[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1106738: marked as done (unblock: openssl/3.5.0-2)

Your message dated Thu, 29 May 2025 06:29:10 +0000
with message-id <E1uKWlK-005yiQ-1X@respighi.debian.org>
and subject line unblock openssl
has caused the Debian Bug report #1106738,
regarding unblock: openssl/3.5.0-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1106738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106738
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Control: affects -1 + src:openssl
X-Debbugs-Cc: openssl@packages.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: sebastian@breakpoint.cc
Severity: normal

Please unblock package openssl

The -2 release fixes two bugs:
- CVE-2025-4575
  Minor (severity low) affecting only the "-addreject" option of the
  "openssl x509" command. Only the 3.5 version is affected by this.
  Since it is a CVE with an advisory I decided to include it.

- Illegal instruction on ppc64el
  Some of the optimized functionality on ppc64el uses unconditionally
  instructions which are only supported on POWER9+. Debian supports
  POWER8 as the minimum CPU base so this counts as a regression on a
  release architecture.
  It affects the P-384 EC algorithm which can affect for instance ssh or
  https connection if the curve is used.
  The algorithm is covered by the test suite but the buildds (and the
  porterbox) are POWER9 so it went undetected so far.

Both patches have been cherry-picked from the 3.5 branch.

The "openssl x509" changes look simple and they extend the current
test suite.
The ppc64el related changes were tested by the reporter.

unblock openssl/3.5.0-2

Sebastian

diff -Nru openssl-3.5.0/debian/changelog openssl-3.5.0/debian/changelog
--- openssl-3.5.0/debian/changelog	2025-04-08 21:15:30.000000000 +0200
+++ openssl-3.5.0/debian/changelog	2025-05-28 22:13:00.000000000 +0200
@@ -1,3 +1,11 @@
+openssl (3.5.0-2) unstable; urgency=medium
+
+  * Fix P-384 curve on lower-than-P9 PPC64 targets Closes: #1106516).
+  * CVE-2025-4575 ("The x509 application adds trusted use instead of
+    rejected use") (Closes: #1106322).
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Wed, 28 May 2025 22:13:00 +0200
+
 openssl (3.5.0-1) unstable; urgency=medium
 
   * Import 3.5.0
diff -Nru openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch
--- openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-3.5.0/debian/patches/apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch	2025-05-28 22:10:17.000000000 +0200
@@ -0,0 +1,62 @@
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 20 May 2025 16:34:10 +0200
+Subject: apps/x509.c: Fix the -addreject option adding trust instead of
+ rejection
+
+Fixes CVE-2025-4575
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Paul Dale <ppzgs1@gmail.com>
+(Merged from https://github.com/openssl/openssl/pull/27672)
+
+(cherry picked from commit 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac)
+(cherry picked from commit e96d22446e633d117e6c9904cb15b4693e956eaa)
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ apps/x509.c                 |  2 +-
+ test/recipes/25-test_x509.t | 12 +++++++++++-
+ 2 files changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/apps/x509.c b/apps/x509.c
+index fdae8f383a66..0c340c15b321 100644
+--- a/apps/x509.c
++++ b/apps/x509.c
+@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
+                            prog, opt_arg());
+                 goto opthelp;
+             }
+-            if (!sk_ASN1_OBJECT_push(trust, objtmp))
++            if (!sk_ASN1_OBJECT_push(reject, objtmp))
+                 goto end;
+             trustout = 1;
+             break;
+diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
+index 09b61708ff8a..dfa0a428f5f0 100644
+--- a/test/recipes/25-test_x509.t
++++ b/test/recipes/25-test_x509.t
+@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+ 
+ setup("test_x509");
+ 
+-plan tests => 134;
++plan tests => 138;
+ 
+ # Prevent MSys2 filename munging for arguments that look like file paths but
+ # aren't
+@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
+ && run(app(["openssl", "verify", "-no_check_time",
+             "-trusted", $ca, "-partial_chain", $caout])));
+ 
++# test trust decoration
++ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
++            "-out", "ca-trusted.pem"])));
++cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
++              1, 'trusted use - E-mail Protection');
++ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
++            "-out", "ca-rejected.pem"])));
++cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
++              1, 'rejected use - E-mail Protection');
++
+ subtest 'x509 -- x.509 v1 certificate' => sub {
+     tconversion( -type => 'x509', -prefix => 'x509v1',
+                  -in => srctop_file("test", "testx509.pem") );
diff -Nru openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch
--- openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssl-3.5.0/debian/patches/Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch	2025-05-28 22:10:17.000000000 +0200
@@ -0,0 +1,126 @@
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Thu, 17 Apr 2025 08:51:53 -0500
+Subject: Fix P-384 curve on lower-than-P9 PPC64 targets
+
+The change adding an asm implementation of p384_felem_reduce incorrectly
+uses the accelerated version on both targets that support the intrinsics
+*and* targets that don't, instead of falling back to the generics on older
+targets.  This results in crashes when trying to use P-384 on < Power9.
+
+Signed-off-by: Anna Wilcox <AWilcox@Wilcox-Tech.com>
+Closes: #27350
+Fixes: 85cabd94 ("Fix Minerva timing side-channel signal for P-384 curve on PPC")
+
+Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/27429)
+
+(cherry picked from commit 29864f2b0f1046177e8048a5b17440893d3f9425)
+(cherry picked from commit a72f753cc5a43e58087358317975f6be46c15e01)
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ crypto/ec/ecp_nistp384.c | 54 +++++++++++++++++++++++++++++-------------------
+ 1 file changed, 33 insertions(+), 21 deletions(-)
+
+diff --git a/crypto/ec/ecp_nistp384.c b/crypto/ec/ecp_nistp384.c
+index 2ceb94fe33b7..9d682f5a02cc 100644
+--- a/crypto/ec/ecp_nistp384.c
++++ b/crypto/ec/ecp_nistp384.c
+@@ -684,6 +684,22 @@ static void felem_reduce_ref(felem out, const widefelem in)
+         out[i] = acc[i];
+ }
+ 
++static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
++{
++    widefelem tmp;
++
++    felem_square_ref(tmp, in);
++    felem_reduce_ref(out, tmp);
++}
++
++static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
++{
++    widefelem tmp;
++
++    felem_mul_ref(tmp, in1, in2);
++    felem_reduce_ref(out, tmp);
++}
++
+ #if defined(ECP_NISTP384_ASM)
+ static void felem_square_wrapper(widefelem out, const felem in);
+ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
+@@ -695,10 +711,18 @@ static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
+ 
+ static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+ 
++static void (*felem_square_reduce_p)(felem out, const felem in) =
++    felem_square_reduce_ref;
++static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
++    felem_mul_reduce_ref;
++
+ void p384_felem_square(widefelem out, const felem in);
+ void p384_felem_mul(widefelem out, const felem in1, const felem in2);
+ void p384_felem_reduce(felem out, const widefelem in);
+ 
++void p384_felem_square_reduce(felem out, const felem in);
++void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
++
+ # if defined(_ARCH_PPC64)
+ #  include "crypto/ppc_arch.h"
+ # endif
+@@ -710,6 +734,8 @@ static void felem_select(void)
+         felem_square_p = p384_felem_square;
+         felem_mul_p = p384_felem_mul;
+         felem_reduce_p = p384_felem_reduce;
++        felem_square_reduce_p = p384_felem_square_reduce;
++        felem_mul_reduce_p = p384_felem_mul_reduce;
+ 
+         return;
+     }
+@@ -718,7 +744,9 @@ static void felem_select(void)
+     /* Default */
+     felem_square_p = felem_square_ref;
+     felem_mul_p = felem_mul_ref;
+-    felem_reduce_p = p384_felem_reduce;
++    felem_reduce_p = felem_reduce_ref;
++    felem_square_reduce_p = felem_square_reduce_ref;
++    felem_mul_reduce_p = felem_mul_reduce_ref;
+ }
+ 
+ static void felem_square_wrapper(widefelem out, const felem in)
+@@ -737,31 +765,15 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
+ # define felem_mul felem_mul_p
+ # define felem_reduce felem_reduce_p
+ 
+-void p384_felem_square_reduce(felem out, const felem in);
+-void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
+-
+-# define felem_square_reduce p384_felem_square_reduce
+-# define felem_mul_reduce p384_felem_mul_reduce
++# define felem_square_reduce felem_square_reduce_p
++# define felem_mul_reduce felem_mul_reduce_p
+ #else
+ # define felem_square felem_square_ref
+ # define felem_mul felem_mul_ref
+ # define felem_reduce felem_reduce_ref
+ 
+-static ossl_inline void felem_square_reduce(felem out, const felem in)
+-{
+-    widefelem tmp;
+-
+-    felem_square(tmp, in);
+-    felem_reduce(out, tmp);
+-}
+-
+-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
+-{
+-    widefelem tmp;
+-
+-    felem_mul(tmp, in1, in2);
+-    felem_reduce(out, tmp);
+-}
++# define felem_square_reduce felem_square_reduce_ref
++# define felem_mul_reduce felem_mul_reduce_ref
+ #endif
+ 
+ /*-
diff -Nru openssl-3.5.0/debian/patches/series openssl-3.5.0/debian/patches/series
--- openssl-3.5.0/debian/patches/series	2025-04-08 21:15:10.000000000 +0200
+++ openssl-3.5.0/debian/patches/series	2025-05-28 22:10:17.000000000 +0200
@@ -5,3 +5,5 @@
 c_rehash-compat.patch
 Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
 conf-Serialize-allocation-free-of-ssl_names.patch
+apps-x509.c-Fix-the-addreject-option-adding-trust-instead.patch
+Fix-P-384-curve-on-lower-than-P9-PPC64-targets.patch

--- End Message ---
--- Begin Message --- 
Unblocked.

--- End Message ---
Reply to: