From a2ec328d696ef43ca4bec7de6deb6e4fba1f870f Mon Sep 17 00:00:00 2001
From: Kanishk Bansal <103916909+Kanishk-Bansal@users.noreply.github.com>
Date: Wed, 11 Mar 2026 13:16:56 +0530
Subject: [PATCH] Revert "Patch openssl for PKCS12_item_decrypt_d2i_ex(): Check
 oct argument for NULL" (#16161)

(cherry picked from commit 6505247f50ec382a00ddee3b1de78ccd22bc8058)
---
 ...sl-1.1.1-check-oct-argument-for-NULL.patch | 44 -------------------
 SPECS/openssl/openssl.spec                    |  6 +--
 .../manifests/package/pkggen_core_aarch64.txt | 10 ++---
 .../manifests/package/pkggen_core_x86_64.txt  | 10 ++---
 .../manifests/package/toolchain_aarch64.txt   | 12 ++---
 .../manifests/package/toolchain_x86_64.txt    | 12 ++---
 6 files changed, 23 insertions(+), 71 deletions(-)
 delete mode 100644 SPECS/openssl/openssl-1.1.1-check-oct-argument-for-NULL.patch

diff --git a/SPECS/openssl/openssl-1.1.1-check-oct-argument-for-NULL.patch b/SPECS/openssl/openssl-1.1.1-check-oct-argument-for-NULL.patch
deleted file mode 100644
index 27bbe3b0bb1..00000000000
--- a/SPECS/openssl/openssl-1.1.1-check-oct-argument-for-NULL.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 2c13bf15286328641a805eb3b7c97e27d42881fb Mon Sep 17 00:00:00 2001
-From: Andrew Dinh <andrewd@openssl.org>
-Date: Thu, 8 Jan 2026 01:24:30 +0900
-Subject: [PATCH] PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Fixes CVE-2025-69421
-
-Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
-Reviewed-by: Saša Nedvědický <sashan@openssl.org>
-Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-MergeDate: Mon Jan 26 19:56:08 2026
-
-Upstream Patch Reference: https://github.com/openssl/openssl/commit/2c13bf15286328641a805eb3b7c97e27d42881fb.patch
----
- crypto/pkcs12/p12_decr.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c
-index 3c86058..04642fa 100644
---- a/crypto/pkcs12/p12_decr.c
-+++ b/crypto/pkcs12/p12_decr.c
-@@ -88,6 +88,15 @@ void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
-     void *ret;
-     int outlen;
- 
-+    if (oct == NULL) {
-+	ERR_put_error(ERR_LIB_PKCS12,
-+                  0,
-+                  ERR_R_PASSED_NULL_PARAMETER,
-+                  __FILE__,
-+                  __LINE__);
-+        return NULL;
-+    }
-+
-     if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
-                           &out, &outlen, 0)) {
-         PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
--- 
-2.45.4
-
diff --git a/SPECS/openssl/openssl.spec b/SPECS/openssl/openssl.spec
index a8507743e9d..edae896d6e0 100644
--- a/SPECS/openssl/openssl.spec
+++ b/SPECS/openssl/openssl.spec
@@ -4,7 +4,7 @@
 Summary:        Utilities from the general purpose cryptography library with TLS implementation
 Name:           openssl
 Version:        1.1.1k
-Release:        39%{?dist}
+Release:        38%{?dist}
 License:        OpenSSL
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -72,7 +72,6 @@ Patch48:        openssl-1.1.1-fix-heap-buffer-overflow-in-BIO_f_linebuffer.patch
 Patch49:        openssl-1.1.1-fix-OCB-AES-NI-HW-stream-path-unauthenticated-unencrypted.patch
 Patch50:        openssl-1.1.1-check-return-code-of-UTF8_putc.patch
 Patch51:        openssl-1.1.1-verify-ASN1-objects-types.patch
-Patch52:        openssl-1.1.1-check-oct-argument-for-NULL.patch
 
 BuildRequires:  perl-Test-Warnings
 BuildRequires:  perl-Text-Template
@@ -336,9 +335,6 @@ rm -f %{buildroot}%{_sysconfdir}/pki/tls/ct_log_list.cnf.dist
 %postun libs -p /sbin/ldconfig
 
 %changelog
-* Tue Mar 03 2026 Archana Shettigar <v-shettigara@microsoft.com> - 1.1.1k-39
-- Patch PKCS12_item_decrypt_d2i_ex(): Check oct argument for NULL
-
 * Fri Feb 20 2026 Kanishk Bansal <kanbansal@microsoft.com> - 1.1.1k-38
 - Ensure ASN1 types are checked before use in s_client, PKCS12, and PKCS7
 - Fix heap buffer overflow in BIO_f_linebuffer on short writes
diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
index a3002ac039e..f552ae36f1f 100644
--- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt
@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.aarch64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-39.cm2.aarch64.rpm
-openssl-devel-1.1.1k-39.cm2.aarch64.rpm
-openssl-libs-1.1.1k-39.cm2.aarch64.rpm
-openssl-perl-1.1.1k-39.cm2.aarch64.rpm
-openssl-static-1.1.1k-39.cm2.aarch64.rpm
+openssl-1.1.1k-38.cm2.aarch64.rpm
+openssl-devel-1.1.1k-38.cm2.aarch64.rpm
+openssl-libs-1.1.1k-38.cm2.aarch64.rpm
+openssl-perl-1.1.1k-38.cm2.aarch64.rpm
+openssl-static-1.1.1k-38.cm2.aarch64.rpm
 libcap-2.60-7.cm2.aarch64.rpm
 libcap-devel-2.60-7.cm2.aarch64.rpm
 debugedit-5.0-2.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
index 9735869dfdc..d2ec952ecd3 100644
--- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
+++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt
@@ -165,11 +165,11 @@ texinfo-6.8-1.cm2.x86_64.rpm
 gtk-doc-1.33.2-1.cm2.noarch.rpm
 autoconf-2.71-3.cm2.noarch.rpm
 automake-1.16.5-1.cm2.noarch.rpm
-openssl-1.1.1k-39.cm2.x86_64.rpm
-openssl-devel-1.1.1k-39.cm2.x86_64.rpm
-openssl-libs-1.1.1k-39.cm2.x86_64.rpm
-openssl-perl-1.1.1k-39.cm2.x86_64.rpm
-openssl-static-1.1.1k-39.cm2.x86_64.rpm
+openssl-1.1.1k-38.cm2.x86_64.rpm
+openssl-devel-1.1.1k-38.cm2.x86_64.rpm
+openssl-libs-1.1.1k-38.cm2.x86_64.rpm
+openssl-perl-1.1.1k-38.cm2.x86_64.rpm
+openssl-static-1.1.1k-38.cm2.x86_64.rpm
 libcap-2.60-7.cm2.x86_64.rpm
 libcap-devel-2.60-7.cm2.x86_64.rpm
 debugedit-5.0-2.cm2.x86_64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt
index ae98412399f..0a45ded874e 100644
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@@ -270,12 +270,12 @@ npth-1.6-4.cm2.aarch64.rpm
 npth-debuginfo-1.6-4.cm2.aarch64.rpm
 npth-devel-1.6-4.cm2.aarch64.rpm
 ntsysv-1.20-4.cm2.aarch64.rpm
-openssl-1.1.1k-39.cm2.aarch64.rpm
-openssl-debuginfo-1.1.1k-39.cm2.aarch64.rpm
-openssl-devel-1.1.1k-39.cm2.aarch64.rpm
-openssl-libs-1.1.1k-39.cm2.aarch64.rpm
-openssl-perl-1.1.1k-39.cm2.aarch64.rpm
-openssl-static-1.1.1k-39.cm2.aarch64.rpm
+openssl-1.1.1k-38.cm2.aarch64.rpm
+openssl-debuginfo-1.1.1k-38.cm2.aarch64.rpm
+openssl-devel-1.1.1k-38.cm2.aarch64.rpm
+openssl-libs-1.1.1k-38.cm2.aarch64.rpm
+openssl-perl-1.1.1k-38.cm2.aarch64.rpm
+openssl-static-1.1.1k-38.cm2.aarch64.rpm
 p11-kit-0.24.1-1.cm2.aarch64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.aarch64.rpm
 p11-kit-devel-0.24.1-1.cm2.aarch64.rpm
diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt
index 6a330887776..5e350cabd5b 100644
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@@ -276,12 +276,12 @@ npth-1.6-4.cm2.x86_64.rpm
 npth-debuginfo-1.6-4.cm2.x86_64.rpm
 npth-devel-1.6-4.cm2.x86_64.rpm
 ntsysv-1.20-4.cm2.x86_64.rpm
-openssl-1.1.1k-39.cm2.x86_64.rpm
-openssl-debuginfo-1.1.1k-39.cm2.x86_64.rpm
-openssl-devel-1.1.1k-39.cm2.x86_64.rpm
-openssl-libs-1.1.1k-39.cm2.x86_64.rpm
-openssl-perl-1.1.1k-39.cm2.x86_64.rpm
-openssl-static-1.1.1k-39.cm2.x86_64.rpm
+openssl-1.1.1k-38.cm2.x86_64.rpm
+openssl-debuginfo-1.1.1k-38.cm2.x86_64.rpm
+openssl-devel-1.1.1k-38.cm2.x86_64.rpm
+openssl-libs-1.1.1k-38.cm2.x86_64.rpm
+openssl-perl-1.1.1k-38.cm2.x86_64.rpm
+openssl-static-1.1.1k-38.cm2.x86_64.rpm
 p11-kit-0.24.1-1.cm2.x86_64.rpm
 p11-kit-debuginfo-0.24.1-1.cm2.x86_64.rpm
 p11-kit-devel-0.24.1-1.cm2.x86_64.rpm