Version in base suite: 3.0.18-1~deb12u1 Base version: openssl_3.0.18-1~deb12u1 Target version: openssl_3.0.18-1~deb12u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openssl/openssl_3.0.18-1~deb12u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openssl/openssl_3.0.18-1~deb12u2.dsc changelog | 19 + patches/Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch | 27 ++ patches/Check-return-code-of-UTF8_putc.patch | 47 +++ patches/Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch | 26 ++ patches/Ensure-ASN1-types-are-checked-before-use.patch | 70 +++++ patches/Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch | 66 +++++ patches/Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch | 63 +++++ patches/Harden-ASN1_mbstring_ncopy.patch | 118 +++++++++ patches/Some-comments-to-clarify-functions-usage.patch | 53 ++++ patches/Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch | 120 ++++++++++ patches/Verify-ASN1-object-s-types-before-attempting-to-access-th.patch | 36 +++ patches/series | 10 12 files changed, 655 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpt1ic2n2y/openssl_3.0.18-1~deb12u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpt1ic2n2y/openssl_3.0.18-1~deb12u2.dsc: no acceptable signature found diff -Nru openssl-3.0.18/debian/changelog openssl-3.0.18/debian/changelog --- openssl-3.0.18/debian/changelog 2025-11-01 11:54:37.000000000 +0000 +++ openssl-3.0.18/debian/changelog 2026-01-24 15:01:59.000000000 +0000 @@ -1,3 +1,22 @@ +openssl (3.0.18-1~deb12u2) bookworm-security; urgency=medium + + * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing) + * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short + writes) + * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level + OCB function calls) + * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8 + conversion) + * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response() + function) + * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex + function) + * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing) + * CVE-2026-22796 (ASN1_TYPE Type Confusion in the + PKCS7_digest_from_attributes() function) + + -- Sebastian Andrzej Siewior Sat, 24 Jan 2026 16:01:59 +0100 + openssl (3.0.18-1~deb12u1) bookworm; urgency=medium * Import 3.0.18 diff -Nru openssl-3.0.18/debian/patches/Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch openssl-3.0.18/debian/patches/Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch --- openssl-3.0.18/debian/patches/Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,27 @@ +From: Andrew Dinh +Date: Thu, 8 Jan 2026 01:24:30 +0900 +Subject: Add NULL check to PKCS12_item_decrypt_d2i_ex + +Address CVE-2025-69421 + +Add NULL check for oct parameter +--- + crypto/pkcs12/p12_decr.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c +index a5adafa954a3..2e14a49efa04 100644 +--- a/crypto/pkcs12/p12_decr.c ++++ b/crypto/pkcs12/p12_decr.c +@@ -137,6 +137,11 @@ void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, + void *ret; + int outlen = 0; + ++ if (oct == NULL) { ++ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); ++ return NULL; ++ } ++ + if (!PKCS12_pbe_crypt_ex(algor, pass, passlen, oct->data, oct->length, + &out, &outlen, 0, libctx, propq)) + return NULL; diff -Nru openssl-3.0.18/debian/patches/Check-return-code-of-UTF8_putc.patch openssl-3.0.18/debian/patches/Check-return-code-of-UTF8_putc.patch --- openssl-3.0.18/debian/patches/Check-return-code-of-UTF8_putc.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Check-return-code-of-UTF8_putc.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,47 @@ +From: Norbert Pocs +Date: Thu, 11 Dec 2025 12:49:00 +0100 +Subject: Check return code of UTF8_putc + +Signed-off-by: Norbert Pocs + +Reviewed-by: Nikola Pajkovsky +Reviewed-by: Viktor Dukhovni +(Merged from https://github.com/openssl/openssl/pull/29376) +--- + crypto/asn1/a_strex.c | 6 ++++-- + crypto/pkcs12/p12_utl.c | 5 +++++ + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c +index a6049f7dd2ed..a490dfe12459 100644 +--- a/crypto/asn1/a_strex.c ++++ b/crypto/asn1/a_strex.c +@@ -204,8 +204,10 @@ static int do_buf(unsigned char *buf, int buflen, + orflags = CHARTYPE_LAST_ESC_2253; + if (type & BUF_TYPE_CONVUTF8) { + unsigned char utfbuf[6]; +- int utflen; +- utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ int utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); ++ ++ if (utflen < 0) ++ return -1; /* error happened with UTF8 */ + for (i = 0; i < utflen; i++) { + /* + * We don't need to worry about setting orflags correctly +diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c +index 3afc8b2f13c9..dfd88298869d 100644 +--- a/crypto/pkcs12/p12_utl.c ++++ b/crypto/pkcs12/p12_utl.c +@@ -212,6 +212,11 @@ char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen) + /* re-run the loop emitting UTF-8 string */ + for (asclen = 0, i = 0; i < unilen; ) { + j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i); ++ /* when UTF8_putc fails */ ++ if (j < 0) { ++ OPENSSL_free(asctmp); ++ return NULL; ++ } + if (j == 4) i += 4; + else i += 2; + asclen += j; diff -Nru openssl-3.0.18/debian/patches/Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch openssl-3.0.18/debian/patches/Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch --- openssl-3.0.18/debian/patches/Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,26 @@ +From: Igor Ustinov +Date: Mon, 12 Jan 2026 12:19:59 +0100 +Subject: Correct handling of AEAD-encrypted CMS with inadmissibly long IV + +Fixes CVE-2025-15467 +--- + crypto/evp/evp_lib.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c +index 4f3d901eba5d..55cc9ca36dfd 100644 +--- a/crypto/evp/evp_lib.c ++++ b/crypto/evp/evp_lib.c +@@ -249,10 +249,9 @@ int evp_cipher_get_asn1_aead_params(EVP_CIPHER_CTX *c, ASN1_TYPE *type, + if (type == NULL || asn1_params == NULL) + return 0; + +- i = ossl_asn1_type_get_octetstring_int(type, &tl, NULL, EVP_MAX_IV_LENGTH); +- if (i <= 0) ++ i = ossl_asn1_type_get_octetstring_int(type, &tl, iv, EVP_MAX_IV_LENGTH); ++ if (i <= 0 || i > EVP_MAX_IV_LENGTH) + return -1; +- ossl_asn1_type_get_octetstring_int(type, &tl, iv, i); + + memcpy(asn1_params->iv, iv, i); + asn1_params->iv_len = i; diff -Nru openssl-3.0.18/debian/patches/Ensure-ASN1-types-are-checked-before-use.patch openssl-3.0.18/debian/patches/Ensure-ASN1-types-are-checked-before-use.patch --- openssl-3.0.18/debian/patches/Ensure-ASN1-types-are-checked-before-use.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Ensure-ASN1-types-are-checked-before-use.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,70 @@ +From: Bob Beck +Date: Wed, 7 Jan 2026 11:29:48 -0700 +Subject: Ensure ASN1 types are checked before use. + +Some of these were fixed by LibreSSL in commit https://github.com/openbsd/src/commit/aa1f637d454961d22117b4353f98253e984b3ba8 +this fix includes the other fixes in that commit, as well as fixes for others found by a scan +for a similar unvalidated access paradigm in the tree. + +Reviewed-by: Kurt Roeckx +Reviewed-by: Shane Lontis +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/29582) +--- + apps/s_client.c | 3 ++- + crypto/pkcs12/p12_kiss.c | 10 ++++++++-- + crypto/pkcs7/pk7_doit.c | 2 ++ + 3 files changed, 12 insertions(+), 3 deletions(-) + +diff --git a/apps/s_client.c b/apps/s_client.c +index efa2879ca0e7..e450eee8cfb5 100644 +--- a/apps/s_client.c ++++ b/apps/s_client.c +@@ -2650,8 +2650,9 @@ int s_client_main(int argc, char **argv) + goto end; + } + atyp = ASN1_generate_nconf(genstr, cnf); +- if (atyp == NULL) { ++ if (atyp == NULL || atyp->type != V_ASN1_SEQUENCE) { + NCONF_free(cnf); ++ ASN1_TYPE_free(atyp); + BIO_printf(bio_err, "ASN1_generate_nconf failed\n"); + goto end; + } +diff --git a/crypto/pkcs12/p12_kiss.c b/crypto/pkcs12/p12_kiss.c +index 229b34cf6429..d7e5f2ce46af 100644 +--- a/crypto/pkcs12/p12_kiss.c ++++ b/crypto/pkcs12/p12_kiss.c +@@ -190,11 +190,17 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, + ASN1_BMPSTRING *fname = NULL; + ASN1_OCTET_STRING *lkid = NULL; + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) ++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName))) { ++ if (attrib->type != V_ASN1_BMPSTRING) ++ return 0; + fname = attrib->value.bmpstring; ++ } + +- if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) ++ if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID))) { ++ if (attrib->type != V_ASN1_OCTET_STRING) ++ return 0; + lkid = attrib->value.octet_string; ++ } + + switch (PKCS12_SAFEBAG_get_nid(bag)) { + case NID_keyBag: +diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c +index ad9416d423b5..1e625b70f9a9 100644 +--- a/crypto/pkcs7/pk7_doit.c ++++ b/crypto/pkcs7/pk7_doit.c +@@ -1185,6 +1185,8 @@ ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) + ASN1_TYPE *astype; + if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) + return NULL; ++ if (astype->type != V_ASN1_OCTET_STRING) ++ return NULL; + return astype->value.octet_string; + } + diff -Nru openssl-3.0.18/debian/patches/Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch openssl-3.0.18/debian/patches/Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch --- openssl-3.0.18/debian/patches/Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,66 @@ +From: Norbert Pocs +Date: Thu, 8 Jan 2026 15:04:54 +0100 +Subject: Fix OCB AES-NI/HW stream path unauthenticated/unencrypted trailing + bytes +MIME-Version: 1.0 +Content-Type: text/plain; charset="utf-8" +Content-Transfer-Encoding: 8bit + +When ctx->stream (e.g., AES‑NI or ARMv8 CE) is available, the fast path +encrypts/decrypts full blocks but does not advance in/out pointers. The +tail-handling code then operates on the base pointers, effectively reprocessing +the beginning of the buffer while leaving the actual trailing bytes +unencrypted (encryption) or using the wrong plaintext (decryption). The +authentication checksum excludes the true tail. + +CVE-2025-69418 + +Fixes: https://github.com/openssl/srt/issues/58 + +Signed-off-by: Norbert Pocs +--- + crypto/modes/ocb128.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/crypto/modes/ocb128.c b/crypto/modes/ocb128.c +index b5202ba5bd56..95601dadf184 100644 +--- a/crypto/modes/ocb128.c ++++ b/crypto/modes/ocb128.c +@@ -342,7 +342,7 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, + + if (num_blocks && all_num_blocks == (size_t)all_num_blocks + && ctx->stream != NULL) { +- size_t max_idx = 0, top = (size_t)all_num_blocks; ++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0; + + /* + * See how many L_{i} entries we need to process data at hand +@@ -356,6 +356,9 @@ int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, + ctx->stream(in, out, num_blocks, ctx->keyenc, + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); ++ processed_bytes = num_blocks * 16; ++ in += processed_bytes; ++ out += processed_bytes; + } else { + /* Loop through all full blocks to be encrypted */ + for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) { +@@ -434,7 +437,7 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, + + if (num_blocks && all_num_blocks == (size_t)all_num_blocks + && ctx->stream != NULL) { +- size_t max_idx = 0, top = (size_t)all_num_blocks; ++ size_t max_idx = 0, top = (size_t)all_num_blocks, processed_bytes = 0; + + /* + * See how many L_{i} entries we need to process data at hand +@@ -448,6 +451,9 @@ int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, + ctx->stream(in, out, num_blocks, ctx->keydec, + (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c, + (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c); ++ processed_bytes = num_blocks * 16; ++ in += processed_bytes; ++ out += processed_bytes; + } else { + OCB_BLOCK tmp; + diff -Nru openssl-3.0.18/debian/patches/Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch openssl-3.0.18/debian/patches/Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch --- openssl-3.0.18/debian/patches/Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,63 @@ +From: Neil Horman +Date: Wed, 7 Jan 2026 11:52:09 -0500 +Subject: Fix heap buffer overflow in BIO_f_linebuffer + +When a FIO_f_linebuffer is part of a bio chain, and the next BIO +preforms short writes, the remainder of the unwritten buffer is copied +unconditionally to the internal buffer ctx->obuf, which may not be +sufficiently sized to handle the remaining data, resulting in a buffer +overflow. + +Fix it by only copying data when ctx->obuf has space, flushing to the +next BIO to increase available storage if needed. + +Fixes CVE-2025-68160 +--- + crypto/bio/bf_lbuf.c | 32 ++++++++++++++++++++++++++------ + 1 file changed, 26 insertions(+), 6 deletions(-) + +diff --git a/crypto/bio/bf_lbuf.c b/crypto/bio/bf_lbuf.c +index 6908e64d3652..2eab35af6724 100644 +--- a/crypto/bio/bf_lbuf.c ++++ b/crypto/bio/bf_lbuf.c +@@ -189,14 +189,34 @@ static int linebuffer_write(BIO *b, const char *in, int inl) + while (foundnl && inl > 0); + /* + * We've written as much as we can. The rest of the input buffer, if +- * any, is text that doesn't and with a NL and therefore needs to be +- * saved for the next trip. ++ * any, is text that doesn't end with a NL and therefore we need to try ++ * free up some space in our obuf so we can make forward progress. + */ +- if (inl > 0) { +- memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl); +- ctx->obuf_len += inl; +- num += inl; ++ while (inl > 0) { ++ size_t avail = (size_t)ctx->obuf_size - (size_t)ctx->obuf_len; ++ size_t to_copy; ++ ++ if (avail == 0) { ++ /* Flush buffered data to make room */ ++ i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len); ++ if (i <= 0) { ++ BIO_copy_next_retry(b); ++ return num > 0 ? num : i; ++ } ++ if (i < ctx->obuf_len) ++ memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i); ++ ctx->obuf_len -= i; ++ continue; ++ } ++ ++ to_copy = inl > (int)avail ? avail : (size_t)inl; ++ memcpy(&(ctx->obuf[ctx->obuf_len]), in, to_copy); ++ ctx->obuf_len += (int)to_copy; ++ in += to_copy; ++ inl -= (int)to_copy; ++ num += (int)to_copy; + } ++ + return num; + } + diff -Nru openssl-3.0.18/debian/patches/Harden-ASN1_mbstring_ncopy.patch openssl-3.0.18/debian/patches/Harden-ASN1_mbstring_ncopy.patch --- openssl-3.0.18/debian/patches/Harden-ASN1_mbstring_ncopy.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Harden-ASN1_mbstring_ncopy.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,118 @@ +From: Norbert Pocs +Date: Thu, 11 Dec 2025 12:38:16 +0100 +Subject: Harden ASN1_mbstring_ncopy + +Reported by Murali Aniruddhan + +Signed-off-by: Norbert Pocs + +Reviewed-by: Nikola Pajkovsky +Reviewed-by: Viktor Dukhovni +(Merged from https://github.com/openssl/openssl/pull/29376) +--- + crypto/asn1/a_mbstr.c | 35 ++++++++++++++++++++++++++++++++--- + test/asn1_internal_test.c | 17 +++++++++++++++++ + 2 files changed, 49 insertions(+), 3 deletions(-) + +diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c +index bca1458ad6a1..964000383ae0 100644 +--- a/crypto/asn1/a_mbstr.c ++++ b/crypto/asn1/a_mbstr.c +@@ -114,7 +114,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + return -1; + } + +- /* Now work out output format and string type */ ++ /* ++ * Now work out output format and string type. ++ * These checks should be in sync with the checks in type_str. ++ */ + outform = MBSTRING_ASC; + if (mask & B_ASN1_NUMERICSTRING) + str_type = V_ASN1_NUMERICSTRING; +@@ -182,7 +185,11 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, + + case MBSTRING_UTF8: + outlen = 0; +- traverse_string(in, len, inform, out_utf8, &outlen); ++ ret = traverse_string(in, len, inform, out_utf8, &outlen); ++ if (ret < 0) { ++ ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); ++ return -1; ++ } + cpyfunc = cpy_utf8; + break; + } +@@ -278,9 +285,29 @@ static int out_utf8(unsigned long value, void *arg) + + static int type_str(unsigned long value, void *arg) + { +- unsigned long types = *((unsigned long *)arg); ++ unsigned long usable_types = *((unsigned long *)arg); ++ unsigned long types = usable_types; + const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); + ++ /* ++ * Clear out all the types which are not checked later. If any of those ++ * is present in the mask, then the UTF8 type will be added and checked ++ * below. ++ */ ++ types &= B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING ++ | B_ASN1_IA5STRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING ++ | B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING; ++ ++ /* ++ * If any other types were in the input mask, they're effectively treated ++ * as UTF8 ++ */ ++ if (types != usable_types) ++ types |= B_ASN1_UTF8STRING; ++ ++ /* ++ * These checks should be in sync with ASN1_mbstring_ncopy. ++ */ + if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) + || native == ' ')) + types &= ~B_ASN1_NUMERICSTRING; +@@ -349,6 +376,8 @@ static int cpy_utf8(unsigned long value, void *arg) + p = arg; + /* We already know there is enough room so pass 0xff as the length */ + ret = UTF8_putc(*p, 0xff, value); ++ if (ret < 0) ++ return ret; + *p += ret; + return 1; + } +diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c +index 61e4265c8b71..18869fcbe64c 100644 +--- a/test/asn1_internal_test.c ++++ b/test/asn1_internal_test.c +@@ -190,11 +190,28 @@ static int test_unicode_range(void) + return ok; + } + ++static int test_mbstring_ncopy(void) ++{ ++ ASN1_STRING *str = NULL; ++ const unsigned char in[] = { 0xFF, 0xFE, 0xFF, 0xFE }; ++ int inlen = 4; ++ int inform = MBSTRING_UNIV; ++ ++ if (!TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALSTRING, 0, 0), -1) ++ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VISIBLESTRING, 0, 0), -1) ++ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_VIDEOTEXSTRING, 0, 0), -1) ++ || !TEST_int_eq(ASN1_mbstring_ncopy(&str, in, inlen, inform, B_ASN1_GENERALIZEDTIME, 0, 0), -1)) ++ return 0; ++ ++ return 1; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_tbl_standard); + ADD_TEST(test_standard_methods); + ADD_TEST(test_empty_nonoptional_content); + ADD_TEST(test_unicode_range); ++ ADD_TEST(test_mbstring_ncopy); + return 1; + } diff -Nru openssl-3.0.18/debian/patches/Some-comments-to-clarify-functions-usage.patch openssl-3.0.18/debian/patches/Some-comments-to-clarify-functions-usage.patch --- openssl-3.0.18/debian/patches/Some-comments-to-clarify-functions-usage.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Some-comments-to-clarify-functions-usage.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,53 @@ +From: Igor Ustinov +Date: Mon, 12 Jan 2026 12:21:21 +0100 +Subject: Some comments to clarify functions usage + +--- + crypto/asn1/evp_asn1.c | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c +index 13d8ed3893ab..6aca0117bc11 100644 +--- a/crypto/asn1/evp_asn1.c ++++ b/crypto/asn1/evp_asn1.c +@@ -60,6 +60,12 @@ static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, + oct->flags = 0; + } + ++/* ++ * This function copies 'anum' to 'num' and the data of 'oct' to 'data'. ++ * If the length of 'data' > 'max_len', copies only the first 'max_len' ++ * bytes, but returns the full length of 'oct'; this allows distinguishing ++ * whether all the data was copied. ++ */ + static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, + long *num, unsigned char *data, int max_len) + { +@@ -106,6 +112,13 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, + return 0; + } + ++/* ++ * This function decodes an int-octet sequence and copies the integer to 'num' ++ * and the data of octet to 'data'. ++ * If the length of 'data' > 'max_len', copies only the first 'max_len' ++ * bytes, but returns the full length of 'oct'; this allows distinguishing ++ * whether all the data was copied. ++ */ + int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len) + { +@@ -162,6 +175,13 @@ int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, + return 0; + } + ++/* ++ * This function decodes an octet-int sequence and copies the data of octet ++ * to 'data' and the integer to 'num'. ++ * If the length of 'data' > 'max_len', copies only the first 'max_len' ++ * bytes, but returns the full length of 'oct'; this allows distinguishing ++ * whether all the data was copied. ++ */ + int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len) + { diff -Nru openssl-3.0.18/debian/patches/Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch openssl-3.0.18/debian/patches/Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch --- openssl-3.0.18/debian/patches/Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,120 @@ +From: Igor Ustinov +Date: Sun, 11 Jan 2026 12:11:37 +0100 +Subject: Test for handling of AEAD-encrypted CMS with inadmissibly long IV + +--- + test/cmsapitest.c | 39 ++++++++++++++++++++-- + test/recipes/80-test_cmsapi.t | 3 +- + .../80-test_cmsapi_data/encDataWithTooLongIV.pem | 11 ++++++ + 3 files changed, 50 insertions(+), 3 deletions(-) + create mode 100644 test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem + +diff --git a/test/cmsapitest.c b/test/cmsapitest.c +index dbb05cd49622..93a4b8ff8b56 100644 +--- a/test/cmsapitest.c ++++ b/test/cmsapitest.c +@@ -9,16 +9,17 @@ + + #include + ++#include + #include + #include + #include +-#include + + #include "testutil.h" + + static X509 *cert = NULL; + static EVP_PKEY *privkey = NULL; + static char *derin = NULL; ++static char *too_long_iv_cms_in = NULL; + + static int test_encrypt_decrypt(const EVP_CIPHER *cipher) + { +@@ -356,6 +357,38 @@ static int test_d2i_CMS_decode(const int idx) + return ret; + } + ++static int test_cms_aesgcm_iv_too_long(void) ++{ ++ int ret = 0; ++ BIO *cmsbio = NULL, *out = NULL; ++ CMS_ContentInfo *cms = NULL; ++ unsigned long err = 0; ++ ++ if (!TEST_ptr(cmsbio = BIO_new_file(too_long_iv_cms_in, "r"))) ++ goto end; ++ ++ if (!TEST_ptr(cms = PEM_read_bio_CMS(cmsbio, NULL, NULL, NULL))) ++ goto end; ++ ++ /* Must fail cleanly (no crash) */ ++ if (!TEST_false(CMS_decrypt(cms, privkey, cert, NULL, out, 0))) ++ goto end; ++ err = ERR_peek_last_error(); ++ if (!TEST_ulong_ne(err, 0)) ++ goto end; ++ if (!TEST_int_eq(ERR_GET_LIB(err), ERR_LIB_CMS)) ++ goto end; ++ if (!TEST_int_eq(ERR_GET_REASON(err), CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR)) ++ goto end; ++ ++ ret = 1; ++end: ++ CMS_ContentInfo_free(cms); ++ BIO_free(cmsbio); ++ BIO_free(out); ++ return ret; ++} ++ + OPT_TEST_DECLARE_USAGE("certfile privkeyfile derfile\n") + + int setup_tests(void) +@@ -370,7 +403,8 @@ int setup_tests(void) + + if (!TEST_ptr(certin = test_get_argument(0)) + || !TEST_ptr(privkeyin = test_get_argument(1)) +- || !TEST_ptr(derin = test_get_argument(2))) ++ || !TEST_ptr(derin = test_get_argument(2)) ++ || !TEST_ptr(too_long_iv_cms_in = test_get_argument(3))) + return 0; + + certbio = BIO_new_file(certin, "r"); +@@ -402,6 +436,7 @@ int setup_tests(void) + ADD_TEST(test_encrypt_decrypt_aes_256_gcm); + ADD_TEST(test_d2i_CMS_bio_NULL); + ADD_ALL_TESTS(test_d2i_CMS_decode, 2); ++ ADD_TEST(test_cms_aesgcm_iv_too_long); + return 1; + } + +diff --git a/test/recipes/80-test_cmsapi.t b/test/recipes/80-test_cmsapi.t +index af00355a9d66..182629e71a06 100644 +--- a/test/recipes/80-test_cmsapi.t ++++ b/test/recipes/80-test_cmsapi.t +@@ -18,5 +18,6 @@ plan tests => 1; + + ok(run(test(["cmsapitest", srctop_file("test", "certs", "servercert.pem"), + srctop_file("test", "certs", "serverkey.pem"), +- srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der")])), ++ srctop_file("test", "recipes", "80-test_cmsapi_data", "encryptedData.der"), ++ srctop_file("test", "recipes", "80-test_cmsapi_data", "encDataWithTooLongIV.pem")])), + "running cmsapitest"); +diff --git a/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem +new file mode 100644 +index 000000000000..4323cd2fb0c1 +--- /dev/null ++++ b/test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem +@@ -0,0 +1,11 @@ ++-----BEGIN CMS----- ++MIIBmgYLKoZIhvcNAQkQARegggGJMIIBhQIBADGCATMwggEvAgEAMBcwEjEQMA4G ++A1UEAwwHUm9vdCBDQQIBAjANBgkqhkiG9w0BAQEFAASCAQC8ZqP1OqbletcUre1V ++b4XOobZzQr6wKMSsdjtGzVbZowUVv5DkOn9VOefrpg4HxMq/oi8IpzVYj8ZiKRMV ++NTJ+/d8FwwBwUUNNP/IDnfEpX+rT1+pGS5zAa7NenLoZgGBNjPy5I2OHP23fPnEd ++sm8YkFjzubkhAD1lod9pEOEqB3V2kTrTTiwzSNtMHggna1zPox6TkdZwFmMnp8d2 ++CVa6lIPGx26gFwCuIDSaavmQ2URJ615L8gAvpYUlpsDqjFsabWsbaOFbMz3bIGJu ++GkrX2ezX7CpuC1wjix26ojlTySJHv+L0IrpcaIzLlC5lB1rqtuija8dGm3rBNm/P ++AAUNMDcGCSqGSIb3DQEHATAjBglghkgBZQMEAQYwFgQRzxwoRQzOHVooVn3CpaWl ++paUCARCABUNdolo6BBA55E9hYaYO2S8C/ZnD8dRO ++-----END CMS----- diff -Nru openssl-3.0.18/debian/patches/Verify-ASN1-object-s-types-before-attempting-to-access-th.patch openssl-3.0.18/debian/patches/Verify-ASN1-object-s-types-before-attempting-to-access-th.patch --- openssl-3.0.18/debian/patches/Verify-ASN1-object-s-types-before-attempting-to-access-th.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.18/debian/patches/Verify-ASN1-object-s-types-before-attempting-to-access-th.patch 2026-01-24 12:19:52.000000000 +0000 @@ -0,0 +1,36 @@ +From: Bob Beck +Date: Wed, 7 Jan 2026 11:29:48 -0700 +Subject: Verify ASN1 object's types before attempting to access them as a + particular type + +Issue was reported in ossl_ess_get_signing_cert but is also present in +ossl_ess_get_signing_cert_v2. + +Fixes: https://github.com/openssl/srt/issues/61 +Fixes CVE-2025-69420 +--- + crypto/ts/ts_rsp_verify.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c +index 792a27ce572b..d940c49c6b47 100644 +--- a/crypto/ts/ts_rsp_verify.c ++++ b/crypto/ts/ts_rsp_verify.c +@@ -209,7 +209,7 @@ static ESS_SIGNING_CERT *ossl_ess_get_signing_cert(const PKCS7_SIGNER_INFO *si) + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate); +- if (attr == NULL) ++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length); +@@ -222,7 +222,7 @@ ESS_SIGNING_CERT_V2 *ossl_ess_get_signing_cert_v2(const PKCS7_SIGNER_INFO *si) + const unsigned char *p; + + attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2); +- if (attr == NULL) ++ if (attr == NULL || attr->type != V_ASN1_SEQUENCE) + return NULL; + p = attr->value.sequence->data; + return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length); diff -Nru openssl-3.0.18/debian/patches/series openssl-3.0.18/debian/patches/series --- openssl-3.0.18/debian/patches/series 2025-11-01 11:50:22.000000000 +0000 +++ openssl-3.0.18/debian/patches/series 2026-01-24 12:19:52.000000000 +0000 @@ -7,3 +7,13 @@ Remove-the-provider-section.patch conf-Serialize-allocation-free-of-ssl_names.patch Fix-tests-for-new-default-security-level.patch +Correct-handling-of-AEAD-encrypted-CMS-with-inadmissibly-.patch +Some-comments-to-clarify-functions-usage.patch +Test-for-handling-of-AEAD-encrypted-CMS-with-inadmissibly.patch +Fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch +Fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch +Harden-ASN1_mbstring_ncopy.patch +Check-return-code-of-UTF8_putc.patch +Verify-ASN1-object-s-types-before-attempting-to-access-th.patch +Add-NULL-check-to-PKCS12_item_decrypt_d2i_ex.patch +Ensure-ASN1-types-are-checked-before-use.patch