-drbg
-%patch -P74 -p1 -b .addrconfig
+%patch74 -p1 -b .addrconfig
-%patch -P75 -p1 -b .tls13-curves
+%patch75 -p1 -b .tls13-curves
-%patch -P76 -p1 -b .cleanup-reneg
+%patch76 -p1 -b .cleanup-reneg
-%patch -P77 -p1 -b .s390x-aes
+%patch77 -p1 -b .s390x-aes
-%patch -P78 -p1 -b .addr-ipv6
+%patch78 -p1 -b .addr-ipv6
-%patch -P79 -p1 -b .servername-cb
+%patch79 -p1 -b .servername-cb
-%patch -P80 -p1 -b .s390x-test-aes
+%patch80 -p1 -b .s390x-test-aes
-%patch -P81 -p1 -b .read-buff
+%patch81 -p1 -b .read-buff
-%patch -P82 -p1 -b .cve-2022-0778
+%patch82 -p1 -b .cve-2022-0778
-%patch -P83 -p1 -b .replace-expired-certs
+%patch83 -p1 -b .replace-expired-certs
-%patch -P84 -p1 -b .cve-2022-1292
+%patch84 -p1 -b .cve-2022-1292
-%patch -P85 -p1 -b .cve-2022-2068
+%patch85 -p1 -b .cve-2022-2068
-%patch -P86 -p1 -b .cve-2022-2097
+%patch86 -p1 -b .cve-2022-2097
-%patch -P101 -p1 -b .cve-2022-4304
+%patch101 -p1 -b .cve-2022-4304
-%patch -P102 -p1 -b .cve-2022-4450
+%patch102 -p1 -b .cve-2022-4450
-%patch -P103 -p1 -b .cve-2023-0215
+%patch103 -p1 -b .cve-2023-0215
-%patch -P104 -p1 -b .cve-2023-0286
+%patch104 -p1 -b .cve-2023-0286
-%patch -P105 -p1 -b .cve-2023-3446
-%patch -P106 -p1 -b .cve-2023-3817
-%patch -P107 -p1 -b .cve-2023-5678
-%patch -P108 -p1 -b .pkcs15imprejection
-%patch -P109 -p1 -b .cve-2024-5535
-%patch -P110 -p1 -b .cve-2025-9230
-%patch -P111 -p1 -b .ticket_lifetime_hint
-%patch -P112 -p1 -b .cve-2025-69419-1
-%patch -P113 -p1 -b .cve-2025-69419-2
 
 %build
 # Figure out which flags we want to use.
@@ -529,63 +504,33 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Thu Feb 12 2026 Antonio Vieiro <avieirov@redhat.com> - 1:1.1.1k-15
+* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
-- Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
-  ticket_lifetime_hint exceed 1 week in TLSv1.3 and breaks compliant clients
-  Resolves: RHEL-149165
-  Resolves: RHEL-142715
-
-* Mon Dec 22 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14.1
-- Backport fix for openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap
-  Fix CVE-2025-9230
-  Resolves: RHEL-128615
-
-* Tue Sep 17 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-14
-- Backport fix SSL_select_next proto from OpenSSL 3.2
-  Fix CVE-2024-5535 
-  Resolves: RHEL-45654
-
-* Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
-- Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
-  (a proper fix for CVE-2020-25659)
-  Resolves: RHEL-17694
-
-* Wed Nov 15 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-11
-- Fix CVE-2023-5678: Generating excessively long X9.42 DH keys or checking
-  excessively long X9.42 DH keys or parameters may be very slow
-  Resolves: RHEL-16536
-
-* Thu Oct 19 2023 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-10
-- Fix CVE-2023-3446: Excessive time spent checking DH keys and parameters
-  Resolves: RHEL-14243
-- Fix CVE-2023-3817: Excessive time spent checking DH q parameter value
-  Resolves: RHEL-14237
-
-* Thu May 04 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-9
 - Fixed Timing Oracle in RSA Decryption
   Resolves: CVE-2022-4304
 - Fixed Double free after calling PEM_read_bio_ex
   Resolves: CVE-2022-4450
 - Fixed Use-after-free following BIO_new_NDEF
   Resolves: CVE-2023-0215
-
-* Wed Feb 08 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
 - Fixed X.400 address type confusion in X.509 GeneralName
   Resolves: CVE-2023-0286
 
+* Thu Jul 21 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-8
+- Fix no-ec build
+  Resolves: rhbz#2071020
+
 * Tue Jul 05 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-7
 - Fix CVE-2022-2097: AES OCB fails to encrypt some bytes on 32-bit x86
   Resolves: CVE-2022-2097
 - Update expired certificates used in the testsuite
-  Resolves: rhbz#2100554
+  Resolves: rhbz#2092462
 - Fix CVE-2022-1292: openssl: c_rehash script allows command injection
-  Resolves: rhbz#2090371
+  Resolves: rhbz#2090372
 - Fix CVE-2022-2068: the c_rehash script allows command injection
-  Resolves: rhbz#2098278
+  Resolves: rhbz#2098279
 
 * Wed Mar 23 2022 Clemens Lang <cllang@redhat.com> - 1:1.1.1k-6
 - Fixes CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates
-- Resolves: rhbz#2067145
+- Resolves: rhbz#2067146
 
 * Tue Nov 16 2021 Sahana Prasad <sahana@redhat.com> - 1:1.1.1k-5
 - Fixes CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings