Skip to content

Commit 390dbc6

Browse files
Patch libreswan for CVE-2026-50721, CVE-2026-50722
1 parent 7bfe39f commit 390dbc6

8 files changed

Lines changed: 386 additions & 5 deletions

File tree

base/comps/components.toml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1866,7 +1866,6 @@ includes = ["**/*.comp.toml", "component-check-disablement.toml", "component-min
18661866
[components.librelp]
18671867
[components.librepo]
18681868
[components.libreport]
1869-
[components.libreswan]
18701869
[components.libretls]
18711870
[components.librevenge]
18721871
[components.librhsm]
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
From 2b5d941de127e26dab367da8d789511966e2c233 Mon Sep 17 00:00:00 2001
2+
From: AllSpark <allspark@microsoft.com>
3+
Date: Sat, 4 Jul 2026 16:15:12 +0000
4+
Subject: [PATCH] lib/libswan: use PK11_Verify for raw RSA signature auth
5+
6+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
7+
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch
8+
---
9+
lib/libswan/pubkey_rsa.c | 52 +++++-----------------------------------
10+
1 file changed, 6 insertions(+), 46 deletions(-)
11+
12+
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
13+
index a68033b..824a30c 100644
14+
--- a/lib/libswan/pubkey_rsa.c
15+
+++ b/lib/libswan/pubkey_rsa.c
16+
@@ -406,58 +406,18 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
17+
LDBG_hunk(logger, *expected_hash);
18+
}
19+
20+
- /*
21+
- * Use the same space used by the out going hash.
22+
- */
23+
-
24+
- SECItem decrypted_signature = {
25+
- .type = siBuffer,
26+
- };
27+
-
28+
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
29+
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
30+
- return false;
31+
- }
32+
-
33+
/* NSS doesn't do const */
34+
- const SECItem encrypted_signature = {
35+
- .type = siBuffer,
36+
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
37+
- .len = signature.len,
38+
- };
39+
+ const SECItem signature_secitem =
40+
+ same_shunk_as_secitem(signature, siBuffer);
41+
+ const SECItem expected_hash_secitem =
42+
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
43+
44+
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
45+
- lsw_nss_get_password_context(logger)) != SECSuccess) {
46+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
47+
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
48+
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
49+
ldbg(logger, "NSS RSA verify: decrypting signature is failed");
50+
*fatal_diag = NULL;
51+
return false;
52+
}
53+
-
54+
- if (LDBGP(DBG_CRYPT, logger)) {
55+
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
56+
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
57+
- jam_nss_secitem(buf, &decrypted_signature);
58+
- }
59+
- }
60+
-
61+
- /*
62+
- * Expect the matching hash to appear at the end. See above
63+
- * for length check. It may, or may not, be prefixed by a
64+
- * PKCS#1 1.5 RSA ASN.1 blob.
65+
- */
66+
- passert(decrypted_signature.len >= expected_hash->len);
67+
- uint8_t *start = (decrypted_signature.data
68+
- + decrypted_signature.len
69+
- - expected_hash->len);
70+
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
71+
- ldbg(logger, "RSA Signature NOT verified");
72+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
73+
- *fatal_diag = NULL;
74+
- return false;
75+
- }
76+
-
77+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
78+
*fatal_diag = NULL;
79+
return true;
80+
}
81+
--
82+
2.45.4
83+
Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
From f35a51abd18af60bbc8cbad38c9e78b6aeecc22a Mon Sep 17 00:00:00 2001
2+
From: AllSpark <allspark@microsoft.com>
3+
Date: Sat, 4 Jul 2026 16:11:17 +0000
4+
Subject: [PATCH] Use VFY_VerifyDigestDirect for PKCS1.1.5 RSA signature
5+
verification
6+
7+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
8+
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
9+
---
10+
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
11+
1 file changed, 14 insertions(+), 47 deletions(-)
12+
13+
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
14+
index a97590a..a68033b 100644
15+
--- a/lib/libswan/pubkey_rsa.c
16+
+++ b/lib/libswan/pubkey_rsa.c
17+
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
18+
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
19+
shunk_t signature,
20+
struct pubkey *pubkey,
21+
- const struct hash_desc *unused_hash_algo UNUSED,
22+
+ const struct hash_desc *hash_alg,
23+
diag_t *fatal_diag,
24+
struct logger *logger)
25+
{
26+
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
27+
LDBG_hunk(logger, *expected_hash);
28+
}
29+
30+
- /*
31+
- * Use the same space used by the out going hash.
32+
- */
33+
-
34+
- SECItem decrypted_signature = {
35+
- .type = siBuffer,
36+
- };
37+
-
38+
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
39+
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
40+
- return false;
41+
- }
42+
-
43+
/* NSS doesn't do const */
44+
- const SECItem encrypted_signature = {
45+
- .type = siBuffer,
46+
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
47+
- .len = signature.len,
48+
- };
49+
+ SECItem hash_item =
50+
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
51+
52+
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
53+
- lsw_nss_get_password_context(logger)) != SECSuccess) {
54+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
55+
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
56+
- *fatal_diag = NULL;
57+
- return false;
58+
- }
59+
-
60+
- if (LDBGP(DBG_CRYPT, logger)) {
61+
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
62+
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
63+
- jam_nss_secitem(buf, &decrypted_signature);
64+
- }
65+
- }
66+
-
67+
- /*
68+
- * Expect the matching hash to appear at the end. See above
69+
- * for length check. It may, or may not, be prefixed by a
70+
- * PKCS#1 1.5 RSA ASN.1 blob.
71+
- */
72+
- passert(decrypted_signature.len >= expected_hash->len);
73+
- uint8_t *start = (decrypted_signature.data
74+
- + decrypted_signature.len
75+
- - expected_hash->len);
76+
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
77+
- ldbg(logger, "RSA Signature NOT verified");
78+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
79+
+ /* NSS doesn't do const */
80+
+ SECItem signature_item =
81+
+ same_shunk_as_secitem(signature, siBuffer);
82+
+
83+
+ if (VFY_VerifyDigestDirect(&hash_item,
84+
+ seckey_public,
85+
+ &signature_item,
86+
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
87+
+ /*hash algorithm*/hash_alg->nss.oid_tag,
88+
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
89+
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
90+
*fatal_diag = NULL;
91+
return false;
92+
}
93+
94+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
95+
*fatal_diag = NULL;
96+
return true;
97+
}
98+
--
99+
2.45.4
100+
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
[components.libreswan]
2+
3+
[[components.libreswan.overlays]]
4+
description = "Fix CVE-2026-50721 — https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch"
5+
type = "patch-add"
6+
source = "CVE-2026-50721.patch"
7+
8+
[[components.libreswan.overlays]]
9+
description = "Fix CVE-2026-50722 — https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch"
10+
type = "patch-add"
11+
source = "CVE-2026-50722.patch"

locks/libreswan.lock

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,5 @@
22
version = 1
33
import-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
44
upstream-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
5-
input-fingerprint = 'sha256:ce58265c0c545f1ea50a9907a30651ef6404c380df259c48b65aa869ce0a8c59'
5+
input-fingerprint = 'sha256:2a3863c2d924c465f857cde6030cca93473fb008b29cd3c4c75320b640ec900f'
66
resolution-input-hash = 'sha256:466421704711c4fd3c71f0b2ed715a0e61d49e3e26f3a2637fee755795849c8e'
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
From 2b5d941de127e26dab367da8d789511966e2c233 Mon Sep 17 00:00:00 2001
2+
From: AllSpark <allspark@microsoft.com>
3+
Date: Sat, 4 Jul 2026 16:15:12 +0000
4+
Subject: [PATCH] lib/libswan: use PK11_Verify for raw RSA signature auth
5+
6+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
7+
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch
8+
---
9+
lib/libswan/pubkey_rsa.c | 52 +++++-----------------------------------
10+
1 file changed, 6 insertions(+), 46 deletions(-)
11+
12+
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
13+
index a68033b..824a30c 100644
14+
--- a/lib/libswan/pubkey_rsa.c
15+
+++ b/lib/libswan/pubkey_rsa.c
16+
@@ -406,58 +406,18 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
17+
LDBG_hunk(logger, *expected_hash);
18+
}
19+
20+
- /*
21+
- * Use the same space used by the out going hash.
22+
- */
23+
-
24+
- SECItem decrypted_signature = {
25+
- .type = siBuffer,
26+
- };
27+
-
28+
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
29+
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
30+
- return false;
31+
- }
32+
-
33+
/* NSS doesn't do const */
34+
- const SECItem encrypted_signature = {
35+
- .type = siBuffer,
36+
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
37+
- .len = signature.len,
38+
- };
39+
+ const SECItem signature_secitem =
40+
+ same_shunk_as_secitem(signature, siBuffer);
41+
+ const SECItem expected_hash_secitem =
42+
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
43+
44+
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
45+
- lsw_nss_get_password_context(logger)) != SECSuccess) {
46+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
47+
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
48+
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
49+
ldbg(logger, "NSS RSA verify: decrypting signature is failed");
50+
*fatal_diag = NULL;
51+
return false;
52+
}
53+
-
54+
- if (LDBGP(DBG_CRYPT, logger)) {
55+
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
56+
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
57+
- jam_nss_secitem(buf, &decrypted_signature);
58+
- }
59+
- }
60+
-
61+
- /*
62+
- * Expect the matching hash to appear at the end. See above
63+
- * for length check. It may, or may not, be prefixed by a
64+
- * PKCS#1 1.5 RSA ASN.1 blob.
65+
- */
66+
- passert(decrypted_signature.len >= expected_hash->len);
67+
- uint8_t *start = (decrypted_signature.data
68+
- + decrypted_signature.len
69+
- - expected_hash->len);
70+
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
71+
- ldbg(logger, "RSA Signature NOT verified");
72+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
73+
- *fatal_diag = NULL;
74+
- return false;
75+
- }
76+
-
77+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
78+
*fatal_diag = NULL;
79+
return true;
80+
}
81+
--
82+
2.45.4
83+
Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
From f35a51abd18af60bbc8cbad38c9e78b6aeecc22a Mon Sep 17 00:00:00 2001
2+
From: AllSpark <allspark@microsoft.com>
3+
Date: Sat, 4 Jul 2026 16:11:17 +0000
4+
Subject: [PATCH] Use VFY_VerifyDigestDirect for PKCS1.1.5 RSA signature
5+
verification
6+
7+
Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
8+
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
9+
---
10+
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
11+
1 file changed, 14 insertions(+), 47 deletions(-)
12+
13+
diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
14+
index a97590a..a68033b 100644
15+
--- a/lib/libswan/pubkey_rsa.c
16+
+++ b/lib/libswan/pubkey_rsa.c
17+
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
18+
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
19+
shunk_t signature,
20+
struct pubkey *pubkey,
21+
- const struct hash_desc *unused_hash_algo UNUSED,
22+
+ const struct hash_desc *hash_alg,
23+
diag_t *fatal_diag,
24+
struct logger *logger)
25+
{
26+
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
27+
LDBG_hunk(logger, *expected_hash);
28+
}
29+
30+
- /*
31+
- * Use the same space used by the out going hash.
32+
- */
33+
-
34+
- SECItem decrypted_signature = {
35+
- .type = siBuffer,
36+
- };
37+
-
38+
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
39+
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
40+
- return false;
41+
- }
42+
-
43+
/* NSS doesn't do const */
44+
- const SECItem encrypted_signature = {
45+
- .type = siBuffer,
46+
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
47+
- .len = signature.len,
48+
- };
49+
+ SECItem hash_item =
50+
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
51+
52+
- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
53+
- lsw_nss_get_password_context(logger)) != SECSuccess) {
54+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
55+
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
56+
- *fatal_diag = NULL;
57+
- return false;
58+
- }
59+
-
60+
- if (LDBGP(DBG_CRYPT, logger)) {
61+
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
62+
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
63+
- jam_nss_secitem(buf, &decrypted_signature);
64+
- }
65+
- }
66+
-
67+
- /*
68+
- * Expect the matching hash to appear at the end. See above
69+
- * for length check. It may, or may not, be prefixed by a
70+
- * PKCS#1 1.5 RSA ASN.1 blob.
71+
- */
72+
- passert(decrypted_signature.len >= expected_hash->len);
73+
- uint8_t *start = (decrypted_signature.data
74+
- + decrypted_signature.len
75+
- - expected_hash->len);
76+
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
77+
- ldbg(logger, "RSA Signature NOT verified");
78+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
79+
+ /* NSS doesn't do const */
80+
+ SECItem signature_item =
81+
+ same_shunk_as_secitem(signature, siBuffer);
82+
+
83+
+ if (VFY_VerifyDigestDirect(&hash_item,
84+
+ seckey_public,
85+
+ &signature_item,
86+
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
87+
+ /*hash algorithm*/hash_alg->nss.oid_tag,
88+
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
89+
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
90+
*fatal_diag = NULL;
91+
return false;
92+
}
93+
94+
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
95+
*fatal_diag = NULL;
96+
return true;
97+
}
98+
--
99+
2.45.4
100+

0 commit comments

Comments
 (0)