Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion base/comps/components.toml
Original file line number Diff line number Diff line change
Expand Up @@ -1866,7 +1866,6 @@ includes = ["**/*.comp.toml", "component-check-disablement.toml", "component-min
[components.librelp]
[components.librepo]
[components.libreport]
[components.libreswan]
[components.libretls]
[components.librevenge]
[components.librhsm]
Expand Down
83 changes: 83 additions & 0 deletions base/comps/libreswan/CVE-2026-50721.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
From 2b5d941de127e26dab367da8d789511966e2c233 Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 16:15:12 +0000
Subject: [PATCH] lib/libswan: use PK11_Verify for raw RSA signature auth

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch
---
lib/libswan/pubkey_rsa.c | 52 +++++-----------------------------------
1 file changed, 6 insertions(+), 46 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a68033b..824a30c 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -406,58 +406,18 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ const SECItem signature_secitem =
+ same_shunk_as_secitem(signature, siBuffer);
+ const SECItem expected_hash_secitem =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
ldbg(logger, "NSS RSA verify: decrypting signature is failed");
*fatal_diag = NULL;
return false;
}
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- *fatal_diag = NULL;
- return false;
- }
-
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

100 changes: 100 additions & 0 deletions base/comps/libreswan/CVE-2026-50722.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
From f35a51abd18af60bbc8cbad38c9e78b6aeecc22a Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 16:11:17 +0000
Subject: [PATCH] Use VFY_VerifyDigestDirect for PKCS1.1.5 RSA signature
verification

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
---
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
1 file changed, 14 insertions(+), 47 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a97590a..a68033b 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
shunk_t signature,
struct pubkey *pubkey,
- const struct hash_desc *unused_hash_algo UNUSED,
+ const struct hash_desc *hash_alg,
diag_t *fatal_diag,
struct logger *logger)
{
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ SECItem hash_item =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
- *fatal_diag = NULL;
- return false;
- }
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ /* NSS doesn't do const */
+ SECItem signature_item =
+ same_shunk_as_secitem(signature, siBuffer);
+
+ if (VFY_VerifyDigestDirect(&hash_item,
+ seckey_public,
+ &signature_item,
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
+ /*hash algorithm*/hash_alg->nss.oid_tag,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
*fatal_diag = NULL;
return false;
}

- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

11 changes: 11 additions & 0 deletions base/comps/libreswan/libreswan.comp.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[components.libreswan]

[[components.libreswan.overlays]]
description = "Fix CVE-2026-50721 — https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch"
type = "patch-add"
source = "CVE-2026-50721.patch"

[[components.libreswan.overlays]]
description = "Fix CVE-2026-50722 — https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch"
type = "patch-add"
source = "CVE-2026-50722.patch"
2 changes: 1 addition & 1 deletion locks/libreswan.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
version = 1
import-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
upstream-commit = '3a4974c4c3f418736c3a1f328720796bc4f36a19'
input-fingerprint = 'sha256:ce58265c0c545f1ea50a9907a30651ef6404c380df259c48b65aa869ce0a8c59'
input-fingerprint = 'sha256:2a3863c2d924c465f857cde6030cca93473fb008b29cd3c4c75320b640ec900f'
resolution-input-hash = 'sha256:466421704711c4fd3c71f0b2ed715a0e61d49e3e26f3a2637fee755795849c8e'
83 changes: 83 additions & 0 deletions specs/l/libreswan/CVE-2026-50721.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
From 2b5d941de127e26dab367da8d789511966e2c233 Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 16:15:12 +0000
Subject: [PATCH] lib/libswan: use PK11_Verify for raw RSA signature auth

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50721/libreswan-5.3-CVE-2026-50721.patch
---
lib/libswan/pubkey_rsa.c | 52 +++++-----------------------------------
1 file changed, 6 insertions(+), 46 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a68033b..824a30c 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -406,58 +406,18 @@ static bool RSA_authenticate_signature_raw_rsa(const struct crypt_mac *expected_
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ const SECItem signature_secitem =
+ same_shunk_as_secitem(signature, siBuffer);
+ const SECItem expected_hash_secitem =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ if (PK11_Verify(seckey_public, &signature_secitem, &expected_hash_secitem,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
ldbg(logger, "NSS RSA verify: decrypting signature is failed");
*fatal_diag = NULL;
return false;
}
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- *fatal_diag = NULL;
- return false;
- }
-
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

100 changes: 100 additions & 0 deletions specs/l/libreswan/CVE-2026-50722.patch
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
From f35a51abd18af60bbc8cbad38c9e78b6aeecc22a Mon Sep 17 00:00:00 2001
From: AllSpark <allspark@microsoft.com>
Date: Sat, 4 Jul 2026 16:11:17 +0000
Subject: [PATCH] Use VFY_VerifyDigestDirect for PKCS1.1.5 RSA signature
verification

Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
Upstream-reference AI Backport of: https://libreswan.org/security/CVE-2026-50722/libreswan-5.3-CVE-2026-50722.patch
---
lib/libswan/pubkey_rsa.c | 61 +++++++++-------------------------------
1 file changed, 14 insertions(+), 47 deletions(-)

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index a97590a..a68033b 100644
--- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -533,7 +533,7 @@ static struct hash_signature RSA_pkcs1_1_5_sign_hash(const struct secret_pubkey_
static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
shunk_t signature,
struct pubkey *pubkey,
- const struct hash_desc *unused_hash_algo UNUSED,
+ const struct hash_desc *hash_alg,
diag_t *fatal_diag,
struct logger *logger)
{
@@ -551,58 +551,25 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
LDBG_hunk(logger, *expected_hash);
}

- /*
- * Use the same space used by the out going hash.
- */
-
- SECItem decrypted_signature = {
- .type = siBuffer,
- };
-
- if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- return false;
- }
-
/* NSS doesn't do const */
- const SECItem encrypted_signature = {
- .type = siBuffer,
- .data = DISCARD_CONST(unsigned char *, signature.ptr),
- .len = signature.len,
- };
+ SECItem hash_item =
+ same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);

- if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- lsw_nss_get_password_context(logger)) != SECSuccess) {
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- ldbg(logger, "NSS RSA verify: decrypting signature is failed");
- *fatal_diag = NULL;
- return false;
- }
-
- if (LDBGP(DBG_CRYPT, logger)) {
- LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- jam_string(buf, "NSS RSA verify: decrypted sig: ");
- jam_nss_secitem(buf, &decrypted_signature);
- }
- }
-
- /*
- * Expect the matching hash to appear at the end. See above
- * for length check. It may, or may not, be prefixed by a
- * PKCS#1 1.5 RSA ASN.1 blob.
- */
- passert(decrypted_signature.len >= expected_hash->len);
- uint8_t *start = (decrypted_signature.data
- + decrypted_signature.len
- - expected_hash->len);
- if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- ldbg(logger, "RSA Signature NOT verified");
- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+ /* NSS doesn't do const */
+ SECItem signature_item =
+ same_shunk_as_secitem(signature, siBuffer);
+
+ if (VFY_VerifyDigestDirect(&hash_item,
+ seckey_public,
+ &signature_item,
+ /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
+ /*hash algorithm*/hash_alg->nss.oid_tag,
+ lsw_nss_get_password_context(logger)) != SECSuccess) {
+ ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
*fatal_diag = NULL;
return false;
}

- SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
*fatal_diag = NULL;
return true;
}
--
2.45.4

Loading
Loading