Fix NULL deref for malformed OAEP parameters in CMS decryption
This converts rsa_cms_decrypt() to use X509_ALGOR_get0() and fixes a
NULL deref when a parameter is (invalidly) omitted similar to the fix
in ec/ec_ameth.c r1.66 from a couple years back. There is currently
an XXX annotating a hairy leak due to trying to be smart and stealing
the parameters from the oaep object. Instead, just make a copy of the
label string and free it in the exit path.
The diff adds an error for labellen == 0 since that is an invalid
encoding of pSpecifiedEmpty (see RFC 8017) -- per the DER the default
must be omitted. This way we avoid a malloc(0) implementation-defined
behavior.
This minor issue was assigned CVE-2026-28390 by OpenSSL and was reported
by too many to list. The fix is my own. It is similar to OpenSSL's fix
only because I rewiewed theirs and suggested an improvement or two.
This is the last of the "security fixes" in today's OpenSSL release that
[4 lines not shown]
Refactor and fix ocsp_find_signer_sk()
Instead of reaching deep inside the OCSP_BASICRESP and ignoring its
semantics and then try to untangle things in ocsp_find_signer_sk(),
pass the OCSP_BASICRESP and use OCSP_resp_get0_id() which has the
logic built in. Avoids a crash if you call OCSP_basic_verify() after
OCSP_BASICRESP_new() without OCSP_basic_sign(). This cannot happen on
a deserialized OCSP object.
Prompted by a report by Kamil Frankowicz, Jan Kaminski, Bartosz Michalowski.
ok jsing
Add a few to-do items to the crl_cb()
Prompted by the "fix" fighting symptoms of misdesign in Delta CRL processing
rather than addressing the root cause. Probably the best fix is to remove
support for Indirect CRLs and Delta CRLs outright.
ok jsing
Stop Delta CRL processing if a CRL number is misssing
A malformed Delta CRL could cause a crash. Funnily enough the deserializer
recognizes this and marks such a CRL as invalid, but nothing ever checks
the EXFLAG_INVALID for CRLs. For certificates this would usually result in
verification failure due to x509v3_cache_extensions() failing.
This is only reachable if the X509_V_FLAG_USE_DELTAS is used, which only
a handful of ports do, plus openssl(1) does if you use the undocumented
-use_deltas flag.
Reported by Igor Morgenstern to OpenSSL who then sat on this since Jan 8
and assigned CVE-2026-28388.
ok jsing
rpki-client: clean up ipAddrBlocks and autonomousSysIds naming mess
OpenSSL called these NID_sbgp_ipAddrBlock and NID_sbgp_autonomousSysNum
from which rpki-client derived its own fantasy names. Use the official
names in RFC 3779 instead: id-pe-ipAddrBlocks and id-pe-autonomousSysIds.
ipaddrblk is ugly and can be expanded in the API. Use addrs for the
variable to avoid overlong lines. There's precedent in the constraints
code.
The doubled s in assysnum makes no sense and since autonomoussysids is
long and unreadable, I used asids in the API.
ok claudio
drm/amd/pm: fix amdgpu_irq enabled counter unbalanced on smu v11.0
From Yang Wang
5eeba3a7bf496d5c24379305d47933c6061e462a in linux-6.18.y/6.18.21
e12603bf2c3d571476a21debfeab80bb70d8c0cc in mainline linux
drm/amd/pm: Return -EOPNOTSUPP for unsupported OD_MCLK on smu_v13_0_6
From Asad Kamal
54c143028eb45baec385e8731eb42e22b9c25333 in linux-6.18.y/6.18.21
2f0e491faee43181b6a86e90f34016b256042fe1 in mainline linux
drm/i915: Unlink NV12 planes earlier
From Ville Syrjala
70e2eb91cb6310a3508439f6f2539dfffa0abf77 in linux-6.18.y/6.18.21
bfa71b7a9dc6b5b8af157686e03308291141d00c in mainline linux
drm/i915: Order OP vs. timeout correctly in __wait_for()
From Ville Syrjala
859b14e0be9e7b0f26630510d337413c7747be51 in linux-6.18.y/6.18.21
6ad2a661ff0d3d94884947d2a593311ba46d34c2 in mainline linux
drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state
From Imre Deak
8581466b827fdf0300a3e2e93900ddefd8240053 in linux-6.18.y/6.18.21
77fcf58df15edcf3f5b5421f24814fb72796def9 in mainline linux
drm/amd/display: Fix drm_edid leak in amdgpu_dm
From Alex Hung
eb95595194e4755b62360aa821f40a79b0953105 in linux-6.18.y/6.18.21
37c2caa167b0b8aca4f74c32404c5288b876a2a3 in mainline linux
drm/amdgpu: prevent immediate PASID reuse case
From Eric Huang
51ccaf0e30c303149244c34820def83d74c86288 in linux-6.18.y/6.18.21
14b81abe7bdc25f8097906fc2f91276ffedb2d26 in mainline linux
This requires a further change to avoid a sleeping alloc while
holding a mutex. Not yet in 6.18.y
drm/amdgpu: fix the idr allocation flags
From Prike Liang
62f553d60a801384336f5867967c26ddf3b17038 in mainline linux
drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
From Srinivasan Shanmugam
39820864eacd886f1a6f817414fb8f9ea3e9a2b4 in linux-6.18.y/6.18.21
7150850146ebfa4ca998f653f264b8df6f7f85be in mainline linux
drm/amd/display: Do not skip unrelated mode changes in DSC validation
From Yussuf Khalil
8a5edc97fd9c6415ff2eff872748439a97e3c3d8 in linux-6.18.y/6.18.21
aed3d041ab061ec8a64f50a3edda0f4db7280025 in mainline linux
drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
From Samasth Norway Ananda
842aa6103b6f286e2bcee395b38807d3ae0d0b26 in linux-6.18.y/6.18.21
08441f10f4dc09fdeb64529953ac308abc79dd38 in mainline linux
drm/amdgpu: fix gpu idle power consumption issue for gfx v12
From Yang Wang
ad696758a45ca0c70fa60b7fd2f921edec7fc600 in linux-6.18.y/6.18.21
a6571045cf06c4aa749b4801382ae96650e2f0e1 in mainline linux
drm/ttm/tests: Fix build failure on PREEMPT_RT
From Maarten Lankhorst
be0c2255d717c8c548cba3b78c6d3c33ecd1feb8 in linux-6.18.y/6.18.21
a58d487fb1a52579d3c37544ea371da78ed70c45 in mainline linux
fix timer emulation-related VM hangs
This fixes state machine issues that resulted in hangs with OpenBSD-i386 VMs
when using the i8254 hardware timecounter with vmm. This also manifested in
incorrect i8254 calibration (wrong CPU speed in dmesg).
tested with Debian 12 amd64, i386
Apine Linux 3.23 x86 (with 4GB memory), x86_64
OpenBSD 7.9 beta amd64, i386
ok mlarkin@
