Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion base/comps/components.toml
Original file line number Diff line number Diff line change
Expand Up @@ -1866,7 +1866,6 @@ includes = ["**/*.comp.toml", "component-check-disablement.toml", "component-min
[components.librelp]
[components.librepo]
[components.libreport]
[components.libreswan]
[components.libretls]
[components.librevenge]
[components.librhsm]
Expand Down
99 changes: 99 additions & 0 deletions base/comps/libreswan/CVE-2026-50722.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
From 06507352136e246ba7e757e9ce4eb755f71d8dee Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 10:14:47 +0000
Subject: [PATCH] Backport RSA PKCS1 v1.5 digest verification fix

Signed-off-by: autosec <autosec@local>
Upstream-reference: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
---
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
1 file changed, 14 insertions(+), 47 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a97590a..a68033b 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
shunk_t signature,
struct pubkey *pubkey,
- const struct hash_desc *unused_hash_algo UNUSED,
+ const struct hash_desc *hash_alg,
diag_t *fatal_diag,
struct logger *logger)
{
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ SECItem hash_item =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
- *fatal_diag = NULL;
- return false;
- }
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ /* NSS doesn't do const */
+ SECItem signature_item =
+ same_shunk_as_secitem(signature, siBuffer);
+
+ if (VFY_VerifyDigestDirect(&hash_item,
+ seckey_public,
+ &signature_item,
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
+ /*hash algorithm*/hash_alg->nss.oid_tag,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
*fatal_diag = NULL;
return false;
}

- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

6 changes: 6 additions & 0 deletions base/comps/libreswan/libreswan.comp.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
[components.libreswan]

[[components.libreswan.overlays]]
description = "Fix CVE-2026-50722 — https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch"
type = "patch-add"
source = "CVE-2026-50722.patch"
2 changes: 1 addition & 1 deletion locks/libreswan.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
version = 1
import-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
upstream-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
input-fingerprint = 'sha256:ce58265c0c545f1ea50a9907a30651ef6404c380df259c48b65aa869ce0a8c59'
input-fingerprint = 'sha256:c088f2d1e89f8a579aea0725c2d44fac66cb1dcd59141d54e66136570b9306b8'
resolution-input-hash = 'sha256:466421704711c4fd3c71f0b2ed715a0e61d49e3e26f3a2637fee755795849c8e'
99 changes: 99 additions & 0 deletions specs/l/libreswan/CVE-2026-50722.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
From 06507352136e246ba7e757e9ce4eb755f71d8dee Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 10:14:47 +0000
Subject: [PATCH] Backport RSA PKCS1 v1.5 digest verification fix

Signed-off-by: autosec <autosec@local>
Upstream-reference: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
---
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
1 file changed, 14 insertions(+), 47 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a97590a..a68033b 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
shunk_t signature,
struct pubkey *pubkey,
- const struct hash_desc *unused_hash_algo UNUSED,
+ const struct hash_desc *hash_alg,
diag_t *fatal_diag,
struct logger *logger)
{
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ SECItem hash_item =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
- *fatal_diag = NULL;
- return false;
- }
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ /* NSS doesn't do const */
+ SECItem signature_item =
+ same_shunk_as_secitem(signature, siBuffer);
+
+ if (VFY_VerifyDigestDirect(&hash_item,
+ seckey_public,
+ &signature_item,
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
+ /*hash algorithm*/hash_alg->nss.oid_tag,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
*fatal_diag = NULL;
return false;
}

- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

10 changes: 7 additions & 3 deletions specs/l/libreswan/libreswan.spec
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
## (rpmautospec version 0.8.3)
## RPMAUTOSPEC: autorelease, autochangelog
%define autorelease(e:s:pb:n) %{?-p:0.}%{lua:
release_number = 4;
release_number = 5;
base_release_number = tonumber(rpm.expand("%{?-b*}%{!?-b:1}"));
print(release_number + base_release_number - 1);
}%{?-e:.%{-e*}}%{?-s:.%{-s*}}%{!?-n:%{?dist}}
Expand Down Expand Up @@ -107,6 +107,7 @@ Requires: filesystem(unmerged-sbin-symlinks)
Provides: /usr/sbin/ipsec
%endif

Patch2: CVE-2026-50722.patch
%description
Libreswan is a free implementation of IPsec & IKE for Linux. IPsec is
the Internet Protocol Security and uses strong cryptography to provide
Expand Down Expand Up @@ -258,8 +259,11 @@ certutil -N -d sql:$tmpdir --empty-password

%changelog
## START: Generated by rpmautospec
* Thu Apr 30 2026 Daniel McIlvaney <damcilva@microsoft.com> - 5.3-4
- feat: introduce deterministic commit resolution via Azure Linux lock file
* Sat Jul 04 2026 azldev <azldev@local> - 5.3-5
- Local changes (uncommitted)

* Thu Jul 02 2026 Tobias Brick <tobiasb@microsoft.com> - 5.3-4
- chore(swift-lang): remove component from distro

* Thu Jul 24 2025 Fedora Release Engineering <releng@fedoraproject.org> - 5.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
Expand Down
Loading