SOURCES/openssl-1.1.1-cve-2025-9230.patch

@@ -1,31 +0,0 @@
-From 5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45 Mon Sep 17 00:00:00 2001
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Thu, 11 Sep 2025 18:10:12 +0200
-Subject: [PATCH] kek_unwrap_key(): Fix incorrect check of unwrapped key size
-
-Fixes CVE-2025-9230
-
-The check is off by 8 bytes so it is possible to overread by
-up to 8 bytes and overwrite up to 4 bytes.
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(cherry picked from commit 9c462be2cea54ebfc62953224220b56f8ba22a0c)
----
- crypto/cms/cms_pwri.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
-index a7d609f83791a..ee1b8aa6ed61d 100644
---- a/crypto/cms/cms_pwri.c
-+++ b/crypto/cms/cms_pwri.c
-@@ -242,7 +242,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-         /* Check byte failure */
-         goto err;
-     }
--    if (inlen < (size_t)(tmp[0] - 4)) {
-+    if (inlen < 4 + (size_t)tmp[0]) {
-         /* Invalid length value */
-         goto err;
-     }

SOURCES/openssl-1.1.1-fix-ssl-select-next-proto.patch

@@ -1,255 +0,0 @@
-From d1d4b56fe0c9a4200276d630f62108e1165e0990 Mon Sep 17 00:00:00 2001
-From: Maurizio Barbaro <mbarbaro@redhat.com>
-Date: Mon, 16 Sep 2024 10:53:53 +0200
-Subject: [PATCH] Backport openssl: SSL_select_next_proto buffer overread from 3.2
-
-Ensure that the provided client list is non-NULL and starts with a valid
-entry. When called from the ALPN callback the client list should already
-have been validated by OpenSSL so this should not cause a problem. When
-called from the NPN callback the client list is locally configured and
-will not have already been validated. Therefore SSL_select_next_proto
-should not assume that it is correctly formatted.
-
-We implement stricter checking of the client protocol list. We also do the
-same for the server list while we are about it.
-
-CVE-2024-5535
-
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 31 May 2024 11:14:33 +0100
-Merged from: https://github.com/openssl/openssl/pull/24717.
-
-Backported-by: Maurizio Barbaro <mbarbaro@redhat.com> 
-we did't ported test changes because rely on internal testing framework.
-
----
- doc/man3/SSL_CTX_set_alpn_select_cb.pod | 28 +++++++----
- ssl/ssl_lib.c                           | 64 +++++++++++++++----------
- ssl/statem/extensions_clnt.c            | 30 +++++++++++-
- ssl/statem/extensions_srvr.c            |  3 +-
- 4 files changed, 89 insertions(+), 36 deletions(-)
-
-diff --git a/doc/man3/SSL_CTX_set_alpn_select_cb.pod b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-index e90caec..a3f8dfd 100644
---- a/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-+++ b/doc/man3/SSL_CTX_set_alpn_select_cb.pod
-@@ -43,7 +43,7 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
-                            const unsigned char *server,
-                            unsigned int server_len,
-                            const unsigned char *client,
--                           unsigned int client_len)
-+                           unsigned int client_len);
-  void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                              unsigned *len);
- 
-@@ -52,7 +52,8 @@ SSL_select_next_proto, SSL_get0_alpn_selected, SSL_get0_next_proto_negotiated
- SSL_CTX_set_alpn_protos() and SSL_set_alpn_protos() are used by the client to
- set the list of protocols available to be negotiated. The B<protos> must be in
- protocol-list format, described below. The length of B<protos> is specified in
--B<protos_len>.
-+B<protos_len>. Setting B<protos_len> to 0 clears any existing list of ALPN
-+protocols and no ALPN extension will be sent to the server.
- 
- SSL_CTX_set_alpn_select_cb() sets the application callback B<cb> used by a
- server to select which protocol to use for the incoming connection. When B<cb>
-@@ -73,9 +74,16 @@ B<server_len> and B<client>, B<client_len> must be in the protocol-list format
- described below. The first item in the B<server>, B<server_len> list that
- matches an item in the B<client>, B<client_len> list is selected, and returned
- in B<out>, B<outlen>. The B<out> value will point into either B<server> or
--B<client>, so it should be copied immediately. If no match is found, the first
--item in B<client>, B<client_len> is returned in B<out>, B<outlen>. This
--function can also be used in the NPN callback.
-+B<client>, so it should be copied immediately. The client list must include at
-+least one valid (nonempty) protocol entry in the list.
-+
-+The SSL_select_next_proto() helper function can be useful from either the ALPN
-+callback or the NPN callback (described below). If no match is found, the first
-+item in B<client>, B<client_len> is returned in B<out>, B<outlen> and
-+B<OPENSSL_NPN_NO_OVERLAP> is returned. This can be useful when implementating
-+the NPN callback. In the ALPN case, the value returned in B<out> and B<outlen>
-+must be ignored if B<OPENSSL_NPN_NO_OVERLAP> has been returned from
-+SSL_select_next_proto().
- 
- SSL_CTX_set_next_proto_select_cb() sets a callback B<cb> that is called when a
- client needs to select a protocol from the server's provided list, and a
-@@ -85,9 +93,10 @@ must be set to point to the selected protocol (which may be within B<in>).
- The length of the protocol name must be written into B<outlen>. The
- server's advertised protocols are provided in B<in> and B<inlen>. The
- callback can assume that B<in> is syntactically valid. The client must
--select a protocol. It is fatal to the connection if this callback returns
--a value other than B<SSL_TLSEXT_ERR_OK>. The B<arg> parameter is the pointer
--set via SSL_CTX_set_next_proto_select_cb().
-+select a protocol (although it may be an empty, zero length protocol). It is
-+fatal to the connection if this callback returns a value other than
-+B<SSL_TLSEXT_ERR_OK> or if the zero length protocol is selected. The B<arg>
-+parameter is the pointer set via SSL_CTX_set_next_proto_select_cb().
- 
- SSL_CTX_set_next_protos_advertised_cb() sets a callback B<cb> that is called
- when a TLS server needs a list of supported protocols for Next Protocol
-@@ -149,7 +158,8 @@ A match was found and is returned in B<out>, B<outlen>.
- =item OPENSSL_NPN_NO_OVERLAP
- 
- No match was found. The first item in B<client>, B<client_len> is returned in
--B<out>, B<outlen>.
-+B<out>, B<outlen> (or B<NULL> and 0 in the case where the first entry in
-+B<client> is invalid).
- 
- =back
- 
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index c71c686..21e6c45 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2739,38 +2739,54 @@ int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                           unsigned int server_len,
-                           const unsigned char *client, unsigned int client_len)
- {
--    unsigned int i, j;
--    const unsigned char *result;
--    int status = OPENSSL_NPN_UNSUPPORTED;
-+    PACKET cpkt, csubpkt, spkt, ssubpkt;
-+    if (!PACKET_buf_init(&cpkt, client, client_len)
-+            || !PACKET_get_length_prefixed_1(&cpkt, &csubpkt)
-+            || PACKET_remaining(&csubpkt) == 0) {
-+        *out = NULL;
-+        *outlen = 0;
-+        return OPENSSL_NPN_NO_OVERLAP;
-+    }
-+
-+    /*
-+     * Set the default opportunistic protocol. Will be overwritten if we find
-+     * a match.
-+     */
-+    *out = (unsigned char *)PACKET_data(&csubpkt);
-+    *outlen = (unsigned char)PACKET_remaining(&csubpkt);
- 
-     /*
-      * For each protocol in server preference order, see if we support it.
-      */
--    for (i = 0; i < server_len;) {
--        for (j = 0; j < client_len;) {
--            if (server[i] == client[j] &&
--                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
--                /* We found a match */
--                result = &server[i];
--                status = OPENSSL_NPN_NEGOTIATED;
--                goto found;
-+    if (PACKET_buf_init(&spkt, server, server_len)) {
-+       while (PACKET_get_length_prefixed_1(&spkt, &ssubpkt)) {
-+            if (PACKET_remaining(&ssubpkt) == 0)
-+                continue; /* Invalid - ignore it */
-+            if (PACKET_buf_init(&cpkt, client, client_len)) {
-+                while (PACKET_get_length_prefixed_1(&cpkt, &csubpkt)) {
-+                    if (PACKET_equal(&csubpkt, PACKET_data(&ssubpkt),
-+                                     PACKET_remaining(&ssubpkt))) {
-+                        /* We found a match */
-+                        *out = (unsigned char *)PACKET_data(&ssubpkt);
-+                        *outlen = (unsigned char)PACKET_remaining(&ssubpkt);
-+                        return OPENSSL_NPN_NEGOTIATED;
-+                    }
-+                }
-+                /* Ignore spurious trailing bytes in the client list */
-+            } else {
-+                /* This should never happen */
-+                return OPENSSL_NPN_NO_OVERLAP;
-             }
--            j += client[j];
--            j++;
-         }
--        i += server[i];
--        i++;
-+        /* Ignore spurious trailing bytes in the server list */
-     }
- 
--    /* There's no overlap between our protocols and the server's list. */
--    result = client;
--    status = OPENSSL_NPN_NO_OVERLAP;
--
-- found:
--    *out = (unsigned char *)result + 1;
--    *outlen = result[0];
--    return status;
--}
-+    /*
-+     * There's no overlap between our protocols and the server's list. We use
-+     * the default opportunistic protocol selected earlier
-+     */
-+    return OPENSSL_NPN_NO_OVERLAP;
-+ } 
- 
- #ifndef OPENSSL_NO_NEXTPROTONEG
- /*
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index ce8a757..cfde733 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -1585,8 +1585,8 @@ int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-     if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
-                                   PACKET_data(pkt),
-                                   PACKET_remaining(pkt),
--                                  s->ctx->ext.npn_select_cb_arg) !=
--             SSL_TLSEXT_ERR_OK) {
-+                                  s->ctx->ext.npn_select_cb_arg) != SSL_TLSEXT_ERR_OK
-+           || selected_len == 0) {           
-         SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
-                  SSL_R_BAD_EXTENSION);
-         return 0;
-@@ -1617,6 +1617,8 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-                         size_t chainidx)
- {
-     size_t len;
-+    PACKET confpkt, protpkt;
-+    int valid = 0;
- 
-     /* We must have requested it. */
-     if (!s->s3->alpn_sent) {
-@@ -1637,6 +1639,30 @@ int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
-                  SSL_R_BAD_EXTENSION);
-         return 0;
-     }
-+
-+    /* It must be a protocol that we sent */
-+    if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
-+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN, 
-+                 ERR_R_INTERNAL_ERROR);
-+        return 0;
-+    }
-+    while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
-+        if (PACKET_remaining(&protpkt) != len)
-+            continue;
-+        if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
-+            /* Valid protocol found */
-+            valid = 1;
-+            break;
-+        }
-+    }
-+
-+    if (!valid) {
-+        /* The protocol sent from the server does not match one we advertised */
-+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
-+                 SSL_R_BAD_EXTENSION);
-+        return 0;
-+    }
-+
-     OPENSSL_free(s->s3->alpn_selected);
-     s->s3->alpn_selected = OPENSSL_malloc(len);
-     if (s->s3->alpn_selected == NULL) {
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 3c7395c..4e3cbf8 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -1559,9 +1559,10 @@ EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
-             return EXT_RETURN_FAIL;
-         }
-         s->s3->npn_seen = 1;
-+        return EXT_RETURN_SENT;
-     }
- 
--    return EXT_RETURN_SENT;
-+    return EXT_RETURN_NOT_SENT;
- }
- #endif
- 
--- 
-2.46.0
-

SOURCES/openssl-1.1.1-ticket_lifetime_hint.patch

@@ -1,145 +0,0 @@
-From 79dbd85fe27ebabc278417af64ab8e3eb43d2d40 Mon Sep 17 00:00:00 2001
-From: Todd Short <todd.short@me.com>
-Date: Wed, 23 Mar 2022 18:55:10 -0400
-Subject: [PATCH] ticket_lifetime_hint may exceed 1 week in TLSv1.3
-
-For TLSv1.3, limit ticket lifetime hint to 1 week per RFC8446
-
-Fixes #17948
-
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/17952)
-
-(cherry picked from commit 0089cc7f9d42f6e39872161199fb8b6a99da2492)
-Modified by:	Maurizio Barbaro <mbarbaro@redhat.com> 
----
- doc/man3/SSL_CTX_set_timeout.pod | 10 ++++++
- ssl/statem/statem_srvr.c         | 21 ++++++++----
- test/sslapitest.c                | 59 ++++++++++++++++++++++++++++++++
- 3 files changed, 84 insertions(+), 6 deletions(-)
-
-diff --git a/doc/man3/SSL_CTX_set_timeout.pod b/doc/man3/SSL_CTX_set_timeout.pod
-index c32585e45f924..54592654ffd1f 100644
---- a/doc/man3/SSL_CTX_set_timeout.pod
-+++ b/doc/man3/SSL_CTX_set_timeout.pod
-@@ -42,6 +42,16 @@ basis, see L<SSL_get_default_timeout(3)>.
- All currently supported protocols have the same default timeout value
- of 300 seconds.
- 
-+This timeout value is used as the ticket lifetime hint for stateless session
-+tickets. It is also used as the timeout value within the ticket itself.
-+
-+For TLSv1.3, RFC8446 limits transmission of this value to 1 week (604800
-+seconds).
-+
-+For TLSv1.2, tickets generated during an initial handshake use the value
-+as specified. Tickets generated during a resumed handshake have a value
-+of 0 for the ticket lifetime hint.
-+
- =head1 RETURN VALUES
- 
- SSL_CTX_set_timeout() returns the previously set timeout value.
-diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
-index d701c46b43b5a..79cfd1d8353a0 100644
---- a/ssl/statem/statem_srvr.c
-+++ b/ssl/statem/statem_srvr.c
-@@ -3820,15 +3820,24 @@ int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
- static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
-                                  unsigned char *tick_nonce)
- {
-+    uint32_t timeout = (uint32_t)s->session->timeout;
-+
-     /*
--     * Ticket lifetime hint: For TLSv1.2 this is advisory only and we leave this
--     * unspecified for resumed session (for simplicity).
-+     * Ticket lifetime hint:
-      * In TLSv1.3 we reset the "time" field above, and always specify the
--     * timeout.
-+     * timeout, limited to a 1 week period per RFC8446.
-+     * For TLSv1.2 this is advisory only and we leave this unspecified for
-+     * resumed session (for simplicity).
-      */
--    if (!WPACKET_put_bytes_u32(pkt,
--                               (s->hit && !SSL_IS_TLS13(s))
--                               ? 0 : s->session->timeout)) {
-+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
-+
-+    if (SSL_IS_TLS13(s)) {
-+        if (s->session->timeout > ONE_WEEK_SEC)
-+            timeout = ONE_WEEK_SEC;
-+    } else if (s->hit)
-+        timeout = 0;
-+
-+    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
-         SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
-                  ERR_R_INTERNAL_ERROR);
-         return 0;
-
---- a/test/sslapitest.c	2025-10-21 18:44:14.836888120 +0200
-+++ b/test/sslapitest.c	2025-10-22 17:39:24.869230280 +0200
-@@ -6656,6 +6656,64 @@
- 
-     return testresult;
- }
-+
-+/*
-+ * Test that the lifetime hint of a TLSv1.3 ticket is no more than 1 week
-+ * 0 = TLSv1.2
-+ * 1 = TLSv1.3
-+ */
-+static int test_ticket_lifetime(int idx)
-+{
-+    SSL_CTX *cctx = NULL, *sctx = NULL;
-+    SSL *clientssl = NULL, *serverssl = NULL;
-+    int testresult = 0;
-+    int version = TLS1_3_VERSION;
-+
-+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
-+#define TWO_WEEK_SEC (2 * ONE_WEEK_SEC)
-+
-+    if (idx == 0) {
-+        version = TLS1_2_VERSION;
-+    }
-+
-+    if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(),
-+                                       TLS_client_method(), version, version,
-+                                       &sctx, &cctx, cert, privkey)))
-+        goto end;
-+
-+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl,
-+                                      &clientssl, NULL, NULL)))
-+        goto end;
-+
-+    /*
-+     * Set the timeout to be more than 1 week
-+     * make sure the returned value is the default
-+     */
-+    if (!TEST_long_eq(SSL_CTX_set_timeout(sctx, TWO_WEEK_SEC),
-+                      SSL_get_default_timeout(serverssl)))
-+        goto end;
-+
-+    if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE)))
-+        goto end;
-+
-+    if (idx == 0) {
-+        /* TLSv1.2 uses the set value */
-+        if (!TEST_ulong_eq(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), TWO_WEEK_SEC))
-+            goto end;
-+    } else {
-+        /* TLSv1.3 uses the limited value */
-+        if (!TEST_ulong_le(SSL_SESSION_get_ticket_lifetime_hint(SSL_get_session(clientssl)), ONE_WEEK_SEC))
-+            goto end;
-+    }
-+    testresult = 1;
-+
-+end:
-+    SSL_free(serverssl);
-+    SSL_free(clientssl);
-+    SSL_CTX_free(sctx);
-+    SSL_CTX_free(cctx);
-+    return testresult;
-+}
- #endif
- 
- int setup_tests(void)

SPECS/openssl.spec

@@ -22,7 +22,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.1.1k
-Release: 14%{?dist}
+Release: 12%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -99,11 +99,6 @@ Patch107: openssl-1.1.1-cve-2023-5678.patch
 # Backport from OpenSSL 3.2/RHEL 9
 # Proper fix for CVE-2020-25659
 Patch108: openssl-1.1.1-pkcs1-implicit-rejection.patch
-# Backport from OpenSSL 3.0
-# Fix for CVE-2024-5535
-Patch109: openssl-1.1.1-fix-ssl-select-next-proto.patch
-Patch110: openssl-1.1.1-cve-2025-9230.patch
-Patch111: openssl-1.1.1-ticket_lifetime_hint.patch
 
 License: OpenSSL and ASL 2.0
 URL: http://www.openssl.org/
@@ -237,9 +232,6 @@ cp %{SOURCE13} test/
 %patch106 -p1 -b .cve-2023-3817
 %patch107 -p1 -b .cve-2023-5678
 %patch108 -p1 -b .pkcs15imprejection
-%patch109 -p1 -b .cve-2024-5535
-%patch110 -p1 -b .cve-2025-9230
-%patch111 -p1 -b .ticket_lifetime_hint
 
 %build
 # Figure out which flags we want to use.
@@ -523,18 +515,6 @@ export LD_LIBRARY_PATH
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Mon Dec 08 2025 Nikita Sanjay Patwa <npatwa@redhat.com> - 1:1.1.1k-14
-- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap
-  Fix CVE-2025-9230
-  Resolves: RHEL-128613
-- Fix bug for ticket_lifetime_hint exceed issue
-  Resolves: RHEL-119891
-
-* Mon Sep 16 2024 Maurizio Barbaro <mbarbaro@redhat.com> - 1:1.1.1k-13
-- Backport fix SSL_select_next proto from OpenSSL 3.2  
-  Fix CVE-2024-5535 
-  Resolves: RHEL-45654
-
 * Thu Nov 30 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:1.1.1k-12
 - Backport implicit rejection mechanism for RSA PKCS#1 v1.5 to RHEL-8 series
   (a proper fix for CVE-2020-25659)