fix(openssl): Security fixes for CVE-2026-45446, CVE-2026-42766, CVE-2026-42767, CVE-2026-42770

debian/changelog

@@ -1,3 +1,17 @@
+openssl (3.2.4-0deepin9) unstable; urgency=medium
+
+  * Security update: Fix 4 CVEs
+    - Incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV modes
+      Fixes: CVE-2026-45446
+    - NULL dereference in password-based CMS decryption
+      Fixes: CVE-2026-42766
+    - NULL pointer dereference in CRMF EncryptedValue decryption
+      Fixes: CVE-2026-42767
+    - Use local q parameter for DHX subgroup membership check
+      Fixes: CVE-2026-42770
+
+ -- deepin-ci-robot <packages@deepin.org>  Thu, 18 Jun 2026 02:30:00 +0800
+
 openssl (3.2.4-0deepin8) unstable; urgency=medium
 
   * Security update: Import 7 patches from upstream

debian/patches/CVE-2026-42766.patch

@@ -0,0 +1,19 @@
+Index: openssl/crypto/cms/cms_pwri.c
+===================================================================
+--- openssl.orig/crypto/cms/cms_pwri.c
++++ openssl/crypto/cms/cms_pwri.c
+@@ -356,8 +356,14 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
+         goto err;
+     }
+
++
+     algtmp = pwri->keyDerivationAlgorithm;
+
++    if (algtmp == NULL) {
++        ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
++        goto err;
++    }
++
+     /* Finish password based key derivation to setup key in "ctx" */
+
+     if (EVP_PBE_CipherInit(algtmp->algorithm,

debian/patches/CVE-2026-42767.patch

@@ -0,0 +1,29 @@
+Index: openssl/crypto/crmf/crmf_lib.c
+===================================================================
+--- openssl.orig/crypto/crmf/crmf_lib.c
++++ openssl/crypto/crmf/crmf_lib.c
+@@ -631,6 +631,7 @@ X509
+     EVP_CIPHER *cipher = NULL; /* used cipher */
+     int cikeysize = 0; /* key size from cipher */
+     unsigned char *iv = NULL; /* initial vector for symmetric encryption */
++    int iv_len; /* iv length */
+     unsigned char *outbuf = NULL; /* decryption output buffer */
+     const unsigned char *p = NULL; /* needed for decoding ASN1 */
+     int n, outlen = 0;
+@@ -668,11 +669,12 @@ X509
+                                   ecert->encSymmKey->length) <= 0)
+         goto end;
+
+-    if ((iv = OPENSSL_malloc(EVP_CIPHER_get_iv_length(cipher))) == NULL)
++    iv_len = EVP_CIPHER_get_iv_length(cipher);
++    if ((iv = OPENSSL_malloc(iv_len)) == NULL)
+         goto end;
+-    if (ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv,
+-                                  EVP_CIPHER_get_iv_length(cipher))
+-        != EVP_CIPHER_get_iv_length(cipher)) {
++    if (ecert->symmAlg->parameter == NULL
++        || ASN1_TYPE_get_octetstring(ecert->symmAlg->parameter, iv, iv_len)
++            != iv_len) {
+         ERR_raise(ERR_LIB_CRMF, CRMF_R_MALFORMED_IV);
+         goto end;
+     }

debian/patches/CVE-2026-42770.patch

@@ -0,0 +1,21 @@
+Index: openssl/providers/implementations/exchange/dh_exch.c
+===================================================================
+--- openssl.orig/providers/implementations/exchange/dh_exch.c
++++ openssl/providers/implementations/exchange/dh_exch.c
+@@ -113,12 +113,15 @@ static int dh_init(void *vpdhctx, void *vdh, const OSSL_PARAM params[])
+ static int dh_match_params(DH *priv, DH *peer)
+ {
+     int ret;
++    int ignore_q = 1;
+     FFC_PARAMS *dhparams_priv = ossl_dh_get0_params(priv);
+     FFC_PARAMS *dhparams_peer = ossl_dh_get0_params(peer);
+
++    if (dhparams_priv != NULL && dhparams_priv->q != NULL)
++        ignore_q = 0;
+     ret = dhparams_priv != NULL
+           && dhparams_peer != NULL
+-          && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, 1);
++          && ossl_ffc_params_cmp(dhparams_priv, dhparams_peer, ignore_q);
+     if (!ret)
+         ERR_raise(ERR_LIB_PROV, PROV_R_MISMATCHING_DOMAIN_PARAMETERS);
+     return ret;

debian/patches/CVE-2026-45446.patch

@@ -0,0 +1,71 @@
+Index: openssl/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
+===================================================================
+--- openssl.orig/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
++++ openssl/providers/implementations/ciphers/cipher_aes_gcm_siv_hw.c
+@@ -56,6 +56,8 @@ static int aes_gcm_siv_initkey(void *vctx)
+         goto err;
+
+     memset(&data, 0, sizeof(data));
++    ctx->generated_tag = 0;
++    memset(ctx->tag, 0, TAG_SIZE);
+     memcpy(&data.block[sizeof(data.counter)], ctx->nonce, NONCE_SIZE);
+
+     /* msg_auth_key is always 16 bytes in size, regardless of AES128/AES256 */
+@@ -134,17 +136,6 @@ static int aes_gcm_siv_aad(PROV_AES_GCM_SIV_CTX *ctx,
+     return 1;
+ }
+
+-static int aes_gcm_siv_finish(PROV_AES_GCM_SIV_CTX *ctx)
+-{
+-    int ret = 0;
+-
+-    if (ctx->enc)
+-        return ctx->generated_tag;
+-    ret = !CRYPTO_memcmp(ctx->tag, ctx->user_tag, sizeof(ctx->tag));
+-    ret &= ctx->have_user_tag;
+-    return ret;
+-}
+-
+ static int aes_gcm_siv_encrypt(PROV_AES_GCM_SIV_CTX *ctx, const unsigned char *in,
+                                unsigned char *out, size_t len)
+ {
+@@ -271,6 +262,19 @@ static int aes_gcm_siv_decrypt(PROV_AES_GCM_SIV_CTX *ctx, const unsigned char *i
+     return !error;
+ }
+
++static int aes_gcm_siv_finish(PROV_AES_GCM_SIV_CTX *ctx)
++{
++    int ret = 0;
++
++    if (ctx->enc)
++        return ctx->generated_tag;
++    if (!ctx->generated_tag)
++        aes_gcm_siv_decrypt(ctx, NULL, NULL, 0);
++    ret = !CRYPTO_memcmp(ctx->tag, ctx->user_tag, sizeof(ctx->tag));
++    ret &= ctx->have_user_tag;
++    return ret;
++}
++
+ static int aes_gcm_siv_cipher(void *vctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+ {
+Index: openssl/providers/implementations/ciphers/cipher_aes_siv.c
+===================================================================
+--- openssl.orig/providers/implementations/ciphers/cipher_aes_siv.c
++++ openssl/providers/implementations/ciphers/cipher_aes_siv.c
+@@ -201,6 +201,7 @@ static int aes_siv_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+     PROV_AES_SIV_CTX *ctx = (PROV_AES_SIV_CTX *)vctx;
+     const OSSL_PARAM *p;
+     unsigned int speed = 0;
++    SIV128_CONTEXT *sctx = &ctx->siv;
+
+     if (params == NULL)
+         return 1;
+@@ -235,6 +236,7 @@ static int aes_siv_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+         if (keylen != ctx->keylen)
+             return 0;
+     }
++    sctx->final_ret = -1;
+     return 1;
+ }
+

debian/patches/series

@@ -42,3 +42,15 @@ CVE-2026-34182-fix.patch
 CVE-2026-45445.patch
 CVE-2026-45447.patch
 CVE-2026-34182-test.patch
+
+# CVE-2026-45446 - Incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV
+CVE-2026-45446.patch
+
+# CVE-2026-42766 - NULL dereference in password-based CMS decryption
+CVE-2026-42766.patch
+
+# CVE-2026-42767 - NULL pointer dereference in CRMF EncryptedValue decryption
+CVE-2026-42767.patch
+
+# CVE-2026-42770 - FFC-DH peer validation uses attacker-supplied q
+CVE-2026-42770.patch