microsoft · jslobodzian · Apr 22, 2026 · Apr 20, 2026
@@ -0,0 +1,33 @@
+From a1c1ce6a37d05e0a70d463667a199c2a9c772680 Mon Sep 17 00:00:00 2001
+From: Alexandr Nedvedicky <sashan@openssl.org>
+Date: Wed, 25 Mar 2026 11:15:05 +0100
+Subject: [PATCH 02/11] Fix NULL Dereference When Delta CRL Lacks CRL Number
+ Extension
+
+Fixes: CVE-2026-28388
+Resolves: https://github.com/openssl/srt/issues/77
+Co-Authored-by: Igor Morgenstern <igor.morgenstern@aisle.com>
+
+Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Tue Apr  7 12:13:20 2026
+---
+ crypto/x509/x509_vfy.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index bc46ae8352..ea51bb28f5 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -1136,6 +1136,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+         return 0;
+     /* Delta CRL number must exceed full CRL number */
++    if (delta->crl_number == NULL)
++        return 0;
+     if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+         return 1;
+     return 0;
+-- 
+2.45.4
+
@@ -0,0 +1,107 @@
+From 114e959f0405ae860a4b4f95f7a12e60afc8843a Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@openssl.org>
+Date: Wed, 25 Mar 2026 11:11:02 +0100
+Subject: [PATCH 03/11] Fix NULL deref in [ec]dh_cms_set_shared_info
+
+Multiple independent reports indicated a SIGSEGV was possible in CMS
+processing when a crafted CMS EnvelopedData message using A Key
+Agreement Recipient Info field.  If the
+KeyEncryptionAlgorithmIdentifier omits the optional parameter field, the
+referenced functions above will attempt to dereference the
+alg->parameter data prior to checking if the parameter field is NULL.
+
+Confirmed to resolve the issues using the reproducers provided in the
+security reports.
+
+Fixes: CVE-2026-28389
+Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
+
+Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Tue Apr  7 12:26:51 2026
+---
+ crypto/dh/dh_ameth.c | 13 +++++++++----
+ crypto/ec/ec_ameth.c | 16 ++++++++++++----
+ 2 files changed, 21 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/dh/dh_ameth.c b/crypto/dh/dh_ameth.c
+index 576409ccb5..6615cb9837 100644
+--- a/crypto/dh/dh_ameth.c
++++ b/crypto/dh/dh_ameth.c
+@@ -681,15 +681,20 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+     int keylen, plen;
+     const EVP_CIPHER *kekcipher;
+     EVP_CIPHER_CTX *kekctx;
++    const ASN1_OBJECT *aoid;
++    const void *parameter = NULL;
++    int ptype = 0;
+
+     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+         goto err;
+
++    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
++
+     /*
+      * For DH we only have one OID permissible. If ever any more get defined
+      * we will need something cleverer.
+      */
+-    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
++    if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
+         DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+         goto err;
+     }
+@@ -700,11 +705,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+     if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+         goto err;
+
+-    if (alg->parameter->type != V_ASN1_SEQUENCE)
++    if (ptype != V_ASN1_SEQUENCE)
+         goto err;
+
+-    p = alg->parameter->value.sequence->data;
+-    plen = alg->parameter->value.sequence->length;
++    p = ASN1_STRING_get0_data(parameter);
++    plen = ASN1_STRING_length(parameter);
+     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+     if (!kekalg)
+         goto err;
+diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
+index 5a63590a9f..597d0311b5 100644
+--- a/crypto/ec/ec_ameth.c
++++ b/crypto/ec/ec_ameth.c
+@@ -749,20 +749,28 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+     int plen, keylen;
+     const EVP_CIPHER *kekcipher;
+     EVP_CIPHER_CTX *kekctx;
++    const ASN1_OBJECT *aoid = NULL;
++    int ptype = 0;
++    const void *parameter = NULL;
+
+     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+         return 0;
+
+-    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
++    if (alg->parameter == NULL)
++        return 0;
++
++    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
++
++    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
+         ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);
+         return 0;
+     }
+
+-    if (alg->parameter->type != V_ASN1_SEQUENCE)
++    if (ptype != V_ASN1_SEQUENCE)
+         return 0;
+
+-    p = alg->parameter->value.sequence->data;
+-    plen = alg->parameter->value.sequence->length;
++    p = ASN1_STRING_get0_data(parameter);
++    plen = ASN1_STRING_length(parameter);
+     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+     if (!kekalg)
+         goto err;
+-- 
+2.45.4
+
@@ -0,0 +1,88 @@
+From ac48e58ee5824062a320b81b4ef81e9b95dd9245 Mon Sep 17 00:00:00 2001
+From: Neil Horman <nhorman@openssl.org>
+Date: Tue, 7 Apr 2026 08:33:33 +0200
+Subject: [PATCH 05/11] Fix NULL deref in rsa_cms_decrypt
+
+Very simmilar to CVE-2026-28389, ensure that if we are missing
+parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo,
+we don't segfault when decrypting.
+
+Fixes: CVE-2026-28390
+Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
+
+Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Tue Apr  7 12:26:54 2026
+---
+ crypto/rsa/rsa_ameth.c | 30 ++++++++++++++++++++----------
+ 1 file changed, 20 insertions(+), 10 deletions(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index 00ed9820b0..b06b106ad1 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -922,10 +922,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+     X509_ALGOR *cmsalg;
+     int nid;
+     int rv = -1;
+-    unsigned char *label = NULL;
++    const unsigned char *label = NULL;
+     int labellen = 0;
+     const EVP_MD *mgf1md = NULL, *md = NULL;
+     RSA_OAEP_PARAMS *oaep;
++    const ASN1_OBJECT *aoid;
++    const void *parameter = NULL;
++    int ptype = 0;
+
+     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+     if (pkctx == NULL)
+@@ -955,21 +958,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+         goto err;
+
+     if (oaep->pSourceFunc != NULL) {
+-        X509_ALGOR *plab = oaep->pSourceFunc;
++        X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
+
+-        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
++        if (OBJ_obj2nid(aoid) != NID_pSpecified) {
+             RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
+             goto err;
+         }
+-        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
++        if (ptype != V_ASN1_OCTET_STRING) {
+             RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
+             goto err;
+         }
+
+-        label = plab->parameter->value.octet_string->data;
+-        /* Stop label being freed when OAEP parameters are freed */
+-        plab->parameter->value.octet_string->data = NULL;
+-        labellen = plab->parameter->value.octet_string->length;
++        label = ASN1_STRING_get0_data(parameter);
++        labellen = ASN1_STRING_length(parameter);
+     }
+
+     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+@@ -978,8 +979,17 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+         goto err;
+     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+         goto err;
+-    if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+-        goto err;
++    if (label != NULL) {
++        unsigned char *dup_label = OPENSSL_memdup(label, labellen);
++
++        if (dup_label == NULL)
++            goto err;
++
++        if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
++            OPENSSL_free(dup_label);
++            goto err;
++        }
++    }
+     /* Carry on */
+     rv = 1;
+
+-- 
+2.45.4
+
@@ -0,0 +1,32 @@
+From cd99a872da3ede64ee848f4a937c310454241c2c Mon Sep 17 00:00:00 2001
+From: Alexandr Nedvedicky <sashan@openssl.org>
+Date: Wed, 25 Mar 2026 12:04:19 +0100
+Subject: [PATCH 01/11] dane_match_cert() should X509_free() on mcert instead
+ of OPENSSL_free()
+
+Fixes: 170b735820ac "DANE support for X509_verify_cert()"
+Fixes: CVE-2026-28387
+
+Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
+MergeDate: Tue Apr  7 12:08:19 2026
+---
+ crypto/x509/x509_vfy.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 66b532a165..bc46ae8352 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -2761,7 +2761,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+             if (matched || dane->mdpth < 0) {
+                 dane->mdpth = depth;
+                 dane->mtlsa = t;
+-                OPENSSL_free(dane->mcert);
++                X509_free(dane->mcert);
+                 dane->mcert = cert;
+                 X509_up_ref(cert);
+             }
+-- 
+2.45.4
+
@@ -4,7 +4,7 @@
 Summary:        Utilities from the general purpose cryptography library with TLS implementation
 Name:           openssl
 Version:        1.1.1k
-Release:        39%{?dist}
+Release:        40%{?dist}
 License:        OpenSSL
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -73,6 +73,10 @@ Patch49:        openssl-1.1.1-fix-OCB-AES-NI-HW-stream-path-unauthenticated-unen
 Patch50:        openssl-1.1.1-check-return-code-of-UTF8_putc.patch
 Patch51:        openssl-1.1.1-verify-ASN1-objects-types.patch
 Patch52:        openssl-1.1.1-check-oct-argument-for-NULL.patch
+Patch53:        openssl-1.1.1-dane_match_cert-should-X509_free-on-mcert-instead-of.patch
+Patch54:        openssl-1.1.1-Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number.patch
+Patch55:        openssl-1.1.1-Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch
+Patch56:        openssl-1.1.1-Fix-NULL-deref-in-rsa_cms_decrypt.patch
 
 BuildRequires:  perl-Test-Warnings
 BuildRequires:  perl-Text-Template
@@ -336,6 +340,12 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Mon Apr 20 2026 Kanishk Bansal <kanbansal@microsoft.com> - 1.1.1k-40
+- Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
+- Fix NULL deref in [ec]dh_cms_set_shared_info
+- Fix NULL deref in rsa_cms_decrypt
+- dane_match_cert() should X509_free() on mcert instead of OPENSSL_free()
+
 * Wed Mar 11 2026 Archana Shettigar <v-shettigara@microsoft.com> - 1.1.1k-39
 - Patch PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL
 

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-39.cm2.aarch64.rpm
-openssl-devel-1.1.1k-39.cm2.aarch64.rpm
-openssl-libs-1.1.1k-39.cm2.aarch64.rpm
-openssl-perl-1.1.1k-39.cm2.aarch64.rpm
-openssl-static-1.1.1k-39.cm2.aarch64.rpm
+openssl-1.1.1k-40.cm2.aarch64.rpm
+openssl-devel-1.1.1k-40.cm2.aarch64.rpm
+openssl-libs-1.1.1k-40.cm2.aarch64.rpm
+openssl-perl-1.1.1k-40.cm2.aarch64.rpm
+openssl-static-1.1.1k-40.cm2.aarch64.rpm
 libcap-2.60-7.cm2.aarch64.rpm
 libcap-devel-2.60-7.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm

@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-39.cm2.x86_64.rpm
-openssl-devel-1.1.1k-39.cm2.x86_64.rpm
-openssl-libs-1.1.1k-39.cm2.x86_64.rpm
-openssl-perl-1.1.1k-39.cm2.x86_64.rpm
-openssl-static-1.1.1k-39.cm2.x86_64.rpm
+openssl-1.1.1k-40.cm2.x86_64.rpm
+openssl-devel-1.1.1k-40.cm2.x86_64.rpm
+openssl-libs-1.1.1k-40.cm2.x86_64.rpm
+openssl-perl-1.1.1k-40.cm2.x86_64.rpm
+openssl-static-1.1.1k-40.cm2.x86_64.rpm
 libcap-2.60-7.cm2.x86_64.rpm
 libcap-devel-2.60-7.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm

@@ -270,12 +270,12 @@ npth-1.6-4.cm2.aarch64.rpm
 npth-debuginfo-1.6-4.cm2.aarch64.rpm
 npth-devel-1.6-4.cm2.aarch64.rpm
 ntsysv-1.20-4.cm2.aarch64.rpm
-openssl-1.1.1k-39.cm2.aarch64.rpm
-openssl-debuginfo-1.1.1k-39.cm2.aarch64.rpm
-openssl-devel-1.1.1k-39.cm2.aarch64.rpm
-openssl-libs-1.1.1k-39.cm2.aarch64.rpm
-openssl-perl-1.1.1k-39.cm2.aarch64.rpm
-openssl-static-1.1.1k-39.cm2.aarch64.rpm
+openssl-1.1.1k-40.cm2.aarch64.rpm
+openssl-debuginfo-1.1.1k-40.cm2.aarch64.rpm
+openssl-devel-1.1.1k-40.cm2.aarch64.rpm
+openssl-libs-1.1.1k-40.cm2.aarch64.rpm
+openssl-perl-1.1.1k-40.cm2.aarch64.rpm
+openssl-static-1.1.1k-40.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
 p11-kit-devel-0.24.1-1.cm2.aarch64.rpm

@@ -276,12 +276,12 @@ npth-1.6-4.cm2.x86_64.rpm
 npth-debuginfo-1.6-4.cm2.x86_64.rpm
 npth-devel-1.6-4.cm2.x86_64.rpm
 ntsysv-1.20-4.cm2.x86_64.rpm
-openssl-1.1.1k-39.cm2.x86_64.rpm
-openssl-debuginfo-1.1.1k-39.cm2.x86_64.rpm
-openssl-devel-1.1.1k-39.cm2.x86_64.rpm
-openssl-libs-1.1.1k-39.cm2.x86_64.rpm
-openssl-perl-1.1.1k-39.cm2.x86_64.rpm
-openssl-static-1.1.1k-39.cm2.x86_64.rpm
+openssl-1.1.1k-40.cm2.x86_64.rpm
+openssl-debuginfo-1.1.1k-40.cm2.x86_64.rpm
+openssl-devel-1.1.1k-40.cm2.x86_64.rpm
+openssl-libs-1.1.1k-40.cm2.x86_64.rpm
+openssl-perl-1.1.1k-40.cm2.x86_64.rpm
+openssl-static-1.1.1k-40.cm2.x86_64.rpm
 p11-kit-0.24.1-1.cm2.x86_64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm
 p11-kit-devel-0.24.1-1.cm2.x86_64.rpm