diff -Nru openssl-3.0.5/apps/ca.c openssl-3.0.7/apps/ca.c --- openssl-3.0.5/apps/ca.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/ca.c 2022-11-01 14:14:36.000000000 +0000 @@ -922,7 +922,8 @@ goto end; } } else { - if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { + serial = load_serial(serialfile, NULL, create_ser, NULL); + if (serial == NULL) { BIO_printf(bio_err, "error while loading serial number\n"); goto end; } @@ -1162,7 +1163,8 @@ if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) != NULL) - if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) { + if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL)) + == NULL) { BIO_printf(bio_err, "error while loading CRL number\n"); goto end; } diff -Nru openssl-3.0.5/apps/ciphers.c openssl-3.0.7/apps/ciphers.c --- openssl-3.0.5/apps/ciphers.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/ciphers.c 2022-11-01 14:14:36.000000000 +0000 @@ -227,6 +227,10 @@ if (!verbose) { for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) { const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i); + + if (!ossl_assert(c != NULL)) + continue; + p = SSL_CIPHER_get_name(c); if (p == NULL) break; @@ -242,6 +246,9 @@ c = sk_SSL_CIPHER_value(sk, i); + if (!ossl_assert(c != NULL)) + continue; + if (Verbose) { unsigned long id = SSL_CIPHER_get_id(c); int id0 = (int)(id >> 24); diff -Nru openssl-3.0.5/apps/cmp.c openssl-3.0.7/apps/cmp.c --- openssl-3.0.5/apps/cmp.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/cmp.c 2022-11-01 14:14:36.000000000 +0000 @@ -1923,7 +1923,6 @@ if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) goto err; (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); - /* info will be freed along with CMP ctx */ info->server = opt_server; info->port = server_port; /* workaround for callback design flaw, see #17088: */ @@ -3001,12 +3000,19 @@ if (ret != 1) OSSL_CMP_CTX_print_errors(cmp_ctx); - ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); + if (cmp_ctx != NULL) { #ifndef OPENSSL_NO_SOCK - APP_HTTP_TLS_INFO_free(OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx)); + APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); + +#endif + ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); + X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); + /* cannot free info already here, as it may be used indirectly by: */ + OSSL_CMP_CTX_free(cmp_ctx); +#ifndef OPENSSL_NO_SOCK + APP_HTTP_TLS_INFO_free(info); #endif - X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); - OSSL_CMP_CTX_free(cmp_ctx); + } X509_VERIFY_PARAM_free(vpm); release_engine(engine); diff -Nru openssl-3.0.5/apps/dgst.c openssl-3.0.7/apps/dgst.c --- openssl-3.0.5/apps/dgst.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/dgst.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,7 +66,7 @@ {"keyform", OPT_KEYFORM, 'f', "Key file format (ENGINE, other values ignored)"}, {"hex", OPT_HEX, '-', "Print as hex dump"}, {"binary", OPT_BINARY, '-', "Print in binary form"}, - {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms"}, + {"xoflen", OPT_XOFLEN, 'p', "Output length for XOF algorithms. To obtain the maximum security strength set this to 32 (or greater) for SHAKE128, and 64 (or greater) for SHAKE256"}, {"d", OPT_DEBUG, '-', "Print debug info"}, {"debug", OPT_DEBUG, '-', "Print debug info"}, @@ -321,8 +321,10 @@ } if (hmac_key != NULL) { - if (md == NULL) + if (md == NULL) { md = (EVP_MD *)EVP_sha256(); + digestname = SN_sha256; + } sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl, (unsigned char *)hmac_key, strlen(hmac_key)); @@ -340,9 +342,19 @@ goto end; } if (do_verify) - res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); + if (impl == NULL) + res = EVP_DigestVerifyInit_ex(mctx, &pctx, digestname, + app_get0_libctx(), + app_get0_propq(), sigkey, NULL); + else + res = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey); else - res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); + if (impl == NULL) + res = EVP_DigestSignInit_ex(mctx, &pctx, digestname, + app_get0_libctx(), + app_get0_propq(), sigkey, NULL); + else + res = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey); if (res == 0) { BIO_printf(bio_err, "Error setting context\n"); goto end; @@ -406,6 +418,11 @@ BIO_printf(bio_err, "Length can only be specified for XOF\n"); goto end; } + /* + * Signing using XOF is not supported by any algorithms currently since + * each algorithm only calls EVP_DigestFinal_ex() in their sign_final + * and verify_final methods. + */ if (sigkey != NULL) { BIO_printf(bio_err, "Signing key cannot be specified for XOF\n"); goto end; @@ -467,7 +484,7 @@ return; /* Filter out message digests that we cannot use */ - md = EVP_get_digestbyname(name->name); + md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq()); if (md == NULL) return; diff -Nru openssl-3.0.5/apps/dhparam.c openssl-3.0.7/apps/dhparam.c --- openssl-3.0.5/apps/dhparam.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/dhparam.c 2022-11-01 14:14:36.000000000 +0000 @@ -185,7 +185,7 @@ BIO_printf(bio_err, "Warning, input file %s ignored\n", infile); } - ctx = EVP_PKEY_CTX_new_from_name(NULL, alg, NULL); + ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), alg, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, "Error, %s param generation context allocation failed\n", @@ -313,7 +313,7 @@ EVP_PKEY_print_params(out, pkey, 4, NULL); if (check) { - ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); + ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, app_get0_propq()); if (ctx == NULL) { BIO_printf(bio_err, "Error, failed to check DH parameters\n"); goto end; @@ -385,7 +385,7 @@ goto err; } - ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL); + ctx = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "DHX", app_get0_propq()); if (ctx == NULL || EVP_PKEY_fromdata_init(ctx) <= 0 || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { diff -Nru openssl-3.0.5/apps/ecparam.c openssl-3.0.7/apps/ecparam.c --- openssl-3.0.5/apps/ecparam.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/ecparam.c 2022-11-01 14:14:36.000000000 +0000 @@ -230,9 +230,11 @@ *p = OSSL_PARAM_construct_end(); if (OPENSSL_strcasecmp(curve_name, "SM2") == 0) - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "sm2", NULL); + gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "sm2", + app_get0_propq()); else - gctx_params = EVP_PKEY_CTX_new_from_name(NULL, "ec", NULL); + gctx_params = EVP_PKEY_CTX_new_from_name(app_get0_libctx(), "ec", + app_get0_propq()); if (gctx_params == NULL || EVP_PKEY_keygen_init(gctx_params) <= 0 || EVP_PKEY_CTX_set_params(gctx_params, params) <= 0 @@ -283,7 +285,8 @@ BIO_printf(bio_err, "unable to set check_type\n"); goto end; } - pctx = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL); + pctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, + app_get0_propq()); if (pctx == NULL || EVP_PKEY_param_check(pctx) <= 0) { BIO_printf(bio_err, "failed\n"); goto end; @@ -313,7 +316,8 @@ * EVP_PKEY_CTX_set_group_name(gctx, curvename); * EVP_PKEY_keygen(gctx, &key) <= 0) */ - gctx_key = EVP_PKEY_CTX_new_from_pkey(NULL, params_key, NULL); + gctx_key = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), params_key, + app_get0_propq()); if (EVP_PKEY_keygen_init(gctx_key) <= 0 || EVP_PKEY_keygen(gctx_key, &key) <= 0) { BIO_printf(bio_err, "unable to generate key\n"); diff -Nru openssl-3.0.5/apps/genrsa.c openssl-3.0.7/apps/genrsa.c --- openssl-3.0.5/apps/genrsa.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/genrsa.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -179,7 +179,8 @@ if (out == NULL) goto end; - if (!init_gen_str(&ctx, "RSA", eng, 0, NULL, NULL)) + if (!init_gen_str(&ctx, "RSA", eng, 0, app_get0_libctx(), + app_get0_propq())) goto end; EVP_PKEY_CTX_set_cb(ctx, genrsa_cb); diff -Nru openssl-3.0.5/apps/include/apps.h openssl-3.0.7/apps/include/apps.h --- openssl-3.0.5/apps/include/apps.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/include/apps.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,6 +13,7 @@ # include "e_os.h" /* struct timeval for DTLS */ # include "internal/nelem.h" # include "internal/sockets.h" /* for openssl_fdset() */ +# include "internal/cryptlib.h" /* ossl_assert() */ # include # include @@ -219,12 +220,16 @@ void app_bail_out(char *fmt, ...); void *app_malloc(size_t sz, const char *what); -BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai); -int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, - ASN1_INTEGER **retai); + +/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */ +BIGNUM *load_serial(const char *serialfile, int *exists, int create, + ASN1_INTEGER **retai); +int save_serial(const char *serialfile, const char *suffix, + const BIGNUM *serial, ASN1_INTEGER **retai); int rotate_serial(const char *serialfile, const char *new_suffix, const char *old_suffix); int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); + CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr); int index_index(CA_DB *db); int save_index(const char *dbfile, const char *suffix, CA_DB *db); diff -Nru openssl-3.0.5/apps/lib/apps.c openssl-3.0.7/apps/lib/apps.c --- openssl-3.0.5/apps/lib/apps.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/lib/apps.c 2022-11-01 14:14:36.000000000 +0000 @@ -1456,7 +1456,8 @@ static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) #undef BSIZE #define BSIZE 256 -BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) +BIGNUM *load_serial(const char *serialfile, int *exists, int create, + ASN1_INTEGER **retai) { BIO *in = NULL; BIGNUM *ret = NULL; @@ -1468,6 +1469,8 @@ goto err; in = BIO_new_file(serialfile, "r"); + if (exists != NULL) + *exists = in != NULL; if (in == NULL) { if (!create) { perror(serialfile); @@ -1475,8 +1478,14 @@ } ERR_clear_error(); ret = BN_new(); - if (ret == NULL || !rand_serial(ret, ai)) + if (ret == NULL) { BIO_printf(bio_err, "Out of memory\n"); + } else if (!rand_serial(ret, ai)) { + BIO_printf(bio_err, "Error creating random number to store in %s\n", + serialfile); + BN_free(ret); + ret = NULL; + } } else { if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { BIO_printf(bio_err, "Unable to load number from %s\n", @@ -1490,12 +1499,13 @@ } } - if (ret && retai) { + if (ret != NULL && retai != NULL) { *retai = ai; ai = NULL; } err: - ERR_print_errors(bio_err); + if (ret == NULL) + ERR_print_errors(bio_err); BIO_free(in); ASN1_INTEGER_free(ai); return ret; @@ -2458,7 +2468,9 @@ APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; SSL_CTX *ssl_ctx = info->ssl_ctx; - if (connect && detail) { /* connecting with TLS */ + if (ssl_ctx == NULL) /* not using TLS */ + return bio; + if (connect) { SSL *ssl; BIO *sbio = NULL; @@ -2538,6 +2550,11 @@ "missing SSL_CTX"); goto end; } + if (!use_ssl && ssl_ctx != NULL) { + ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT, + "SSL_CTX given but use_ssl == 0"); + goto end; + } info.server = server; info.port = port; @@ -2919,6 +2936,9 @@ BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); void *prefix = NULL; + if (b == NULL) + return NULL; + #ifdef OPENSSL_SYS_VMS if (FMT_istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); @@ -2938,7 +2958,7 @@ BIO *b = BIO_new_fp(stderr, BIO_NOCLOSE | (FMT_istext(format) ? BIO_FP_TEXT : 0)); #ifdef OPENSSL_SYS_VMS - if (FMT_istext(format)) + if (b != NULL && FMT_istext(format)) b = BIO_push(BIO_new(BIO_f_linebuffer()), b); #endif return b; diff -Nru openssl-3.0.5/apps/lib/s_cb.c openssl-3.0.7/apps/lib/s_cb.c --- openssl-3.0.5/apps/lib/s_cb.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/lib/s_cb.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,22 +76,28 @@ } switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - BIO_puts(bio_err, "issuer= "); - X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, get_nameopt()); - BIO_puts(bio_err, "\n"); + if (err_cert != NULL) { + BIO_puts(bio_err, "issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, get_nameopt()); + BIO_puts(bio_err, "\n"); + } break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err, "notBefore="); - ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); - BIO_printf(bio_err, "\n"); + if (err_cert != NULL) { + BIO_printf(bio_err, "notBefore="); + ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); + BIO_printf(bio_err, "\n"); + } break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err, "notAfter="); - ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); - BIO_printf(bio_err, "\n"); + if (err_cert != NULL) { + BIO_printf(bio_err, "notAfter="); + ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); + BIO_printf(bio_err, "\n"); + } break; case X509_V_ERR_NO_EXPLICIT_POLICY: if (!verify_args.quiet) diff -Nru openssl-3.0.5/apps/list.c openssl-3.0.7/apps/list.c --- openssl-3.0.5/apps/list.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/list.c 2022-11-01 14:14:36.000000000 +0000 @@ -1474,7 +1474,7 @@ "List of cipher commands (deprecated)"}, #endif {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', - "List of cipher algorithms"}, + "List of symmetric cipher algorithms"}, {"encoders", OPT_ENCODERS, '-', "List of encoding methods" }, {"decoders", OPT_DECODERS, '-', "List of decoding methods" }, {"key-managers", OPT_KEYMANAGERS, '-', "List of key managers" }, diff -Nru openssl-3.0.5/apps/mac.c openssl-3.0.7/apps/mac.c --- openssl-3.0.5/apps/mac.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/mac.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -170,9 +170,6 @@ goto err; } - /* Use text mode for stdin */ - if (infile == NULL || strcmp(infile, "-") == 0) - inform = FORMAT_TEXT; in = bio_open_default(infile, 'r', inform); if (in == NULL) goto err; diff -Nru openssl-3.0.5/apps/ocsp.c openssl-3.0.7/apps/ocsp.c --- openssl-3.0.5/apps/ocsp.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/ocsp.c 2022-11-01 14:14:36.000000000 +0000 @@ -135,7 +135,7 @@ {"no_certs", OPT_NO_CERTS, '-', "Don't include any certificates in signed request"}, {"badsig", OPT_BADSIG, '-', - "Corrupt last byte of loaded OSCP response signature (for test)"}, + "Corrupt last byte of loaded OCSP response signature (for test)"}, {"CA", OPT_CA, '<', "CA certificate"}, {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"}, {"nrequest", OPT_REQUEST, 'p', diff -Nru openssl-3.0.5/apps/openssl.c openssl-3.0.7/apps/openssl.c --- openssl-3.0.5/apps/openssl.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/openssl.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -307,7 +307,7 @@ BIO_free(bio_in); BIO_free_all(bio_out); apps_shutdown(); - BIO_free(bio_err); + BIO_free_all(bio_err); EXIT(ret); } diff -Nru openssl-3.0.5/apps/pkcs12.c openssl-3.0.7/apps/pkcs12.c --- openssl-3.0.5/apps/pkcs12.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/pkcs12.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -143,7 +143,7 @@ "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"}, #endif {"macalg", OPT_MACALG, 's', - "Digest algorithm to use in MAC (default SHA1)"}, + "Digest algorithm to use in MAC (default SHA256)"}, {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, diff -Nru openssl-3.0.5/apps/pkeyparam.c openssl-3.0.7/apps/pkeyparam.c --- openssl-3.0.5/apps/pkeyparam.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/pkeyparam.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,7 +101,8 @@ out = bio_open_default(outfile, 'w', FORMAT_PEM); if (out == NULL) goto end; - pkey = PEM_read_bio_Parameters(in, NULL); + pkey = PEM_read_bio_Parameters_ex(in, NULL, app_get0_libctx(), + app_get0_propq()); if (pkey == NULL) { BIO_printf(bio_err, "Error reading parameters\n"); ERR_print_errors(bio_err); @@ -109,7 +110,11 @@ } if (check) { - ctx = EVP_PKEY_CTX_new(pkey, e); + if (e == NULL) + ctx = EVP_PKEY_CTX_new_from_pkey(app_get0_libctx(), pkey, + app_get0_propq()); + else + ctx = EVP_PKEY_CTX_new(pkey, e); if (ctx == NULL) { ERR_print_errors(bio_err); goto end; diff -Nru openssl-3.0.5/apps/rsa.c openssl-3.0.7/apps/rsa.c --- openssl-3.0.5/apps/rsa.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/rsa.c 2022-11-01 14:14:36.000000000 +0000 @@ -61,7 +61,7 @@ OPT_SECTION("Input"), {"in", OPT_IN, 's', "Input file"}, - {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE"}, + {"inform", OPT_INFORM, 'f', "Input format (DER/PEM/P12/ENGINE)"}, {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"}, {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"}, {"passin", OPT_PASSIN, 's', "Input file pass phrase source"}, diff -Nru openssl-3.0.5/apps/speed.c openssl-3.0.7/apps/speed.c --- openssl-3.0.5/apps/speed.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/speed.c 2022-11-01 14:14:36.000000000 +0000 @@ -67,6 +67,7 @@ # define HAVE_FORK 0 # else # define HAVE_FORK 1 +# include # endif #endif @@ -875,11 +876,14 @@ loopargs_t *tempargs = *(loopargs_t **) args; EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; unsigned char *derived_secret = tempargs->secret_ff_a; - size_t outlen = MAX_FFDH_SIZE; int count; - for (count = 0; COND(ffdh_c[testnum][0]); count++) + for (count = 0; COND(ffdh_c[testnum][0]); count++) { + /* outlen can be overwritten with a too small value (no padding used) */ + size_t outlen = MAX_FFDH_SIZE; + EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); + } return count; } #endif /* OPENSSL_NO_DH */ @@ -2004,7 +2008,7 @@ goto end; if (!EVP_MAC_CTX_set_params(loopargs[i].mctx, params)) - goto end; + goto skip_hmac; /* Digest not found */ } for (testnum = 0; testnum < size_num; testnum++) { print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum], @@ -2021,7 +2025,7 @@ EVP_MAC_free(mac); mac = NULL; } - +skip_hmac: if (doit[D_CBC_DES]) { int st = 1; @@ -3416,6 +3420,7 @@ int n; int fd[2]; int *fds; + int status; static char sep[] = ":"; fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi"); @@ -3574,6 +3579,20 @@ fclose(f); } OPENSSL_free(fds); + for (n = 0; n < multi; ++n) { + while (wait(&status) == -1) + if (errno != EINTR) { + BIO_printf(bio_err, "Waitng for child failed with 0x%x\n", + errno); + return 1; + } + if (WIFEXITED(status) && WEXITSTATUS(status)) { + BIO_printf(bio_err, "Child exited with %d\n", WEXITSTATUS(status)); + } else if (WIFSIGNALED(status)) { + BIO_printf(bio_err, "Child terminated by signal %d\n", + WTERMSIG(status)); + } + } return 1; } #endif diff -Nru openssl-3.0.5/apps/x509.c openssl-3.0.7/apps/x509.c --- openssl-3.0.5/apps/x509.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/apps/x509.c 2022-11-01 14:14:36.000000000 +0000 @@ -534,7 +534,7 @@ aliasout = ++num; break; case OPT_CACREATESERIAL: - CA_createserial = ++num; + CA_createserial = 1; break; case OPT_CLREXT: clrext = 1; @@ -660,9 +660,19 @@ BIO_printf(bio_err, "Cannot use both -key/-signkey and -CA option\n"); goto end; } - } else if (CAkeyfile != NULL) { - BIO_printf(bio_err, - "Warning: ignoring -CAkey option since no -CA option is given\n"); + } else { +#define WARN_NO_CA(opt) BIO_printf(bio_err, \ + "Warning: ignoring " opt " option since -CA option is not given\n"); + if (CAkeyfile != NULL) + WARN_NO_CA("-CAkey"); + if (CAkeyformat != FORMAT_UNDEF) + WARN_NO_CA("-CAkeyform"); + if (CAformat != FORMAT_UNDEF) + WARN_NO_CA("-CAform"); + if (CAserial != NULL) + WARN_NO_CA("-CAserial"); + if (CA_createserial) + WARN_NO_CA("-CAcreateserial"); } if (extfile == NULL) { @@ -725,7 +735,7 @@ } if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) goto end; - if (sno == NULL) { + if (CAfile == NULL && sno == NULL) { sno = ASN1_INTEGER_new(); if (sno == NULL || !rand_serial(NULL, sno)) goto end; @@ -1081,6 +1091,7 @@ char *buf = NULL; ASN1_INTEGER *bs = NULL; BIGNUM *serial = NULL; + int defaultfile = 0, file_exists; if (serialfile == NULL) { const char *p = strrchr(CAfile, '.'); @@ -1090,9 +1101,10 @@ memcpy(buf, CAfile, len); memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); serialfile = buf; + defaultfile = 1; } - serial = load_serial(serialfile, create, NULL); + serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL); if (serial == NULL) goto end; @@ -1101,8 +1113,10 @@ goto end; } - if (!save_serial(serialfile, NULL, serial, &bs)) - goto end; + if (file_exists || create) + save_serial(serialfile, NULL, serial, &bs); + else + bs = BN_to_ASN1_INTEGER(serial, NULL); end: OPENSSL_free(buf); diff -Nru openssl-3.0.5/CHANGES.md openssl-3.0.7/CHANGES.md --- openssl-3.0.5/CHANGES.md 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/CHANGES.md 2022-11-01 14:14:36.000000000 +0000 @@ -28,6 +28,163 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.6 and 3.0.7 [1 Nov 2022] + + * Fixed two buffer overflows in punycode decoding functions. + + A buffer overrun can be triggered in X.509 certificate verification, + specifically in name constraint checking. Note that this occurs after + certificate chain signature verification and requires either a CA to + have signed the malicious certificate or for the application to continue + certificate verification despite failure to construct a path to a trusted + issuer. + + In a TLS client, this can be triggered by connecting to a malicious + server. In a TLS server, this can be triggered if the server requests + client authentication and a malicious client connects. + + An attacker can craft a malicious email address to overflow + an arbitrary number of bytes containing the `.` character (decimal 46) + on the stack. This buffer overflow could result in a crash (causing a + denial of service). + ([CVE-2022-3786]) + + An attacker can craft a malicious email address to overflow four + attacker-controlled bytes on the stack. This buffer overflow could + result in a crash (causing a denial of service) or potentially remote code + execution depending on stack layout for any given platform/compiler. + ([CVE-2022-3602]) + + *Paul Dale* + + * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT + parameters in OpenSSL code. + Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR, + OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT. + Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead. + Using these invalid names may cause algorithms to use slower methods + that ignore the CRT parameters. + + *Shane Lontis* + + * Fixed a regression introduced in 3.0.6 version raising errors on some stack + operations. + + *Tomáš Mráz* + + * Fixed a regression introduced in 3.0.6 version not refreshing the certificate + data to be signed before signing the certificate. + + *Gibeom Gwon* + + * Added RIPEMD160 to the default provider. + + *Paul Dale* + + * Ensured that the key share group sent or accepted for the key exchange + is allowed for the protocol version. + + *Matt Caswell* + +### Changes between 3.0.5 and 3.0.6 [11 Oct 2022] + + * OpenSSL supports creating a custom cipher via the legacy + EVP_CIPHER_meth_new() function and associated function calls. This function + was deprecated in OpenSSL 3.0 and application authors are instead encouraged + to use the new provider mechanism in order to implement custom ciphers. + + OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers + passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and + EVP_CipherInit_ex2() functions (as well as other similarly named encryption + and decryption initialisation functions). Instead of using the custom cipher + directly it incorrectly tries to fetch an equivalent cipher from the + available providers. An equivalent cipher is found based on the NID passed to + EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a + given cipher. However it is possible for an application to incorrectly pass + NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef + is used in this way the OpenSSL encryption/decryption initialisation function + will match the NULL cipher as being equivalent and will fetch this from the + available providers. This will succeed if the default provider has been + loaded (or if a third party provider has been loaded that offers this + cipher). Using the NULL cipher means that the plaintext is emitted as the + ciphertext. + + Applications are only affected by this issue if they call + EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an + encryption/decryption initialisation function. Applications that only use + SSL/TLS are not impacted by this issue. + ([CVE-2022-3358]) + + *Matt Caswell* + + * Fix LLVM vs Apple LLVM version numbering confusion that caused build failures + on MacOS 10.11 + + *Richard Levitte* + + * Fixed the linux-mips64 Configure target which was missing the + SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that + platform. + + *Adam Joseph* + + * Fix handling of a ticket key callback that returns 0 in TLSv1.3 to not send a + ticket + + *Matt Caswell* + + * Correctly handle a retransmitted ClientHello in DTLS + + *Matt Caswell* + + * Fixed detection of ktls support in cross-compile environment on Linux + + *Tomas Mraz* + + * Fixed some regressions and test failures when running the 3.0.0 FIPS provider + against 3.0.x + + *Paul Dale* + + * Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to + report correct results in some cases + + *Matt Caswell* + + * Fix UWP builds by defining VirtualLock + + *Charles Milette* + + * For known safe primes use the minimum key length according to RFC 7919. + Longer private key sizes unnecessarily raise the cycles needed to compute the + shared secret without any increase of the real security. This fixes a + regression from 1.1.1 where these shorter keys were generated for the known + safe primes. + + *Tomas Mraz* + + * Added the loongarch64 target + + *Shi Pujin* + + * Fixed EC ASM flag passing. Flags for ASM implementations of EC curves were + only passed to the FIPS provider and not to the default or legacy provider. + + *Juergen Christ* + + * Fixed reported performance degradation on aarch64. Restored the + implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid + 32-bit lane assignment in CTR mode") for 64bit targets only, since it is + reportedly 2-17% slower and the silicon errata only affects 32bit targets. + The new algorithm is still used for 32 bit targets. + + *Bernd Edlinger* + + * Added a missing header for memcmp that caused compilation failure on some + platforms + + *Gregor Jasny* + ### Changes between 3.0.4 and 3.0.5 [5 Jul 2022] * The OpenSSL 3.0.4 release introduced a serious bug in the RSA diff -Nru openssl-3.0.5/Configurations/10-main.conf openssl-3.0.7/Configurations/10-main.conf --- openssl-3.0.5/Configurations/10-main.conf 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/Configurations/10-main.conf 2022-11-01 14:14:36.000000000 +0000 @@ -797,7 +797,7 @@ inherit_from => [ "linux-latomic" ], cflags => add("-mabi=n32"), cxxflags => add("-mabi=n32"), - bn_ops => "RC4_CHAR", + bn_ops => "RC4_CHAR SIXTY_FOUR_BIT", asm_arch => 'mips64', perlasm_scheme => "n32", multilib => "32", @@ -818,6 +818,13 @@ perlasm_scheme => "linux64", }, + # loongarch64 below refers to contemporary LoongArch Architecture + # specifications, + "linux64-loongarch64" => { + inherit_from => [ "linux-generic64"], + perlasm_scheme => "linux64", + }, + #### IA-32 targets... #### These two targets are a bit aged and are to be used on older Linux #### machines where gcc doesn't understand -m32 and -m64 @@ -1302,7 +1309,7 @@ inherit_from => [ "BASE_Windows" ], template => 1, CC => "cl", - CPP => '"$(CC)" /EP /C', + CPP => '$(CC) /EP /C', CFLAGS => "/W3 /wd4090 /nologo", coutflag => "/Fo", LD => "link", @@ -1311,7 +1318,7 @@ ldpostoutflag => "", ld_resp_delim => "\n", bin_lflags => "setargv.obj", - makedepcmd => '"$(CC)" /Zs /showIncludes', + makedepcmd => '$(CC) /Zs /showIncludes', makedep_scheme => 'VC', AR => "lib", ARFLAGS => "/nologo", diff -Nru openssl-3.0.5/Configurations/50-djgpp.conf openssl-3.0.7/Configurations/50-djgpp.conf --- openssl-3.0.5/Configurations/50-djgpp.conf 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/Configurations/50-djgpp.conf 2022-11-01 14:14:36.000000000 +0000 @@ -4,6 +4,7 @@ my %targets = ( "DJGPP" => { + inherit_from => [ "BASE_unix" ], CC => "gcc", CFLAGS => "-fomit-frame-pointer -O2 -Wall", cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN", diff -Nru openssl-3.0.5/Configurations/windows-makefile.tmpl openssl-3.0.7/Configurations/windows-makefile.tmpl --- openssl-3.0.5/Configurations/windows-makefile.tmpl 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/Configurations/windows-makefile.tmpl 2022-11-01 14:14:36.000000000 +0000 @@ -500,8 +500,8 @@ {- output_off() if $disabled{fips}; "" -} install_fips: build_sw $(INSTALL_FIPSMODULECONF) # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) - @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR) - @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(OPENSSLDIR) + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)" + @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)" @$(ECHO) "*** Installing FIPS module" @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)" @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)" @@ -742,7 +742,7 @@ rel2abs($config{builddir})); my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : ''; my $ord_name = - $args{generator}->[1] || platform->dsoname($args{product}); + $args{generator}->[1] || basename(platform->dsoname($args{product})); return <<"EOF"; $target: $gen0 $deps $mkdef "\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target diff -Nru openssl-3.0.5/Configure openssl-3.0.7/Configure --- openssl-3.0.5/Configure 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/Configure 2022-11-01 14:14:36.000000000 +0000 @@ -17,7 +17,6 @@ use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/; use File::Path qw/mkpath/; -use File::Compare qw(compare_text); use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt"; use OpenSSL::Glob; use OpenSSL::Template; @@ -1503,9 +1502,7 @@ } unless ($disabled{ubsan} || defined $detected_sanitizers{ubsan}) { - # -DPEDANTIC or -fnosanitize=alignment may also be required on some - # platforms. - push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all"; + push @{$config{cflags}}, "-fsanitize=undefined", "-fno-sanitize-recover=all", "-DPEDANTIC"; } unless ($disabled{msan} || defined $detected_sanitizers{msan}) { @@ -1717,20 +1714,13 @@ unless ($disabled{ktls}) { $config{ktls}=""; + my $cc = $config{CROSS_COMPILE}.$config{CC}; if ($target =~ m/^linux/) { - my $usr = "/usr/$config{cross_compile_prefix}"; - chop($usr); - if ($config{cross_compile_prefix} eq "") { - $usr = "/usr"; - } - my $minver = (4 << 16) + (13 << 8) + 0; - my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`); - - if ($verstr[2] < $minver) { + system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); + if ($? != 0) { disable('too-old-kernel', 'ktls'); } } elsif ($target =~ m/^BSD/) { - my $cc = $config{CROSS_COMPILE}.$config{CC}; system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); if ($? != 0) { disable('too-old-freebsd', 'ktls'); @@ -2849,59 +2839,20 @@ ) or die $Text::Template::ERROR; close CONFIGDATA; -# When using stat() on Windows, we can get it to perform better by avoid some -# data. This doesn't affect the mtime field, so we're not losing anything... -${^WIN32_SLOPPY_STAT} = 1; - -my $update_configdata = 0; -my $run_configdata = 0; -if (-f $configdata_outname) { - my $Configure_mtime = (stat($0))[9]; - my $configdata_mtime = (stat($configdata_outname))[9]; - - # If this script was updated after the last configdata.pm, or if - # configdata.pm.new differs from configdata.pm, we update configdata.pm - if ($configdata_mtime < $Configure_mtime - || compare_text("$configdata_outname.new", $configdata_outname) != 0) { - $update_configdata = 1; - } else { - # If nothing has changed, let's just drop the new one and pretend - # like nothing happened - unlink "$configdata_outname.new"; - - # We still run configdata.pm if one of the build file (Makefile) or - # the configuration header file are missing - $run_configdata = - !( -f $target{build_file} ) - || !( -f catfile('include', 'openssl', 'configuration.h') ); - } -} else { - $update_configdata = 1; -} - -if ($update_configdata) { - # If something did change, or there was no previous configdata.pm, we - # rename the new one, set permissions as needed, and run it. - rename "$configdata_outname.new", $configdata_outname; - if ($builder_platform eq 'unix') { - my $mode = (0755 & ~umask); - chmod $mode, 'configdata.pm' - or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); - } - $run_configdata = 1; - print "Created $configdata_outname\n"; -} - -if ($run_configdata) { - print "Running $configdata_outname\n"; - my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; - my $cmd = "$perlcmd $configdata_outname"; - #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; - system($cmd); - exit 1 if $? != 0; -} else { - print "No changes in $configdata_outname, no need to run it\n"; -} +rename "$configdata_outname.new", $configdata_outname; +if ($builder_platform eq 'unix') { + my $mode = (0755 & ~umask); + chmod $mode, 'configdata.pm' + or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); +} +print "Created $configdata_outname\n"; + +print "Running $configdata_outname\n"; +my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; +my $cmd = "$perlcmd $configdata_outname"; +#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; +system($cmd); +exit 1 if $? != 0; $SIG{__DIE__} = $orig_death_handler; diff -Nru openssl-3.0.5/crypto/aes/asm/aesv8-armx.pl openssl-3.0.7/crypto/aes/asm/aesv8-armx.pl --- openssl-3.0.5/crypto/aes/asm/aesv8-armx.pl 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/aes/asm/aesv8-armx.pl 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1797,6 +1797,21 @@ #ifndef __ARMEB__ rev $ctr, $ctr #endif +___ +$code.=<<___ if ($flavour =~ /64/); + vorr $dat1,$dat0,$dat0 + add $tctr1, $ctr, #1 + vorr $dat2,$dat0,$dat0 + add $ctr, $ctr, #2 + vorr $ivec,$dat0,$dat0 + rev $tctr1, $tctr1 + vmov.32 ${dat1}[3],$tctr1 + b.ls .Lctr32_tail + rev $tctr2, $ctr + sub $len,$len,#3 // bias + vmov.32 ${dat2}[3],$tctr2 +___ +$code.=<<___ if ($flavour !~ /64/); add $tctr1, $ctr, #1 vorr $ivec,$dat0,$dat0 rev $tctr1, $tctr1 @@ -1810,7 +1825,7 @@ vorr $dat2,$ivec,$ivec ___ $code.=<<___ if ($flavour =~ /64/); - cmp $len,#2 + cmp $len,#32 b.lo .Loop3x_ctr32 add w13,$ctr,#1 @@ -2003,11 +2018,25 @@ aese $dat1,q8 aesmc $tmp1,$dat1 vld1.8 {$in0},[$inp],#16 +___ +$code.=<<___ if ($flavour =~ /64/); + vorr $dat0,$ivec,$ivec +___ +$code.=<<___ if ($flavour !~ /64/); add $tctr0,$ctr,#1 +___ +$code.=<<___; aese $dat2,q8 aesmc $dat2,$dat2 vld1.8 {$in1},[$inp],#16 +___ +$code.=<<___ if ($flavour =~ /64/); + vorr $dat1,$ivec,$ivec +___ +$code.=<<___ if ($flavour !~ /64/); rev $tctr0,$tctr0 +___ +$code.=<<___; aese $tmp0,q9 aesmc $tmp0,$tmp0 aese $tmp1,q9 @@ -2016,6 +2045,12 @@ mov $key_,$key aese $dat2,q9 aesmc $tmp2,$dat2 +___ +$code.=<<___ if ($flavour =~ /64/); + vorr $dat2,$ivec,$ivec + add $tctr0,$ctr,#1 +___ +$code.=<<___; aese $tmp0,q12 aesmc $tmp0,$tmp0 aese $tmp1,q12 @@ -2031,22 +2066,47 @@ aese $tmp1,q13 aesmc $tmp1,$tmp1 veor $in2,$in2,$rndlast +___ +$code.=<<___ if ($flavour =~ /64/); + rev $tctr0,$tctr0 + aese $tmp2,q13 + aesmc $tmp2,$tmp2 + vmov.32 ${dat0}[3], $tctr0 +___ +$code.=<<___ if ($flavour !~ /64/); vmov.32 ${ivec}[3], $tctr0 aese $tmp2,q13 aesmc $tmp2,$tmp2 vorr $dat0,$ivec,$ivec +___ +$code.=<<___; rev $tctr1,$tctr1 aese $tmp0,q14 aesmc $tmp0,$tmp0 +___ +$code.=<<___ if ($flavour !~ /64/); vmov.32 ${ivec}[3], $tctr1 rev $tctr2,$ctr +___ +$code.=<<___; aese $tmp1,q14 aesmc $tmp1,$tmp1 +___ +$code.=<<___ if ($flavour =~ /64/); + vmov.32 ${dat1}[3], $tctr1 + rev $tctr2,$ctr + aese $tmp2,q14 + aesmc $tmp2,$tmp2 + vmov.32 ${dat2}[3], $tctr2 +___ +$code.=<<___ if ($flavour !~ /64/); vorr $dat1,$ivec,$ivec vmov.32 ${ivec}[3], $tctr2 aese $tmp2,q14 aesmc $tmp2,$tmp2 vorr $dat2,$ivec,$ivec +___ +$code.=<<___; subs $len,$len,#3 aese $tmp0,q15 aese $tmp1,q15 diff -Nru openssl-3.0.5/crypto/arm_arch.h openssl-3.0.7/crypto/arm_arch.h --- openssl-3.0.5/crypto/arm_arch.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/arm_arch.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -100,17 +100,17 @@ # define ARM_CPU_PART_N1 0xD0C # define MIDR_PARTNUM_SHIFT 4 -# define MIDR_PARTNUM_MASK (0xfff << MIDR_PARTNUM_SHIFT) +# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) # define MIDR_PARTNUM(midr) \ (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) # define MIDR_IMPLEMENTER_SHIFT 24 -# define MIDR_IMPLEMENTER_MASK (0xff << MIDR_IMPLEMENTER_SHIFT) +# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) # define MIDR_IMPLEMENTER(midr) \ (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) # define MIDR_ARCHITECTURE_SHIFT 16 -# define MIDR_ARCHITECTURE_MASK (0xf << MIDR_ARCHITECTURE_SHIFT) +# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) # define MIDR_ARCHITECTURE(midr) \ (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) @@ -121,7 +121,7 @@ # define MIDR_CPU_MODEL(imp, partnum) \ (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ - (0xf << MIDR_ARCHITECTURE_SHIFT) | \ + (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ ((partnum) << MIDR_PARTNUM_SHIFT)) # define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ diff -Nru openssl-3.0.5/crypto/armcap.c openssl-3.0.7/crypto/armcap.c --- openssl-3.0.5/crypto/armcap.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/armcap.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,11 +257,11 @@ } # endif - /* Things that getauxval didn't tell us */ - if (sigsetjmp(ill_jmp, 1) == 0) { - _armv7_tick(); - OPENSSL_armcap_P |= ARMV7_TICK; - } + /* + * Probing for ARMV7_TICK is known to produce unreliable results, + * so we will only use the feature when the user explicitly enables + * it with OPENSSL_armcap. + */ sigaction(SIGILL, &ill_oact, NULL); sigprocmask(SIG_SETMASK, &oset, NULL); diff -Nru openssl-3.0.5/crypto/asn1/asn_mime.c openssl-3.0.7/crypto/asn1/asn_mime.c --- openssl-3.0.5/crypto/asn1/asn_mime.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/asn1/asn_mime.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,6 +69,8 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, const ASN1_ITEM *it) { + int rv = 1; + /* If streaming create stream BIO and copy all content through it */ if (flags & SMIME_STREAM) { BIO *bio, *tbio; @@ -77,7 +79,10 @@ ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } - SMIME_crlf_copy(in, bio, flags); + if (!SMIME_crlf_copy(in, bio, flags)) { + rv = 0; + } + (void)BIO_flush(bio); /* Free up successive BIOs until we hit the old output BIO */ do { @@ -92,7 +97,7 @@ */ else ASN1_item_i2d_bio(it, out, val); - return 1; + return rv; } /* Base 64 read and write of ASN1 structure */ @@ -346,8 +351,7 @@ * set up to finalise when it is written through. */ if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { - SMIME_crlf_copy(data, out, flags); - return 1; + return SMIME_crlf_copy(data, out, flags); } if (!aux || !aux->asn1_cb) { @@ -365,7 +369,8 @@ return 0; /* Copy data across, passing through filter BIOs for processing */ - SMIME_crlf_copy(data, sarg.ndef_bio, flags); + if (!SMIME_crlf_copy(data, sarg.ndef_bio, flags)) + rv = 0; /* Finalize structure */ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) @@ -515,8 +520,10 @@ * when streaming as we don't end up with one OCTET STRING per line. */ bf = BIO_new(BIO_f_buffer()); - if (bf == NULL) + if (bf == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; + } out = BIO_push(bf, out); if (flags & SMIME_BINARY) { while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) diff -Nru openssl-3.0.5/crypto/bio/bio_lib.c openssl-3.0.7/crypto/bio/bio_lib.c --- openssl-3.0.5/crypto/bio/bio_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bio/bio_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,6 +12,7 @@ #include #include #include +#include "internal/numbers.h" #include "bio_local.h" /* @@ -620,12 +621,28 @@ */ size_t BIO_ctrl_pending(BIO *bio) { - return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); + long ret = BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); + + if (ret < 0) + ret = 0; +#if LONG_MAX > SIZE_MAX + if (ret > SIZE_MAX) + ret = SIZE_MAX; +#endif + return (size_t)ret; } size_t BIO_ctrl_wpending(BIO *bio) { - return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); + long ret = BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); + + if (ret < 0) + ret = 0; +#if LONG_MAX > SIZE_MAX + if (ret > SIZE_MAX) + ret = SIZE_MAX; +#endif + return (size_t)ret; } /* put the 'bio' on the end of b's list of operators */ diff -Nru openssl-3.0.5/crypto/bio/bss_dgram.c openssl-3.0.7/crypto/bio/bss_dgram.c --- openssl-3.0.5/crypto/bio/bss_dgram.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bio/bss_dgram.c 2022-11-01 14:14:36.000000000 +0000 @@ -1914,7 +1914,8 @@ t->tv_sec = (long)(now_ul / 10000000); t->tv_usec = ((int)(now_ul % 10000000)) / 10; # else - gettimeofday(t, NULL); + if (gettimeofday(t, NULL) < 0) + perror("gettimeofday"); # endif } diff -Nru openssl-3.0.5/crypto/bn/asm/rsaz-avx512.pl openssl-3.0.7/crypto/bn/asm/rsaz-avx512.pl --- openssl-3.0.5/crypto/bn/asm/rsaz-avx512.pl 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bn/asm/rsaz-avx512.pl 2022-11-01 14:14:36.000000000 +0000 @@ -1,4 +1,4 @@ -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2020, Intel Corporation. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -48,8 +48,17 @@ $avx512ifma = ($1==2.11 && $2>=8) + ($1>=2.12); } -if (!$avx512 && `$ENV{CC} -v 2>&1` =~ /((?:clang|LLVM) version|.*based on LLVM) ([0-9]+\.[0-9]+)/) { - $avx512ifma = ($2>=7.0); +if (!$avx512 && `$ENV{CC} -v 2>&1` + =~ /(Apple)?\s*((?:clang|LLVM) version|.*based on LLVM) ([0-9]+)\.([0-9]+)\.([0-9]+)?/) { + my $ver = $3 + $4/100.0 + $5/10000.0; # 3.1.0->3.01, 3.10.1->3.1001 + if ($1) { + # Apple conditions, they use a different version series, see + # https://en.wikipedia.org/wiki/Xcode#Xcode_7.0_-_10.x_(since_Free_On-Device_Development)_2 + # clang 7.0.0 is Apple clang 10.0.1 + $avx512ifma = ($ver>=10.0001) + } else { + $avx512ifma = ($3>=7.0); + } } open OUT,"| \"$^X\" \"$xlate\" $flavour \"$output\"" diff -Nru openssl-3.0.5/crypto/bn/bn_prime.c openssl-3.0.7/crypto/bn/bn_prime.c --- openssl-3.0.5/crypto/bn/bn_prime.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bn/bn_prime.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -308,9 +308,10 @@ goto err; #endif - ret = ossl_bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status); - if (!ret) + if (!ossl_bn_miller_rabin_is_prime(w, checks, ctx, cb, 0, &status)) { + ret = -1; goto err; + } ret = (status == BN_PRIMETEST_PROBABLY_PRIME); err: #ifndef FIPS_MODULE diff -Nru openssl-3.0.5/crypto/bn/bn_rand.c openssl-3.0.7/crypto/bn/bn_rand.c --- openssl-3.0.5/crypto/bn/bn_rand.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bn/bn_rand.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -136,6 +136,11 @@ int n; int count = 100; + if (r == NULL) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (range->neg || BN_is_zero(range)) { ERR_raise(ERR_LIB_BN, BN_R_INVALID_RANGE); return 0; diff -Nru openssl-3.0.5/crypto/bn/rsaz_exp_x2.c openssl-3.0.7/crypto/bn/rsaz_exp_x2.c --- openssl-3.0.5/crypto/bn/rsaz_exp_x2.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/bn/rsaz_exp_x2.c 2022-11-01 14:14:36.000000000 +0000 @@ -31,6 +31,14 @@ # define ALIGN64 # endif +# if defined(__GNUC__) +# define ALIGN1 __attribute__((aligned(1))) +# elif defined(_MSC_VER) +# define ALIGN1 __declspec(align(1)) +# else +# define ALIGN1 +# endif + # define ALIGN_OF(ptr, boundary) \ ((unsigned char *)(ptr) + (boundary - (((size_t)(ptr)) & (boundary - 1)))) @@ -42,6 +50,8 @@ # define BITS2WORD8_SIZE(x) (((x) + 7) >> 3) # define BITS2WORD64_SIZE(x) (((x) + 63) >> 6) +typedef uint64_t ALIGN1 uint64_t_align1; + static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len); static ossl_inline void put_digit52(uint8_t *out, int out_len, uint64_t digit); static void to_words52(BN_ULONG *out, int out_len, const BN_ULONG *in, @@ -468,9 +478,9 @@ in_str = (uint8_t *)in; for (; in_bitsize >= (2 * DIGIT_SIZE); in_bitsize -= (2 * DIGIT_SIZE), out += 2) { - out[0] = (*(uint64_t *)in_str) & DIGIT_MASK; + out[0] = (*(uint64_t_align1 *)in_str) & DIGIT_MASK; in_str += 6; - out[1] = ((*(uint64_t *)in_str) >> 4) & DIGIT_MASK; + out[1] = ((*(uint64_t_align1 *)in_str) >> 4) & DIGIT_MASK; in_str += 7; out_len -= 2; } @@ -527,9 +537,9 @@ uint8_t *out_str = (uint8_t *)out; for (; out_bitsize >= (2 * DIGIT_SIZE); out_bitsize -= (2 * DIGIT_SIZE), in += 2) { - (*(uint64_t *)out_str) = in[0]; + (*(uint64_t_align1 *)out_str) = in[0]; out_str += 6; - (*(uint64_t *)out_str) ^= in[1] << 4; + (*(uint64_t_align1 *)out_str) ^= in[1] << 4; out_str += 7; } diff -Nru openssl-3.0.5/crypto/cmp/cmp_http.c openssl-3.0.7/crypto/cmp/cmp_http.c --- openssl-3.0.5/crypto/cmp/cmp_http.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cmp/cmp_http.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -31,7 +31,10 @@ static int keep_alive(int keep_alive, int body_type) { if (keep_alive != 0 - /* Ask for persistent connection only if may need more round trips */ + /* + * Ask for persistent connection only if may need more round trips. + * Do so even with disableConfirm because polling might be needed. + */ && body_type != OSSL_CMP_PKIBODY_IR && body_type != OSSL_CMP_PKIBODY_CR && body_type != OSSL_CMP_PKIBODY_P10CR diff -Nru openssl-3.0.5/crypto/cmp/cmp_msg.c openssl-3.0.7/crypto/cmp/cmp_msg.c --- openssl-3.0.5/crypto/cmp/cmp_msg.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cmp/cmp_msg.c 2022-11-01 14:14:36.000000000 +0000 @@ -253,16 +253,16 @@ (sk_GENERAL_NAME_num((ctx)->subjectAltNames) > 0 \ || OSSL_CMP_CTX_reqExtensions_have_SAN(ctx) == 1) -static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, - const X509_NAME *ref_subj, - int for_KUR) +static const X509_NAME *determine_subj(OSSL_CMP_CTX *ctx, int for_KUR, + const X509_NAME *ref_subj) { if (ctx->subjectName != NULL) return IS_NULL_DN(ctx->subjectName) ? NULL : ctx->subjectName; - - if (ref_subj != NULL && (ctx->p10CSR != NULL || for_KUR || !HAS_SAN(ctx))) + if (ctx->p10CSR != NULL) /* first default is from any given CSR */ + return X509_REQ_get_subject_name(ctx->p10CSR); + if (for_KUR || !HAS_SAN(ctx)) /* - * For KUR, copy subject from the reference. + * For KUR, copy subject from any reference cert as fallback. * For IR or CR, do the same only if there is no subjectAltName. */ return ref_subj; @@ -277,9 +277,8 @@ EVP_PKEY *rkey = OSSL_CMP_CTX_get0_newPkey(ctx, 0); STACK_OF(GENERAL_NAME) *default_sans = NULL; const X509_NAME *ref_subj = - ctx->p10CSR != NULL ? X509_REQ_get_subject_name(ctx->p10CSR) : refcert != NULL ? X509_get_subject_name(refcert) : NULL; - const X509_NAME *subject = determine_subj(ctx, ref_subj, for_KUR); + const X509_NAME *subject = determine_subj(ctx, for_KUR, ref_subj); const X509_NAME *issuer = ctx->issuer != NULL || refcert == NULL ? (IS_NULL_DN(ctx->issuer) ? NULL : ctx->issuer) : X509_get_issuer_name(refcert); diff -Nru openssl-3.0.5/crypto/cmp/cmp_util.c openssl-3.0.7/crypto/cmp/cmp_util.c --- openssl-3.0.5/crypto/cmp/cmp_util.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cmp/cmp_util.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -101,8 +101,8 @@ *file = OPENSSL_strndup(p_file, p_line - 1 - p_file); /* no real problem if OPENSSL_strndup() returns NULL */ *line = (int)line_number; - msg = strchr(p_level, ':') + 1; - if (*msg == ' ') + msg = strchr(p_level, ':'); + if (msg != NULL && *++msg == ' ') msg++; } } diff -Nru openssl-3.0.5/crypto/cms/cms_enc.c openssl-3.0.7/crypto/cms/cms_enc.c --- openssl-3.0.5/crypto/cms/cms_enc.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cms/cms_enc.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -83,6 +83,11 @@ calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); + goto err; + } + if (ivlen > 0) { if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; diff -Nru openssl-3.0.5/crypto/cms/cms_lib.c openssl-3.0.7/crypto/cms/cms_lib.c --- openssl-3.0.5/crypto/cms/cms_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cms/cms_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,8 +34,11 @@ (CMS_ContentInfo_it()), ossl_cms_ctx_get0_libctx(ctx), ossl_cms_ctx_get0_propq(ctx)); - if (ci != NULL) + if (ci != NULL) { + ERR_set_mark(); ossl_cms_resolve_libctx(ci); + ERR_pop_to_mark(); + } return ci; } diff -Nru openssl-3.0.5/crypto/cms/cms_pwri.c openssl-3.0.7/crypto/cms/cms_pwri.c --- openssl-3.0.5/crypto/cms/cms_pwri.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cms/cms_pwri.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,6 +96,10 @@ } ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); + goto err; + } if (ivlen > 0) { if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) diff -Nru openssl-3.0.5/crypto/cms/cms_smime.c openssl-3.0.7/crypto/cms/cms_smime.c --- openssl-3.0.5/crypto/cms/cms_smime.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/cms/cms_smime.c 2022-11-01 14:14:36.000000000 +0000 @@ -432,7 +432,8 @@ * Don't use SMIME_TEXT for verify: it adds headers and we want to * remove them. */ - SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT); + if (!SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT)) + goto err; if (flags & CMS_TEXT) { if (!SMIME_text(tmpout, out)) { @@ -882,7 +883,9 @@ return 0; } - ret = SMIME_crlf_copy(data, cmsbio, flags); + if (!SMIME_crlf_copy(data, cmsbio, flags)) { + goto err; + } (void)BIO_flush(cmsbio); @@ -890,6 +893,9 @@ ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR); goto err; } + + ret = 1; + err: do_free_upto(cmsbio, dcont); diff -Nru openssl-3.0.5/crypto/conf/conf_sap.c openssl-3.0.7/crypto/conf/conf_sap.c --- openssl-3.0.5/crypto/conf/conf_sap.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/conf/conf_sap.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,16 +44,20 @@ int ossl_config_int(const OPENSSL_INIT_SETTINGS *settings) { int ret = 0; +#if defined(OPENSSL_INIT_DEBUG) || !defined(OPENSSL_SYS_UEFI) const char *filename; const char *appname; unsigned long flags; +#endif if (openssl_configured) return 1; +#if defined(OPENSSL_INIT_DEBUG) || !defined(OPENSSL_SYS_UEFI) filename = settings ? settings->filename : NULL; appname = settings ? settings->appname : NULL; flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS; +#endif #ifdef OPENSSL_INIT_DEBUG fprintf(stderr, "OPENSSL_INIT: ossl_config_int(%s, %s, %lu)\n", diff -Nru openssl-3.0.5/crypto/core_algorithm.c openssl-3.0.7/crypto/core_algorithm.c --- openssl-3.0.5/crypto/core_algorithm.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/core_algorithm.c 2022-11-01 14:14:36.000000000 +0000 @@ -18,8 +18,10 @@ int operation_id; /* May be zero for finding them all */ int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result); + int (*reserve_store)(int no_store, void *data); void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, void *data); + int (*unreserve_store)(void *data); int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result); void *data; @@ -43,6 +45,10 @@ struct algorithm_data_st *data = cbdata; int ret = 0; + if (!data->reserve_store(no_store, data->data)) + /* Error, bail out! */ + return -1; + /* Do we fulfill pre-conditions? */ if (data->pre == NULL) { /* If there is no pre-condition function, assume "yes" */ @@ -50,7 +56,8 @@ } else if (!data->pre(provider, cur_operation, no_store, data->data, &ret)) { /* Error, bail out! */ - return -1; + ret = -1; + goto end; } /* @@ -58,8 +65,10 @@ * but do continue with the next. This simply means that another thread * got to it first. */ - if (ret == 0) - return 1; + if (ret == 0) { + ret = 1; + goto end; + } if (map != NULL) { const OSSL_ALGORITHM *thismap; @@ -75,9 +84,12 @@ } else if (!data->post(provider, cur_operation, no_store, data->data, &ret)) { /* Error, bail out! */ - return -1; + ret = -1; } + end: + data->unreserve_store(data->data); + return ret; } @@ -103,7 +115,7 @@ cur_operation++) { int no_store = 0; /* Assume caching is ok */ const OSSL_ALGORITHM *map = NULL; - int ret; + int ret = 0; map = ossl_provider_query_operation(provider, cur_operation, &no_store); @@ -126,9 +138,11 @@ OSSL_PROVIDER *provider, int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), void (*fn)(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *data), + int (*unreserve_store)(void *data), int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result), void *data) @@ -138,7 +152,9 @@ cbdata.libctx = libctx; cbdata.operation_id = operation_id; cbdata.pre = pre; + cbdata.reserve_store = reserve_store; cbdata.fn = fn; + cbdata.unreserve_store = unreserve_store; cbdata.post = post; cbdata.data = data; diff -Nru openssl-3.0.5/crypto/core_fetch.c openssl-3.0.7/crypto/core_fetch.c --- openssl-3.0.5/crypto/core_fetch.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/core_fetch.c 2022-11-01 14:14:36.000000000 +0000 @@ -31,6 +31,31 @@ return no_store && !data->force_store; } +static int ossl_method_construct_reserve_store(int no_store, void *cbdata) +{ + struct construct_data_st *data = cbdata; + + if (is_temporary_method_store(no_store, data) && data->store == NULL) { + /* + * If we have been told not to store the method "permanently", we + * ask for a temporary store, and store the method there. + * The owner of |data->mcm| is completely responsible for managing + * that temporary store. + */ + if ((data->store = data->mcm->get_tmp_store(data->mcm_data)) == NULL) + return 0; + } + + return data->mcm->lock_store(data->store, data->mcm_data); +} + +static int ossl_method_construct_unreserve_store(void *cbdata) +{ + struct construct_data_st *data = cbdata; + + return data->mcm->unlock_store(data->store, data->mcm_data); +} + static int ossl_method_construct_precondition(OSSL_PROVIDER *provider, int operation_id, int no_store, void *cbdata, int *result) @@ -95,24 +120,8 @@ * It is *expected* that the put function increments the refcnt * of the passed method. */ - - if (!is_temporary_method_store(no_store, data)) { - /* If we haven't been told not to store, add to the global store */ - data->mcm->put(NULL, method, provider, algo->algorithm_names, - algo->property_definition, data->mcm_data); - } else { - /* - * If we have been told not to store the method "permanently", we - * ask for a temporary store, and store the method there. - * The owner of |data->mcm| is completely responsible for managing - * that temporary store. - */ - if ((data->store = data->mcm->get_tmp_store(data->mcm_data)) == NULL) - return; - - data->mcm->put(data->store, method, provider, algo->algorithm_names, - algo->property_definition, data->mcm_data); - } + data->mcm->put(data->store, method, provider, algo->algorithm_names, + algo->property_definition, data->mcm_data); /* refcnt-- because we're dropping the reference */ data->mcm->destruct(method, data->mcm_data); @@ -143,7 +152,9 @@ cbdata.mcm_data = mcm_data; ossl_algorithm_do_all(libctx, operation_id, provider, ossl_method_construct_precondition, + ossl_method_construct_reserve_store, ossl_method_construct_this, + ossl_method_construct_unreserve_store, ossl_method_construct_postcondition, &cbdata); diff -Nru openssl-3.0.5/crypto/dh/dh_group_params.c openssl-3.0.7/crypto/dh/dh_group_params.c --- openssl-3.0.5/crypto/dh/dh_group_params.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/dh/dh_group_params.c 2022-11-01 14:14:36.000000000 +0000 @@ -31,7 +31,7 @@ if (dh == NULL) return NULL; - ossl_ffc_named_group_set_pqg(&dh->params, group); + ossl_ffc_named_group_set(&dh->params, group); dh->params.nid = ossl_ffc_named_group_get_uid(group); dh->dirty_cnt++; return dh; @@ -72,8 +72,9 @@ dh->params.g)) != NULL) { if (dh->params.q == NULL) dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group); - /* cache the nid */ + /* cache the nid and default key length */ dh->params.nid = ossl_ffc_named_group_get_uid(group); + dh->params.keylength = ossl_ffc_named_group_get_keylength(group); dh->dirty_cnt++; } } diff -Nru openssl-3.0.5/crypto/dh/dh_pmeth.c openssl-3.0.7/crypto/dh/dh_pmeth.c --- openssl-3.0.5/crypto/dh/dh_pmeth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/dh/dh_pmeth.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -432,7 +432,8 @@ else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) { unsigned char *Z = NULL; - size_t Zlen = 0; + int Zlen = 0; + if (!dctx->kdf_outlen || !dctx->kdf_oid) return 0; if (key == NULL) { diff -Nru openssl-3.0.5/crypto/ec/build.info openssl-3.0.7/crypto/ec/build.info --- openssl-3.0.5/crypto/ec/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ec/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -71,6 +71,14 @@ # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$ECDEF DEFINE[../../providers/libfips.a]=$ECDEF +DEFINE[../../providers/libdefault.a]=$ECDEF +# We only need to include the ECDEF stuff in the legacy provider when +# it's a separate module and it's dynamically linked with libcrypto. +# Otherwise, it already gets everything that the static libcrypto.a +# has, and doesn't need it added again. +IF[{- !$disabled{module} && !$disabled{shared} -}] + DEFINE[../providers/liblegacy.a]=$ECDEF +ENDIF GENERATE[ecp_nistz256-x86.S]=asm/ecp_nistz256-x86.pl diff -Nru openssl-3.0.5/crypto/ec/ec_ameth.c openssl-3.0.7/crypto/ec/ec_ameth.c --- openssl-3.0.5/crypto/ec/ec_ameth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ec/ec_ameth.c 2022-11-01 14:14:36.000000000 +0000 @@ -42,7 +42,6 @@ ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid); if (asn1obj == NULL || OBJ_length(asn1obj) == 0) { - ASN1_OBJECT_free(asn1obj); ERR_raise(ERR_LIB_EC, EC_R_MISSING_OID); return 0; } @@ -92,9 +91,7 @@ ptype, pval, penc, penclen)) return 1; err: - if (ptype == V_ASN1_OBJECT) - ASN1_OBJECT_free(pval); - else + if (ptype == V_ASN1_SEQUENCE) ASN1_STRING_free(pval); OPENSSL_free(penc); return 0; @@ -187,19 +184,22 @@ eplen = i2d_ECPrivateKey(&ec_key, &ep); if (eplen <= 0) { ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - ASN1_STRING_free(pval); - return 0; + goto err; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ptype, pval, ep, eplen)) { - ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB); - ASN1_STRING_free(pval); + ERR_raise(ERR_LIB_EC, ERR_R_ASN1_LIB); OPENSSL_clear_free(ep, eplen); - return 0; + goto err; } return 1; + + err: + if (ptype == V_ASN1_SEQUENCE) + ASN1_STRING_free(pval); + return 0; } static int int_ec_size(const EVP_PKEY *pkey) diff -Nru openssl-3.0.5/crypto/ec/ec_key.c openssl-3.0.7/crypto/ec/ec_key.c --- openssl-3.0.5/crypto/ec/ec_key.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ec/ec_key.c 2022-11-01 14:14:36.000000000 +0000 @@ -721,6 +721,16 @@ return 0; /* + * Return `0` to comply with legacy behavior for this function, see + * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 + */ + if (priv_key == NULL) { + BN_clear_free(key->priv_key); + key->priv_key = NULL; + return 0; /* intentional for legacy compatibility */ + } + + /* * We should never leak the bit length of the secret scalar in the key, * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` * holding the secret scalar. diff -Nru openssl-3.0.5/crypto/ec/ecx_meth.c openssl-3.0.7/crypto/ec/ecx_meth.c --- openssl-3.0.5/crypto/ec/ecx_meth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ec/ecx_meth.c 2022-11-01 14:14:36.000000000 +0000 @@ -1160,12 +1160,10 @@ { const unsigned char *privkey, *pubkey; - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) + if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) + || (key != NULL + && s390x_x25519_mul(key, privkey, pubkey) == 0)) return 0; - - if (key != NULL) - return s390x_x25519_mul(key, pubkey, privkey); - *keylen = X25519_KEYLEN; return 1; } @@ -1175,12 +1173,10 @@ { const unsigned char *privkey, *pubkey; - if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)) + if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey) + || (key != NULL + && s390x_x448_mul(key, pubkey, privkey) == 0)) return 0; - - if (key != NULL) - return s390x_x448_mul(key, pubkey, privkey); - *keylen = X448_KEYLEN; return 1; } diff -Nru openssl-3.0.5/crypto/encode_decode/decoder_meth.c openssl-3.0.7/crypto/encode_decode/decoder_meth.c --- openssl-3.0.5/crypto/encode_decode/decoder_meth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/encode_decode/decoder_meth.c 2022-11-01 14:14:36.000000000 +0000 @@ -124,6 +124,28 @@ &decoder_store_method); } +static int reserve_decoder_store(void *store, void *data) +{ + struct decoder_data_st *methdata = data; + + if (store == NULL + && (store = get_decoder_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_lock_store(store); +} + +static int unreserve_decoder_store(void *store, void *data) +{ + struct decoder_data_st *methdata = data; + + if (store == NULL + && (store = get_decoder_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_unlock_store(store); +} + /* Get decoder methods from a store, or put one in */ static void *get_decoder_from_store(void *store, const OSSL_PROVIDER **prov, void *data) @@ -374,6 +396,8 @@ || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_decoder_store, + reserve_decoder_store, + unreserve_decoder_store, get_decoder_from_store, put_decoder_in_store, construct_decoder, diff -Nru openssl-3.0.5/crypto/encode_decode/encoder_meth.c openssl-3.0.7/crypto/encode_decode/encoder_meth.c --- openssl-3.0.5/crypto/encode_decode/encoder_meth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/encode_decode/encoder_meth.c 2022-11-01 14:14:36.000000000 +0000 @@ -124,6 +124,28 @@ &encoder_store_method); } +static int reserve_encoder_store(void *store, void *data) +{ + struct encoder_data_st *methdata = data; + + if (store == NULL + && (store = get_encoder_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_lock_store(store); +} + +static int unreserve_encoder_store(void *store, void *data) +{ + struct encoder_data_st *methdata = data; + + if (store == NULL + && (store = get_encoder_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_unlock_store(store); +} + /* Get encoder methods from a store, or put one in */ static void *get_encoder_from_store(void *store, const OSSL_PROVIDER **prov, void *data) @@ -384,6 +406,8 @@ || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_encoder_store, + reserve_encoder_store, + unreserve_encoder_store, get_encoder_from_store, put_encoder_in_store, construct_encoder, diff -Nru openssl-3.0.5/crypto/evp/ctrl_params_translate.c openssl-3.0.7/crypto/evp/ctrl_params_translate.c --- openssl-3.0.5/crypto/evp/ctrl_params_translate.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/ctrl_params_translate.c 2022-11-01 14:14:36.000000000 +0000 @@ -1955,6 +1955,32 @@ IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8) IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9) +static int fix_group_ecx(enum state state, + const struct translation_st *translation, + struct translation_ctx_st *ctx) +{ + const char *value = NULL; + + switch (state) { + case PRE_PARAMS_TO_CTRL: + if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx)) + return 0; + ctx->action_type = NONE; + return 1; + case POST_PARAMS_TO_CTRL: + if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 || + OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); + ctx->p1 = 0; + return 0; + } + ctx->p1 = 1; + return 1; + default: + return 0; + } +} + /*- * The translation table itself * ============================ @@ -2274,6 +2300,15 @@ { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_GET_MD, NULL, NULL, OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, + + /*- + * ECX + * === + */ + { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, + { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, + OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, }; static const struct translation_st evp_pkey_translations[] = { @@ -2692,7 +2727,7 @@ ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx); - if (ret > 0 && action_type != NONE) + if (ret > 0 && ctx.action_type != NONE) ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype, ctx.ctrl_cmd, ctx.p1, ctx.p2); diff -Nru openssl-3.0.5/crypto/evp/digest.c openssl-3.0.7/crypto/evp/digest.c --- openssl-3.0.5/crypto/evp/digest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/digest.c 2022-11-01 14:14:36.000000000 +0000 @@ -225,7 +225,9 @@ || tmpimpl != NULL #endif || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 - || type->origin == EVP_ORIG_METH) { + || (type != NULL && type->origin == EVP_ORIG_METH) + || (type == NULL && ctx->digest != NULL + && ctx->digest->origin == EVP_ORIG_METH)) { if (ctx->digest == ctx->fetched_digest) ctx->digest = NULL; EVP_MD_free(ctx->fetched_digest); diff -Nru openssl-3.0.5/crypto/evp/evp_enc.c openssl-3.0.7/crypto/evp/evp_enc.c --- openssl-3.0.5/crypto/evp/evp_enc.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/evp_enc.c 2022-11-01 14:14:36.000000000 +0000 @@ -43,6 +43,7 @@ if (ctx->fetched_cipher != NULL) EVP_CIPHER_free(ctx->fetched_cipher); memset(ctx, 0, sizeof(*ctx)); + ctx->iv_len = -1; return 1; @@ -61,6 +62,7 @@ ENGINE_finish(ctx->engine); #endif memset(ctx, 0, sizeof(*ctx)); + ctx->iv_len = -1; return 1; } @@ -87,6 +89,9 @@ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) ENGINE *tmpimpl = NULL; #endif + + ctx->iv_len = -1; + /* * enc == 1 means we are encrypting. * enc == 0 means we are decrypting. @@ -131,7 +136,10 @@ #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) || tmpimpl != NULL #endif - || impl != NULL) { + || impl != NULL + || (cipher != NULL && cipher->origin == EVP_ORIG_METH) + || (cipher == NULL && ctx->cipher != NULL + && ctx->cipher->origin == EVP_ORIG_METH)) { if (ctx->cipher == ctx->fetched_cipher) ctx->cipher = NULL; EVP_CIPHER_free(ctx->fetched_cipher); @@ -143,11 +151,12 @@ * (legacy code) */ if (cipher != NULL && ctx->cipher != NULL) { + if (ctx->cipher->cleanup != NULL && !ctx->cipher->cleanup(ctx)) + return 0; OPENSSL_clear_free(ctx->cipher_data, ctx->cipher->ctx_size); ctx->cipher_data = NULL; } - /* Start of non-legacy code below */ /* Ensure a context left lying around from last time is cleared */ @@ -1085,12 +1094,14 @@ if (arg < 0) return 0; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); + ctx->iv_len = -1; break; case EVP_CTRL_CCM_SET_L: if (arg < 2 || arg > 8) return 0; sz = 15 - arg; params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &sz); + ctx->iv_len = -1; break; case EVP_CTRL_AEAD_SET_IV_FIXED: params[0] = OSSL_PARAM_construct_octet_string( @@ -1254,8 +1265,10 @@ int EVP_CIPHER_CTX_set_params(EVP_CIPHER_CTX *ctx, const OSSL_PARAM params[]) { - if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) + if (ctx->cipher != NULL && ctx->cipher->set_ctx_params != NULL) { + ctx->iv_len = -1; return ctx->cipher->set_ctx_params(ctx->algctx, params); + } return 0; } diff -Nru openssl-3.0.5/crypto/evp/evp_fetch.c openssl-3.0.7/crypto/evp/evp_fetch.c --- openssl-3.0.5/crypto/evp/evp_fetch.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/evp_fetch.c 2022-11-01 14:14:36.000000000 +0000 @@ -83,6 +83,28 @@ &evp_method_store_method); } +static int reserve_evp_method_store(void *store, void *data) +{ + struct evp_method_data_st *methdata = data; + + if (store == NULL + && (store = get_evp_method_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_lock_store(store); +} + +static int unreserve_evp_method_store(void *store, void *data) +{ + struct evp_method_data_st *methdata = data; + + if (store == NULL + && (store = get_evp_method_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_unlock_store(store); +} + /* * To identify the method in the EVP method store, we mix the name identity * with the operation identity, under the assumption that we don't have more @@ -303,6 +325,8 @@ || !ossl_method_store_cache_get(store, prov, meth_id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_evp_method_store, + reserve_evp_method_store, + unreserve_evp_method_store, get_evp_method_from_store, put_evp_method_in_store, construct_evp_method, diff -Nru openssl-3.0.5/crypto/evp/evp_lib.c openssl-3.0.7/crypto/evp/evp_lib.c --- openssl-3.0.5/crypto/evp/evp_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/evp_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -504,23 +504,38 @@ int EVP_CIPHER_CTX_get_iv_length(const EVP_CIPHER_CTX *ctx) { - int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher); - size_t v = len; - OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; - - params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, &v); - rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); - if (rv == EVP_CTRL_RET_UNSUPPORTED) - goto legacy; - return rv != 0 ? (int)v : -1; - /* Code below to be removed when legacy support is dropped. */ -legacy: - if ((EVP_CIPHER_get_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { - rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, - 0, &len); - return (rv == 1) ? len : -1; + if (ctx->iv_len < 0) { + int rv, len = EVP_CIPHER_get_iv_length(ctx->cipher); + size_t v = len; + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + + if (ctx->cipher->get_ctx_params != NULL) { + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_IVLEN, + &v); + rv = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); + if (rv > 0) { + if (OSSL_PARAM_modified(params) + && !OSSL_PARAM_get_int(params, &len)) + return -1; + } else if (rv != EVP_CTRL_RET_UNSUPPORTED) { + return -1; + } + } + /* Code below to be removed when legacy support is dropped. */ + else if ((EVP_CIPHER_get_flags(ctx->cipher) + & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) { + rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN, + 0, &len); + if (rv <= 0) + return -1; + } + /*- + * Casting away the const is annoying but required here. We need to + * cache the result for performance reasons. + */ + ((EVP_CIPHER_CTX *)ctx)->iv_len = len; } - return len; + return ctx->iv_len; } int EVP_CIPHER_CTX_get_tag_length(const EVP_CIPHER_CTX *ctx) @@ -659,6 +674,8 @@ int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) { + if (cipher == NULL) + return 0; if (cipher->prov != NULL) return evp_is_a(cipher->prov, cipher->name_id, NULL, name); return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name); @@ -713,6 +730,8 @@ int EVP_MD_is_a(const EVP_MD *md, const char *name) { + if (md == NULL) + return 0; if (md->prov != NULL) return evp_is_a(md->prov, md->name_id, NULL, name); return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name); diff -Nru openssl-3.0.5/crypto/evp/evp_local.h openssl-3.0.7/crypto/evp/evp_local.h --- openssl-3.0.5/crypto/evp/evp_local.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/evp_local.h 2022-11-01 14:14:36.000000000 +0000 @@ -46,6 +46,7 @@ /* FIXME: Should this even exist? It appears unused */ void *app_data; /* application stuff */ int key_len; /* May change for variable length cipher */ + int iv_len; /* IV length */ unsigned long flags; /* Various flags */ void *cipher_data; /* per EVP data */ int final_used; diff -Nru openssl-3.0.5/crypto/evp/evp_rand.c openssl-3.0.7/crypto/evp/evp_rand.c --- openssl-3.0.5/crypto/evp/evp_rand.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/evp_rand.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -305,7 +305,7 @@ int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) { - return evp_is_a(rand->prov, rand->name_id, NULL, name); + return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name); } const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) diff -Nru openssl-3.0.5/crypto/evp/exchange.c openssl-3.0.7/crypto/evp/exchange.c --- openssl-3.0.5/crypto/evp/exchange.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/exchange.c 2022-11-01 14:14:36.000000000 +0000 @@ -550,7 +550,8 @@ int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name) { - return evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); + return keyexch != NULL + && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); } void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, diff -Nru openssl-3.0.5/crypto/evp/kdf_lib.c openssl-3.0.7/crypto/evp/kdf_lib.c --- openssl-3.0.5/crypto/evp/kdf_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/kdf_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -97,7 +97,7 @@ int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name) { - return evp_is_a(kdf->prov, kdf->name_id, NULL, name); + return kdf != NULL && evp_is_a(kdf->prov, kdf->name_id, NULL, name); } const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf) diff -Nru openssl-3.0.5/crypto/evp/kem.c openssl-3.0.7/crypto/evp/kem.c --- openssl-3.0.5/crypto/evp/kem.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/kem.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -421,7 +421,7 @@ int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) { - return evp_is_a(kem->prov, kem->name_id, NULL, name); + return kem != NULL && evp_is_a(kem->prov, kem->name_id, NULL, name); } int evp_kem_get_number(const EVP_KEM *kem) diff -Nru openssl-3.0.5/crypto/evp/keymgmt_meth.c openssl-3.0.7/crypto/evp/keymgmt_meth.c --- openssl-3.0.5/crypto/evp/keymgmt_meth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/keymgmt_meth.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -279,7 +279,8 @@ int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name) { - return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); + return keymgmt != NULL + && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); } void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, diff -Nru openssl-3.0.5/crypto/evp/mac_lib.c openssl-3.0.7/crypto/evp/mac_lib.c --- openssl-3.0.5/crypto/evp/mac_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/mac_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -226,7 +226,7 @@ int EVP_MAC_is_a(const EVP_MAC *mac, const char *name) { - return evp_is_a(mac->prov, mac->name_id, NULL, name); + return mac != NULL && evp_is_a(mac->prov, mac->name_id, NULL, name); } int EVP_MAC_names_do_all(const EVP_MAC *mac, diff -Nru openssl-3.0.5/crypto/evp/p_lib.c openssl-3.0.7/crypto/evp/p_lib.c --- openssl-3.0.5/crypto/evp/p_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/p_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -339,9 +339,16 @@ if (a == NULL || b == NULL) return 0; - if (a->keymgmt != NULL || b->keymgmt != NULL) - return evp_pkey_cmp_any(a, b, (SELECT_PARAMETERS - | OSSL_KEYMGMT_SELECT_KEYPAIR)); + if (a->keymgmt != NULL || b->keymgmt != NULL) { + int selection = SELECT_PARAMETERS; + + if (evp_keymgmt_util_has((EVP_PKEY *)a, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) + && evp_keymgmt_util_has((EVP_PKEY *)b, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) + selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + else + selection |= OSSL_KEYMGMT_SELECT_KEYPAIR; + return evp_pkey_cmp_any(a, b, selection); + } /* All legacy keys */ if (a->type != b->type) @@ -1039,11 +1046,10 @@ int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) { - if (pkey->keymgmt == NULL) { - int type = evp_pkey_name2type(name); - - return pkey->type == type; - } + if (pkey == NULL) + return 0; + if (pkey->keymgmt == NULL) + return pkey->type == evp_pkey_name2type(name); return EVP_KEYMGMT_is_a(pkey->keymgmt, name); } @@ -1389,6 +1395,7 @@ if (pkey != NULL && evp_pkey_is_provided(pkey)) { size_t return_size = OSSL_PARAM_UNMODIFIED; + unsigned char *buf; /* * We know that this is going to fail, but it will give us a size @@ -1400,14 +1407,18 @@ if (return_size == OSSL_PARAM_UNMODIFIED) return 0; - *ppub = OPENSSL_malloc(return_size); - if (*ppub == NULL) + *ppub = NULL; + buf = OPENSSL_malloc(return_size); + if (buf == NULL) return 0; if (!EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, - *ppub, return_size, NULL)) + buf, return_size, NULL)) { + OPENSSL_free(buf); return 0; + } + *ppub = buf; return return_size; } diff -Nru openssl-3.0.5/crypto/evp/signature.c openssl-3.0.7/crypto/evp/signature.c --- openssl-3.0.5/crypto/evp/signature.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/evp/signature.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -327,7 +327,8 @@ int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) { - return evp_is_a(signature->prov, signature->name_id, NULL, name); + return signature != NULL + && evp_is_a(signature->prov, signature->name_id, NULL, name); } int evp_signature_get_number(const EVP_SIGNATURE *signature) diff -Nru openssl-3.0.5/crypto/ffc/ffc_backend.c openssl-3.0.7/crypto/ffc/ffc_backend.c --- openssl-3.0.5/crypto/ffc/ffc_backend.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ffc/ffc_backend.c 2022-11-01 14:14:36.000000000 +0000 @@ -39,7 +39,7 @@ if (prm->data_type != OSSL_PARAM_UTF8_STRING || prm->data == NULL || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL - || !ossl_ffc_named_group_set_pqg(ffc, group)) + || !ossl_ffc_named_group_set(ffc, group)) #endif goto err; } diff -Nru openssl-3.0.5/crypto/ffc/ffc_dh.c openssl-3.0.7/crypto/ffc/ffc_dh.c --- openssl-3.0.5/crypto/ffc/ffc_dh.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ffc/ffc_dh.c 2022-11-01 14:14:36.000000000 +0000 @@ -13,16 +13,18 @@ #ifndef OPENSSL_NO_DH -# define FFDHE(sz) { \ +# define FFDHE(sz, keylength) { \ SN_ffdhe##sz, NID_ffdhe##sz, \ sz, \ + keylength, \ &ossl_bignum_ffdhe##sz##_p, &ossl_bignum_ffdhe##sz##_q, \ &ossl_bignum_const_2, \ } -# define MODP(sz) { \ +# define MODP(sz, keylength) { \ SN_modp_##sz, NID_modp_##sz, \ sz, \ + keylength, \ &ossl_bignum_modp_##sz##_p, &ossl_bignum_modp_##sz##_q, \ &ossl_bignum_const_2 \ } @@ -30,14 +32,15 @@ # define RFC5114(name, uid, sz, tag) { \ name, uid, \ sz, \ + 0, \ &ossl_bignum_dh##tag##_p, &ossl_bignum_dh##tag##_q, \ &ossl_bignum_dh##tag##_g \ } #else -# define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz } -# define MODP(sz) { SN_modp_##sz, NID_modp_##sz } +# define FFDHE(sz, keylength) { SN_ffdhe##sz, NID_ffdhe##sz } +# define MODP(sz, keylength) { SN_modp_##sz, NID_modp_##sz } # define RFC5114(name, uid, sz, tag) { name, uid } #endif @@ -47,26 +50,32 @@ int uid; #ifndef OPENSSL_NO_DH int32_t nbits; + int keylength; const BIGNUM *p; const BIGNUM *q; const BIGNUM *g; #endif }; +/* + * The private key length values are taken from RFC7919 with the values for + * MODP primes given the same lengths as the equivalent FFDHE. + * The MODP 1536 value is approximated. + */ static const DH_NAMED_GROUP dh_named_groups[] = { - FFDHE(2048), - FFDHE(3072), - FFDHE(4096), - FFDHE(6144), - FFDHE(8192), + FFDHE(2048, 225), + FFDHE(3072, 275), + FFDHE(4096, 325), + FFDHE(6144, 375), + FFDHE(8192, 400), #ifndef FIPS_MODULE - MODP(1536), + MODP(1536, 200), #endif - MODP(2048), - MODP(3072), - MODP(4096), - MODP(6144), - MODP(8192), + MODP(2048, 225), + MODP(3072, 275), + MODP(4096, 325), + MODP(6144, 375), + MODP(8192, 400), /* * Additional dh named groups from RFC 5114 that have a different g. * The uid can be any unique identifier. @@ -134,6 +143,13 @@ } #ifndef OPENSSL_NO_DH +int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group) +{ + if (group == NULL) + return 0; + return group->keylength; +} + const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group) { if (group == NULL) @@ -141,13 +157,14 @@ return group->q; } -int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group) +int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group) { if (ffc == NULL || group == NULL) return 0; ossl_ffc_params_set0_pqg(ffc, (BIGNUM *)group->p, (BIGNUM *)group->q, (BIGNUM *)group->g); + ffc->keylength = group->keylength; /* flush the cached nid, The DH layer is responsible for caching */ ffc->nid = NID_undef; diff -Nru openssl-3.0.5/crypto/ffc/ffc_key_generate.c openssl-3.0.7/crypto/ffc/ffc_key_generate.c --- openssl-3.0.5/crypto/ffc/ffc_key_generate.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ffc/ffc_key_generate.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,11 +25,11 @@ int ret = 0, qbits = BN_num_bits(params->q); BIGNUM *m, *two_powN = NULL; - /* Deal with the edge case where the value of N is not set */ - if (N == 0) - N = qbits; + /* Deal with the edge cases where the value of N and/or s is not set */ if (s == 0) - s = N / 2; + goto err; + if (N == 0) + N = params->keylength ? params->keylength : 2 * s; /* Step (2) : check range of N */ if (N < 2 * s || N > qbits) diff -Nru openssl-3.0.5/crypto/ffc/ffc_params.c openssl-3.0.7/crypto/ffc/ffc_params.c --- openssl-3.0.5/crypto/ffc/ffc_params.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ffc/ffc_params.c 2022-11-01 14:14:36.000000000 +0000 @@ -196,6 +196,7 @@ dst->h = src->h; dst->gindex = src->gindex; dst->flags = src->flags; + dst->keylength = src->keylength; return 1; } diff -Nru openssl-3.0.5/crypto/http/http_client.c openssl-3.0.7/crypto/http/http_client.c --- openssl-3.0.5/crypto/http/http_client.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/http/http_client.c 2022-11-01 14:14:36.000000000 +0000 @@ -53,7 +53,7 @@ char *proxy; /* Optional proxy name or URI */ char *server; /* Optional server host name */ char *port; /* Optional server port */ - BIO *mem; /* Memory BIO holding request/response header */ + BIO *mem; /* Mem BIO holding request header or response */ BIO *req; /* BIO holding the request provided by caller */ int method_POST; /* HTTP method is POST (else GET) */ char *expected_ct; /* Optional expected Content-Type */ @@ -266,7 +266,10 @@ static int set1_content(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, BIO *req) { - long req_len; + long req_len = 0; +#ifndef OPENSSL_NO_STDIO + FILE *fp = NULL; +#endif if (rctx == NULL || (req == NULL && content_type != NULL)) { ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); @@ -290,14 +293,38 @@ && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) return 0; - /* streaming BIO may not support querying size */ - if (((req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL)) <= 0 - || BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) > 0) - && BIO_up_ref(req)) { - rctx->req = req; - return 1; + /* + * BIO_CTRL_INFO yields the data length at least for memory BIOs, but for + * file-based BIOs it gives the current position, which is not what we need. + */ + if (BIO_method_type(req) == BIO_TYPE_FILE) { +#ifndef OPENSSL_NO_STDIO + if (BIO_get_fp(req, &fp) == 1 && fseek(fp, 0, SEEK_END) == 0) { + req_len = ftell(fp); + (void)fseek(fp, 0, SEEK_SET); + } else { + fp = NULL; + } +#endif + } else { + req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL); + /* + * Streaming BIOs likely will not support querying the size at all, + * and we assume we got a correct value if req_len > 0. + */ } - return 0; + if (( +#ifndef OPENSSL_NO_STDIO + fp != NULL /* definitely correct req_len */ || +#endif + req_len > 0) + && BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) < 0) + return 0; + + if (!BIO_up_ref(req)) + return 0; + rctx->req = req; + return 1; } int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, @@ -567,7 +594,7 @@ if (rctx->req != NULL && !BIO_eof(rctx->req)) { n = BIO_read(rctx->req, rctx->buf, rctx->buf_size); if (n <= 0) { - if (BIO_should_retry(rctx->rbio)) + if (BIO_should_retry(rctx->req)) return -1; ERR_raise(ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA); return 0; @@ -952,7 +979,7 @@ if (bio_update_fn != NULL) { BIO *orig_bio = cbio; - cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl); + cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl != 0); if (cbio == NULL) { if (bio == NULL) /* cbio was not provided by caller */ BIO_free_all(orig_bio); diff -Nru openssl-3.0.5/crypto/init.c openssl-3.0.7/crypto/init.c --- openssl-3.0.5/crypto/init.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/init.c 2022-11-01 14:14:36.000000000 +0000 @@ -659,28 +659,26 @@ #if !defined(OPENSSL_USE_NODELETE)\ && !defined(OPENSSL_NO_PINSHARED) { +# if defined(DSO_WIN32) && !defined(_WIN32_WCE) + HMODULE handle = NULL; + BOOL ret; union { void *sym; void (*func)(void); } handlersym; handlersym.func = handler; -# if defined(DSO_WIN32) && !defined(_WIN32_WCE) - { - HMODULE handle = NULL; - BOOL ret; - /* - * We don't use the DSO route for WIN32 because there is a better - * way - */ - ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS - | GET_MODULE_HANDLE_EX_FLAG_PIN, - handlersym.sym, &handle); + /* + * We don't use the DSO route for WIN32 because there is a better + * way + */ + ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS + | GET_MODULE_HANDLE_EX_FLAG_PIN, + handlersym.sym, &handle); - if (!ret) - return 0; - } + if (!ret) + return 0; # elif !defined(DSO_NONE) /* * Deliberately leak a reference to the handler. This will force the @@ -688,18 +686,22 @@ * atexit handler. If -znodelete has been used then this is * unnecessary. */ - { - DSO *dso = NULL; + DSO *dso = NULL; + union { + void *sym; + void (*func)(void); + } handlersym; + + handlersym.func = handler; - ERR_set_mark(); - dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); - /* See same code above in ossl_init_base() for an explanation. */ - OSSL_TRACE1(INIT, - "atexit: obtained DSO reference? %s\n", - (dso == NULL ? "No!" : "Yes.")); - DSO_free(dso); - ERR_pop_to_mark(); - } + ERR_set_mark(); + dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE); + /* See same code above in ossl_init_base() for an explanation. */ + OSSL_TRACE1(INIT, + "atexit: obtained DSO reference? %s\n", + (dso == NULL ? "No!" : "Yes.")); + DSO_free(dso); + ERR_pop_to_mark(); # endif } #endif diff -Nru openssl-3.0.5/crypto/mem.c openssl-3.0.7/crypto/mem.c --- openssl-3.0.5/crypto/mem.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/mem.c 2022-11-01 14:14:36.000000000 +0000 @@ -285,12 +285,12 @@ int CRYPTO_mem_debug_push(const char *info, const char *file, int line) { (void)info; (void)file; (void)line; - return -1; + return 0; } int CRYPTO_mem_debug_pop(void) { - return -1; + return 0; } void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag, diff -Nru openssl-3.0.5/crypto/mem_sec.c openssl-3.0.7/crypto/mem_sec.c --- openssl-3.0.5/crypto/mem_sec.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/mem_sec.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -23,6 +23,20 @@ #ifndef OPENSSL_NO_SECURE_MEMORY # if defined(_WIN32) # include +# if defined(WINAPI_FAMILY_PARTITION) \ + && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) +/* + * While VirtualLock is available under the app partition (e.g. UWP), + * the headers do not define the API. Define it ourselves instead. + */ +WINBASEAPI +BOOL +WINAPI +VirtualLock( + _In_ LPVOID lpAddress, + _In_ SIZE_T dwSize + ); +# endif # endif # include # include diff -Nru openssl-3.0.5/crypto/objects/obj_dat.c openssl-3.0.7/crypto/objects/obj_dat.c --- openssl-3.0.5/crypto/objects/obj_dat.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/objects/obj_dat.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -713,6 +713,9 @@ } tmpoid->nid = OBJ_new_nid(1); + if (tmpoid->nid == NID_undef) + goto err; + tmpoid->sn = (char *)sn; tmpoid->ln = (char *)ln; diff -Nru openssl-3.0.5/crypto/packet.c openssl-3.0.7/crypto/packet.c --- openssl-3.0.5/crypto/packet.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/packet.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -207,7 +207,7 @@ } /* Store the |value| of length |len| at location |data| */ -static int put_value(unsigned char *data, size_t value, size_t len) +static int put_value(unsigned char *data, uint64_t value, size_t len) { if (data == NULL) return 1; @@ -379,12 +379,12 @@ return WPACKET_start_sub_packet_len__(pkt, 0); } -int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t size) +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t size) { unsigned char *data; /* Internal API, so should not fail */ - if (!ossl_assert(size <= sizeof(unsigned int)) + if (!ossl_assert(size <= sizeof(uint64_t)) || !WPACKET_allocate_bytes(pkt, size, &data) || !put_value(data, val, size)) return 0; diff -Nru openssl-3.0.5/crypto/pem/pem_lib.c openssl-3.0.7/crypto/pem/pem_lib.c --- openssl-3.0.5/crypto/pem/pem_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/pem/pem_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -627,7 +627,7 @@ (BIO_write(bp, "-----\n", 6) != 6)) goto err; - i = strlen(header); + i = header != NULL ? strlen(header) : 0; if (i > 0) { if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) goto err; @@ -810,7 +810,7 @@ { BIO *tmp = *header; char *linebuf, *p; - int len, line, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; + int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0; /* 0 if not seen (yet), 1 if reading header, 2 if finished header */ enum header_status got_header = MAYBE_HEADER; unsigned int flags_mask; @@ -824,7 +824,7 @@ return 0; } - for (line = 0; ; line++) { + while(1) { flags_mask = ~0u; len = BIO_gets(bp, linebuf, LINESIZE); if (len <= 0) { diff -Nru openssl-3.0.5/crypto/pkcs12/p12_decr.c openssl-3.0.7/crypto/pkcs12/p12_decr.c --- openssl-3.0.5/crypto/pkcs12/p12_decr.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/pkcs12/p12_decr.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -94,6 +94,8 @@ if (EVP_CIPHER_CTX_is_encrypting(ctx)) { if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, (int)mac_len, out+outlen) < 0) { + OPENSSL_free(out); + out = NULL; ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); goto err; } diff -Nru openssl-3.0.5/crypto/pkcs7/pk7_smime.c openssl-3.0.7/crypto/pkcs7/pk7_smime.c --- openssl-3.0.5/crypto/pkcs7/pk7_smime.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/pkcs7/pk7_smime.c 2022-11-01 14:14:36.000000000 +0000 @@ -81,7 +81,8 @@ return 0; } - SMIME_crlf_copy(data, p7bio, flags); + if (!SMIME_crlf_copy(data, p7bio, flags)) + goto err; (void)BIO_flush(p7bio); @@ -279,7 +280,8 @@ ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); goto err; } - X509_STORE_CTX_set_default(cert_ctx, "smime_sign"); + if (!X509_STORE_CTX_set_default(cert_ctx, "smime_sign")) + goto err; } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) { ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); goto err; diff -Nru openssl-3.0.5/crypto/property/property.c openssl-3.0.7/crypto/property/property.c --- openssl-3.0.5/crypto/property/property.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/property/property.c 2022-11-01 14:14:36.000000000 +0000 @@ -15,6 +15,7 @@ #include "internal/core.h" #include "internal/property.h" #include "internal/provider.h" +#include "internal/tsan_assist.h" #include "crypto/ctype.h" #include #include @@ -62,7 +63,19 @@ struct ossl_method_store_st { OSSL_LIB_CTX *ctx; SPARSE_ARRAY_OF(ALGORITHM) *algs; + /* + * Lock to protect the |algs| array from concurrent writing, when + * individual implementations or queries are inserted. This is used + * by the appropriate functions here. + */ CRYPTO_RWLOCK *lock; + /* + * Lock to reserve the whole store. This is used when fetching a set + * of algorithms, via these functions, found in crypto/core_fetch.c: + * ossl_method_construct_reserve_store() + * ossl_method_construct_unreserve_store() + */ + CRYPTO_RWLOCK *biglock; /* query cache specific values */ @@ -77,6 +90,7 @@ LHASH_OF(QUERY) *cache; size_t nelem; uint32_t seed; + unsigned char using_global_seed; } IMPL_CACHE_FLUSH; DEFINE_SPARSE_ARRAY_OF(ALGORITHM); @@ -238,13 +252,10 @@ res = OPENSSL_zalloc(sizeof(*res)); if (res != NULL) { res->ctx = ctx; - if ((res->algs = ossl_sa_ALGORITHM_new()) == NULL) { - OPENSSL_free(res); - return NULL; - } - if ((res->lock = CRYPTO_THREAD_lock_new()) == NULL) { - ossl_sa_ALGORITHM_free(res->algs); - OPENSSL_free(res); + if ((res->algs = ossl_sa_ALGORITHM_new()) == NULL + || (res->lock = CRYPTO_THREAD_lock_new()) == NULL + || (res->biglock = CRYPTO_THREAD_lock_new()) == NULL) { + ossl_method_store_free(res); return NULL; } } @@ -254,13 +265,25 @@ void ossl_method_store_free(OSSL_METHOD_STORE *store) { if (store != NULL) { - ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup, store); + if (store->algs != NULL) + ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup, store); ossl_sa_ALGORITHM_free(store->algs); CRYPTO_THREAD_lock_free(store->lock); + CRYPTO_THREAD_lock_free(store->biglock); OPENSSL_free(store); } } +int ossl_method_lock_store(OSSL_METHOD_STORE *store) +{ + return store != NULL ? CRYPTO_THREAD_write_lock(store->biglock) : 0; +} + +int ossl_method_unlock_store(OSSL_METHOD_STORE *store) +{ + return store != NULL ? CRYPTO_THREAD_unlock(store->biglock) : 0; +} + static ALGORITHM *ossl_method_store_retrieve(OSSL_METHOD_STORE *store, int nid) { return ossl_sa_ALGORITHM_get(store->algs, nid); @@ -268,7 +291,7 @@ static int ossl_method_store_insert(OSSL_METHOD_STORE *store, ALGORITHM *alg) { - return ossl_sa_ALGORITHM_set(store->algs, alg->nid, alg); + return ossl_sa_ALGORITHM_set(store->algs, alg->nid, alg); } int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, @@ -636,13 +659,21 @@ static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store) { IMPL_CACHE_FLUSH state; + static TSAN_QUALIFIER uint32_t global_seed = 1; state.nelem = 0; - if ((state.seed = OPENSSL_rdtsc()) == 0) - state.seed = 1; + state.using_global_seed = 0; + if ((state.seed = OPENSSL_rdtsc()) == 0) { + /* If there is no timer available, seed another way */ + state.using_global_seed = 1; + state.seed = tsan_load(&global_seed); + } store->cache_need_flush = 0; ossl_sa_ALGORITHM_doall_arg(store->algs, &impl_cache_flush_one_alg, &state); store->cache_nelem = state.nelem; + /* Without a timer, update the global seed */ + if (state.using_global_seed) + tsan_store(&global_seed, state.seed); } int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, diff -Nru openssl-3.0.5/crypto/provider_core.c openssl-3.0.7/crypto/provider_core.c --- openssl-3.0.5/crypto/provider_core.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/provider_core.c 2022-11-01 14:14:36.000000000 +0000 @@ -907,16 +907,28 @@ OPENSSL_free(allocated_load_dir); } - if (prov->module != NULL) - prov->init_function = (OSSL_provider_init_fn *) - DSO_bind_func(prov->module, "OSSL_provider_init"); + if (prov->module == NULL) { + /* DSO has already recorded errors, this is just a tracepoint */ + ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB, + "name=%s", prov->name); + goto end; + } + + prov->init_function = (OSSL_provider_init_fn *) + DSO_bind_func(prov->module, "OSSL_provider_init"); #endif } - /* Call the initialise function for the provider. */ - if (prov->init_function == NULL - || !prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, - &provider_dispatch, &tmp_provctx)) { + /* Check for and call the initialise function for the provider. */ + if (prov->init_function == NULL) { + ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, + "name=%s, provider has no provider init function", + prov->name); + goto end; + } + + if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, + &provider_dispatch, &tmp_provctx)) { ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, "name=%s", prov->name); goto end; @@ -1204,7 +1216,7 @@ if (!freeing) { int acc; - if (!CRYPTO_THREAD_read_lock(prov->opbits_lock)) + if (!CRYPTO_THREAD_write_lock(prov->opbits_lock)) return 0; OPENSSL_free(prov->operation_bits); prov->operation_bits = NULL; @@ -1260,7 +1272,7 @@ void *ossl_provider_ctx(const OSSL_PROVIDER *prov) { - return prov->provctx; + return prov != NULL ? prov->provctx : NULL; } /* @@ -1840,8 +1852,8 @@ */ static OSSL_FUNC_core_gettable_params_fn core_gettable_params; static OSSL_FUNC_core_get_params_fn core_get_params; -static OSSL_FUNC_core_thread_start_fn core_thread_start; static OSSL_FUNC_core_get_libctx_fn core_get_libctx; +static OSSL_FUNC_core_thread_start_fn core_thread_start; #ifndef FIPS_MODULE static OSSL_FUNC_core_new_error_fn core_new_error; static OSSL_FUNC_core_set_error_debug_fn core_set_error_debug; @@ -1849,6 +1861,42 @@ static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark; +OSSL_FUNC_BIO_new_file_fn ossl_core_bio_new_file; +OSSL_FUNC_BIO_new_membuf_fn ossl_core_bio_new_mem_buf; +OSSL_FUNC_BIO_read_ex_fn ossl_core_bio_read_ex; +OSSL_FUNC_BIO_write_ex_fn ossl_core_bio_write_ex; +OSSL_FUNC_BIO_gets_fn ossl_core_bio_gets; +OSSL_FUNC_BIO_puts_fn ossl_core_bio_puts; +OSSL_FUNC_BIO_up_ref_fn ossl_core_bio_up_ref; +OSSL_FUNC_BIO_free_fn ossl_core_bio_free; +OSSL_FUNC_BIO_vprintf_fn ossl_core_bio_vprintf; +OSSL_FUNC_BIO_vsnprintf_fn BIO_vsnprintf; +static OSSL_FUNC_self_test_cb_fn core_self_test_get_callback; +OSSL_FUNC_get_entropy_fn ossl_rand_get_entropy; +OSSL_FUNC_cleanup_entropy_fn ossl_rand_cleanup_entropy; +OSSL_FUNC_get_nonce_fn ossl_rand_get_nonce; +OSSL_FUNC_cleanup_nonce_fn ossl_rand_cleanup_nonce; +#endif +OSSL_FUNC_CRYPTO_malloc_fn CRYPTO_malloc; +OSSL_FUNC_CRYPTO_zalloc_fn CRYPTO_zalloc; +OSSL_FUNC_CRYPTO_free_fn CRYPTO_free; +OSSL_FUNC_CRYPTO_clear_free_fn CRYPTO_clear_free; +OSSL_FUNC_CRYPTO_realloc_fn CRYPTO_realloc; +OSSL_FUNC_CRYPTO_clear_realloc_fn CRYPTO_clear_realloc; +OSSL_FUNC_CRYPTO_secure_malloc_fn CRYPTO_secure_malloc; +OSSL_FUNC_CRYPTO_secure_zalloc_fn CRYPTO_secure_zalloc; +OSSL_FUNC_CRYPTO_secure_free_fn CRYPTO_secure_free; +OSSL_FUNC_CRYPTO_secure_clear_free_fn CRYPTO_secure_clear_free; +OSSL_FUNC_CRYPTO_secure_allocated_fn CRYPTO_secure_allocated; +OSSL_FUNC_OPENSSL_cleanse_fn OPENSSL_cleanse; +#ifndef FIPS_MODULE +OSSL_FUNC_provider_register_child_cb_fn ossl_provider_register_child_cb; +OSSL_FUNC_provider_deregister_child_cb_fn ossl_provider_deregister_child_cb; +static OSSL_FUNC_provider_name_fn core_provider_get0_name; +static OSSL_FUNC_provider_get0_provider_ctx_fn core_provider_get0_provider_ctx; +static OSSL_FUNC_provider_get0_dispatch_fn core_provider_get0_dispatch; +static OSSL_FUNC_provider_up_ref_fn core_provider_up_ref_intern; +static OSSL_FUNC_provider_free_fn core_provider_free_intern; static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid; static OSSL_FUNC_core_obj_create_fn core_obj_create; #endif @@ -1982,6 +2030,40 @@ return ERR_pop_to_mark(); } +static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx, + OSSL_CALLBACK **cb, void **cbarg) +{ + OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg); +} + +static const char *core_provider_get0_name(const OSSL_CORE_HANDLE *prov) +{ + return OSSL_PROVIDER_get0_name((const OSSL_PROVIDER *)prov); +} + +static void *core_provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov) +{ + return OSSL_PROVIDER_get0_provider_ctx((const OSSL_PROVIDER *)prov); +} + +static const OSSL_DISPATCH * +core_provider_get0_dispatch(const OSSL_CORE_HANDLE *prov) +{ + return OSSL_PROVIDER_get0_dispatch((const OSSL_PROVIDER *)prov); +} + +static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov, + int activate) +{ + return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate); +} + +static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov, + int deactivate) +{ + return provider_free_intern((OSSL_PROVIDER *)prov, deactivate); +} + static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, const char *sign_name, const char *digest_name, const char *pkey_name) @@ -2046,7 +2128,7 @@ { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free }, { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf }, { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, - { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback }, + { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))core_self_test_get_callback }, { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy }, { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))ossl_rand_cleanup_entropy }, { OSSL_FUNC_GET_NONCE, (void (*)(void))ossl_rand_get_nonce }, @@ -2072,15 +2154,15 @@ { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB, (void (*)(void))ossl_provider_deregister_child_cb }, { OSSL_FUNC_PROVIDER_NAME, - (void (*)(void))OSSL_PROVIDER_get0_name }, + (void (*)(void))core_provider_get0_name }, { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX, - (void (*)(void))OSSL_PROVIDER_get0_provider_ctx }, + (void (*)(void))core_provider_get0_provider_ctx }, { OSSL_FUNC_PROVIDER_GET0_DISPATCH, - (void (*)(void))OSSL_PROVIDER_get0_dispatch }, + (void (*)(void))core_provider_get0_dispatch }, { OSSL_FUNC_PROVIDER_UP_REF, - (void (*)(void))provider_up_ref_intern }, + (void (*)(void))core_provider_up_ref_intern }, { OSSL_FUNC_PROVIDER_FREE, - (void (*)(void))provider_free_intern }, + (void (*)(void))core_provider_free_intern }, { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid }, { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create }, #endif diff -Nru openssl-3.0.5/crypto/punycode.c openssl-3.0.7/crypto/punycode.c --- openssl-3.0.5/crypto/punycode.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/punycode.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -123,7 +123,6 @@ unsigned int bias = initial_bias; size_t processed_in = 0, written_out = 0; unsigned int max_out = *pout_length; - unsigned int basic_count = 0; unsigned int loop; @@ -181,11 +180,11 @@ n = n + i / (written_out + 1); i %= (written_out + 1); - if (written_out > max_out) + if (written_out >= max_out) return 0; memmove(pDecoded + i + 1, pDecoded + i, - (written_out - i) * sizeof *pDecoded); + (written_out - i) * sizeof(*pDecoded)); pDecoded[i] = n; i++; written_out++; @@ -255,30 +254,35 @@ */ char *outptr = out; const char *inptr = in; - size_t size = 0; + size_t size = 0, maxsize; int result = 1; - + unsigned int i, j; unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ - if (out == NULL) + + if (out == NULL) { result = 0; + maxsize = 0; + } else { + maxsize = *outlen; + } + +#define PUSHC(c) \ + do \ + if (size++ < maxsize) \ + *outptr++ = c; \ + else \ + result = 0; \ + while (0) while (1) { char *tmpptr = strchr(inptr, '.'); - size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); + size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); if (strncmp(inptr, "xn--", 4) != 0) { - size += delta + 1; - - if (size >= *outlen - 1) - result = 0; - - if (result > 0) { - memcpy(outptr, inptr, delta + 1); - outptr += delta + 1; - } + for (i = 0; i < delta + 1; i++) + PUSHC(inptr[i]); } else { unsigned int bufsize = LABEL_BUF_SIZE; - unsigned int i; if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) return -1; @@ -286,26 +290,15 @@ for (i = 0; i < bufsize; i++) { unsigned char seed[6]; size_t utfsize = codepoint2utf8(seed, buf[i]); + if (utfsize == 0) return -1; - size += utfsize; - if (size >= *outlen - 1) - result = 0; - - if (result > 0) { - memcpy(outptr, seed, utfsize); - outptr += utfsize; - } + for (j = 0; j < utfsize; j++) + PUSHC(seed[j]); } - if (tmpptr != NULL) { - *outptr = '.'; - outptr++; - size++; - if (size >= *outlen - 1) - result = 0; - } + PUSHC(tmpptr != NULL ? '.' : '\0'); } if (tmpptr == NULL) @@ -313,7 +306,9 @@ inptr = tmpptr + 1; } +#undef PUSHC + *outlen = size; return result; } @@ -327,12 +322,11 @@ int ossl_a2ucompare(const char *a, const char *u) { - char a_ulabel[LABEL_BUF_SIZE]; + char a_ulabel[LABEL_BUF_SIZE + 1]; size_t a_size = sizeof(a_ulabel); - if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) { + if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) return -1; - } - return (strcmp(a_ulabel, u) == 0) ? 0 : 1; + return strcmp(a_ulabel, u) != 0; } diff -Nru openssl-3.0.5/crypto/rand/prov_seed.c openssl-3.0.7/crypto/rand/prov_seed.c --- openssl-3.0.5/crypto/rand/prov_seed.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/rand/prov_seed.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,7 +12,7 @@ #include #include -size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, +size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, size_t min_len, size_t max_len) { @@ -38,13 +38,13 @@ return ret; } -void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle, +void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len) { OPENSSL_secure_clear_free(buf, len); } -size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, +size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len) { @@ -69,7 +69,7 @@ return ret; } -void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle, +void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len) { OPENSSL_clear_free(buf, len); diff -Nru openssl-3.0.5/crypto/ripemd/build.info openssl-3.0.7/crypto/ripemd/build.info --- openssl-3.0.5/crypto/ripemd/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/ripemd/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -20,7 +20,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # RIPEMD160 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{'module'} -}] SOURCE[../../providers/liblegacy.a]=rmd_dgst.c rmd_one.c $RMD160ASM DEFINE[../../providers/liblegacy.a]=$RMD160DEF ENDIF diff -Nru openssl-3.0.5/crypto/sha/build.info openssl-3.0.7/crypto/sha/build.info --- openssl-3.0.5/crypto/sha/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/sha/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -82,6 +82,14 @@ # need to be applied to all affected libraries and modules. DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF +DEFINE[../../providers/libdefault.a]=$SHA1DEF $KECCAK1600DEF +# We only need to include the SHA1DEF and KECCAK1600DEF stuff in the +# legacy provider when it's a separate module and it's dynamically +# linked with libcrypto. Otherwise, it already gets everything that +# the static libcrypto.a has, and doesn't need it added again. +IF[{- !$disabled{module} && !$disabled{shared} -}] + DEFINE[../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF +ENDIF GENERATE[sha1-586.S]=asm/sha1-586.pl DEPEND[sha1-586.S]=../perlasm/x86asm.pl diff -Nru openssl-3.0.5/crypto/sparse_array.c openssl-3.0.7/crypto/sparse_array.c --- openssl-3.0.5/crypto/sparse_array.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/sparse_array.c 2022-11-01 14:14:36.000000000 +0000 @@ -109,8 +109,10 @@ void ossl_sa_free(OPENSSL_SA *sa) { - sa_doall(sa, &sa_free_node, NULL, NULL); - OPENSSL_free(sa); + if (sa != NULL) { + sa_doall(sa, &sa_free_node, NULL, NULL); + OPENSSL_free(sa); + } } void ossl_sa_free_leaves(OPENSSL_SA *sa) diff -Nru openssl-3.0.5/crypto/stack/stack.c openssl-3.0.7/crypto/stack/stack.c --- openssl-3.0.5/crypto/stack/stack.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/stack/stack.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,8 +19,7 @@ */ static const int min_nodes = 4; static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX - ? (int)(SIZE_MAX / sizeof(void *)) - : INT_MAX; + ? (int)(SIZE_MAX / sizeof(void *)) : INT_MAX; struct stack_st { int num; @@ -30,7 +29,8 @@ OPENSSL_sk_compfunc comp; }; -OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c) +OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, + OPENSSL_sk_compfunc c) { OPENSSL_sk_compfunc old = sk->comp; @@ -65,7 +65,8 @@ } /* duplicate |sk->data| content */ - if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL) + ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc); + if (ret->data == NULL) goto err; memcpy(ret->data, sk->data, sizeof(void *) * sk->num); return ret; @@ -77,8 +78,8 @@ } OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk, - OPENSSL_sk_copyfunc copy_func, - OPENSSL_sk_freefunc free_func) + OPENSSL_sk_copyfunc copy_func, + OPENSSL_sk_freefunc free_func) { OPENSSL_STACK *ret; int i; @@ -175,8 +176,10 @@ int num_alloc; /* Check to see the reservation isn't exceeding the hard limit */ - if (n > max_nodes - st->num) + if (n > max_nodes - st->num) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); return 0; + } /* Figure out the new size */ num_alloc = st->num + n; @@ -201,15 +204,19 @@ if (num_alloc <= st->num_alloc) return 1; num_alloc = compute_growth(num_alloc, st->num_alloc); - if (num_alloc == 0) + if (num_alloc == 0) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); return 0; + } } else if (num_alloc == st->num_alloc) { return 1; } tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc); - if (tmpdata == NULL) + if (tmpdata == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return 0; + } st->data = tmpdata; st->num_alloc = num_alloc; @@ -220,8 +227,10 @@ { OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK)); - if (st == NULL) + if (st == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); return NULL; + } st->comp = c; @@ -238,8 +247,10 @@ int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n) { - if (st == NULL) + if (st == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); return 0; + } if (n < 0) return 1; @@ -248,8 +259,14 @@ int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc) { - if (st == NULL || st->num == max_nodes) + if (st == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (st->num == max_nodes) { + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_RECORDS); return 0; + } if (!sk_reserve(st, 1, 0)) return 0; @@ -271,8 +288,8 @@ const void *ret = st->data[loc]; if (loc != st->num - 1) - memmove(&st->data[loc], &st->data[loc + 1], - sizeof(st->data[0]) * (st->num - loc - 1)); + memmove(&st->data[loc], &st->data[loc + 1], + sizeof(st->data[0]) * (st->num - loc - 1)); st->num--; return (void *)ret; @@ -282,6 +299,9 @@ { int i; + if (st == NULL) + return NULL; + for (i = 0; i < st->num; i++) if (st->data[i] == p) return internal_delete(st, i); @@ -429,8 +449,15 @@ void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data) { - if (st == NULL || i < 0 || i >= st->num) + if (st == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (i < 0 || i >= st->num) { + ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_PASSED_INVALID_ARGUMENT, + "i=%d", i); return NULL; + } st->data[i] = data; st->sorted = 0; return (void *)st->data[i]; diff -Nru openssl-3.0.5/crypto/store/store_meth.c openssl-3.0.7/crypto/store/store_meth.c --- openssl-3.0.5/crypto/store/store_meth.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/store/store_meth.c 2022-11-01 14:14:36.000000000 +0000 @@ -127,6 +127,28 @@ &loader_store_method); } +static int reserve_loader_store(void *store, void *data) +{ + struct loader_data_st *methdata = data; + + if (store == NULL + && (store = get_loader_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_lock_store(store); +} + +static int unreserve_loader_store(void *store, void *data) +{ + struct loader_data_st *methdata = data; + + if (store == NULL + && (store = get_loader_store(methdata->libctx)) == NULL) + return 0; + + return ossl_method_unlock_store(store); +} + /* Get loader methods from a store, or put one in */ static void *get_loader_from_store(void *store, const OSSL_PROVIDER **prov, void *data) @@ -313,6 +335,8 @@ || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { get_tmp_loader_store, + reserve_loader_store, + unreserve_loader_store, get_loader_from_store, put_loader_in_store, construct_loader, diff -Nru openssl-3.0.5/crypto/threads_win.c openssl-3.0.7/crypto/threads_win.c --- openssl-3.0.5/crypto/threads_win.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/threads_win.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,18 @@ # endif #endif +/* + * VC++ 2008 or earlier x86 compilers do not have an inline implementation + * of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit. + * https://docs.microsoft.com/en-us/cpp/intrinsics/interlockedor-intrinsic-functions#requirements + * To work around this problem, we implement a manual locking mechanism for + * only VC++ 2008 or earlier x86 compilers. + */ + +#if (defined(_MSC_VER) && defined(_M_IX86) && _MSC_VER <= 1500) +# define NO_INTERLOCKEDOR64 +#endif + #include #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) @@ -207,14 +219,36 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, CRYPTO_RWLOCK *lock) { +#if (defined(NO_INTERLOCKEDOR64)) + if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) + return 0; + *val |= op; + *ret = *val; + + if (!CRYPTO_THREAD_unlock(lock)) + return 0; + + return 1; +#else *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, (LONG64)op) | op; return 1; +#endif } int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) { +#if (defined(NO_INTERLOCKEDOR64)) + if (lock == NULL || !CRYPTO_THREAD_read_lock(lock)) + return 0; + *ret = *val; + if (!CRYPTO_THREAD_unlock(lock)) + return 0; + + return 1; +#else *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, 0); return 1; +#endif } int openssl_init_fork_handlers(void) diff -Nru openssl-3.0.5/crypto/txt_db/txt_db.c openssl-3.0.7/crypto/txt_db/txt_db.c --- openssl-3.0.5/crypto/txt_db/txt_db.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/txt_db/txt_db.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,7 +21,6 @@ { TXT_DB *ret = NULL; int esc = 0; - long ln = 0; int i, add, n; int size = BUFSIZE; int offset = 0; @@ -61,7 +60,6 @@ } buf->data[offset] = '\0'; BIO_gets(in, &(buf->data[offset]), size - offset); - ln++; if (buf->data[offset] == '\0') break; if ((offset == 0) && (buf->data[0] == '#')) diff -Nru openssl-3.0.5/crypto/x509/v3_addr.c openssl-3.0.7/crypto/x509/v3_addr.c --- openssl-3.0.5/crypto/x509/v3_addr.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/v3_addr.c 2022-11-01 14:14:36.000000000 +0000 @@ -393,12 +393,14 @@ /* * Construct a prefix. */ -static int make_addressPrefix(IPAddressOrRange **result, - unsigned char *addr, const int prefixlen) +static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, + const int prefixlen, const int afilen) { int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; IPAddressOrRange *aor = IPAddressOrRange_new(); + if (prefixlen < 0 || prefixlen > (afilen * 8)) + return 0; if (aor == NULL) return 0; aor->type = IPAddressOrRange_addressPrefix; @@ -438,7 +440,7 @@ return 0; if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) - return make_addressPrefix(result, min, prefixlen); + return make_addressPrefix(result, min, prefixlen, length); if ((aor = IPAddressOrRange_new()) == NULL) return 0; @@ -600,7 +602,9 @@ { IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); IPAddressOrRange *aor; - if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) + + if (aors == NULL + || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi))) return 0; if (sk_IPAddressOrRange_push(aors, aor)) return 1; @@ -995,7 +999,10 @@ switch (delim) { case '/': prefixlen = (int)strtoul(s + i2, &t, 10); - if (t == s + i2 || *t != '\0') { + if (t == s + i2 + || *t != '\0' + || prefixlen > (length * 8) + || prefixlen < 0) { ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); X509V3_conf_add_error_name_value(val); goto err; diff -Nru openssl-3.0.5/crypto/x509/v3_lib.c openssl-3.0.7/crypto/x509/v3_lib.c --- openssl-3.0.5/crypto/x509/v3_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/v3_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -242,8 +242,10 @@ } /* If delete, just delete it */ if (ext_op == X509V3_ADD_DELETE) { - if (!sk_X509_EXTENSION_delete(*x, extidx)) + extmp = sk_X509_EXTENSION_delete(*x, extidx); + if (extmp == NULL) return -1; + X509_EXTENSION_free(extmp); return 1; } } else { diff -Nru openssl-3.0.5/crypto/x509/x509_req.c openssl-3.0.7/crypto/x509/x509_req.c --- openssl-3.0.5/crypto/x509/x509_req.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/x509_req.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -116,6 +116,7 @@ int X509_REQ_extension_nid(int req_nid) { int i, nid; + for (i = 0;; i++) { nid = ext_nids[i]; if (nid == NID_undef) @@ -142,7 +143,7 @@ int idx, *pnid; const unsigned char *p; - if ((req == NULL) || !ext_nids) + if (req == NULL || !ext_nids) return NULL; for (pnid = ext_nids; *pnid != NID_undef; pnid++) { idx = X509_REQ_get_attr_by_NID(req, *pnid, -1); @@ -214,44 +215,73 @@ X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) { - return X509at_delete_attr(req->req_info.attributes, loc); + X509_ATTRIBUTE *attr; + + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + attr = X509at_delete_attr(req->req_info.attributes, loc); + if (attr != NULL) + req->req_info.enc.modified = 1; + return attr; } int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) { - if (X509at_add1_attr(&req->req_info.attributes, attr)) - return 1; - return 0; + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!X509at_add1_attr(&req->req_info.attributes, attr)) + return 0; + req->req_info.enc.modified = 1; + return 1; } int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { - if (X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, - type, bytes, len)) - return 1; - return 0; + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj, + type, bytes, len)) + return 0; + req->req_info.enc.modified = 1; + return 1; } int X509_REQ_add1_attr_by_NID(X509_REQ *req, int nid, int type, const unsigned char *bytes, int len) { - if (X509at_add1_attr_by_NID(&req->req_info.attributes, nid, - type, bytes, len)) - return 1; - return 0; + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid, + type, bytes, len)) + return 0; + req->req_info.enc.modified = 1; + return 1; } int X509_REQ_add1_attr_by_txt(X509_REQ *req, const char *attrname, int type, const unsigned char *bytes, int len) { - if (X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, - type, bytes, len)) - return 1; - return 0; + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname, + type, bytes, len)) + return 0; + req->req_info.enc.modified = 1; + return 1; } long X509_REQ_get_version(const X509_REQ *req) @@ -276,7 +306,7 @@ void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig) { if (req->signature) - ASN1_BIT_STRING_free(req->signature); + ASN1_BIT_STRING_free(req->signature); req->signature = psig; } @@ -292,6 +322,10 @@ int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp) { + if (req == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } req->req_info.enc.modified = 1; return i2d_X509_REQ_INFO(&req->req_info, pp); } diff -Nru openssl-3.0.5/crypto/x509/x509_vfy.c openssl-3.0.7/crypto/x509/x509_vfy.c --- openssl-3.0.5/crypto/x509/x509_vfy.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/x509_vfy.c 2022-11-01 14:14:36.000000000 +0000 @@ -351,8 +351,6 @@ * SUBJECT_ISSUER_MISMATCH just means 'x' is clearly not issued by 'issuer'. * Every other error code likely indicates a real error. */ - if (err != X509_V_ERR_SUBJECT_ISSUER_MISMATCH) - ctx->error = err; return 0; } @@ -1009,14 +1007,14 @@ time_t *ptime; int i; - if (notify) - ctx->current_crl = crl; if ((ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME) != 0) ptime = &ctx->param->check_time; else if ((ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME) != 0) return 1; else ptime = NULL; + if (notify) + ctx->current_crl = crl; i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime); if (i == 0) { @@ -2315,8 +2313,6 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain) { - int ret = 1; - if (ctx == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; @@ -2414,19 +2410,13 @@ } /* Inherit callbacks and flags from X509_STORE if not set use defaults. */ - if (store != NULL) - ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param); - else + if (store == NULL) ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE; + else if (X509_VERIFY_PARAM_inherit(ctx->param, store->param) == 0) + goto err; - if (ret) - ret = X509_VERIFY_PARAM_inherit(ctx->param, - X509_VERIFY_PARAM_lookup("default")); - - if (ret == 0) { - ERR_raise(ERR_LIB_X509, ERR_R_MALLOC_FAILURE); + if (!X509_STORE_CTX_set_default(ctx, "default")) goto err; - } /* * XXX: For now, continue to inherit trust from VPM, but infer from the @@ -2628,8 +2618,10 @@ const X509_VERIFY_PARAM *param; param = X509_VERIFY_PARAM_lookup(name); - if (param == NULL) + if (param == NULL) { + ERR_raise_data(ERR_LIB_X509, X509_R_UNKNOWN_PURPOSE_ID, "name=%s", name); return 0; + } return X509_VERIFY_PARAM_inherit(ctx->param, param); } @@ -2997,7 +2989,6 @@ int alt_untrusted = 0; int max_depth; int ok = 0; - int prev_error = ctx->error; int i; /* Our chain starts with a single untrusted element. */ @@ -3279,8 +3270,6 @@ switch (trust) { case X509_TRUST_TRUSTED: - /* Must restore any previous error value for backward compatibility */ - ctx->error = prev_error; return 1; case X509_TRUST_REJECTED: /* Callback already issued */ diff -Nru openssl-3.0.5/crypto/x509/x509_vpm.c openssl-3.0.7/crypto/x509/x509_vpm.c --- openssl-3.0.5/crypto/x509/x509_vpm.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/x509_vpm.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,8 @@ */ if (namelen == 0 || name == NULL) namelen = name ? strlen(name) : 0; - else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen)) + else if (name != NULL + && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen) != NULL) return 0; if (namelen > 0 && name[namelen - 1] == '\0') --namelen; @@ -78,7 +79,6 @@ return 1; } - X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void) { X509_VERIFY_PARAM *param; @@ -142,8 +142,7 @@ /* Macro to test if a field should be copied from src to dest */ #define test_x509_verify_param_copy(field, def) \ - (to_overwrite \ - || ((src->field != def) && (to_default || (dest->field == def)))) + (to_overwrite || (src->field != def && (to_default || dest->field == def))) /* Macro to test and copy a field if necessary */ @@ -156,25 +155,19 @@ { unsigned long inh_flags; int to_default, to_overwrite; - if (!src) + + if (src == NULL) return 1; inh_flags = dest->inh_flags | src->inh_flags; - if (inh_flags & X509_VP_FLAG_ONCE) + if ((inh_flags & X509_VP_FLAG_ONCE) != 0) dest->inh_flags = 0; - if (inh_flags & X509_VP_FLAG_LOCKED) + if ((inh_flags & X509_VP_FLAG_LOCKED) != 0) return 1; - if (inh_flags & X509_VP_FLAG_DEFAULT) - to_default = 1; - else - to_default = 0; - - if (inh_flags & X509_VP_FLAG_OVERWRITE) - to_overwrite = 1; - else - to_overwrite = 0; + to_default = (inh_flags & X509_VP_FLAG_DEFAULT) != 0; + to_overwrite = (inh_flags & X509_VP_FLAG_OVERWRITE) != 0; x509_verify_param_copy(purpose, 0); x509_verify_param_copy(trust, X509_TRUST_DEFAULT); @@ -183,13 +176,13 @@ /* If overwrite or check time not set, copy across */ - if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) { + if (to_overwrite || (dest->flags & X509_V_FLAG_USE_CHECK_TIME) == 0) { dest->check_time = src->check_time; dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME; /* Don't need to copy flag: that is done below */ } - if (inh_flags & X509_VP_FLAG_RESET_FLAGS) + if ((inh_flags & X509_VP_FLAG_RESET_FLAGS) != 0) dest->flags = 0; dest->flags |= src->flags; @@ -204,7 +197,7 @@ if (test_x509_verify_param_copy(hosts, NULL)) { sk_OPENSSL_STRING_pop_free(dest->hosts, str_free); dest->hosts = NULL; - if (src->hosts) { + if (src->hosts != NULL) { dest->hosts = sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free); if (dest->hosts == NULL) @@ -228,8 +221,14 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to, const X509_VERIFY_PARAM *from) { - unsigned long save_flags = to->inh_flags; + unsigned long save_flags; int ret; + + if (to == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + save_flags = to->inh_flags; to->inh_flags |= X509_VP_FLAG_DEFAULT; ret = X509_VERIFY_PARAM_inherit(to, from); to->inh_flags = save_flags; @@ -240,7 +239,8 @@ const char *src, size_t srclen) { char *tmp; - if (src) { + + if (src != NULL) { if (srclen == 0) srclen = strlen(src); @@ -264,15 +264,13 @@ { OPENSSL_free(param->name); param->name = OPENSSL_strdup(name); - if (param->name) - return 1; - return 0; + return param->name != NULL; } int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags) { param->flags |= flags; - if (flags & X509_V_FLAG_POLICY_MASK) + if ((flags & X509_V_FLAG_POLICY_MASK) != 0) param->flags |= X509_V_FLAG_POLICY_CHECK; return 1; } @@ -339,9 +337,7 @@ if (param->policies == NULL) return 0; } - if (!sk_ASN1_OBJECT_push(param->policies, policy)) - return 0; - return 1; + return sk_ASN1_OBJECT_push(param->policies, policy); } int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, @@ -350,8 +346,10 @@ int i; ASN1_OBJECT *oid, *doid; - if (param == NULL) + if (param == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return 0; + } sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free); if (policies == NULL) { @@ -366,7 +364,7 @@ for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) { oid = sk_ASN1_OBJECT_value(policies, i); doid = OBJ_dup(oid); - if (!doid) + if (doid == NULL) return 0; if (!sk_ASN1_OBJECT_push(param->policies, doid)) { ASN1_OBJECT_free(doid); @@ -424,7 +422,7 @@ OPENSSL_free(to->peername); to->peername = peername; } - if (from) + if (from != NULL) from->peername = NULL; } @@ -443,8 +441,10 @@ static unsigned char *int_X509_VERIFY_PARAM_get0_ip(X509_VERIFY_PARAM *param, size_t *plen) { - if (param == NULL || param->ip == NULL) + if (param == NULL || param->ip == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); return NULL; + } if (plen != NULL) *plen = param->iplen; return param->ip; @@ -455,14 +455,16 @@ size_t iplen; unsigned char *ip = int_X509_VERIFY_PARAM_get0_ip(param, &iplen); - return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen); + return ip == NULL ? NULL : ossl_ipaddr_to_asc(ip, iplen); } int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param, const unsigned char *ip, size_t iplen) { - if (iplen != 0 && iplen != 4 && iplen != 16) + if (iplen != 0 && iplen != 4 && iplen != 16) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT); return 0; + } return int_x509_param_set1((char **)¶m->ip, ¶m->iplen, (char *)ip, iplen); } @@ -470,9 +472,8 @@ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc) { unsigned char ipout[16]; - size_t iplen; + size_t iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc); - iplen = (size_t)ossl_a2i_ipadd(ipout, ipasc); if (iplen == 0) return 0; return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen); @@ -579,6 +580,7 @@ { int idx; X509_VERIFY_PARAM *ptmp; + if (param_table == NULL) { param_table = sk_X509_VERIFY_PARAM_new(param_cmp); if (param_table == NULL) @@ -590,15 +592,14 @@ X509_VERIFY_PARAM_free(ptmp); } } - if (!sk_X509_VERIFY_PARAM_push(param_table, param)) - return 0; - return 1; + return sk_X509_VERIFY_PARAM_push(param_table, param); } int X509_VERIFY_PARAM_get_count(void) { int num = OSSL_NELEM(default_table); - if (param_table) + + if (param_table != NULL) num += sk_X509_VERIFY_PARAM_num(param_table); return num; } @@ -606,6 +607,7 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id) { int num = OSSL_NELEM(default_table); + if (id < num) return default_table + id; return sk_X509_VERIFY_PARAM_value(param_table, id - num); diff -Nru openssl-3.0.5/crypto/x509/x_all.c openssl-3.0.7/crypto/x509/x_all.c --- openssl-3.0.5/crypto/x509/x_all.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/x_all.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -30,7 +30,7 @@ int X509_verify(X509 *a, EVP_PKEY *r) { - if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature)) + if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature) != 0) return 0; return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg, @@ -59,6 +59,18 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + /* + * Setting the modified flag before signing it. This makes the cached + * encoding to be ignored, so even if the certificate fields have changed, + * they are signed correctly. + * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions + * which exist below are the same. + */ x->cert_info.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, &x->sig_alg, &x->signature, &x->cert_info, NULL, @@ -67,6 +79,10 @@ int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } x->cert_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature, @@ -77,7 +93,7 @@ int timeout, const ASN1_ITEM *it) { BIO *mem = OSSL_HTTP_get(url, NULL /* proxy */, NULL /* no_proxy */, - bio, rbio, NULL /* cb */ , NULL /* arg */, + bio, rbio, NULL /* cb */, NULL /* arg */, 1024 /* buf_size */, NULL /* headers */, NULL /* expected_ct */, 1 /* expect_asn1 */, OSSL_HTTP_DEFAULT_MAX_RESP_LEN, timeout); @@ -95,6 +111,11 @@ int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + x->req_info.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, x->signature, &x->req_info, NULL, pkey, md, x->libctx, x->propq); @@ -102,6 +123,11 @@ int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + x->req_info.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL, x->signature, &x->req_info, ctx); @@ -109,6 +135,10 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } x->crl.enc.modified = 1; return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, &x->sig_alg, &x->signature, &x->crl, NULL, @@ -117,6 +147,10 @@ int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } x->crl.enc.modified = 1; return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg, &x->sig_alg, &x->signature, @@ -131,7 +165,8 @@ int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { - return ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, + return + ASN1_item_sign_ex(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL, x->signature, x->spkac, NULL, pkey, md, NULL, NULL); } @@ -214,7 +249,6 @@ propq = (*p7)->ctx.propq; } - ret = ASN1_item_d2i_bio_ex(ASN1_ITEM_rptr(PKCS7), bp, p7, libctx, propq); if (ret != NULL) ossl_pkcs7_resolve_libctx(ret); @@ -411,9 +445,9 @@ int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, unsigned int *len) { - ASN1_BIT_STRING *key; - key = X509_get0_pubkey_bitstr(data); - if (!key) + ASN1_BIT_STRING *key = X509_get0_pubkey_bitstr(data); + + if (key == NULL) return 0; return EVP_Digest(key->data, key->length, md, len, type, NULL); } @@ -469,7 +503,7 @@ || !ossl_rsa_pss_get_param_unverified(pss, &mmd, &mgf1md, &saltlen, &trailerfield) - || mmd == NULL) { + || mmd == NULL) { RSA_PSS_PARAMS_free(pss); ERR_raise(ERR_LIB_X509, X509_R_UNSUPPORTED_ALGORITHM); return NULL; @@ -512,7 +546,7 @@ if (!X509_digest(cert, md, hash, &len) || (new = ASN1_OCTET_STRING_new()) == NULL) goto err; - if ((ASN1_OCTET_STRING_set(new, hash, len))) { + if (ASN1_OCTET_STRING_set(new, hash, len)) { if (md_used != NULL) *md_used = md; else diff -Nru openssl-3.0.5/crypto/x509/x_name.c openssl-3.0.7/crypto/x509/x_name.c --- openssl-3.0.5/crypto/x509/x_name.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/crypto/x509/x_name.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -499,9 +499,7 @@ int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase) { char *s, *c, *b; - int l, i; - - l = 80 - 2 - obase; + int i; b = X509_NAME_oneline(name, NULL, 0); if (b == NULL) @@ -527,12 +525,10 @@ if (BIO_write(bp, ", ", 2) != 2) goto err; } - l--; } if (*s == '\0') break; s++; - l--; } OPENSSL_free(b); diff -Nru openssl-3.0.5/debian/changelog openssl-3.0.7/debian/changelog --- openssl-3.0.5/debian/changelog 2022-10-27 17:05:01.000000000 +0000 +++ openssl-3.0.7/debian/changelog 2022-12-06 14:11:40.000000000 +0000 @@ -1,3 +1,63 @@ +openssl (3.0.7-1ubuntu1) lunar; urgency=medium + + * Merge 3.0.7 from Debian unstable (LP: #1998942) + - Drop patches merged upstream: + + CVE-2022-3358.patch + + CVE-2022-3602-1.patch + + CVE-2022-3602-2.patch + - Shrink patch since upstream fixed some tests in the patch above: + + tests-use-seclevel-1.patch + - Drop patch since -DOPENSSL_TLS_SECURITY_LEVEL=2 is now hard-coded: + + Set-systemwide-default-settings-for-libssl-users.patch + - Drop Debian patch not needed anymore: + + TEST-Provide-a-default-openssl.cnf-for-tests.patch + - Mention Debian as defaulting to SECLEVEL=2 in addition to Ubuntu: + + tls1.2-min-seclevel2.patch + - Remaining changes: + + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to + openssl + + d/libssl3.postinst: Revert Debian deletion + - Skip services restart & reboot notification if needrestart is in-use. + - Bump version check to 1.1.1 (bug opened as LP: #1999139) + - Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Import libraries/restart-without-asking template as used by above. + + Add support for building with noudeb build profile. + + Use perl:native in the autopkgtest for installability on i386. + * Correct comment as to which TLS version is disabled with our seclevel: + - skip_tls1.1_seclevel3_tests.patch + + [Sebastian Andrzej Siewior] + * CVE-2022-3996 (X.509 Policy Constraints Double Locking). + + -- Adrien Nader Tue, 06 Dec 2022 15:11:40 +0100 + +openssl (3.0.7-1) unstable; urgency=medium + + * Import 3.0.7 + - Using a Custom Cipher with NID_undef may lead to NULL encryption + (CVE-2022-3358) (Closes: #1021620). + - X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602). + - X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786). + * Disable rdrand engine (the opcode on x86). + * Remove config bits for MIPS R6, the generic MIPS config can be used. + + -- Sebastian Andrzej Siewior Tue, 01 Nov 2022 21:39:01 +0100 + +openssl (3.0.5-4) unstable; urgency=medium + + * Add ssl_conf() serialisation (Closes: #1020308). + + -- Sebastian Andrzej Siewior Mon, 19 Sep 2022 21:59:19 +0200 + +openssl (3.0.5-3) unstable; urgency=medium + + * Add cert.pem symlink pointing to ca-certificates' ca-certificates.crt + (Closes: #805646). + * Compile with OPENSSL_TLS_SECURITY_LEVEL=2 (Closes: #918727). + + -- Sebastian Andrzej Siewior Sun, 18 Sep 2022 21:48:05 +0200 + openssl (3.0.5-2ubuntu2) kinetic-security; urgency=medium * SECURITY UPDATE: X.509 Email Address Buffer Overflow diff -Nru openssl-3.0.5/debian/openssl.install openssl-3.0.7/debian/openssl.install --- openssl-3.0.5/debian/openssl.install 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/openssl.install 2022-12-06 14:11:40.000000000 +0000 @@ -1,5 +1,6 @@ etc/ssl usr/bin/* +usr/lib/ssl/cert.pem usr/lib/ssl/certs usr/lib/ssl/private usr/lib/ssl/misc/* diff -Nru openssl-3.0.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.0.7/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch --- openssl-3.0.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2022-12-06 14:11:40.000000000 +0000 @@ -23,7 +23,7 @@ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index 66bc81dfb422..096d53283890 100644 +index b578a3c2a861..b3b21d39990b 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -697,7 +697,7 @@ my %targets = ( @@ -36,15 +36,15 @@ "linux-latomic" => { inherit_from => [ "linux-generic32" ], diff --git a/Configure b/Configure -index 8b234f640f28..5e7b8592d2dd 100755 +index a558e5ab1a8b..9653f3d0bf10 100755 --- a/Configure +++ b/Configure -@@ -1717,7 +1717,7 @@ unless ($disabled{devcryptoeng}) { - +@@ -1715,7 +1715,7 @@ unless ($disabled{devcryptoeng}) { unless ($disabled{ktls}) { $config{ktls}=""; + my $cc = $config{CROSS_COMPILE}.$config{CC}; - if ($target =~ m/^linux/) { + if (grep { $_ eq 'afalgeng' } @{$target{enable}}) { - my $usr = "/usr/$config{cross_compile_prefix}"; - chop($usr); - if ($config{cross_compile_prefix} eq "") { + system("printf '#include \n#include ' | $cc -E - >/dev/null 2>&1"); + if ($? != 0) { + disable('too-old-kernel', 'ktls'); diff -Nru openssl-3.0.5/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch openssl-3.0.7/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch --- openssl-3.0.5/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/debian/patches/conf-Serialize-allocation-free-of-ssl_names.patch 2022-12-06 14:11:40.000000000 +0000 @@ -0,0 +1,102 @@ +From: Sebastian Andrzej Siewior +Date: Mon, 19 Sep 2022 20:51:31 +0200 +Subject: conf: Serialize allocation/free of ssl_names. + +The access to `ssl_names' is not fully serialized. With multiple threads +it is possible that more than one thread starts to clean up `ssl_names'. +This leads to occasional segfaults if more than one terminates and +performs the clean up. + +Fixes: #19243 + +Signed-off-by: Sebastian Andrzej Siewior +--- + crypto/conf/conf_ssl.c | 35 ++++++++++++++++++++++++++++++++--- + 1 file changed, 32 insertions(+), 3 deletions(-) + +diff --git a/crypto/conf/conf_ssl.c b/crypto/conf/conf_ssl.c +index 84c5b2afe581..d6596e60c3b5 100644 +--- a/crypto/conf/conf_ssl.c ++++ b/crypto/conf/conf_ssl.c +@@ -12,6 +12,7 @@ + #include + #include + #include "internal/sslconf.h" ++#include "internal/thread_once.h" + #include "conf_local.h" + + /* +@@ -35,12 +36,25 @@ struct ssl_conf_cmd_st { + char *arg; + }; + ++static CRYPTO_ONCE init_ssl_names_lock = CRYPTO_ONCE_STATIC_INIT; ++static CRYPTO_RWLOCK *ssl_names_lock; + static struct ssl_conf_name_st *ssl_names; + static size_t ssl_names_count; + +-static void ssl_module_free(CONF_IMODULE *md) ++DEFINE_RUN_ONCE_STATIC(do_init_ssl_names_lock) ++{ ++ ssl_names_lock = CRYPTO_THREAD_lock_new(); ++ if (ssl_names_lock == NULL) { ++ ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE); ++ return 0; ++ } ++ return 1; ++} ++ ++static void ssl_module_free_unlocked(CONF_IMODULE *md) + { + size_t i, j; ++ + if (ssl_names == NULL) + return; + for (i = 0; i < ssl_names_count; i++) { +@@ -58,6 +72,14 @@ static void ssl_module_free(CONF_IMODULE *md) + ssl_names_count = 0; + } + ++static void ssl_module_free(CONF_IMODULE *md) ++{ ++ if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) ++ return; ++ ssl_module_free_unlocked(md); ++ CRYPTO_THREAD_unlock(ssl_names_lock); ++} ++ + static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + { + size_t i, j, cnt; +@@ -65,6 +87,12 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + const char *ssl_conf_section; + STACK_OF(CONF_VALUE) *cmd_lists; + ++ if (!RUN_ONCE(&init_ssl_names_lock, do_init_ssl_names_lock)) ++ return 0; ++ ++ if (!CRYPTO_THREAD_write_lock(ssl_names_lock)) ++ return 0; ++ + ssl_conf_section = CONF_imodule_get_value(md); + cmd_lists = NCONF_get_section(cnf, ssl_conf_section); + if (sk_CONF_VALUE_num(cmd_lists) <= 0) { +@@ -77,7 +105,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + goto err; + } + cnt = sk_CONF_VALUE_num(cmd_lists); +- ssl_module_free(md); ++ ssl_module_free_unlocked(md); + ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt); + if (ssl_names == NULL) + goto err; +@@ -126,7 +154,8 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf) + rv = 1; + err: + if (rv == 0) +- ssl_module_free(md); ++ ssl_module_free_unlocked(md); ++ CRYPTO_THREAD_unlock(ssl_names_lock); + return rv; + } + diff -Nru openssl-3.0.5/debian/patches/CVE-2022-3358.patch openssl-3.0.7/debian/patches/CVE-2022-3358.patch --- openssl-3.0.5/debian/patches/CVE-2022-3358.patch 2022-10-25 15:27:35.000000000 +0000 +++ openssl-3.0.7/debian/patches/CVE-2022-3358.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,64 +0,0 @@ -From 5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Wed, 10 Aug 2022 15:31:00 +0100 -Subject: [PATCH] Fix usage of custom EVP_CIPHER objects - -If a custom EVP_CIPHER object has been passed to EVP_CipherInit() then it -should be used in preference to a fetched cipher. - -We also fix a possible NULL pointer deref in the same code for digests. - -If the custom cipher passed to EVP_CipherInit() happens to use NID_undef -(which should be a discouraged practice), then in the previous -implementation this could result in the NULL cipher being fetched and -hence NULL encryption being unexpectedly used. - -CVE-2022-3358 - -Fixes #18970 - -Reviewed-by: Tomas Mraz -Reviewed-by: Paul Dale -(Merged from https://github.com/openssl/openssl/pull/19300) - -(cherry picked from commit 25d47cccf203c3b71171e78865e48ea061a039a8) ---- - crypto/evp/digest.c | 4 +++- - crypto/evp/evp_enc.c | 6 ++++-- - 2 files changed, 7 insertions(+), 3 deletions(-) - ---- a/crypto/evp/digest.c -+++ b/crypto/evp/digest.c -@@ -225,7 +225,9 @@ static int evp_md_init_internal(EVP_MD_C - || tmpimpl != NULL - #endif - || (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) != 0 -- || type->origin == EVP_ORIG_METH) { -+ || (type != NULL && type->origin == EVP_ORIG_METH) -+ || (type == NULL && ctx->digest != NULL -+ && ctx->digest->origin == EVP_ORIG_METH)) { - if (ctx->digest == ctx->fetched_digest) - ctx->digest = NULL; - EVP_MD_free(ctx->fetched_digest); ---- a/crypto/evp/evp_enc.c -+++ b/crypto/evp/evp_enc.c -@@ -131,7 +131,10 @@ static int evp_cipher_init_internal(EVP_ - #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE) - || tmpimpl != NULL - #endif -- || impl != NULL) { -+ || impl != NULL -+ || (cipher != NULL && cipher->origin == EVP_ORIG_METH) -+ || (cipher == NULL && ctx->cipher != NULL -+ && ctx->cipher->origin == EVP_ORIG_METH)) { - if (ctx->cipher == ctx->fetched_cipher) - ctx->cipher = NULL; - EVP_CIPHER_free(ctx->fetched_cipher); -@@ -147,7 +150,6 @@ static int evp_cipher_init_internal(EVP_ - ctx->cipher_data = NULL; - } - -- - /* Start of non-legacy code below */ - - /* Ensure a context left lying around from last time is cleared */ diff -Nru openssl-3.0.5/debian/patches/CVE-2022-3602-1.patch openssl-3.0.7/debian/patches/CVE-2022-3602-1.patch --- openssl-3.0.5/debian/patches/CVE-2022-3602-1.patch 2022-10-27 17:04:54.000000000 +0000 +++ openssl-3.0.7/debian/patches/CVE-2022-3602-1.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,413 +0,0 @@ -From eddcc0de5b31cad2e066b57ce032e943b8b2de70 Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Wed, 19 Oct 2022 10:46:50 +1100 -Subject: [PATCH] Fix CVE in punycode decoder. - -An off by one error in the punycode decoder allowed for a single unsigned int -overwrite of a buffer which could cause a crash and possible code execution. - -Also fixed the ossl_a2ulabel() function which was broken and also contained -a potential buffer overflow, albeit one byte without control of the contents. - -Added a test case that errors without the CVE fix and passes with it. - -Fixes CVE-2022-3602. - -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz ---- - crypto/punycode.c | 65 +++++----- - test/build.info | 6 +- - test/punycode_test.c | 220 ++++++++++++++++++++++++++++++++ - test/recipes/04-test_punycode.t | 11 ++ - 4 files changed, 266 insertions(+), 36 deletions(-) - create mode 100644 test/punycode_test.c - create mode 100644 test/recipes/04-test_punycode.t - ---- a/crypto/punycode.c -+++ b/crypto/punycode.c -@@ -123,7 +123,6 @@ int ossl_punycode_decode(const char *pEn - unsigned int bias = initial_bias; - size_t processed_in = 0, written_out = 0; - unsigned int max_out = *pout_length; -- - unsigned int basic_count = 0; - unsigned int loop; - -@@ -181,11 +180,11 @@ int ossl_punycode_decode(const char *pEn - n = n + i / (written_out + 1); - i %= (written_out + 1); - -- if (written_out > max_out) -+ if (written_out >= max_out) - return 0; - - memmove(pDecoded + i + 1, pDecoded + i, -- (written_out - i) * sizeof *pDecoded); -+ (written_out - i) * sizeof(*pDecoded)); - pDecoded[i] = n; - i++; - written_out++; -@@ -255,30 +254,35 @@ int ossl_a2ulabel(const char *in, char * - */ - char *outptr = out; - const char *inptr = in; -- size_t size = 0; -+ size_t size = 0, maxsize; - int result = 1; -- -+ unsigned int i, j; - unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ -- if (out == NULL) -+ -+ if (out == NULL) { - result = 0; -+ maxsize = 0; -+ } else { -+ maxsize = *outlen; -+ } -+ -+#define PUSHC(c) \ -+ do \ -+ if (size++ < maxsize) \ -+ *outptr++ = c; \ -+ else \ -+ result = 0; \ -+ while (0) - - while (1) { - char *tmpptr = strchr(inptr, '.'); -- size_t delta = (tmpptr) ? (size_t)(tmpptr - inptr) : strlen(inptr); -+ size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); - - if (strncmp(inptr, "xn--", 4) != 0) { -- size += delta + 1; -- -- if (size >= *outlen - 1) -- result = 0; -- -- if (result > 0) { -- memcpy(outptr, inptr, delta + 1); -- outptr += delta + 1; -- } -+ for (i = 0; i < delta + 1; i++) -+ PUSHC(inptr[i]); - } else { - unsigned int bufsize = LABEL_BUF_SIZE; -- unsigned int i; - - if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) - return -1; -@@ -286,26 +290,16 @@ int ossl_a2ulabel(const char *in, char * - for (i = 0; i < bufsize; i++) { - unsigned char seed[6]; - size_t utfsize = codepoint2utf8(seed, buf[i]); -+ - if (utfsize == 0) - return -1; - -- size += utfsize; -- if (size >= *outlen - 1) -- result = 0; -- -- if (result > 0) { -- memcpy(outptr, seed, utfsize); -- outptr += utfsize; -- } -+ for (j = 0; j < utfsize; j++) -+ PUSHC(seed[j]); - } - -- if (tmpptr != NULL) { -- *outptr = '.'; -- outptr++; -- size++; -- if (size >= *outlen - 1) -- result = 0; -- } -+ if (tmpptr != NULL) -+ PUSHC('.'); - } - - if (tmpptr == NULL) -@@ -313,7 +307,9 @@ int ossl_a2ulabel(const char *in, char * - - inptr = tmpptr + 1; - } -+#undef PUSHC - -+ *outlen = size; - return result; - } - -@@ -330,9 +326,8 @@ int ossl_a2ucompare(const char *a, const - char a_ulabel[LABEL_BUF_SIZE]; - size_t a_size = sizeof(a_ulabel); - -- if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) { -+ if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) - return -1; -- } - -- return (strcmp(a_ulabel, u) == 0) ? 0 : 1; -+ return strcmp(a_ulabel, u) != 0; - } ---- a/test/build.info -+++ b/test/build.info -@@ -40,7 +40,7 @@ IF[{- !$disabled{tests} -}] - exptest pbetest localetest evp_pkey_ctx_new_from_name\ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test evp_libctx_test ossl_store_test \ -- v3nametest v3ext \ -+ v3nametest v3ext punycode_test \ - evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ - evp_fetch_prov_test v3nametest v3ext \ - crltest danetest bad_dtls_test lhash_test sparse_array_test \ -@@ -293,6 +293,10 @@ IF[{- !$disabled{tests} -}] - INCLUDE[pkcs7_test]=../include ../apps/include - DEPEND[pkcs7_test]=../libcrypto libtestutil.a - -+ SOURCE[punycode_test]=punycode_test.c -+ INCLUDE[punycode_test]=../include ../apps/include -+ DEPEND[punycode_test]=../libcrypto.a libtestutil.a -+ - SOURCE[stack_test]=stack_test.c - INCLUDE[stack_test]=../include ../apps/include - DEPEND[stack_test]=../libcrypto libtestutil.a ---- /dev/null -+++ b/test/punycode_test.c -@@ -0,0 +1,220 @@ -+/* -+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include -+#include -+ -+#include "crypto/punycode.h" -+#include "internal/nelem.h" -+#include "testutil.h" -+ -+ -+static const struct puny_test { -+ unsigned int raw[50]; -+ const char *encoded; -+} puny_cases[] = { -+ /* Test cases from RFC 3492 */ -+ { /* Arabic (Egyptian) */ -+ { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, -+ 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F -+ }, -+ "egbpdaj6bu4bxfgehfvwxn" -+ }, -+ { /* Chinese (simplified) */ -+ { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587 -+ }, -+ "ihqwcrb4cv8a8dqg056pqjye" -+ }, -+ { /* Chinese (traditional) */ -+ { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587 -+ }, -+ "ihqwctvzc91f659drss3x8bo0yb" -+ }, -+ { /* Czech: Proprostnemluvesky */ -+ { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, -+ 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, -+ 0x0065, 0x0073, 0x006B, 0x0079 -+ }, -+ "Proprostnemluvesky-uyb24dma41a" -+ }, -+ { /* Hebrew */ -+ { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, -+ 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, -+ 0x05D1, 0x05E8, 0x05D9, 0x05EA -+ }, -+ "4dbcagdahymbxekheh6e0a7fei0b" -+ }, -+ { /* Hindi (Devanagari) */ -+ { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, -+ 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, -+ 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, -+ 0x0939, 0x0948, 0x0902 -+ }, -+ "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" -+ }, -+ { /* Japanese (kanji and hiragana) */ -+ { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, -+ 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B -+ }, -+ "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" -+ }, -+ { /* Korean (Hangul syllables) */ -+ { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, -+ 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, -+ 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C -+ }, -+ "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" -+ }, -+ { /* Russian (Cyrillic) */ -+ { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, -+ 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, -+ 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, -+ 0x0438 -+ }, -+ "b1abfaaepdrnnbgefbaDotcwatmq2g4l" -+ }, -+ { /* Spanish */ -+ { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, -+ 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, -+ 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, -+ 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, -+ 0x0061, 0x00F1, 0x006F, 0x006C -+ }, -+ "PorqunopuedensimplementehablarenEspaol-fmd56a" -+ }, -+ { /* Vietnamese */ -+ { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, -+ 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, -+ 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, -+ 0x0056, 0x0069, 0x1EC7, 0x0074 -+ }, -+ "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" -+ }, -+ { /* Japanese: 3B */ -+ { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F -+ }, -+ "3B-ww4c5e180e575a65lsy2b" -+ }, -+ { /* Japanese: -with-SUPER-MONKEYS */ -+ { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, -+ 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, -+ 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 -+ }, -+ "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" -+ }, -+ { /* Japanese: Hello-Another-Way- */ -+ { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, -+ 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, -+ 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 -+ }, -+ "Hello-Another-Way--fc4qua05auwb3674vfr0b" -+ }, -+ { /* Japanese: 2 */ -+ { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 -+ }, -+ "2-u9tlzr9756bt3uc0v" -+ }, -+ { /* Japanese: MajiKoi5 */ -+ { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, -+ 0x308B, 0x0035, 0x79D2, 0x524D -+ }, -+ "MajiKoi5-783gue6qz075azm5e" -+ }, -+ { /* Japanese: de */ -+ { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 -+ }, -+ "de-jg4avhby1noc0d" -+ }, -+ { /* Japanese: */ -+ { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 -+ }, -+ "d9juau41awczczp" -+ }, -+ { /* -> $1.00 <- */ -+ { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, -+ 0x003C, 0x002D -+ }, -+ "-> $1.00 <--" -+ } -+}; -+ -+static int test_punycode(int n) -+{ -+ const struct puny_test *tc = puny_cases + n; -+ unsigned int buffer[50]; -+ unsigned int bsize = OSSL_NELEM(buffer); -+ size_t i; -+ -+ if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), -+ buffer, &bsize))) -+ return 0; -+ for (i = 0; i < sizeof(tc->raw); i++) -+ if (tc->raw[i] == 0) -+ break; -+ if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), -+ tc->raw, i * sizeof(*tc->raw))) -+ return 0; -+ return 1; -+} -+ -+static int test_a2ulabel(void) -+{ -+ char out[50]; -+ size_t outlen; -+ -+ /* -+ * Test that no buffer correctly returns the true length. -+ * The punycode being passed in and parsed is malformed but we're not -+ * verifying that behaviour here. -+ */ -+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) -+ || !TEST_size_t_eq(outlen, 7) -+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) -+ return 0; -+ /* Test that a short input length returns the true length */ -+ outlen = 1; -+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) -+ || !TEST_size_t_eq(outlen, 7) -+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) -+ || !TEST_str_eq(out,"\xc2\x80.b.c")) -+ return 0; -+ /* Test for an off by one on the buffer size works */ -+ outlen = 6; -+ if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) -+ || !TEST_size_t_eq(outlen, 7) -+ || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) -+ || !TEST_str_eq(out,"\xc2\x80.b.c")) -+ return 0; -+ return 1; -+} -+ -+static int test_puny_overrun(void) -+{ -+ static const unsigned int out[] = { -+ 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F -+ }; -+ static const char *in = "3B-ww4c5e180e575a65lsy2b"; -+ unsigned int buf[OSSL_NELEM(out)]; -+ unsigned int bsize = OSSL_NELEM(buf) - 1; -+ -+ if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) { -+ if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out))) -+ TEST_error("CRITICAL: buffer overrun detected!"); -+ return 0; -+ } -+ return 1; -+} -+ -+int setup_tests(void) -+{ -+ ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases)); -+ ADD_TEST(test_a2ulabel); -+ ADD_TEST(test_puny_overrun); -+ return 1; -+} ---- /dev/null -+++ b/test/recipes/04-test_punycode.t -@@ -0,0 +1,11 @@ -+#! /usr/bin/env perl -+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+use OpenSSL::Test::Simple; -+ -+simple_test("test_punycode", "punycode_test"); diff -Nru openssl-3.0.5/debian/patches/CVE-2022-3602-2.patch openssl-3.0.7/debian/patches/CVE-2022-3602-2.patch --- openssl-3.0.5/debian/patches/CVE-2022-3602-2.patch 2022-10-27 17:04:48.000000000 +0000 +++ openssl-3.0.7/debian/patches/CVE-2022-3602-2.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -From 2061a656b97ac7126431eed05dcf2c0317418be4 Mon Sep 17 00:00:00 2001 -From: Pauli -Date: Mon, 24 Oct 2022 19:06:13 +1100 -Subject: [PATCH] punycode: ensure the result is zero terminated - -Reviewed-by: Matt Caswell -Reviewed-by: Tomas Mraz ---- - crypto/punycode.c | 5 ++--- - 1 file changed, 2 insertions(+), 3 deletions(-) - -diff --git a/crypto/punycode.c b/crypto/punycode.c -index 8cba508382..b9b4e3d785 100644 ---- a/crypto/punycode.c -+++ b/crypto/punycode.c -@@ -298,8 +298,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) - PUSHC(seed[j]); - } - -- if (tmpptr != NULL) -- PUSHC('.'); -+ PUSHC(tmpptr != NULL ? '.' : '\0'); - } - - if (tmpptr == NULL) -@@ -323,7 +322,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen) - - int ossl_a2ucompare(const char *a, const char *u) - { -- char a_ulabel[LABEL_BUF_SIZE]; -+ char a_ulabel[LABEL_BUF_SIZE + 1]; - size_t a_size = sizeof(a_ulabel); - - if (ossl_a2ulabel(a, a_ulabel, &a_size) <= 0) diff -Nru openssl-3.0.5/debian/patches/debian-targets.patch openssl-3.0.7/debian/patches/debian-targets.patch --- openssl-3.0.5/debian/patches/debian-targets.patch 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/patches/debian-targets.patch 2022-12-06 14:11:40.000000000 +0000 @@ -3,19 +3,19 @@ Subject: debian-targets --- - Configurations/20-debian.conf | 219 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 219 insertions(+) + Configurations/20-debian.conf | 166 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 166 insertions(+) create mode 100644 Configurations/20-debian.conf diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf new file mode 100644 -index 000000000000..133501fa9333 +index 000000000000..c04d2b38dbd5 --- /dev/null +++ b/Configurations/20-debian.conf -@@ -0,0 +1,219 @@ +@@ -0,0 +1,166 @@ +my %targets = ( + "debian" => { -+ cflags => add("-Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr"), ++ cflags => add("-Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2"), + }, + "debian-alpha" => { + inherit_from => [ "linux-alpha-gcc", "debian" ], @@ -100,59 +100,6 @@ + cflags => add("-DL_ENDIAN"), + }, + -+ # Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because -+ # aes-mips.pl creates proper R6 ASM code. After that, we can inherit from -+ # the linux*-mips* targets. -+ "linux-mips32r6" => { -+ # Configure script adds minimally required -march for assembly -+ # support, if no -march was specified at command line. -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=32"), -+ perlasm_scheme => "o32", -+ shared_ldflag => add("-mabi=32"), -+ }, -+ # mips32 and mips64 below refer to contemporary MIPS Architecture -+ # specifications, MIPS32 and MIPS64, rather than to kernel bitness. -+ "linux-mips64r6" => { -+ inherit_from => [ "linux-generic32"], -+ cflags => add("-mabi=n32"), -+ bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", -+ perlasm_scheme => "n32", -+ shared_ldflag => add("-mabi=n32"), -+ multilib => "32", -+ }, -+ "linux64-mips64r6" => { -+ inherit_from => [ "linux-generic64"], -+ cflags => add("-mabi=64"), -+ perlasm_scheme => "64", -+ shared_ldflag => add("-mabi=64"), -+ multilib => "64", -+ }, -+ "debian-mipsr6" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsr6el" => { -+ inherit_from => [ "linux-mips32r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mipsn32r6" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mipsn32r6el" => { -+ inherit_from => [ "linux-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ "debian-mips64r6" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DB_ENDIAN"), -+ }, -+ "debian-mips64r6el" => { -+ inherit_from => [ "linux64-mips64r6", "debian" ], -+ cflags => add("-DL_ENDIAN"), -+ }, -+ + "debian-musl-linux-arm64" => { + inherit_from => [ "linux-aarch64", "debian" ], + }, diff -Nru openssl-3.0.5/debian/patches/Fix-tests-for-new-default-security-level.patch openssl-3.0.7/debian/patches/Fix-tests-for-new-default-security-level.patch --- openssl-3.0.5/debian/patches/Fix-tests-for-new-default-security-level.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/debian/patches/Fix-tests-for-new-default-security-level.patch 2022-12-06 14:11:40.000000000 +0000 @@ -0,0 +1,1390 @@ +From: Matt Caswell +Date: Tue, 5 Oct 2021 17:30:09 +0100 +Subject: Fix tests for new default security level + +Fix tests that were expecting a default security level of 1 to work with +the new default of 2. + +Reviewed-by: Dmitry Belyavskiy +(Merged from https://github.com/openssl/openssl/pull/16760) +--- + test/ssl-tests/12-ct.cnf | 24 ++-- + test/ssl-tests/12-ct.cnf.in | 12 ++ + test/ssl-tests/14-curves.cnf | 220 +++++++++++++++++------------------ + test/ssl-tests/14-curves.cnf.in | 9 +- + test/ssl-tests/22-compression.cnf | 32 ++--- + test/ssl-tests/22-compression.cnf.in | 16 +++ + test/sslapitest.c | 24 ++-- + 7 files changed, 189 insertions(+), 148 deletions(-) + +diff --git a/test/ssl-tests/12-ct.cnf b/test/ssl-tests/12-ct.cnf +index 2e6e9dea6757..369c5d4e8eef 100644 +--- a/test/ssl-tests/12-ct.cnf ++++ b/test/ssl-tests/12-ct.cnf +@@ -19,11 +19,11 @@ client = 0-ct-permissive-without-scts-client + + [0-ct-permissive-without-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-ct-permissive-without-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -46,11 +46,11 @@ client = 1-ct-permissive-with-scts-client + + [1-ct-permissive-with-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [1-ct-permissive-with-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -73,11 +73,11 @@ client = 2-ct-strict-without-scts-client + + [2-ct-strict-without-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-ct-strict-without-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -101,11 +101,11 @@ client = 3-ct-strict-with-scts-client + + [3-ct-strict-with-scts-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [3-ct-strict-with-scts-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -130,11 +130,11 @@ resume-client = 4-ct-permissive-resumption-client + + [4-ct-permissive-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [4-ct-permissive-resumption-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +@@ -162,11 +162,11 @@ resume-client = 5-ct-strict-resumption-resume-client + + [5-ct-strict-resumption-server] + Certificate = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1-key.pem + + [5-ct-strict-resumption-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/embeddedSCTs1_issuer.pem + VerifyMode = Peer + +diff --git a/test/ssl-tests/12-ct.cnf.in b/test/ssl-tests/12-ct.cnf.in +index ddafd3fc4cda..c11bcc9c0958 100644 +--- a/test/ssl-tests/12-ct.cnf.in ++++ b/test/ssl-tests/12-ct.cnf.in +@@ -19,8 +19,10 @@ our @tests = ( + { + name => "ct-permissive-without-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + extra => { + "CTValidation" => "Permissive", + }, +@@ -32,10 +34,12 @@ our @tests = ( + { + name => "ct-permissive-with-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", +@@ -48,8 +52,10 @@ our @tests = ( + { + name => "ct-strict-without-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + extra => { + "CTValidation" => "Strict", + }, +@@ -62,10 +68,12 @@ our @tests = ( + { + name => "ct-strict-with-scts", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", +@@ -78,10 +86,12 @@ our @tests = ( + { + name => "ct-permissive-resumption", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Permissive", +@@ -96,10 +106,12 @@ our @tests = ( + { + name => "ct-strict-resumption", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Certificate" => test_pem("embeddedSCTs1.pem"), + "PrivateKey" => test_pem("embeddedSCTs1-key.pem"), + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "VerifyCAFile" => test_pem("embeddedSCTs1_issuer.pem"), + extra => { + "CTValidation" => "Strict", +diff --git a/test/ssl-tests/14-curves.cnf b/test/ssl-tests/14-curves.cnf +index bafa4a65cd35..f472dd7d634e 100644 +--- a/test/ssl-tests/14-curves.cnf ++++ b/test/ssl-tests/14-curves.cnf +@@ -93,13 +93,13 @@ client = 0-curve-prime256v1-client + + [0-curve-prime256v1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime256v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-curve-prime256v1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime256v1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -122,13 +122,13 @@ client = 1-curve-secp384r1-client + + [1-curve-secp384r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-curve-secp384r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp384r1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -151,13 +151,13 @@ client = 2-curve-secp521r1-client + + [2-curve-secp521r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp521r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-curve-secp521r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp521r1 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -180,13 +180,13 @@ client = 3-curve-X25519-client + + [3-curve-X25519-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = X25519 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [3-curve-X25519-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = X25519 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -209,13 +209,13 @@ client = 4-curve-X448-client + + [4-curve-X448-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = X448 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [4-curve-X448-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = X448 + MaxProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -238,13 +238,13 @@ client = 5-curve-sect233k1-client + + [5-curve-sect233k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-curve-sect233k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -267,13 +267,13 @@ client = 6-curve-sect233r1-client + + [6-curve-sect233r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [6-curve-sect233r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -296,13 +296,13 @@ client = 7-curve-sect283k1-client + + [7-curve-sect283k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [7-curve-sect283k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -325,13 +325,13 @@ client = 8-curve-sect283r1-client + + [8-curve-sect283r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [8-curve-sect283r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -354,13 +354,13 @@ client = 9-curve-sect409k1-client + + [9-curve-sect409k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [9-curve-sect409k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -383,13 +383,13 @@ client = 10-curve-sect409r1-client + + [10-curve-sect409r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [10-curve-sect409r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -412,13 +412,13 @@ client = 11-curve-sect571k1-client + + [11-curve-sect571k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [11-curve-sect571k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -441,13 +441,13 @@ client = 12-curve-sect571r1-client + + [12-curve-sect571r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [12-curve-sect571r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -470,13 +470,13 @@ client = 13-curve-secp224r1-client + + [13-curve-secp224r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [13-curve-secp224r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -499,13 +499,13 @@ client = 14-curve-sect163k1-client + + [14-curve-sect163k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [14-curve-sect163k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -528,13 +528,13 @@ client = 15-curve-sect163r2-client + + [15-curve-sect163r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [15-curve-sect163r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -557,13 +557,13 @@ client = 16-curve-prime192v1-client + + [16-curve-prime192v1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [16-curve-prime192v1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -586,13 +586,13 @@ client = 17-curve-sect163r1-client + + [17-curve-sect163r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [17-curve-sect163r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -615,13 +615,13 @@ client = 18-curve-sect193r1-client + + [18-curve-sect193r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [18-curve-sect193r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -644,13 +644,13 @@ client = 19-curve-sect193r2-client + + [19-curve-sect193r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [19-curve-sect193r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -673,13 +673,13 @@ client = 20-curve-sect239k1-client + + [20-curve-sect239k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [20-curve-sect239k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -702,13 +702,13 @@ client = 21-curve-secp160k1-client + + [21-curve-secp160k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [21-curve-secp160k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -731,13 +731,13 @@ client = 22-curve-secp160r1-client + + [22-curve-secp160r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [22-curve-secp160r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -760,13 +760,13 @@ client = 23-curve-secp160r2-client + + [23-curve-secp160r2-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [23-curve-secp160r2-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -789,13 +789,13 @@ client = 24-curve-secp192k1-client + + [24-curve-secp192k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [24-curve-secp192k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -818,13 +818,13 @@ client = 25-curve-secp224k1-client + + [25-curve-secp224k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [25-curve-secp224k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -847,13 +847,13 @@ client = 26-curve-secp256k1-client + + [26-curve-secp256k1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [26-curve-secp256k1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -876,13 +876,13 @@ client = 27-curve-brainpoolP256r1-client + + [27-curve-brainpoolP256r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [27-curve-brainpoolP256r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -905,13 +905,13 @@ client = 28-curve-brainpoolP384r1-client + + [28-curve-brainpoolP384r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [28-curve-brainpoolP384r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -934,13 +934,13 @@ client = 29-curve-brainpoolP512r1-client + + [29-curve-brainpoolP512r1-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [29-curve-brainpoolP512r1-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1713,13 +1713,13 @@ client = 55-curve-sect233k1-tls13-client + + [55-curve-sect233k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [55-curve-sect233k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1740,13 +1740,13 @@ client = 56-curve-sect233r1-tls13-client + + [56-curve-sect233r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect233r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [56-curve-sect233r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect233r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1767,13 +1767,13 @@ client = 57-curve-sect283k1-tls13-client + + [57-curve-sect283k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [57-curve-sect283k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1794,13 +1794,13 @@ client = 58-curve-sect283r1-tls13-client + + [58-curve-sect283r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect283r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [58-curve-sect283r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect283r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1821,13 +1821,13 @@ client = 59-curve-sect409k1-tls13-client + + [59-curve-sect409k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [59-curve-sect409k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1848,13 +1848,13 @@ client = 60-curve-sect409r1-tls13-client + + [60-curve-sect409r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect409r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [60-curve-sect409r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect409r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1875,13 +1875,13 @@ client = 61-curve-sect571k1-tls13-client + + [61-curve-sect571k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [61-curve-sect571k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1902,13 +1902,13 @@ client = 62-curve-sect571r1-tls13-client + + [62-curve-sect571r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect571r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [62-curve-sect571r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect571r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1929,13 +1929,13 @@ client = 63-curve-secp224r1-tls13-client + + [63-curve-secp224r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [63-curve-secp224r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1956,13 +1956,13 @@ client = 64-curve-sect163k1-tls13-client + + [64-curve-sect163k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [64-curve-sect163k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -1983,13 +1983,13 @@ client = 65-curve-sect163r2-tls13-client + + [65-curve-sect163r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [65-curve-sect163r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2010,13 +2010,13 @@ client = 66-curve-prime192v1-tls13-client + + [66-curve-prime192v1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = prime192v1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [66-curve-prime192v1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = prime192v1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2037,13 +2037,13 @@ client = 67-curve-sect163r1-tls13-client + + [67-curve-sect163r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect163r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [67-curve-sect163r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect163r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2064,13 +2064,13 @@ client = 68-curve-sect193r1-tls13-client + + [68-curve-sect193r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [68-curve-sect193r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2091,13 +2091,13 @@ client = 69-curve-sect193r2-tls13-client + + [69-curve-sect193r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect193r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [69-curve-sect193r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect193r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2118,13 +2118,13 @@ client = 70-curve-sect239k1-tls13-client + + [70-curve-sect239k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = sect239k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [70-curve-sect239k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = sect239k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2145,13 +2145,13 @@ client = 71-curve-secp160k1-tls13-client + + [71-curve-secp160k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [71-curve-secp160k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2172,13 +2172,13 @@ client = 72-curve-secp160r1-tls13-client + + [72-curve-secp160r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [72-curve-secp160r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2199,13 +2199,13 @@ client = 73-curve-secp160r2-tls13-client + + [73-curve-secp160r2-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp160r2 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [73-curve-secp160r2-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp160r2 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2226,13 +2226,13 @@ client = 74-curve-secp192k1-tls13-client + + [74-curve-secp192k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp192k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [74-curve-secp192k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp192k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2253,13 +2253,13 @@ client = 75-curve-secp224k1-tls13-client + + [75-curve-secp224k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp224k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [75-curve-secp224k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp224k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2280,13 +2280,13 @@ client = 76-curve-secp256k1-tls13-client + + [76-curve-secp256k1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = secp256k1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [76-curve-secp256k1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = secp256k1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2307,13 +2307,13 @@ client = 77-curve-brainpoolP256r1-tls13-client + + [77-curve-brainpoolP256r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP256r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [77-curve-brainpoolP256r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP256r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2334,13 +2334,13 @@ client = 78-curve-brainpoolP384r1-tls13-client + + [78-curve-brainpoolP384r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP384r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [78-curve-brainpoolP384r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP384r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -2361,13 +2361,13 @@ client = 79-curve-brainpoolP512r1-tls13-client + + [79-curve-brainpoolP512r1-tls13-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Curves = brainpoolP512r1 + MaxProtocol = TLSv1.3 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [79-curve-brainpoolP512r1-tls13-client] +-CipherString = ECDHE ++CipherString = ECDHE@SECLEVEL=1 + Curves = brainpoolP512r1 + MinProtocol = TLSv1.3 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +diff --git a/test/ssl-tests/14-curves.cnf.in b/test/ssl-tests/14-curves.cnf.in +index 5653e70bef21..0b49d08fa59d 100644 +--- a/test/ssl-tests/14-curves.cnf.in ++++ b/test/ssl-tests/14-curves.cnf.in +@@ -36,10 +36,11 @@ sub generate_tests() { + name => "curve-${curve}", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3", + "Curves" => $curve + }, +@@ -56,10 +57,11 @@ sub generate_tests() { + name => "curve-${curve}", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2", + "Curves" => $curve + }, +@@ -100,10 +102,11 @@ sub generate_tests() { + name => "curve-${curve}-tls13", + server => { + "Curves" => $curve, ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { +- "CipherString" => "ECDHE", ++ "CipherString" => 'ECDHE@SECLEVEL=1', + "MinProtocol" => "TLSv1.3", + "Curves" => $curve + }, +diff --git a/test/ssl-tests/22-compression.cnf b/test/ssl-tests/22-compression.cnf +index c85d3129abbb..a70f01b7af96 100644 +--- a/test/ssl-tests/22-compression.cnf ++++ b/test/ssl-tests/22-compression.cnf +@@ -21,12 +21,12 @@ client = 0-tlsv1_3-both-compress-client + + [0-tlsv1_3-both-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [0-tlsv1_3-both-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -47,11 +47,11 @@ client = 1-tlsv1_3-client-compress-client + + [1-tlsv1_3-client-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [1-tlsv1_3-client-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -72,12 +72,12 @@ client = 2-tlsv1_3-server-compress-client + + [2-tlsv1_3-server-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [2-tlsv1_3-server-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -97,11 +97,11 @@ client = 3-tlsv1_3-neither-compress-client + + [3-tlsv1_3-neither-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [3-tlsv1_3-neither-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer + +@@ -121,12 +121,12 @@ client = 4-tlsv1_2-both-compress-client + + [4-tlsv1_2-both-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [4-tlsv1_2-both-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -148,11 +148,11 @@ client = 5-tlsv1_2-client-compress-client + + [5-tlsv1_2-client-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [5-tlsv1_2-client-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + Options = Compression + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +@@ -174,12 +174,12 @@ client = 6-tlsv1_2-server-compress-client + + [6-tlsv1_2-server-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + Options = Compression + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [6-tlsv1_2-server-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +@@ -200,11 +200,11 @@ client = 7-tlsv1_2-neither-compress-client + + [7-tlsv1_2-neither-compress-server] + Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + + [7-tlsv1_2-neither-compress-client] +-CipherString = DEFAULT ++CipherString = DEFAULT@SECLEVEL=1 + MaxProtocol = TLSv1.2 + VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem + VerifyMode = Peer +diff --git a/test/ssl-tests/22-compression.cnf.in b/test/ssl-tests/22-compression.cnf.in +index 69a2e7f80101..0b8f010b76c0 100644 +--- a/test/ssl-tests/22-compression.cnf.in ++++ b/test/ssl-tests/22-compression.cnf.in +@@ -21,9 +21,11 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-both-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + test => { +@@ -34,8 +36,10 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-client-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + test => { +@@ -46,9 +50,11 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-server-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + test => { + "CompressionExpected" => "No", +@@ -58,8 +64,10 @@ our @tests_tls1_3 = ( + { + name => "tlsv1_3-neither-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + test => { + "CompressionExpected" => "No", +@@ -71,9 +79,11 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-both-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, +@@ -85,8 +95,10 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-client-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression", + "MaxProtocol" => "TLSv1.2" + }, +@@ -98,9 +110,11 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-server-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "Options" => "Compression" + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + test => { +@@ -111,8 +125,10 @@ our @tests_tls1_2 = ( + { + name => "tlsv1_2-neither-compress", + server => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + }, + client => { ++ "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.2" + }, + test => { +diff --git a/test/sslapitest.c b/test/sslapitest.c +index 19adc96b73d4..6573dbf46bad 100644 +--- a/test/sslapitest.c ++++ b/test/sslapitest.c +@@ -9344,7 +9344,8 @@ static int test_set_tmp_dh(int idx) + */ + static int test_dh_auto(int idx) + { +- SSL_CTX *cctx = NULL, *sctx = NULL; ++ SSL_CTX *cctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); ++ SSL_CTX *sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + EVP_PKEY *tmpkey = NULL; +@@ -9352,14 +9353,21 @@ static int test_dh_auto(int idx) + size_t expdhsize = 0; + const char *ciphersuite = "DHE-RSA-AES128-SHA"; + ++ if (!TEST_ptr(sctx) || !TEST_ptr(cctx)) ++ goto end; ++ + switch (idx) { + case 0: + /* The FIPS provider doesn't support this DH size - so we ignore it */ +- if (is_fips) +- return 1; ++ if (is_fips) { ++ testresult = 1; ++ goto end; ++ } + thiscert = cert1024; + thiskey = privkey1024; + expdhsize = 1024; ++ SSL_CTX_set_security_level(sctx, 1); ++ SSL_CTX_set_security_level(cctx, 1); + break; + case 1: + /* 2048 bit prime */ +@@ -9385,8 +9393,10 @@ static int test_dh_auto(int idx) + /* No certificate cases */ + case 5: + /* The FIPS provider doesn't support this DH size - so we ignore it */ +- if (is_fips) +- return 1; ++ if (is_fips) { ++ testresult = 1; ++ goto end; ++ } + ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; + expdhsize = 1024; + break; +@@ -9399,8 +9409,8 @@ static int test_dh_auto(int idx) + goto end; + } + +- if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), +- TLS_client_method(), ++ if (!TEST_true(create_ssl_ctx_pair(libctx, NULL, ++ NULL, + 0, + 0, + &sctx, &cctx, thiscert, thiskey))) diff -Nru openssl-3.0.5/debian/patches/series openssl-3.0.7/debian/patches/series --- openssl-3.0.5/debian/patches/series 2022-10-25 15:27:31.000000000 +0000 +++ openssl-3.0.7/debian/patches/series 2022-12-06 14:11:40.000000000 +0000 @@ -4,16 +4,12 @@ no-symbolic.patch pic.patch c_rehash-compat.patch -# Set-systemwide-default-settings-for-libssl-users is only partially applied in Ubuntu -Set-systemwide-default-settings-for-libssl-users.patch -TEST-Provide-a-default-openssl.cnf-for-tests.patch Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch -Update-to-ce3951fc30c7b-VC-2008-or-earlier-x86-compilers-.patch +conf-Serialize-allocation-free-of-ssl_names.patch +Fix-tests-for-new-default-security-level.patch +x509-fix-double-locking-problem.patch # Ubuntu patches tests-use-seclevel-1.patch tls1.2-min-seclevel2.patch skip_tls1.1_seclevel3_tests.patch -CVE-2022-3602-1.patch -CVE-2022-3602-2.patch -CVE-2022-3358.patch diff -Nru openssl-3.0.5/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch openssl-3.0.7/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch --- openssl-3.0.5/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/patches/Set-systemwide-default-settings-for-libssl-users.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Tue, 20 Mar 2018 22:07:30 +0100 -Subject: Set systemwide default settings for libssl users - -This config change enforeces a TLS1.2 protocol version as minimum. It -can be overwritten by the system administrator. - -It also changes the default security level from 1 to 2, moving from the 80 bit -security level to the 112 bit security level. - -Signed-off-by: Sebastian Andrzej Siewior ---- - apps/openssl.cnf | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 03330e0120a2..46ae4f2d7758 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -52,6 +52,7 @@ tsa_policy3 = 1.2.3.4.5.7 - - [openssl_init] - providers = provider_sect -+ssl_conf = ssl_sect - - # List of providers to load - [provider_sect] -@@ -388,3 +389,9 @@ oldcert = $insta::certout # insta.cert.pem - # Certificate revocation - cmd = rr - oldcert = $insta::certout # insta.cert.pem -+ -+[ssl_sect] -+system_default = system_default_sect -+ -+[system_default_sect] -+CipherString = DEFAULT:@SECLEVEL=2 diff -Nru openssl-3.0.5/debian/patches/skip_tls1.1_seclevel3_tests.patch openssl-3.0.7/debian/patches/skip_tls1.1_seclevel3_tests.patch --- openssl-3.0.5/debian/patches/skip_tls1.1_seclevel3_tests.patch 2022-05-23 08:18:11.000000000 +0000 +++ openssl-3.0.7/debian/patches/skip_tls1.1_seclevel3_tests.patch 2022-12-06 14:11:40.000000000 +0000 @@ -1,6 +1,6 @@ Description: Skip TLS 1.1 tests on seclevel 3 In the Ubuntu package, we changed the semantics of seclevel 2 (and above) to - also disable TLS <= 1.2. This makes those tests fail. + also disable TLS <= 1.1. This makes those tests fail. Author: Simon Chopin Forwarded: not-needed Last-Update: 2022-03-21 diff -Nru openssl-3.0.5/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch openssl-3.0.7/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch --- openssl-3.0.5/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/patches/TEST-Provide-a-default-openssl.cnf-for-tests.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,386 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Wed, 17 Jun 2020 21:47:15 +0200 -Subject: TEST: Provide a default openssl.cnf for tests - -The modified .cnf leads to failure of tests which expect ---- - test/openssl.cnf | 353 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ - test/run_tests.pl | 2 +- - 2 files changed, 354 insertions(+), 1 deletion(-) - create mode 100644 test/openssl.cnf - -diff --git a/test/openssl.cnf b/test/openssl.cnf -new file mode 100644 -index 000000000000..4fd5286d2e25 ---- /dev/null -+++ b/test/openssl.cnf -@@ -0,0 +1,353 @@ -+# -+# OpenSSL example configuration file. -+# This is mostly being used for generation of certificate requests. -+# -+ -+# Note that you can include other files from the main configuration -+# file using the .include directive. -+#.include filename -+ -+# This definition stops the following lines choking if HOME isn't -+# defined. -+HOME = . -+ -+# Extra OBJECT IDENTIFIER info: -+#oid_file = $ENV::HOME/.oid -+oid_section = new_oids -+ -+# To use this configuration file with the "-extfile" option of the -+# "openssl x509" utility, name here the section containing the -+# X.509v3 extensions to use: -+# extensions = -+# (Alternatively, use a configuration file that has only -+# X.509v3 extensions in its main [= default] section.) -+ -+[ new_oids ] -+ -+# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -+# Add a simple OID like this: -+# testoid1=1.2.3.4 -+# Or use config file substitution like this: -+# testoid2=${testoid1}.5.6 -+ -+# Policies used by the TSA examples. -+tsa_policy1 = 1.2.3.4.1 -+tsa_policy2 = 1.2.3.4.5.6 -+tsa_policy3 = 1.2.3.4.5.7 -+ -+#################################################################### -+[ ca ] -+default_ca = CA_default # The default ca section -+ -+#################################################################### -+[ CA_default ] -+ -+dir = ./demoCA # Where everything is kept -+certs = $dir/certs # Where the issued certs are kept -+crl_dir = $dir/crl # Where the issued crl are kept -+database = $dir/index.txt # database index file. -+#unique_subject = no # Set to 'no' to allow creation of -+ # several certs with same subject. -+new_certs_dir = $dir/newcerts # default place for new certs. -+ -+certificate = $dir/cacert.pem # The CA certificate -+serial = $dir/serial # The current serial number -+crlnumber = $dir/crlnumber # the current crl number -+ # must be commented out to leave a V1 CRL -+crl = $dir/crl.pem # The current CRL -+private_key = $dir/private/cakey.pem# The private key -+ -+x509_extensions = usr_cert # The extensions to add to the cert -+ -+# Comment out the following two lines for the "traditional" -+# (and highly broken) format. -+name_opt = ca_default # Subject Name options -+cert_opt = ca_default # Certificate field options -+ -+# Extension copying option: use with caution. -+# copy_extensions = copy -+ -+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -+# so this is commented out by default to leave a V1 CRL. -+# crlnumber must also be commented out to leave a V1 CRL. -+# crl_extensions = crl_ext -+ -+default_days = 365 # how long to certify for -+default_crl_days= 30 # how long before next CRL -+default_md = default # use public key default MD -+preserve = no # keep passed DN ordering -+ -+# A few difference way of specifying how similar the request should look -+# For type CA, the listed attributes must be the same, and the optional -+# and supplied fields are just that :-) -+policy = policy_match -+ -+# For the CA policy -+[ policy_match ] -+countryName = match -+stateOrProvinceName = match -+organizationName = match -+organizationalUnitName = optional -+commonName = supplied -+emailAddress = optional -+ -+# For the 'anything' policy -+# At this point in time, you must list all acceptable 'object' -+# types. -+[ policy_anything ] -+countryName = optional -+stateOrProvinceName = optional -+localityName = optional -+organizationName = optional -+organizationalUnitName = optional -+commonName = supplied -+emailAddress = optional -+ -+#################################################################### -+[ req ] -+default_bits = 2048 -+default_keyfile = privkey.pem -+distinguished_name = req_distinguished_name -+attributes = req_attributes -+x509_extensions = v3_ca # The extensions to add to the self signed cert -+ -+# Passwords for private keys if not present they will be prompted for -+# input_password = secret -+# output_password = secret -+ -+# This sets a mask for permitted string types. There are several options. -+# default: PrintableString, T61String, BMPString. -+# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -+# utf8only: only UTF8Strings (PKIX recommendation after 2004). -+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -+# MASK:XXXX a literal mask value. -+# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -+string_mask = utf8only -+ -+# req_extensions = v3_req # The extensions to add to a certificate request -+ -+[ req_distinguished_name ] -+countryName = Country Name (2 letter code) -+countryName_default = AU -+countryName_min = 2 -+countryName_max = 2 -+ -+stateOrProvinceName = State or Province Name (full name) -+stateOrProvinceName_default = Some-State -+ -+localityName = Locality Name (eg, city) -+ -+0.organizationName = Organization Name (eg, company) -+0.organizationName_default = Internet Widgits Pty Ltd -+ -+# we can do this but it is not needed normally :-) -+#1.organizationName = Second Organization Name (eg, company) -+#1.organizationName_default = World Wide Web Pty Ltd -+ -+organizationalUnitName = Organizational Unit Name (eg, section) -+#organizationalUnitName_default = -+ -+commonName = Common Name (e.g. server FQDN or YOUR name) -+commonName_max = 64 -+ -+emailAddress = Email Address -+emailAddress_max = 64 -+ -+# SET-ex3 = SET extension number 3 -+ -+[ req_attributes ] -+challengePassword = A challenge password -+challengePassword_min = 4 -+challengePassword_max = 20 -+ -+unstructuredName = An optional company name -+ -+[ usr_cert ] -+ -+# These extensions are added when 'ca' signs a request. -+ -+# This goes against PKIX guidelines but some CAs do it and some software -+# requires this to avoid interpreting an end user certificate as a CA. -+ -+basicConstraints=CA:FALSE -+ -+# This is typical in keyUsage for a client certificate. -+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+# PKIX recommendations harmless if included in all certificates. -+subjectKeyIdentifier=hash -+authorityKeyIdentifier=keyid,issuer -+ -+# This stuff is for subjectAltName and issuerAltname. -+# Import the email address. -+# subjectAltName=email:copy -+# An alternative to produce certificates that aren't -+# deprecated according to PKIX. -+# subjectAltName=email:move -+ -+# Copy subject details -+# issuerAltName=issuer:copy -+ -+# This is required for TSA certificates. -+# extendedKeyUsage = critical,timeStamping -+ -+[ v3_req ] -+ -+# Extensions to add to a certificate request -+ -+basicConstraints = CA:FALSE -+keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+[ v3_ca ] -+ -+ -+# Extensions for a typical CA -+ -+ -+# PKIX recommendation. -+ -+subjectKeyIdentifier=hash -+ -+authorityKeyIdentifier=keyid:always,issuer -+ -+basicConstraints = critical,CA:true -+ -+# Key usage: this is typical for a CA certificate. However since it will -+# prevent it being used as an test self-signed certificate it is best -+# left out by default. -+# keyUsage = cRLSign, keyCertSign -+ -+# Include email address in subject alt name: another PKIX recommendation -+# subjectAltName=email:copy -+# Copy issuer details -+# issuerAltName=issuer:copy -+ -+# DER hex encoding of an extension: beware experts only! -+# obj=DER:02:03 -+# Where 'obj' is a standard or added object -+# You can even override a supported extension: -+# basicConstraints= critical, DER:30:03:01:01:FF -+ -+[ crl_ext ] -+ -+# CRL extensions. -+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. -+ -+# issuerAltName=issuer:copy -+authorityKeyIdentifier=keyid:always -+ -+[ proxy_cert_ext ] -+# These extensions should be added when creating a proxy certificate -+ -+# This goes against PKIX guidelines but some CAs do it and some software -+# requires this to avoid interpreting an end user certificate as a CA. -+ -+basicConstraints=CA:FALSE -+ -+# This is typical in keyUsage for a client certificate. -+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment -+ -+# PKIX recommendations harmless if included in all certificates. -+subjectKeyIdentifier=hash -+authorityKeyIdentifier=keyid,issuer -+ -+# This stuff is for subjectAltName and issuerAltname. -+# Import the email address. -+# subjectAltName=email:copy -+# An alternative to produce certificates that aren't -+# deprecated according to PKIX. -+# subjectAltName=email:move -+ -+# Copy subject details -+# issuerAltName=issuer:copy -+ -+# This really needs to be in place for it to be a proxy certificate. -+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo -+ -+#################################################################### -+[ tsa ] -+ -+default_tsa = tsa_config1 # the default TSA section -+ -+[ tsa_config1 ] -+ -+# These are used by the TSA reply generation only. -+dir = ./demoCA # TSA root directory -+serial = $dir/tsaserial # The current serial number (mandatory) -+crypto_device = builtin # OpenSSL engine to use for signing -+signer_cert = $dir/tsacert.pem # The TSA signing certificate -+ # (optional) -+certs = $dir/cacert.pem # Certificate chain to include in reply -+ # (optional) -+signer_key = $dir/private/tsakey.pem # The TSA private key (optional) -+signer_digest = sha256 # Signing digest to use. (Optional) -+default_policy = tsa_policy1 # Policy if request did not specify it -+ # (optional) -+other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -+digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory) -+accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -+clock_precision_digits = 0 # number of digits after dot. (optional) -+ordering = yes # Is ordering defined for timestamps? -+ # (optional, default: no) -+tsa_name = yes # Must the TSA name be included in the reply? -+ # (optional, default: no) -+ess_cert_id_chain = no # Must the ESS cert id chain be included? -+ # (optional, default: no) -+ess_cert_id_alg = sha1 # algorithm to compute certificate -+ # identifier (optional, default: sha1) -+ -+[insta] # CMP using Insta Demo CA -+# Message transfer -+server = pki.certificate.fi:8700 -+# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080 -+# tls_use = 0 -+path = pkix/ -+ -+# Server authentication -+recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer -+ignore_keyusage = 1 # potentially needed quirk -+unprotected_errors = 1 # potentially needed quirk -+extracertsout = insta.extracerts.pem -+ -+# Client authentication -+ref = 3078 # user identification -+secret = pass:insta # can be used for both client and server side -+ -+# Generic message options -+cmd = ir # default operation, can be overridden on cmd line with, e.g., kur -+ -+# Certificate enrollment -+subject = "/CN=openssl-cmp-test" -+newkey = insta.priv.pem -+out_trusted = insta.ca.crt -+certout = insta.cert.pem -+ -+[pbm] # Password-based protection for Insta CA -+# Server and client authentication -+ref = $insta::ref # 3078 -+secret = $insta::secret # pass:insta -+ -+[signature] # Signature-based protection for Insta CA -+# Server authentication -+trusted = insta.ca.crt # does not include keyUsage digitalSignature -+ -+# Client authentication -+secret = # disable PBM -+key = $insta::newkey # insta.priv.pem -+cert = $insta::certout # insta.cert.pem -+ -+[ir] -+cmd = ir -+ -+[cr] -+cmd = cr -+ -+[kur] -+# Certificate update -+cmd = kur -+oldcert = $insta::certout # insta.cert.pem -+ -+[rr] -+# Certificate revocation -+cmd = rr -+oldcert = $insta::certout # insta.cert.pem -diff --git a/test/run_tests.pl b/test/run_tests.pl -index 4384ebe28e0d..f82284e224b8 100644 ---- a/test/run_tests.pl -+++ b/test/run_tests.pl -@@ -33,7 +33,7 @@ my $recipesdir = catdir($srctop, "test", "recipes"); - my $libdir = rel2abs(catdir($srctop, "util", "perl")); - my $jobs = $ENV{HARNESS_JOBS} // 1; - --$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "apps", "openssl.cnf")); -+$ENV{OPENSSL_CONF} = rel2abs(catfile($srctop, "test", "openssl.cnf")); - $ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test")); - $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); - $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); diff -Nru openssl-3.0.5/debian/patches/tests-use-seclevel-1.patch openssl-3.0.7/debian/patches/tests-use-seclevel-1.patch --- openssl-3.0.5/debian/patches/tests-use-seclevel-1.patch 2022-05-23 08:16:55.000000000 +0000 +++ openssl-3.0.7/debian/patches/tests-use-seclevel-1.patch 2022-12-06 14:11:40.000000000 +0000 @@ -1,84 +1,12 @@ Description: Change testsuite to use SECLEVEL 1 by default - By default the testsuite assumes that SECLEVEL is set to 1, and many - tests fail, when one raises security level to 2. Many test certs use - insecure hash algorithms and small key sizes. + The testsuite often assumes that SECLEVEL is set to 1, and some tests fail, + when one raises security level to 2. Some test certs use insecure hash + algorithms and small key sizes. Author: Dimitri John Ledkov ---- a/test/helpers/ssltestlib.c -+++ b/test/helpers/ssltestlib.c -@@ -719,6 +719,11 @@ - max_proto_version = TLS1_2_VERSION; - #endif - -+ if (serverctx != NULL && SSL_CTX_get_security_level(serverctx) == 2) -+ SSL_CTX_set_security_level(serverctx, 1); -+ if (clientctx != NULL && SSL_CTX_get_security_level(clientctx) == 2) -+ SSL_CTX_set_security_level(clientctx, 1); -+ - if (serverctx != NULL - && ((min_proto_version > 0 - && !TEST_true(SSL_CTX_set_min_proto_version(serverctx, -@@ -888,6 +893,11 @@ - else if (!TEST_ptr(clientssl = SSL_new(clientctx))) - goto error; - -+ if (SSL_get_security_level(serverssl) == 2) -+ SSL_set_security_level(serverssl, 1); -+ if (SSL_get_security_level(clientssl) == 2) -+ SSL_set_security_level(clientssl, 1); -+ - if (SSL_is_dtls(clientssl)) { - if (!TEST_ptr(s_to_c_bio = BIO_new(bio_s_mempacket_test())) - || !TEST_ptr(c_to_s_bio = BIO_new(bio_s_mempacket_test()))) --- a/test/ssl_test.c +++ b/test/ssl_test.c -@@ -409,6 +409,7 @@ - #ifndef OPENSSL_NO_DTLS - if (test_ctx->method == SSL_TEST_METHOD_DTLS) { - server_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_server_method()); -+ SSL_CTX_set_security_level(server_ctx, 1); - if (!TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION)) - || !TEST_true(SSL_CTX_set_max_proto_version(server_ctx, 0))) -@@ -420,19 +421,23 @@ - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; -+ SSL_CTX_set_security_level(server2_ctx, 1); - } - client_ctx = SSL_CTX_new_ex(libctx, NULL, DTLS_client_method()); -+ SSL_CTX_set_security_level(client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, 0))) - goto err; - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_server_method()); -+ SSL_CTX_set_security_level(resume_server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, 0)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; - resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - DTLS_client_method()); -+ SSL_CTX_set_security_level(resume_client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, 0))) - goto err; - if (!TEST_ptr(resume_server_ctx) -@@ -452,6 +457,7 @@ - #endif - - server_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method()); -+ SSL_CTX_set_security_level(server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx, maxversion)) - || !TEST_true(SSL_CTX_set_options(server_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) -@@ -464,17 +470,20 @@ - || !TEST_true(SSL_CTX_set_options(server2_ctx, - SSL_OP_ALLOW_CLIENT_RENEGOTIATION))) - goto err; -+ SSL_CTX_set_security_level(server2_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx, - maxversion))) +@@ -464,6 +470,7 @@ goto err; } client_ctx = SSL_CTX_new_ex(libctx, NULL, TLS_client_method()); @@ -86,142 +14,6 @@ if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx, maxversion))) goto err; - if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) { - resume_server_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_server_method()); -+ SSL_CTX_set_security_level(resume_server_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx, - maxversion)) - || !TEST_true(SSL_CTX_set_options(resume_server_ctx, -@@ -482,6 +491,7 @@ - goto err; - resume_client_ctx = SSL_CTX_new_ex(libctx, NULL, - TLS_client_method()); -+ SSL_CTX_set_security_level(resume_client_ctx, 1); - if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx, - maxversion))) - goto err; ---- a/test/recipes/70-test_sslmessages.t -+++ b/test/recipes/70-test_sslmessages.t -@@ -421,7 +421,7 @@ - $proxy->clear(); - $proxy->clientflags("-no_tls1_3"); - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - checkhandshake($proxy, checkhandshake::EC_HANDSHAKE, - checkhandshake::DEFAULT_EXTENSIONS ---- a/test/recipes/70-test_sslsigalgs.t -+++ b/test/recipes/70-test_sslsigalgs.t -@@ -129,7 +129,7 @@ - # should succeed - $proxy->clear(); - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->filter(undef); - $proxy->start(); - ok(TLSProxy::Message->success, "TLSv1.3 client TLSv1.2 server"); -@@ -173,7 +173,7 @@ - $proxy->clear(); - $testtype = EMPTY_SIG_ALGS_EXT; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "Empty TLSv1.2 sigalgs"); - -@@ -181,7 +181,7 @@ - $proxy->clear(); - $testtype = NO_KNOWN_SIG_ALGS; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "No known TLSv1.3 sigalgs"); - -@@ -190,7 +190,7 @@ - $proxy->clear(); - $testtype = NO_PSS_SIG_ALGS; - $proxy->clientflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->success, "No PSS TLSv1.2 sigalgs"); - -@@ -198,7 +198,7 @@ - $proxy->clear(); - $testtype = PSS_ONLY_SIG_ALGS; - $proxy->serverflags("-no_tls1_3"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->success, "PSS only sigalgs in TLSv1.2"); - -@@ -209,7 +209,7 @@ - $proxy->clear(); - $testtype = PSS_ONLY_SIG_ALGS; - $proxy->clientflags("-no_tls1_3 -sigalgs RSA+SHA256"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->start(); - ok(TLSProxy::Message->fail, "Sigalg we did not send in TLSv1.2"); - -@@ -217,7 +217,7 @@ - # matches the certificate should fail in TLSv1.2 - $proxy->clear(); - $proxy->clientflags("-no_tls1_3 -sigalgs ECDSA+SHA256"); -- $proxy->ciphers("ECDHE-RSA-AES128-SHA"); -+ $proxy->ciphers("ECDHE-RSA-AES128-SHA:\@SECLEVEL=1"); - $proxy->filter(undef); - $proxy->start(); - ok(TLSProxy::Message->fail, "No matching TLSv1.2 sigalgs"); ---- a/test/recipes/70-test_sslsignature.t -+++ b/test/recipes/70-test_sslsignature.t -@@ -103,8 +103,8 @@ - $proxy->clear(); - $testtype = CORRUPT_TLS1_2_SERVER_KEY_EXCHANGE; - $proxy->clientflags("-no_tls1_3"); -- $proxy->cipherc('DHE-RSA-AES128-SHA'); -- $proxy->ciphers('DHE-RSA-AES128-SHA'); -+ $proxy->cipherc('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); -+ $proxy->ciphers('DHE-RSA-AES128-SHA:\@SECLEVEL=1'); - $proxy->start(); - ok(TLSProxy::Message->fail, "Corrupt <=TLSv1.2 ServerKeyExchange"); - } ---- a/util/perl/TLSProxy/Proxy.pm -+++ b/util/perl/TLSProxy/Proxy.pm -@@ -97,9 +97,9 @@ - execute => $execute, - cert => $cert, - debug => $debug, -- cipherc => "", -+ cipherc => "DEFAULT:\@SECLEVEL=1", - ciphersuitesc => "", -- ciphers => "AES128-SHA", -+ ciphers => "AES128-SHA:\@SECLEVEL=1", - ciphersuitess => "TLS_AES_128_GCM_SHA256", - flight => -1, - direction => -1, -@@ -145,7 +145,7 @@ - { - my $self = shift; - -- $self->{cipherc} = ""; -+ $self->{cipherc} = "DEFAULT:\@SECLEVEL=1"; - $self->{ciphersuitec} = ""; - $self->{flight} = -1; - $self->{direction} = -1; -@@ -167,7 +167,7 @@ - my $self = shift; - - $self->clearClient; -- $self->{ciphers} = "AES128-SHA"; -+ $self->{ciphers} = "AES128-SHA:\@SECLEVEL=1"; - $self->{ciphersuitess} = "TLS_AES_128_GCM_SHA256"; - $self->{serverflags} = ""; - $self->{serverconnects} = 1; --- a/test/bad_dtls_test.c +++ b/test/bad_dtls_test.c @@ -491,6 +491,8 @@ diff -Nru openssl-3.0.5/debian/patches/tls1.2-min-seclevel2.patch openssl-3.0.7/debian/patches/tls1.2-min-seclevel2.patch --- openssl-3.0.5/debian/patches/tls1.2-min-seclevel2.patch 2022-05-23 08:16:55.000000000 +0000 +++ openssl-3.0.7/debian/patches/tls1.2-min-seclevel2.patch 2022-12-06 14:11:40.000000000 +0000 @@ -57,7 +57,7 @@ The default security level can be configured when OpenSSL is compiled by setting B<-DOPENSSL_TLS_SECURITY_LEVEL=level>. If not set then 1 is used. -+On Ubuntu, 2 is used. ++On Debian and Ubuntu, 2 is used unconditionally. The security framework disables or reject parameters inconsistent with the set security level. In the past this was difficult as applications had to set diff -Nru openssl-3.0.5/debian/patches/Update-to-ce3951fc30c7b-VC-2008-or-earlier-x86-compilers-.patch openssl-3.0.7/debian/patches/Update-to-ce3951fc30c7b-VC-2008-or-earlier-x86-compilers-.patch --- openssl-3.0.5/debian/patches/Update-to-ce3951fc30c7b-VC-2008-or-earlier-x86-compilers-.patch 2022-08-14 19:53:53.000000000 +0000 +++ openssl-3.0.7/debian/patches/Update-to-ce3951fc30c7b-VC-2008-or-earlier-x86-compilers-.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,5276 +0,0 @@ -From: Sebastian Andrzej Siewior -Date: Sun, 24 Jul 2022 15:52:36 +0200 -Subject: =?utf-8?q?Update_to_ce3951fc30c7b_=28=22VC++_2008_or_earlier_x86_c?= - =?utf-8?q?ompilers_do_not_have_an_inline=E2=80=A6=22=29?= - -Signed-off-by: Sebastian Andrzej Siewior ---- - Configurations/10-main.conf | 11 +- - Configurations/windows-makefile.tmpl | 6 +- - Configure | 64 ++------ - INSTALL.md | 2 +- - NEWS.md | 1 - - apps/ca.c | 6 +- - apps/cmp.c | 16 +- - apps/include/apps.h | 10 +- - apps/lib/apps.c | 27 +++- - apps/lib/s_cb.c | 26 ++-- - apps/ocsp.c | 2 +- - apps/pkcs12.c | 2 +- - apps/speed.c | 7 +- - apps/x509.c | 30 +++- - crypto/aes/asm/aesv8-armx.pl | 60 ++++++++ - crypto/arm_arch.h | 8 +- - crypto/asn1/asn_mime.c | 19 ++- - crypto/bio/bss_dgram.c | 3 +- - crypto/cmp/cmp_http.c | 5 +- - crypto/cms/cms_enc.c | 5 + - crypto/cms/cms_pwri.c | 4 + - crypto/cms/cms_smime.c | 10 +- - crypto/core_algorithm.c | 26 +++- - crypto/core_fetch.c | 47 +++--- - crypto/dh/dh_group_params.c | 5 +- - crypto/ec/build.info | 8 + - crypto/ec/ec_key.c | 10 ++ - crypto/encode_decode/decoder_meth.c | 24 +++ - crypto/encode_decode/encoder_meth.c | 24 +++ - crypto/evp/evp_fetch.c | 24 +++ - crypto/evp/evp_lib.c | 4 + - crypto/evp/evp_rand.c | 2 +- - crypto/evp/exchange.c | 3 +- - crypto/evp/kdf_lib.c | 2 +- - crypto/evp/kem.c | 2 +- - crypto/evp/keymgmt_meth.c | 3 +- - crypto/evp/mac_lib.c | 2 +- - crypto/evp/p_lib.c | 20 ++- - crypto/evp/signature.c | 3 +- - crypto/ffc/ffc_backend.c | 2 +- - crypto/ffc/ffc_dh.c | 49 ++++-- - crypto/ffc/ffc_key_generate.c | 8 +- - crypto/ffc/ffc_params.c | 1 + - crypto/http/http_client.c | 49 ++++-- - crypto/mem_sec.c | 14 ++ - crypto/objects/obj_dat.c | 3 + - crypto/pem/pem_lib.c | 2 +- - crypto/pkcs12/p12_decr.c | 2 + - crypto/pkcs7/pk7_smime.c | 3 +- - crypto/property/property.c | 39 +++-- - crypto/provider_core.c | 86 ++++++++++- - crypto/rand/prov_seed.c | 8 +- - crypto/sha/build.info | 8 + - crypto/sparse_array.c | 6 +- - crypto/store/store_meth.c | 24 +++ - crypto/threads_win.c | 34 +++++ - crypto/x509/v3_addr.c | 17 ++- - crypto/x509/v3_lib.c | 4 +- - crypto/x509/x509_vfy.c | 5 - - demos/mac/Makefile | 8 +- - demos/mac/cmac-aes256.c | 154 +++++++++++++++++++ - demos/mac/hmac-sha512.c | 166 +++++++++++++++++++++ - doc/man1/openssl-cmds.pod.in | 2 + - doc/man1/openssl-ec.pod.in | 4 +- - doc/man1/openssl-x509.pod.in | 22 +-- - doc/man1/openssl.pod | 40 ++++- - doc/man3/DH_new.pod | 13 +- - doc/man3/DH_new_by_nid.pod | 5 +- - doc/man3/EC_KEY_new.pod | 18 ++- - doc/man3/EVP_PKEY_gettable_params.pod | 3 +- - doc/man3/OPENSSL_LH_COMPFUNC.pod | 2 +- - doc/man3/OSSL_HTTP_REQ_CTX.pod | 26 ++-- - doc/man3/OSSL_HTTP_transfer.pod | 10 +- - doc/man3/OSSL_trace_set_channel.pod | 24 ++- - doc/man3/SSL_CTX_use_certificate.pod | 11 +- - doc/man3/X509V3_get_d2i.pod | 49 +++--- - doc/man3/X509_CRL_get0_by_serial.pod | 48 +++--- - doc/man3/X509_STORE_CTX_new.pod | 10 +- - doc/man3/X509v3_get_ext_by_NID.pod | 67 +++++---- - doc/man7/EVP_KDF-X942-ASN1.pod | 4 +- - doc/man7/EVP_SIGNATURE-RSA.pod | 8 +- - include/crypto/rand.h | 8 +- - include/internal/core.h | 6 + - include/internal/ffc.h | 5 +- - include/internal/property.h | 4 + - providers/fips/self_test.c | 4 +- - .../implementations/ciphers/ciphercommon_gcm.c | 9 +- - .../encode_decode/encode_key2text.c | 6 + - providers/implementations/rands/seeding/rand_win.c | 4 +- - providers/implementations/signature/eddsa_sig.c | 20 ++- - ssl/ktls.c | 5 +- - ssl/record/rec_layer_d1.c | 4 + - ssl/record/rec_layer_s3.c | 4 + - ssl/record/ssl3_record_tls13.c | 7 +- - ssl/s3_lib.c | 5 +- - ssl/ssl_ciph.c | 7 +- - ssl/ssl_sess.c | 34 +++-- - ssl/statem/extensions_srvr.c | 4 + - ssl/statem/statem_clnt.c | 6 +- - ssl/statem/statem_srvr.c | 4 + - ssl/t1_lib.c | 15 +- - ssl/tls13_enc.c | 15 +- - ssl/tls_srp.c | 2 +- - test/certs/setup.sh | 4 +- - test/ec_internal_test.c | 34 +++++ - test/evp_extra_test2.c | 9 ++ - test/evp_test.c | 28 +++- - test/ffc_internal_test.c | 45 +++++- - test/ocspapitest.c | 12 +- - test/recipes/25-test_x509.t | 57 ++++++- - test/recipes/30-test_evp.t | 1 + - test/recipes/30-test_evp_data/evpmac_common.txt | 1 - - test/recipes/30-test_evp_data/evpmac_sm3.txt | 38 +++++ - test/recipes/30-test_evp_pkey_provided/DH.priv.txt | 1 + - test/recipes/30-test_evp_pkey_provided/DH.pub.txt | 1 + - test/recipes/80-test_cmp_http.t | 6 +- - test/sslapitest.c | 26 ++++ - test/v3ext.c | 99 ++++++++++++ - util/check-format-test-negatives.c | 100 ++++++++++++- - util/check-format-test-positives.c | 20 +-- - util/check-format.pl | 146 +++++++++++------- - 121 files changed, 1898 insertions(+), 499 deletions(-) - create mode 100644 demos/mac/cmac-aes256.c - create mode 100644 demos/mac/hmac-sha512.c - create mode 100644 test/recipes/30-test_evp_data/evpmac_sm3.txt - -diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index 096d53283890..f1da733a4b8b 100644 ---- a/Configurations/10-main.conf -+++ b/Configurations/10-main.conf -@@ -818,6 +818,13 @@ my %targets = ( - perlasm_scheme => "linux64", - }, - -+ # loongarch64 below refers to contemporary LoongArch Architecture -+ # specifications, -+ "linux64-loongarch64" => { -+ inherit_from => [ "linux-generic64"], -+ perlasm_scheme => "linux64", -+ }, -+ - #### IA-32 targets... - #### These two targets are a bit aged and are to be used on older Linux - #### machines where gcc doesn't understand -m32 and -m64 -@@ -1302,7 +1309,7 @@ my %targets = ( - inherit_from => [ "BASE_Windows" ], - template => 1, - CC => "cl", -- CPP => '"$(CC)" /EP /C', -+ CPP => '$(CC) /EP /C', - CFLAGS => "/W3 /wd4090 /nologo", - coutflag => "/Fo", - LD => "link", -@@ -1311,7 +1318,7 @@ my %targets = ( - ldpostoutflag => "", - ld_resp_delim => "\n", - bin_lflags => "setargv.obj", -- makedepcmd => '"$(CC)" /Zs /showIncludes', -+ makedepcmd => '$(CC) /Zs /showIncludes', - makedep_scheme => 'VC', - AR => "lib", - ARFLAGS => "/nologo", -diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl -index 47c10d79df23..dcf83a516a4d 100644 ---- a/Configurations/windows-makefile.tmpl -+++ b/Configurations/windows-makefile.tmpl -@@ -500,8 +500,8 @@ uninstall_docs: uninstall_html_docs - {- output_off() if $disabled{fips}; "" -} - install_fips: build_sw $(INSTALL_FIPSMODULECONF) - # @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1) -- @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(MODULESDIR) -- @$(PERL) $(SRCDIR)\util\mkdir-p.pl $(OPENSSLDIR) -+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(MODULESDIR)" -+ @"$(PERL)" "$(SRCDIR)\util\mkdir-p.pl" "$(OPENSSLDIR)" - @$(ECHO) "*** Installing FIPS module" - @$(ECHO) "install $(INSTALL_FIPSMODULE) -> $(MODULESDIR)\$(FIPSMODULENAME)" - @"$(PERL)" "$(SRCDIR)\util\copy.pl" "$(INSTALL_FIPSMODULE)" "$(MODULESDIR)" -@@ -742,7 +742,7 @@ EOF - rel2abs($config{builddir})); - my $ord_ver = $args{intent} eq 'lib' ? ' --version $(VERSION_NUMBER)' : ''; - my $ord_name = -- $args{generator}->[1] || platform->dsoname($args{product}); -+ $args{generator}->[1] || basename(platform->dsoname($args{product})); - return <<"EOF"; - $target: $gen0 $deps $mkdef - "\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target -diff --git a/Configure b/Configure -index 5e7b8592d2dd..a83e784ad751 100755 ---- a/Configure -+++ b/Configure -@@ -17,7 +17,6 @@ use lib "$FindBin::Bin/util/perl"; - use File::Basename; - use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/; - use File::Path qw/mkpath/; --use File::Compare qw(compare_text); - use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt"; - use OpenSSL::Glob; - use OpenSSL::Template; -@@ -2849,59 +2848,20 @@ $configdata_tmpl->fill_in( - ) or die $Text::Template::ERROR; - close CONFIGDATA; - --# When using stat() on Windows, we can get it to perform better by avoid some --# data. This doesn't affect the mtime field, so we're not losing anything... --${^WIN32_SLOPPY_STAT} = 1; -- --my $update_configdata = 0; --my $run_configdata = 0; --if (-f $configdata_outname) { -- my $Configure_mtime = (stat($0))[9]; -- my $configdata_mtime = (stat($configdata_outname))[9]; -- -- # If this script was updated after the last configdata.pm, or if -- # configdata.pm.new differs from configdata.pm, we update configdata.pm -- if ($configdata_mtime < $Configure_mtime -- || compare_text("$configdata_outname.new", $configdata_outname) != 0) { -- $update_configdata = 1; -- } else { -- # If nothing has changed, let's just drop the new one and pretend -- # like nothing happened -- unlink "$configdata_outname.new"; -- -- # We still run configdata.pm if one of the build file (Makefile) or -- # the configuration header file are missing -- $run_configdata = -- !( -f $target{build_file} ) -- || !( -f catfile('include', 'openssl', 'configuration.h') ); -- } --} else { -- $update_configdata = 1; -+rename "$configdata_outname.new", $configdata_outname; -+if ($builder_platform eq 'unix') { -+ my $mode = (0755 & ~umask); -+ chmod $mode, 'configdata.pm' -+ or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); - } -+print "Created $configdata_outname\n"; - --if ($update_configdata) { -- # If something did change, or there was no previous configdata.pm, we -- # rename the new one, set permissions as needed, and run it. -- rename "$configdata_outname.new", $configdata_outname; -- if ($builder_platform eq 'unix') { -- my $mode = (0755 & ~umask); -- chmod $mode, 'configdata.pm' -- or warn sprintf("WARNING: Couldn't change mode for 'configdata.pm' to 0%03o: %s\n",$mode,$!); -- } -- $run_configdata = 1; -- print "Created $configdata_outname\n"; --} -- --if ($run_configdata) { -- print "Running $configdata_outname\n"; -- my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; -- my $cmd = "$perlcmd $configdata_outname"; -- #print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; -- system($cmd); -- exit 1 if $? != 0; --} else { -- print "No changes in $configdata_outname, no need to run it\n"; --} -+print "Running $configdata_outname\n"; -+my $perlcmd = (quotify("maybeshell", $config{PERL}))[0]; -+my $cmd = "$perlcmd $configdata_outname"; -+#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n"; -+system($cmd); -+exit 1 if $? != 0; - - $SIG{__DIE__} = $orig_death_handler; - -diff --git a/INSTALL.md b/INSTALL.md -index 5d53cef1aa5e..15b967d685b1 100644 ---- a/INSTALL.md -+++ b/INSTALL.md -@@ -974,7 +974,7 @@ the individual protocol versions. - - ### no-{protocol}-method - -- no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method -+ no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method - - Analogous to `no-{protocol}` but in addition do not build the methods for - applications to explicitly select individual protocol versions. Note that there -diff --git a/NEWS.md b/NEWS.md -index 19baa496fc53..5b680de105c4 100644 ---- a/NEWS.md -+++ b/NEWS.md -@@ -25,7 +25,6 @@ OpenSSL 3.0 - * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms - ([CVE-2022-2097]) - -- - ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] - - * Fixed additional bugs in the c_rehash script which was not properly -diff --git a/apps/ca.c b/apps/ca.c -index 3bab35764631..e14a5cff7802 100644 ---- a/apps/ca.c -+++ b/apps/ca.c -@@ -922,7 +922,8 @@ int ca_main(int argc, char **argv) - goto end; - } - } else { -- if ((serial = load_serial(serialfile, create_ser, NULL)) == NULL) { -+ serial = load_serial(serialfile, NULL, create_ser, NULL); -+ if (serial == NULL) { - BIO_printf(bio_err, "error while loading serial number\n"); - goto end; - } -@@ -1162,7 +1163,8 @@ int ca_main(int argc, char **argv) - - if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER)) - != NULL) -- if ((crlnumber = load_serial(crlnumberfile, 0, NULL)) == NULL) { -+ if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL)) -+ == NULL) { - BIO_printf(bio_err, "error while loading CRL number\n"); - goto end; - } -diff --git a/apps/cmp.c b/apps/cmp.c -index 5c6bcdad0a64..f98e5ab93882 100644 ---- a/apps/cmp.c -+++ b/apps/cmp.c -@@ -1923,7 +1923,6 @@ static int setup_client_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine) - if ((info = OPENSSL_zalloc(sizeof(*info))) == NULL) - goto err; - (void)OSSL_CMP_CTX_set_http_cb_arg(ctx, info); -- /* info will be freed along with CMP ctx */ - info->server = opt_server; - info->port = server_port; - /* workaround for callback design flaw, see #17088: */ -@@ -3001,12 +3000,19 @@ int cmp_main(int argc, char **argv) - if (ret != 1) - OSSL_CMP_CTX_print_errors(cmp_ctx); - -- ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); -+ if (cmp_ctx != NULL) { - #ifndef OPENSSL_NO_SOCK -- APP_HTTP_TLS_INFO_free(OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx)); -+ APP_HTTP_TLS_INFO *info = OSSL_CMP_CTX_get_http_cb_arg(cmp_ctx); -+ - #endif -- X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); -- OSSL_CMP_CTX_free(cmp_ctx); -+ ossl_cmp_mock_srv_free(OSSL_CMP_CTX_get_transfer_cb_arg(cmp_ctx)); -+ X509_STORE_free(OSSL_CMP_CTX_get_certConf_cb_arg(cmp_ctx)); -+ /* cannot free info already here, as it may be used indirectly by: */ -+ OSSL_CMP_CTX_free(cmp_ctx); -+#ifndef OPENSSL_NO_SOCK -+ APP_HTTP_TLS_INFO_free(info); -+#endif -+ } - X509_VERIFY_PARAM_free(vpm); - release_engine(engine); - -diff --git a/apps/include/apps.h b/apps/include/apps.h -index 9d5db16600ec..848d111bbdb6 100644 ---- a/apps/include/apps.h -+++ b/apps/include/apps.h -@@ -219,12 +219,16 @@ typedef struct ca_db_st { - - void app_bail_out(char *fmt, ...); - void *app_malloc(size_t sz, const char *what); --BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai); --int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial, -- ASN1_INTEGER **retai); -+ -+/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */ -+BIGNUM *load_serial(const char *serialfile, int *exists, int create, -+ ASN1_INTEGER **retai); -+int save_serial(const char *serialfile, const char *suffix, -+ const BIGNUM *serial, ASN1_INTEGER **retai); - int rotate_serial(const char *serialfile, const char *new_suffix, - const char *old_suffix); - int rand_serial(BIGNUM *b, ASN1_INTEGER *ai); -+ - CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr); - int index_index(CA_DB *db); - int save_index(const char *dbfile, const char *suffix, CA_DB *db); -diff --git a/apps/lib/apps.c b/apps/lib/apps.c -index 7e6d902409a7..c501e32f3fa2 100644 ---- a/apps/lib/apps.c -+++ b/apps/lib/apps.c -@@ -1456,7 +1456,8 @@ static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING) - static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING) - #undef BSIZE - #define BSIZE 256 --BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) -+BIGNUM *load_serial(const char *serialfile, int *exists, int create, -+ ASN1_INTEGER **retai) - { - BIO *in = NULL; - BIGNUM *ret = NULL; -@@ -1468,6 +1469,8 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) - goto err; - - in = BIO_new_file(serialfile, "r"); -+ if (exists != NULL) -+ *exists = in != NULL; - if (in == NULL) { - if (!create) { - perror(serialfile); -@@ -1475,8 +1478,14 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) - } - ERR_clear_error(); - ret = BN_new(); -- if (ret == NULL || !rand_serial(ret, ai)) -+ if (ret == NULL) { - BIO_printf(bio_err, "Out of memory\n"); -+ } else if (!rand_serial(ret, ai)) { -+ BIO_printf(bio_err, "Error creating random number to store in %s\n", -+ serialfile); -+ BN_free(ret); -+ ret = NULL; -+ } - } else { - if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) { - BIO_printf(bio_err, "Unable to load number from %s\n", -@@ -1490,12 +1499,13 @@ BIGNUM *load_serial(const char *serialfile, int create, ASN1_INTEGER **retai) - } - } - -- if (ret && retai) { -+ if (ret != NULL && retai != NULL) { - *retai = ai; - ai = NULL; - } - err: -- ERR_print_errors(bio_err); -+ if (ret == NULL) -+ ERR_print_errors(bio_err); - BIO_free(in); - ASN1_INTEGER_free(ai); - return ret; -@@ -2458,7 +2468,9 @@ BIO *app_http_tls_cb(BIO *bio, void *arg, int connect, int detail) - APP_HTTP_TLS_INFO *info = (APP_HTTP_TLS_INFO *)arg; - SSL_CTX *ssl_ctx = info->ssl_ctx; - -- if (connect && detail) { /* connecting with TLS */ -+ if (ssl_ctx == NULL) /* not using TLS */ -+ return bio; -+ if (connect) { - SSL *ssl; - BIO *sbio = NULL; - -@@ -2538,6 +2550,11 @@ ASN1_VALUE *app_http_get_asn1(const char *url, const char *proxy, - "missing SSL_CTX"); - goto end; - } -+ if (!use_ssl && ssl_ctx != NULL) { -+ ERR_raise_data(ERR_LIB_HTTP, ERR_R_PASSED_INVALID_ARGUMENT, -+ "SSL_CTX given but use_ssl == 0"); -+ goto end; -+ } - - info.server = server; - info.port = port; -diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c -index 4257190a149f..d45b294a779e 100644 ---- a/apps/lib/s_cb.c -+++ b/apps/lib/s_cb.c -@@ -76,22 +76,28 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) - } - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- BIO_puts(bio_err, "issuer= "); -- X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), -- 0, get_nameopt()); -- BIO_puts(bio_err, "\n"); -+ if (err_cert != NULL) { -+ BIO_puts(bio_err, "issuer= "); -+ X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), -+ 0, get_nameopt()); -+ BIO_puts(bio_err, "\n"); -+ } - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: -- BIO_printf(bio_err, "notBefore="); -- ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); -- BIO_printf(bio_err, "\n"); -+ if (err_cert != NULL) { -+ BIO_printf(bio_err, "notBefore="); -+ ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); -+ BIO_printf(bio_err, "\n"); -+ } - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: -- BIO_printf(bio_err, "notAfter="); -- ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); -- BIO_printf(bio_err, "\n"); -+ if (err_cert != NULL) { -+ BIO_printf(bio_err, "notAfter="); -+ ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); -+ BIO_printf(bio_err, "\n"); -+ } - break; - case X509_V_ERR_NO_EXPLICIT_POLICY: - if (!verify_args.quiet) -diff --git a/apps/ocsp.c b/apps/ocsp.c -index 7e2e89c387ca..50bf55f33850 100644 ---- a/apps/ocsp.c -+++ b/apps/ocsp.c -@@ -135,7 +135,7 @@ const OPTIONS ocsp_options[] = { - {"no_certs", OPT_NO_CERTS, '-', - "Don't include any certificates in signed request"}, - {"badsig", OPT_BADSIG, '-', -- "Corrupt last byte of loaded OSCP response signature (for test)"}, -+ "Corrupt last byte of loaded OCSP response signature (for test)"}, - {"CA", OPT_CA, '<', "CA certificate"}, - {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"}, - {"nrequest", OPT_REQUEST, 'p', -diff --git a/apps/pkcs12.c b/apps/pkcs12.c -index dcb173f201f3..e8230d461ea4 100644 ---- a/apps/pkcs12.c -+++ b/apps/pkcs12.c -@@ -143,7 +143,7 @@ const OPTIONS pkcs12_options[] = { - "Encrypt output with 3DES (default PBES2 with PBKDF2 and AES-256 CBC)"}, - #endif - {"macalg", OPT_MACALG, 's', -- "Digest algorithm to use in MAC (default SHA1)"}, -+ "Digest algorithm to use in MAC (default SHA256)"}, - {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"}, - {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"}, - {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"}, -diff --git a/apps/speed.c b/apps/speed.c -index 535e0f45c246..c8ad19a2bf9d 100644 ---- a/apps/speed.c -+++ b/apps/speed.c -@@ -875,11 +875,14 @@ static int FFDH_derive_key_loop(void *args) - loopargs_t *tempargs = *(loopargs_t **) args; - EVP_PKEY_CTX *ffdh_ctx = tempargs->ffdh_ctx[testnum]; - unsigned char *derived_secret = tempargs->secret_ff_a; -- size_t outlen = MAX_FFDH_SIZE; - int count; - -- for (count = 0; COND(ffdh_c[testnum][0]); count++) -+ for (count = 0; COND(ffdh_c[testnum][0]); count++) { -+ /* outlen can be overwritten with a too small value (no padding used) */ -+ size_t outlen = MAX_FFDH_SIZE; -+ - EVP_PKEY_derive(ffdh_ctx, derived_secret, &outlen); -+ } - return count; - } - #endif /* OPENSSL_NO_DH */ -diff --git a/apps/x509.c b/apps/x509.c -index 2b9a0b6cb408..a919d787457c 100644 ---- a/apps/x509.c -+++ b/apps/x509.c -@@ -534,7 +534,7 @@ int x509_main(int argc, char **argv) - aliasout = ++num; - break; - case OPT_CACREATESERIAL: -- CA_createserial = ++num; -+ CA_createserial = 1; - break; - case OPT_CLREXT: - clrext = 1; -@@ -660,9 +660,19 @@ int x509_main(int argc, char **argv) - BIO_printf(bio_err, "Cannot use both -key/-signkey and -CA option\n"); - goto end; - } -- } else if (CAkeyfile != NULL) { -- BIO_printf(bio_err, -- "Warning: ignoring -CAkey option since no -CA option is given\n"); -+ } else { -+#define WARN_NO_CA(opt) BIO_printf(bio_err, \ -+ "Warning: ignoring " opt " option since -CA option is not given\n"); -+ if (CAkeyfile != NULL) -+ WARN_NO_CA("-CAkey"); -+ if (CAkeyformat != FORMAT_UNDEF) -+ WARN_NO_CA("-CAkeyform"); -+ if (CAformat != FORMAT_UNDEF) -+ WARN_NO_CA("-CAform"); -+ if (CAserial != NULL) -+ WARN_NO_CA("-CAserial"); -+ if (CA_createserial) -+ WARN_NO_CA("-CAcreateserial"); - } - - if (extfile == NULL) { -@@ -725,7 +735,7 @@ int x509_main(int argc, char **argv) - } - if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) - goto end; -- if (sno == NULL) { -+ if (CAfile == NULL && sno == NULL) { - sno = ASN1_INTEGER_new(); - if (sno == NULL || !rand_serial(NULL, sno)) - goto end; -@@ -1081,6 +1091,7 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, - char *buf = NULL; - ASN1_INTEGER *bs = NULL; - BIGNUM *serial = NULL; -+ int defaultfile = 0, file_exists; - - if (serialfile == NULL) { - const char *p = strrchr(CAfile, '.'); -@@ -1090,9 +1101,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, - memcpy(buf, CAfile, len); - memcpy(buf + len, POSTFIX, sizeof(POSTFIX)); - serialfile = buf; -+ defaultfile = 1; - } - -- serial = load_serial(serialfile, create, NULL); -+ serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL); - if (serial == NULL) - goto end; - -@@ -1101,8 +1113,10 @@ static ASN1_INTEGER *x509_load_serial(const char *CAfile, - goto end; - } - -- if (!save_serial(serialfile, NULL, serial, &bs)) -- goto end; -+ if (file_exists || create) -+ save_serial(serialfile, NULL, serial, &bs); -+ else -+ bs = BN_to_ASN1_INTEGER(serial, NULL); - - end: - OPENSSL_free(buf); -diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl -index 9532db70e259..314f9aa2900a 100755 ---- a/crypto/aes/asm/aesv8-armx.pl -+++ b/crypto/aes/asm/aesv8-armx.pl -@@ -1797,6 +1797,21 @@ $code.=<<___; - #ifndef __ARMEB__ - rev $ctr, $ctr - #endif -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat1,$dat0,$dat0 -+ add $tctr1, $ctr, #1 -+ vorr $dat2,$dat0,$dat0 -+ add $ctr, $ctr, #2 -+ vorr $ivec,$dat0,$dat0 -+ rev $tctr1, $tctr1 -+ vmov.32 ${dat1}[3],$tctr1 -+ b.ls .Lctr32_tail -+ rev $tctr2, $ctr -+ sub $len,$len,#3 // bias -+ vmov.32 ${dat2}[3],$tctr2 -+___ -+$code.=<<___ if ($flavour !~ /64/); - add $tctr1, $ctr, #1 - vorr $ivec,$dat0,$dat0 - rev $tctr1, $tctr1 -@@ -2003,11 +2018,25 @@ $code.=<<___; - aese $dat1,q8 - aesmc $tmp1,$dat1 - vld1.8 {$in0},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat0,$ivec,$ivec -+___ -+$code.=<<___ if ($flavour !~ /64/); - add $tctr0,$ctr,#1 -+___ -+$code.=<<___; - aese $dat2,q8 - aesmc $dat2,$dat2 - vld1.8 {$in1},[$inp],#16 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat1,$ivec,$ivec -+___ -+$code.=<<___ if ($flavour !~ /64/); - rev $tctr0,$tctr0 -+___ -+$code.=<<___; - aese $tmp0,q9 - aesmc $tmp0,$tmp0 - aese $tmp1,q9 -@@ -2016,6 +2045,12 @@ $code.=<<___; - mov $key_,$key - aese $dat2,q9 - aesmc $tmp2,$dat2 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vorr $dat2,$ivec,$ivec -+ add $tctr0,$ctr,#1 -+___ -+$code.=<<___; - aese $tmp0,q12 - aesmc $tmp0,$tmp0 - aese $tmp1,q12 -@@ -2031,22 +2066,47 @@ $code.=<<___; - aese $tmp1,q13 - aesmc $tmp1,$tmp1 - veor $in2,$in2,$rndlast -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ rev $tctr0,$tctr0 -+ aese $tmp2,q13 -+ aesmc $tmp2,$tmp2 -+ vmov.32 ${dat0}[3], $tctr0 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vmov.32 ${ivec}[3], $tctr0 - aese $tmp2,q13 - aesmc $tmp2,$tmp2 - vorr $dat0,$ivec,$ivec -+___ -+$code.=<<___; - rev $tctr1,$tctr1 - aese $tmp0,q14 - aesmc $tmp0,$tmp0 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vmov.32 ${ivec}[3], $tctr1 - rev $tctr2,$ctr -+___ -+$code.=<<___; - aese $tmp1,q14 - aesmc $tmp1,$tmp1 -+___ -+$code.=<<___ if ($flavour =~ /64/); -+ vmov.32 ${dat1}[3], $tctr1 -+ rev $tctr2,$ctr -+ aese $tmp2,q14 -+ aesmc $tmp2,$tmp2 -+ vmov.32 ${dat2}[3], $tctr2 -+___ -+$code.=<<___ if ($flavour !~ /64/); - vorr $dat1,$ivec,$ivec - vmov.32 ${ivec}[3], $tctr2 - aese $tmp2,q14 - aesmc $tmp2,$tmp2 - vorr $dat2,$ivec,$ivec -+___ -+$code.=<<___; - subs $len,$len,#3 - aese $tmp0,q15 - aese $tmp1,q15 -diff --git a/crypto/arm_arch.h b/crypto/arm_arch.h -index d157f37d8ee5..be9911b98bd0 100644 ---- a/crypto/arm_arch.h -+++ b/crypto/arm_arch.h -@@ -100,17 +100,17 @@ extern unsigned int OPENSSL_armv8_rsa_neonized; - # define ARM_CPU_PART_N1 0xD0C - - # define MIDR_PARTNUM_SHIFT 4 --# define MIDR_PARTNUM_MASK (0xfff << MIDR_PARTNUM_SHIFT) -+# define MIDR_PARTNUM_MASK (0xfffU << MIDR_PARTNUM_SHIFT) - # define MIDR_PARTNUM(midr) \ - (((midr) & MIDR_PARTNUM_MASK) >> MIDR_PARTNUM_SHIFT) - - # define MIDR_IMPLEMENTER_SHIFT 24 --# define MIDR_IMPLEMENTER_MASK (0xff << MIDR_IMPLEMENTER_SHIFT) -+# define MIDR_IMPLEMENTER_MASK (0xffU << MIDR_IMPLEMENTER_SHIFT) - # define MIDR_IMPLEMENTER(midr) \ - (((midr) & MIDR_IMPLEMENTER_MASK) >> MIDR_IMPLEMENTER_SHIFT) - - # define MIDR_ARCHITECTURE_SHIFT 16 --# define MIDR_ARCHITECTURE_MASK (0xf << MIDR_ARCHITECTURE_SHIFT) -+# define MIDR_ARCHITECTURE_MASK (0xfU << MIDR_ARCHITECTURE_SHIFT) - # define MIDR_ARCHITECTURE(midr) \ - (((midr) & MIDR_ARCHITECTURE_MASK) >> MIDR_ARCHITECTURE_SHIFT) - -@@ -121,7 +121,7 @@ extern unsigned int OPENSSL_armv8_rsa_neonized; - - # define MIDR_CPU_MODEL(imp, partnum) \ - (((imp) << MIDR_IMPLEMENTER_SHIFT) | \ -- (0xf << MIDR_ARCHITECTURE_SHIFT) | \ -+ (0xfU << MIDR_ARCHITECTURE_SHIFT) | \ - ((partnum) << MIDR_PARTNUM_SHIFT)) - - # define MIDR_IS_CPU_MODEL(midr, imp, partnum) \ -diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c -index 1b8ac3410628..f9cb9985d641 100644 ---- a/crypto/asn1/asn_mime.c -+++ b/crypto/asn1/asn_mime.c -@@ -69,6 +69,8 @@ static void mime_hdr_free(MIME_HEADER *hdr); - int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - const ASN1_ITEM *it) - { -+ int rv = 1; -+ - /* If streaming create stream BIO and copy all content through it */ - if (flags & SMIME_STREAM) { - BIO *bio, *tbio; -@@ -77,7 +79,10 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; - } -- SMIME_crlf_copy(in, bio, flags); -+ if (!SMIME_crlf_copy(in, bio, flags)) { -+ rv = 0; -+ } -+ - (void)BIO_flush(bio); - /* Free up successive BIOs until we hit the old output BIO */ - do { -@@ -92,7 +97,7 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, - */ - else - ASN1_item_i2d_bio(it, out, val); -- return 1; -+ return rv; - } - - /* Base 64 read and write of ASN1 structure */ -@@ -346,8 +351,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - * set up to finalise when it is written through. - */ - if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { -- SMIME_crlf_copy(data, out, flags); -- return 1; -+ return SMIME_crlf_copy(data, out, flags); - } - - if (!aux || !aux->asn1_cb) { -@@ -365,7 +369,8 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, - return 0; - - /* Copy data across, passing through filter BIOs for processing */ -- SMIME_crlf_copy(data, sarg.ndef_bio, flags); -+ if (!SMIME_crlf_copy(data, sarg.ndef_bio, flags)) -+ rv = 0; - - /* Finalize structure */ - if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) -@@ -515,8 +520,10 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) - * when streaming as we don't end up with one OCTET STRING per line. - */ - bf = BIO_new(BIO_f_buffer()); -- if (bf == NULL) -+ if (bf == NULL) { -+ ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); - return 0; -+ } - out = BIO_push(bf, out); - if (flags & SMIME_BINARY) { - while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) -diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c -index aa823613060d..8ca1cf64ed47 100644 ---- a/crypto/bio/bss_dgram.c -+++ b/crypto/bio/bss_dgram.c -@@ -1914,7 +1914,8 @@ static void get_current_time(struct timeval *t) - t->tv_sec = (long)(now_ul / 10000000); - t->tv_usec = ((int)(now_ul % 10000000)) / 10; - # else -- gettimeofday(t, NULL); -+ if (gettimeofday(t, NULL) < 0) -+ perror("gettimeofday"); - # endif - } - -diff --git a/crypto/cmp/cmp_http.c b/crypto/cmp/cmp_http.c -index 6ac4212db7de..9e8b0c4dd01d 100644 ---- a/crypto/cmp/cmp_http.c -+++ b/crypto/cmp/cmp_http.c -@@ -31,7 +31,10 @@ - static int keep_alive(int keep_alive, int body_type) - { - if (keep_alive != 0 -- /* Ask for persistent connection only if may need more round trips */ -+ /* -+ * Ask for persistent connection only if may need more round trips. -+ * Do so even with disableConfirm because polling might be needed. -+ */ - && body_type != OSSL_CMP_PKIBODY_IR - && body_type != OSSL_CMP_PKIBODY_CR - && body_type != OSSL_CMP_PKIBODY_P10CR -diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c -index a896148dd836..150b9ee4e179 100644 ---- a/crypto/cms/cms_enc.c -+++ b/crypto/cms/cms_enc.c -@@ -83,6 +83,11 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec, - calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); - /* Generate a random IV if we need one */ - ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); -+ if (ivlen < 0) { -+ ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); -+ goto err; -+ } -+ - if (ivlen > 0) { - if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) - goto err; -diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c -index 380240561f86..1f73cb100884 100644 ---- a/crypto/cms/cms_pwri.c -+++ b/crypto/cms/cms_pwri.c -@@ -96,6 +96,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - } - - ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); -+ if (ivlen < 0) { -+ ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB); -+ goto err; -+ } - - if (ivlen > 0) { - if (RAND_bytes_ex(ossl_cms_ctx_get0_libctx(cms_ctx), iv, ivlen, 0) <= 0) -diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c -index 57c74f24a262..d17df31dd412 100644 ---- a/crypto/cms/cms_smime.c -+++ b/crypto/cms/cms_smime.c -@@ -432,7 +432,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - * Don't use SMIME_TEXT for verify: it adds headers and we want to - * remove them. - */ -- SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT); -+ if (!SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT)) -+ goto err; - - if (flags & CMS_TEXT) { - if (!SMIME_text(tmpout, out)) { -@@ -882,7 +883,9 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) - return 0; - } - -- ret = SMIME_crlf_copy(data, cmsbio, flags); -+ if (!SMIME_crlf_copy(data, cmsbio, flags)) { -+ goto err; -+ } - - (void)BIO_flush(cmsbio); - -@@ -890,6 +893,9 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) - ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR); - goto err; - } -+ -+ ret = 1; -+ - err: - do_free_upto(cmsbio, dcont); - -diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c -index 1c1cd8ff31b5..c245c814d98c 100644 ---- a/crypto/core_algorithm.c -+++ b/crypto/core_algorithm.c -@@ -18,8 +18,10 @@ struct algorithm_data_st { - int operation_id; /* May be zero for finding them all */ - int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); -+ int (*reserve_store)(int no_store, void *data); - void (*fn)(OSSL_PROVIDER *, const OSSL_ALGORITHM *, int no_store, - void *data); -+ int (*unreserve_store)(void *data); - int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, - int *result); - void *data; -@@ -43,6 +45,10 @@ static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - struct algorithm_data_st *data = cbdata; - int ret = 0; - -+ if (!data->reserve_store(no_store, data->data)) -+ /* Error, bail out! */ -+ return -1; -+ - /* Do we fulfill pre-conditions? */ - if (data->pre == NULL) { - /* If there is no pre-condition function, assume "yes" */ -@@ -50,7 +56,8 @@ static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - } else if (!data->pre(provider, cur_operation, no_store, data->data, - &ret)) { - /* Error, bail out! */ -- return -1; -+ ret = -1; -+ goto end; - } - - /* -@@ -58,8 +65,10 @@ static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - * but do continue with the next. This simply means that another thread - * got to it first. - */ -- if (ret == 0) -- return 1; -+ if (ret == 0) { -+ ret = 1; -+ goto end; -+ } - - if (map != NULL) { - const OSSL_ALGORITHM *thismap; -@@ -75,9 +84,12 @@ static int algorithm_do_map(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *map, - } else if (!data->post(provider, cur_operation, no_store, data->data, - &ret)) { - /* Error, bail out! */ -- return -1; -+ ret = -1; - } - -+ end: -+ data->unreserve_store(data->data); -+ - return ret; - } - -@@ -103,7 +115,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) - cur_operation++) { - int no_store = 0; /* Assume caching is ok */ - const OSSL_ALGORITHM *map = NULL; -- int ret; -+ int ret = 0; - - map = ossl_provider_query_operation(provider, cur_operation, - &no_store); -@@ -126,9 +138,11 @@ void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - int (*pre)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), -+ int (*reserve_store)(int no_store, void *data), - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), -+ int (*unreserve_store)(void *data), - int (*post)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - void *data) -@@ -138,7 +152,9 @@ void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - cbdata.libctx = libctx; - cbdata.operation_id = operation_id; - cbdata.pre = pre; -+ cbdata.reserve_store = reserve_store; - cbdata.fn = fn; -+ cbdata.unreserve_store = unreserve_store; - cbdata.post = post; - cbdata.data = data; - -diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c -index 7a8ef0a5e85d..38db36ee1f75 100644 ---- a/crypto/core_fetch.c -+++ b/crypto/core_fetch.c -@@ -31,6 +31,31 @@ static int is_temporary_method_store(int no_store, void *cbdata) - return no_store && !data->force_store; - } - -+static int ossl_method_construct_reserve_store(int no_store, void *cbdata) -+{ -+ struct construct_data_st *data = cbdata; -+ -+ if (is_temporary_method_store(no_store, data) && data->store == NULL) { -+ /* -+ * If we have been told not to store the method "permanently", we -+ * ask for a temporary store, and store the method there. -+ * The owner of |data->mcm| is completely responsible for managing -+ * that temporary store. -+ */ -+ if ((data->store = data->mcm->get_tmp_store(data->mcm_data)) == NULL) -+ return 0; -+ } -+ -+ return data->mcm->lock_store(data->store, data->mcm_data); -+} -+ -+static int ossl_method_construct_unreserve_store(void *cbdata) -+{ -+ struct construct_data_st *data = cbdata; -+ -+ return data->mcm->unlock_store(data->store, data->mcm_data); -+} -+ - static int ossl_method_construct_precondition(OSSL_PROVIDER *provider, - int operation_id, int no_store, - void *cbdata, int *result) -@@ -95,24 +120,8 @@ static void ossl_method_construct_this(OSSL_PROVIDER *provider, - * It is *expected* that the put function increments the refcnt - * of the passed method. - */ -- -- if (!is_temporary_method_store(no_store, data)) { -- /* If we haven't been told not to store, add to the global store */ -- data->mcm->put(NULL, method, provider, algo->algorithm_names, -- algo->property_definition, data->mcm_data); -- } else { -- /* -- * If we have been told not to store the method "permanently", we -- * ask for a temporary store, and store the method there. -- * The owner of |data->mcm| is completely responsible for managing -- * that temporary store. -- */ -- if ((data->store = data->mcm->get_tmp_store(data->mcm_data)) == NULL) -- return; -- -- data->mcm->put(data->store, method, provider, algo->algorithm_names, -- algo->property_definition, data->mcm_data); -- } -+ data->mcm->put(data->store, method, provider, algo->algorithm_names, -+ algo->property_definition, data->mcm_data); - - /* refcnt-- because we're dropping the reference */ - data->mcm->destruct(method, data->mcm_data); -@@ -143,7 +152,9 @@ void *ossl_method_construct(OSSL_LIB_CTX *libctx, int operation_id, - cbdata.mcm_data = mcm_data; - ossl_algorithm_do_all(libctx, operation_id, provider, - ossl_method_construct_precondition, -+ ossl_method_construct_reserve_store, - ossl_method_construct_this, -+ ossl_method_construct_unreserve_store, - ossl_method_construct_postcondition, - &cbdata); - -diff --git a/crypto/dh/dh_group_params.c b/crypto/dh/dh_group_params.c -index 3f843fe9569d..460bd8f00989 100644 ---- a/crypto/dh/dh_group_params.c -+++ b/crypto/dh/dh_group_params.c -@@ -31,7 +31,7 @@ static DH *dh_param_init(OSSL_LIB_CTX *libctx, const DH_NAMED_GROUP *group) - if (dh == NULL) - return NULL; - -- ossl_ffc_named_group_set_pqg(&dh->params, group); -+ ossl_ffc_named_group_set(&dh->params, group); - dh->params.nid = ossl_ffc_named_group_get_uid(group); - dh->dirty_cnt++; - return dh; -@@ -72,8 +72,9 @@ void ossl_dh_cache_named_group(DH *dh) - dh->params.g)) != NULL) { - if (dh->params.q == NULL) - dh->params.q = (BIGNUM *)ossl_ffc_named_group_get_q(group); -- /* cache the nid */ -+ /* cache the nid and default key length */ - dh->params.nid = ossl_ffc_named_group_get_uid(group); -+ dh->params.keylength = ossl_ffc_named_group_get_keylength(group); - dh->dirty_cnt++; - } - } -diff --git a/crypto/ec/build.info b/crypto/ec/build.info -index 70ec25079df9..a511e887a9ba 100644 ---- a/crypto/ec/build.info -+++ b/crypto/ec/build.info -@@ -71,6 +71,14 @@ SOURCE[../../providers/libfips.a]=$COMMON - # need to be applied to all affected libraries and modules. - DEFINE[../../libcrypto]=$ECDEF - DEFINE[../../providers/libfips.a]=$ECDEF -+DEFINE[../../providers/libdefault.a]=$ECDEF -+# We only need to include the ECDEF stuff in the legacy provider when -+# it's a separate module and it's dynamically linked with libcrypto. -+# Otherwise, it already gets everything that the static libcrypto.a -+# has, and doesn't need it added again. -+IF[{- !$disabled{module} && !$disabled{shared} -}] -+ DEFINE[../providers/liblegacy.a]=$ECDEF -+ENDIF - - GENERATE[ecp_nistz256-x86.S]=asm/ecp_nistz256-x86.pl - -diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c -index 979fde116d8d..729d338b3379 100644 ---- a/crypto/ec/ec_key.c -+++ b/crypto/ec/ec_key.c -@@ -720,6 +720,16 @@ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key) - && key->meth->set_private(key, priv_key) == 0) - return 0; - -+ /* -+ * Return `0` to comply with legacy behavior for this function, see -+ * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696 -+ */ -+ if (priv_key == NULL) { -+ BN_clear_free(key->priv_key); -+ key->priv_key = NULL; -+ return 0; /* intentional for legacy compatibility */ -+ } -+ - /* - * We should never leak the bit length of the secret scalar in the key, - * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM` -diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c -index 12f23a619367..56899a926981 100644 ---- a/crypto/encode_decode/decoder_meth.c -+++ b/crypto/encode_decode/decoder_meth.c -@@ -124,6 +124,28 @@ static OSSL_METHOD_STORE *get_decoder_store(OSSL_LIB_CTX *libctx) - &decoder_store_method); - } - -+static int reserve_decoder_store(void *store, void *data) -+{ -+ struct decoder_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_decoder_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_lock_store(store); -+} -+ -+static int unreserve_decoder_store(void *store, void *data) -+{ -+ struct decoder_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_decoder_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_unlock_store(store); -+} -+ - /* Get decoder methods from a store, or put one in */ - static void *get_decoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -@@ -374,6 +396,8 @@ inner_ossl_decoder_fetch(struct decoder_data_st *methdata, int id, - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_decoder_store, -+ reserve_decoder_store, -+ unreserve_decoder_store, - get_decoder_from_store, - put_decoder_in_store, - construct_decoder, -diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c -index 9418ddf3d5c3..89e7b6abf855 100644 ---- a/crypto/encode_decode/encoder_meth.c -+++ b/crypto/encode_decode/encoder_meth.c -@@ -124,6 +124,28 @@ static OSSL_METHOD_STORE *get_encoder_store(OSSL_LIB_CTX *libctx) - &encoder_store_method); - } - -+static int reserve_encoder_store(void *store, void *data) -+{ -+ struct encoder_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_encoder_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_lock_store(store); -+} -+ -+static int unreserve_encoder_store(void *store, void *data) -+{ -+ struct encoder_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_encoder_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_unlock_store(store); -+} -+ - /* Get encoder methods from a store, or put one in */ - static void *get_encoder_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -@@ -384,6 +406,8 @@ inner_ossl_encoder_fetch(struct encoder_data_st *methdata, int id, - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_encoder_store, -+ reserve_encoder_store, -+ unreserve_encoder_store, - get_encoder_from_store, - put_encoder_in_store, - construct_encoder, -diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c -index 90d6a4e6d421..aafd927e63f9 100644 ---- a/crypto/evp/evp_fetch.c -+++ b/crypto/evp/evp_fetch.c -@@ -83,6 +83,28 @@ static OSSL_METHOD_STORE *get_evp_method_store(OSSL_LIB_CTX *libctx) - &evp_method_store_method); - } - -+static int reserve_evp_method_store(void *store, void *data) -+{ -+ struct evp_method_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_evp_method_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_lock_store(store); -+} -+ -+static int unreserve_evp_method_store(void *store, void *data) -+{ -+ struct evp_method_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_evp_method_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_unlock_store(store); -+} -+ - /* - * To identify the method in the EVP method store, we mix the name identity - * with the operation identity, under the assumption that we don't have more -@@ -303,6 +325,8 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, - || !ossl_method_store_cache_get(store, prov, meth_id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_evp_method_store, -+ reserve_evp_method_store, -+ unreserve_evp_method_store, - get_evp_method_from_store, - put_evp_method_in_store, - construct_evp_method, -diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c -index b9180812cf6a..d5ae5ca4ad13 100644 ---- a/crypto/evp/evp_lib.c -+++ b/crypto/evp/evp_lib.c -@@ -659,6 +659,8 @@ int EVP_CIPHER_CTX_get_nid(const EVP_CIPHER_CTX *ctx) - - int EVP_CIPHER_is_a(const EVP_CIPHER *cipher, const char *name) - { -+ if (cipher == NULL) -+ return 0; - if (cipher->prov != NULL) - return evp_is_a(cipher->prov, cipher->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_CIPHER_get0_name(cipher), name); -@@ -713,6 +715,8 @@ int EVP_CIPHER_get_mode(const EVP_CIPHER *cipher) - - int EVP_MD_is_a(const EVP_MD *md, const char *name) - { -+ if (md == NULL) -+ return 0; - if (md->prov != NULL) - return evp_is_a(md->prov, md->name_id, NULL, name); - return evp_is_a(NULL, 0, EVP_MD_get0_name(md), name); -diff --git a/crypto/evp/evp_rand.c b/crypto/evp/evp_rand.c -index 0db755e06b40..e92108abb156 100644 ---- a/crypto/evp/evp_rand.c -+++ b/crypto/evp/evp_rand.c -@@ -305,7 +305,7 @@ const char *EVP_RAND_get0_description(const EVP_RAND *rand) - - int EVP_RAND_is_a(const EVP_RAND *rand, const char *name) - { -- return evp_is_a(rand->prov, rand->name_id, NULL, name); -+ return rand != NULL && evp_is_a(rand->prov, rand->name_id, NULL, name); - } - - const OSSL_PROVIDER *EVP_RAND_get0_provider(const EVP_RAND *rand) -diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c -index 8eb13ad5dda6..d7a4ad142aa7 100644 ---- a/crypto/evp/exchange.c -+++ b/crypto/evp/exchange.c -@@ -550,7 +550,8 @@ const char *EVP_KEYEXCH_get0_description(const EVP_KEYEXCH *keyexch) - - int EVP_KEYEXCH_is_a(const EVP_KEYEXCH *keyexch, const char *name) - { -- return evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); -+ return keyexch != NULL -+ && evp_is_a(keyexch->prov, keyexch->name_id, NULL, name); - } - - void EVP_KEYEXCH_do_all_provided(OSSL_LIB_CTX *libctx, -diff --git a/crypto/evp/kdf_lib.c b/crypto/evp/kdf_lib.c -index 8177626ae062..5b53d9822c9a 100644 ---- a/crypto/evp/kdf_lib.c -+++ b/crypto/evp/kdf_lib.c -@@ -97,7 +97,7 @@ const char *EVP_KDF_get0_description(const EVP_KDF *kdf) - - int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name) - { -- return evp_is_a(kdf->prov, kdf->name_id, NULL, name); -+ return kdf != NULL && evp_is_a(kdf->prov, kdf->name_id, NULL, name); - } - - const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf) -diff --git a/crypto/evp/kem.c b/crypto/evp/kem.c -index 7594888b97d1..bd28ede7aeb8 100644 ---- a/crypto/evp/kem.c -+++ b/crypto/evp/kem.c -@@ -421,7 +421,7 @@ EVP_KEM *evp_kem_fetch_from_prov(OSSL_PROVIDER *prov, const char *algorithm, - - int EVP_KEM_is_a(const EVP_KEM *kem, const char *name) - { -- return evp_is_a(kem->prov, kem->name_id, NULL, name); -+ return kem != NULL && evp_is_a(kem->prov, kem->name_id, NULL, name); - } - - int evp_kem_get_number(const EVP_KEM *kem) -diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c -index fb999c7fd0e9..57b19a07b2fa 100644 ---- a/crypto/evp/keymgmt_meth.c -+++ b/crypto/evp/keymgmt_meth.c -@@ -279,7 +279,8 @@ const char *EVP_KEYMGMT_get0_name(const EVP_KEYMGMT *keymgmt) - - int EVP_KEYMGMT_is_a(const EVP_KEYMGMT *keymgmt, const char *name) - { -- return evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); -+ return keymgmt != NULL -+ && evp_is_a(keymgmt->prov, keymgmt->name_id, NULL, name); - } - - void EVP_KEYMGMT_do_all_provided(OSSL_LIB_CTX *libctx, -diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c -index 24fdb35c8efc..a49c10322035 100644 ---- a/crypto/evp/mac_lib.c -+++ b/crypto/evp/mac_lib.c -@@ -226,7 +226,7 @@ const char *EVP_MAC_get0_description(const EVP_MAC *mac) - - int EVP_MAC_is_a(const EVP_MAC *mac, const char *name) - { -- return evp_is_a(mac->prov, mac->name_id, NULL, name); -+ return mac != NULL && evp_is_a(mac->prov, mac->name_id, NULL, name); - } - - int EVP_MAC_names_do_all(const EVP_MAC *mac, -diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c -index 8d2eee11f1a9..170cb89cb05f 100644 ---- a/crypto/evp/p_lib.c -+++ b/crypto/evp/p_lib.c -@@ -1039,11 +1039,10 @@ const char *evp_pkey_type2name(int type) - - int EVP_PKEY_is_a(const EVP_PKEY *pkey, const char *name) - { -- if (pkey->keymgmt == NULL) { -- int type = evp_pkey_name2type(name); -- -- return pkey->type == type; -- } -+ if (pkey == NULL) -+ return 0; -+ if (pkey->keymgmt == NULL) -+ return pkey->type == evp_pkey_name2type(name); - return EVP_KEYMGMT_is_a(pkey->keymgmt, name); - } - -@@ -1389,6 +1388,7 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) - - if (pkey != NULL && evp_pkey_is_provided(pkey)) { - size_t return_size = OSSL_PARAM_UNMODIFIED; -+ unsigned char *buf; - - /* - * We know that this is going to fail, but it will give us a size -@@ -1400,14 +1400,18 @@ size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub) - if (return_size == OSSL_PARAM_UNMODIFIED) - return 0; - -- *ppub = OPENSSL_malloc(return_size); -- if (*ppub == NULL) -+ *ppub = NULL; -+ buf = OPENSSL_malloc(return_size); -+ if (buf == NULL) - return 0; - - if (!EVP_PKEY_get_octet_string_param(pkey, - OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, -- *ppub, return_size, NULL)) -+ buf, return_size, NULL)) { -+ OPENSSL_free(buf); - return 0; -+ } -+ *ppub = buf; - return return_size; - } - -diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c -index 49f40c8cec24..c9871668ad50 100644 ---- a/crypto/evp/signature.c -+++ b/crypto/evp/signature.c -@@ -327,7 +327,8 @@ EVP_SIGNATURE *evp_signature_fetch_from_prov(OSSL_PROVIDER *prov, - - int EVP_SIGNATURE_is_a(const EVP_SIGNATURE *signature, const char *name) - { -- return evp_is_a(signature->prov, signature->name_id, NULL, name); -+ return signature != NULL -+ && evp_is_a(signature->prov, signature->name_id, NULL, name); - } - - int evp_signature_get_number(const EVP_SIGNATURE *signature) -diff --git a/crypto/ffc/ffc_backend.c b/crypto/ffc/ffc_backend.c -index 9a013d95d359..dbd28b0e66bd 100644 ---- a/crypto/ffc/ffc_backend.c -+++ b/crypto/ffc/ffc_backend.c -@@ -39,7 +39,7 @@ int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]) - if (prm->data_type != OSSL_PARAM_UTF8_STRING - || prm->data == NULL - || (group = ossl_ffc_name_to_dh_named_group(prm->data)) == NULL -- || !ossl_ffc_named_group_set_pqg(ffc, group)) -+ || !ossl_ffc_named_group_set(ffc, group)) - #endif - goto err; - } -diff --git a/crypto/ffc/ffc_dh.c b/crypto/ffc/ffc_dh.c -index 9a7e99cff670..df07e173bcb8 100644 ---- a/crypto/ffc/ffc_dh.c -+++ b/crypto/ffc/ffc_dh.c -@@ -13,16 +13,18 @@ - - #ifndef OPENSSL_NO_DH - --# define FFDHE(sz) { \ -+# define FFDHE(sz, keylength) { \ - SN_ffdhe##sz, NID_ffdhe##sz, \ - sz, \ -+ keylength, \ - &ossl_bignum_ffdhe##sz##_p, &ossl_bignum_ffdhe##sz##_q, \ - &ossl_bignum_const_2, \ - } - --# define MODP(sz) { \ -+# define MODP(sz, keylength) { \ - SN_modp_##sz, NID_modp_##sz, \ - sz, \ -+ keylength, \ - &ossl_bignum_modp_##sz##_p, &ossl_bignum_modp_##sz##_q, \ - &ossl_bignum_const_2 \ - } -@@ -30,14 +32,15 @@ - # define RFC5114(name, uid, sz, tag) { \ - name, uid, \ - sz, \ -+ 0, \ - &ossl_bignum_dh##tag##_p, &ossl_bignum_dh##tag##_q, \ - &ossl_bignum_dh##tag##_g \ - } - - #else - --# define FFDHE(sz) { SN_ffdhe##sz, NID_ffdhe##sz } --# define MODP(sz) { SN_modp_##sz, NID_modp_##sz } -+# define FFDHE(sz, keylength) { SN_ffdhe##sz, NID_ffdhe##sz } -+# define MODP(sz, keylength) { SN_modp_##sz, NID_modp_##sz } - # define RFC5114(name, uid, sz, tag) { name, uid } - - #endif -@@ -47,26 +50,32 @@ struct dh_named_group_st { - int uid; - #ifndef OPENSSL_NO_DH - int32_t nbits; -+ int keylength; - const BIGNUM *p; - const BIGNUM *q; - const BIGNUM *g; - #endif - }; - -+/* -+ * The private key length values are taken from RFC7919 with the values for -+ * MODP primes given the same lengths as the equivalent FFDHE. -+ * The MODP 1536 value is approximated. -+ */ - static const DH_NAMED_GROUP dh_named_groups[] = { -- FFDHE(2048), -- FFDHE(3072), -- FFDHE(4096), -- FFDHE(6144), -- FFDHE(8192), -+ FFDHE(2048, 225), -+ FFDHE(3072, 275), -+ FFDHE(4096, 325), -+ FFDHE(6144, 375), -+ FFDHE(8192, 400), - #ifndef FIPS_MODULE -- MODP(1536), -+ MODP(1536, 200), - #endif -- MODP(2048), -- MODP(3072), -- MODP(4096), -- MODP(6144), -- MODP(8192), -+ MODP(2048, 225), -+ MODP(3072, 275), -+ MODP(4096, 325), -+ MODP(6144, 375), -+ MODP(8192, 400), - /* - * Additional dh named groups from RFC 5114 that have a different g. - * The uid can be any unique identifier. -@@ -134,6 +143,13 @@ const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *group) - } - - #ifndef OPENSSL_NO_DH -+int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group) -+{ -+ if (group == NULL) -+ return 0; -+ return group->keylength; -+} -+ - const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group) - { - if (group == NULL) -@@ -141,13 +157,14 @@ const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group) - return group->q; - } - --int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group) -+int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group) - { - if (ffc == NULL || group == NULL) - return 0; - - ossl_ffc_params_set0_pqg(ffc, (BIGNUM *)group->p, (BIGNUM *)group->q, - (BIGNUM *)group->g); -+ ffc->keylength = group->keylength; - - /* flush the cached nid, The DH layer is responsible for caching */ - ffc->nid = NID_undef; -diff --git a/crypto/ffc/ffc_key_generate.c b/crypto/ffc/ffc_key_generate.c -index c18f349ee226..cb895f2abd53 100644 ---- a/crypto/ffc/ffc_key_generate.c -+++ b/crypto/ffc/ffc_key_generate.c -@@ -25,11 +25,11 @@ int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, - int ret = 0, qbits = BN_num_bits(params->q); - BIGNUM *m, *two_powN = NULL; - -- /* Deal with the edge case where the value of N is not set */ -- if (N == 0) -- N = qbits; -+ /* Deal with the edge cases where the value of N and/or s is not set */ - if (s == 0) -- s = N / 2; -+ goto err; -+ if (N == 0) -+ N = params->keylength ? params->keylength : 2 * s; - - /* Step (2) : check range of N */ - if (N < 2 * s || N > qbits) -diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c -index 073f661c7c46..fb558f8221f6 100644 ---- a/crypto/ffc/ffc_params.c -+++ b/crypto/ffc/ffc_params.c -@@ -196,6 +196,7 @@ int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src) - dst->h = src->h; - dst->gindex = src->gindex; - dst->flags = src->flags; -+ dst->keylength = src->keylength; - return 1; - } - -diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c -index 2520d71f2f3b..0d62f1c7bf16 100644 ---- a/crypto/http/http_client.c -+++ b/crypto/http/http_client.c -@@ -53,7 +53,7 @@ struct ossl_http_req_ctx_st { - char *proxy; /* Optional proxy name or URI */ - char *server; /* Optional server host name */ - char *port; /* Optional server port */ -- BIO *mem; /* Memory BIO holding request/response header */ -+ BIO *mem; /* Mem BIO holding request header or response */ - BIO *req; /* BIO holding the request provided by caller */ - int method_POST; /* HTTP method is POST (else GET) */ - char *expected_ct; /* Optional expected Content-Type */ -@@ -266,7 +266,10 @@ int OSSL_HTTP_REQ_CTX_set_expected(OSSL_HTTP_REQ_CTX *rctx, - static int set1_content(OSSL_HTTP_REQ_CTX *rctx, - const char *content_type, BIO *req) - { -- long req_len; -+ long req_len = 0; -+#ifndef OPENSSL_NO_STDIO -+ FILE *fp = NULL; -+#endif - - if (rctx == NULL || (req == NULL && content_type != NULL)) { - ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER); -@@ -290,14 +293,38 @@ static int set1_content(OSSL_HTTP_REQ_CTX *rctx, - && BIO_printf(rctx->mem, "Content-Type: %s\r\n", content_type) <= 0) - return 0; - -- /* streaming BIO may not support querying size */ -- if (((req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL)) <= 0 -- || BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) > 0) -- && BIO_up_ref(req)) { -- rctx->req = req; -- return 1; -+ /* -+ * BIO_CTRL_INFO yields the data length at least for memory BIOs, but for -+ * file-based BIOs it gives the current position, which is not what we need. -+ */ -+ if (BIO_method_type(req) == BIO_TYPE_FILE) { -+#ifndef OPENSSL_NO_STDIO -+ if (BIO_get_fp(req, &fp) == 1 && fseek(fp, 0, SEEK_END) == 0) { -+ req_len = ftell(fp); -+ (void)fseek(fp, 0, SEEK_SET); -+ } else { -+ fp = NULL; -+ } -+#endif -+ } else { -+ req_len = BIO_ctrl(req, BIO_CTRL_INFO, 0, NULL); -+ /* -+ * Streaming BIOs likely will not support querying the size at all, -+ * and we assume we got a correct value if req_len > 0. -+ */ - } -- return 0; -+ if (( -+#ifndef OPENSSL_NO_STDIO -+ fp != NULL /* definitely correct req_len */ || -+#endif -+ req_len > 0) -+ && BIO_printf(rctx->mem, "Content-Length: %ld\r\n", req_len) < 0) -+ return 0; -+ -+ if (!BIO_up_ref(req)) -+ return 0; -+ rctx->req = req; -+ return 1; - } - - int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type, -@@ -567,7 +594,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) - if (rctx->req != NULL && !BIO_eof(rctx->req)) { - n = BIO_read(rctx->req, rctx->buf, rctx->buf_size); - if (n <= 0) { -- if (BIO_should_retry(rctx->rbio)) -+ if (BIO_should_retry(rctx->req)) - return -1; - ERR_raise(ERR_LIB_HTTP, HTTP_R_FAILED_READING_DATA); - return 0; -@@ -952,7 +979,7 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_open(const char *server, const char *port, - if (bio_update_fn != NULL) { - BIO *orig_bio = cbio; - -- cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl); -+ cbio = (*bio_update_fn)(cbio, arg, 1 /* connect */, use_ssl != 0); - if (cbio == NULL) { - if (bio == NULL) /* cbio was not provided by caller */ - BIO_free_all(orig_bio); -diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c -index c2cc2cbf3240..9458135572c0 100644 ---- a/crypto/mem_sec.c -+++ b/crypto/mem_sec.c -@@ -23,6 +23,20 @@ - #ifndef OPENSSL_NO_SECURE_MEMORY - # if defined(_WIN32) - # include -+# if defined(WINAPI_FAMILY_PARTITION) \ -+ && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) -+/* -+ * While VirtualLock is available under the app partition (e.g. UWP), -+ * the headers do not define the API. Define it ourselves instead. -+ */ -+WINBASEAPI -+BOOL -+WINAPI -+VirtualLock( -+ _In_ LPVOID lpAddress, -+ _In_ SIZE_T dwSize -+ ); -+# endif - # endif - # include - # include -diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c -index 653cc9ad94dc..227f72df1544 100644 ---- a/crypto/objects/obj_dat.c -+++ b/crypto/objects/obj_dat.c -@@ -713,6 +713,9 @@ int OBJ_create(const char *oid, const char *sn, const char *ln) - } - - tmpoid->nid = OBJ_new_nid(1); -+ if (tmpoid->nid == NID_undef) -+ goto err; -+ - tmpoid->sn = (char *)sn; - tmpoid->ln = (char *)ln; - -diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c -index 50975070198f..fa24831fe383 100644 ---- a/crypto/pem/pem_lib.c -+++ b/crypto/pem/pem_lib.c -@@ -627,7 +627,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header, - (BIO_write(bp, "-----\n", 6) != 6)) - goto err; - -- i = strlen(header); -+ i = header != NULL ? strlen(header) : 0; - if (i > 0) { - if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1)) - goto err; -diff --git a/crypto/pkcs12/p12_decr.c b/crypto/pkcs12/p12_decr.c -index 87232e773794..c4c63a2701a7 100644 ---- a/crypto/pkcs12/p12_decr.c -+++ b/crypto/pkcs12/p12_decr.c -@@ -94,6 +94,8 @@ unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, - if (EVP_CIPHER_CTX_is_encrypting(ctx)) { - if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - (int)mac_len, out+outlen) < 0) { -+ OPENSSL_free(out); -+ out = NULL; - ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR); - goto err; - } -diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c -index 60959ba0debc..cc5f0b33e88b 100644 ---- a/crypto/pkcs7/pk7_smime.c -+++ b/crypto/pkcs7/pk7_smime.c -@@ -81,7 +81,8 @@ int PKCS7_final(PKCS7 *p7, BIO *data, int flags) - return 0; - } - -- SMIME_crlf_copy(data, p7bio, flags); -+ if (!SMIME_crlf_copy(data, p7bio, flags)) -+ goto err; - - (void)BIO_flush(p7bio); - -diff --git a/crypto/property/property.c b/crypto/property/property.c -index 790abfd13be8..dec0bdb45eac 100644 ---- a/crypto/property/property.c -+++ b/crypto/property/property.c -@@ -62,7 +62,19 @@ typedef struct { - struct ossl_method_store_st { - OSSL_LIB_CTX *ctx; - SPARSE_ARRAY_OF(ALGORITHM) *algs; -+ /* -+ * Lock to protect the |algs| array from concurrent writing, when -+ * individual implementations or queries are inserted. This is used -+ * by the appropriate functions here. -+ */ - CRYPTO_RWLOCK *lock; -+ /* -+ * Lock to reserve the whole store. This is used when fetching a set -+ * of algorithms, via these functions, found in crypto/core_fetch.c: -+ * ossl_method_construct_reserve_store() -+ * ossl_method_construct_unreserve_store() -+ */ -+ CRYPTO_RWLOCK *biglock; - - /* query cache specific values */ - -@@ -238,13 +250,10 @@ OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx) - res = OPENSSL_zalloc(sizeof(*res)); - if (res != NULL) { - res->ctx = ctx; -- if ((res->algs = ossl_sa_ALGORITHM_new()) == NULL) { -- OPENSSL_free(res); -- return NULL; -- } -- if ((res->lock = CRYPTO_THREAD_lock_new()) == NULL) { -- ossl_sa_ALGORITHM_free(res->algs); -- OPENSSL_free(res); -+ if ((res->algs = ossl_sa_ALGORITHM_new()) == NULL -+ || (res->lock = CRYPTO_THREAD_lock_new()) == NULL -+ || (res->biglock = CRYPTO_THREAD_lock_new()) == NULL) { -+ ossl_method_store_free(res); - return NULL; - } - } -@@ -254,13 +263,25 @@ OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx) - void ossl_method_store_free(OSSL_METHOD_STORE *store) - { - if (store != NULL) { -- ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup, store); -+ if (store->algs != NULL) -+ ossl_sa_ALGORITHM_doall_arg(store->algs, &alg_cleanup, store); - ossl_sa_ALGORITHM_free(store->algs); - CRYPTO_THREAD_lock_free(store->lock); -+ CRYPTO_THREAD_lock_free(store->biglock); - OPENSSL_free(store); - } - } - -+int ossl_method_lock_store(OSSL_METHOD_STORE *store) -+{ -+ return store != NULL ? CRYPTO_THREAD_write_lock(store->biglock) : 0; -+} -+ -+int ossl_method_unlock_store(OSSL_METHOD_STORE *store) -+{ -+ return store != NULL ? CRYPTO_THREAD_unlock(store->biglock) : 0; -+} -+ - static ALGORITHM *ossl_method_store_retrieve(OSSL_METHOD_STORE *store, int nid) - { - return ossl_sa_ALGORITHM_get(store->algs, nid); -@@ -268,7 +289,7 @@ static ALGORITHM *ossl_method_store_retrieve(OSSL_METHOD_STORE *store, int nid) - - static int ossl_method_store_insert(OSSL_METHOD_STORE *store, ALGORITHM *alg) - { -- return ossl_sa_ALGORITHM_set(store->algs, alg->nid, alg); -+ return ossl_sa_ALGORITHM_set(store->algs, alg->nid, alg); - } - - int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, -diff --git a/crypto/provider_core.c b/crypto/provider_core.c -index d4ed2a567c01..c9e87d9f677f 100644 ---- a/crypto/provider_core.c -+++ b/crypto/provider_core.c -@@ -1260,7 +1260,7 @@ int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren) - - void *ossl_provider_ctx(const OSSL_PROVIDER *prov) - { -- return prov->provctx; -+ return prov != NULL ? prov->provctx : NULL; - } - - /* -@@ -1840,8 +1840,8 @@ static const OSSL_PARAM param_types[] = { - */ - static OSSL_FUNC_core_gettable_params_fn core_gettable_params; - static OSSL_FUNC_core_get_params_fn core_get_params; --static OSSL_FUNC_core_thread_start_fn core_thread_start; - static OSSL_FUNC_core_get_libctx_fn core_get_libctx; -+static OSSL_FUNC_core_thread_start_fn core_thread_start; - #ifndef FIPS_MODULE - static OSSL_FUNC_core_new_error_fn core_new_error; - static OSSL_FUNC_core_set_error_debug_fn core_set_error_debug; -@@ -1849,6 +1849,42 @@ static OSSL_FUNC_core_vset_error_fn core_vset_error; - static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark; - static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark; - static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark; -+OSSL_FUNC_BIO_new_file_fn ossl_core_bio_new_file; -+OSSL_FUNC_BIO_new_membuf_fn ossl_core_bio_new_mem_buf; -+OSSL_FUNC_BIO_read_ex_fn ossl_core_bio_read_ex; -+OSSL_FUNC_BIO_write_ex_fn ossl_core_bio_write_ex; -+OSSL_FUNC_BIO_gets_fn ossl_core_bio_gets; -+OSSL_FUNC_BIO_puts_fn ossl_core_bio_puts; -+OSSL_FUNC_BIO_up_ref_fn ossl_core_bio_up_ref; -+OSSL_FUNC_BIO_free_fn ossl_core_bio_free; -+OSSL_FUNC_BIO_vprintf_fn ossl_core_bio_vprintf; -+OSSL_FUNC_BIO_vsnprintf_fn BIO_vsnprintf; -+static OSSL_FUNC_self_test_cb_fn core_self_test_get_callback; -+OSSL_FUNC_get_entropy_fn ossl_rand_get_entropy; -+OSSL_FUNC_cleanup_entropy_fn ossl_rand_cleanup_entropy; -+OSSL_FUNC_get_nonce_fn ossl_rand_get_nonce; -+OSSL_FUNC_cleanup_nonce_fn ossl_rand_cleanup_nonce; -+#endif -+OSSL_FUNC_CRYPTO_malloc_fn CRYPTO_malloc; -+OSSL_FUNC_CRYPTO_zalloc_fn CRYPTO_zalloc; -+OSSL_FUNC_CRYPTO_free_fn CRYPTO_free; -+OSSL_FUNC_CRYPTO_clear_free_fn CRYPTO_clear_free; -+OSSL_FUNC_CRYPTO_realloc_fn CRYPTO_realloc; -+OSSL_FUNC_CRYPTO_clear_realloc_fn CRYPTO_clear_realloc; -+OSSL_FUNC_CRYPTO_secure_malloc_fn CRYPTO_secure_malloc; -+OSSL_FUNC_CRYPTO_secure_zalloc_fn CRYPTO_secure_zalloc; -+OSSL_FUNC_CRYPTO_secure_free_fn CRYPTO_secure_free; -+OSSL_FUNC_CRYPTO_secure_clear_free_fn CRYPTO_secure_clear_free; -+OSSL_FUNC_CRYPTO_secure_allocated_fn CRYPTO_secure_allocated; -+OSSL_FUNC_OPENSSL_cleanse_fn OPENSSL_cleanse; -+#ifndef FIPS_MODULE -+OSSL_FUNC_provider_register_child_cb_fn ossl_provider_register_child_cb; -+OSSL_FUNC_provider_deregister_child_cb_fn ossl_provider_deregister_child_cb; -+static OSSL_FUNC_provider_name_fn core_provider_get0_name; -+static OSSL_FUNC_provider_get0_provider_ctx_fn core_provider_get0_provider_ctx; -+static OSSL_FUNC_provider_get0_dispatch_fn core_provider_get0_dispatch; -+static OSSL_FUNC_provider_up_ref_fn core_provider_up_ref_intern; -+static OSSL_FUNC_provider_free_fn core_provider_free_intern; - static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid; - static OSSL_FUNC_core_obj_create_fn core_obj_create; - #endif -@@ -1982,6 +2018,40 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) - return ERR_pop_to_mark(); - } - -+static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx, -+ OSSL_CALLBACK **cb, void **cbarg) -+{ -+ OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg); -+} -+ -+static const char *core_provider_get0_name(const OSSL_CORE_HANDLE *prov) -+{ -+ return OSSL_PROVIDER_get0_name((const OSSL_PROVIDER *)prov); -+} -+ -+static void *core_provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov) -+{ -+ return OSSL_PROVIDER_get0_provider_ctx((const OSSL_PROVIDER *)prov); -+} -+ -+static const OSSL_DISPATCH * -+core_provider_get0_dispatch(const OSSL_CORE_HANDLE *prov) -+{ -+ return OSSL_PROVIDER_get0_dispatch((const OSSL_PROVIDER *)prov); -+} -+ -+static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov, -+ int activate) -+{ -+ return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate); -+} -+ -+static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov, -+ int deactivate) -+{ -+ return provider_free_intern((OSSL_PROVIDER *)prov, deactivate); -+} -+ - static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, - const char *sign_name, const char *digest_name, - const char *pkey_name) -@@ -2046,7 +2116,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { - { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free }, - { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf }, - { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, -- { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))OSSL_SELF_TEST_get_callback }, -+ { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))core_self_test_get_callback }, - { OSSL_FUNC_GET_ENTROPY, (void (*)(void))ossl_rand_get_entropy }, - { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))ossl_rand_cleanup_entropy }, - { OSSL_FUNC_GET_NONCE, (void (*)(void))ossl_rand_get_nonce }, -@@ -2072,15 +2142,15 @@ static const OSSL_DISPATCH core_dispatch_[] = { - { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB, - (void (*)(void))ossl_provider_deregister_child_cb }, - { OSSL_FUNC_PROVIDER_NAME, -- (void (*)(void))OSSL_PROVIDER_get0_name }, -+ (void (*)(void))core_provider_get0_name }, - { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX, -- (void (*)(void))OSSL_PROVIDER_get0_provider_ctx }, -+ (void (*)(void))core_provider_get0_provider_ctx }, - { OSSL_FUNC_PROVIDER_GET0_DISPATCH, -- (void (*)(void))OSSL_PROVIDER_get0_dispatch }, -+ (void (*)(void))core_provider_get0_dispatch }, - { OSSL_FUNC_PROVIDER_UP_REF, -- (void (*)(void))provider_up_ref_intern }, -+ (void (*)(void))core_provider_up_ref_intern }, - { OSSL_FUNC_PROVIDER_FREE, -- (void (*)(void))provider_free_intern }, -+ (void (*)(void))core_provider_free_intern }, - { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid }, - { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create }, - #endif -diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c -index afa85ab76f2f..b394242f7144 100644 ---- a/crypto/rand/prov_seed.c -+++ b/crypto/rand/prov_seed.c -@@ -12,7 +12,7 @@ - #include - #include - --size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, -+size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len) - { -@@ -38,13 +38,13 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, - return ret; - } - --void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle, -+void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) - { - OPENSSL_secure_clear_free(buf, len); - } - --size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, -+size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len) - { -@@ -69,7 +69,7 @@ size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, - return ret; - } - --void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle, -+void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len) - { - OPENSSL_clear_free(buf, len); -diff --git a/crypto/sha/build.info b/crypto/sha/build.info -index f3e38284ad35..d61f7de9b6bd 100644 ---- a/crypto/sha/build.info -+++ b/crypto/sha/build.info -@@ -82,6 +82,14 @@ SOURCE[../../providers/libfips.a]= $COMMON - # need to be applied to all affected libraries and modules. - DEFINE[../../libcrypto]=$SHA1DEF $KECCAK1600DEF - DEFINE[../../providers/libfips.a]=$SHA1DEF $KECCAK1600DEF -+DEFINE[../../providers/libdefault.a]=$SHA1DEF $KECCAK1600DEF -+# We only need to include the SHA1DEF and KECCAK1600DEF stuff in the -+# legacy provider when it's a separate module and it's dynamically -+# linked with libcrypto. Otherwise, it already gets everything that -+# the static libcrypto.a has, and doesn't need it added again. -+IF[{- !$disabled{module} && !$disabled{shared} -}] -+ DEFINE[../providers/liblegacy.a]=$SHA1DEF $KECCAK1600DEF -+ENDIF - - GENERATE[sha1-586.S]=asm/sha1-586.pl - DEPEND[sha1-586.S]=../perlasm/x86asm.pl -diff --git a/crypto/sparse_array.c b/crypto/sparse_array.c -index 53e6e7d46076..bbbc9cdb3696 100644 ---- a/crypto/sparse_array.c -+++ b/crypto/sparse_array.c -@@ -109,8 +109,10 @@ static void sa_free_leaf(ossl_uintmax_t n, void *p, void *arg) - - void ossl_sa_free(OPENSSL_SA *sa) - { -- sa_doall(sa, &sa_free_node, NULL, NULL); -- OPENSSL_free(sa); -+ if (sa != NULL) { -+ sa_doall(sa, &sa_free_node, NULL, NULL); -+ OPENSSL_free(sa); -+ } - } - - void ossl_sa_free_leaves(OPENSSL_SA *sa) -diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c -index 999d4c5e9fb9..a5b0d1b0957c 100644 ---- a/crypto/store/store_meth.c -+++ b/crypto/store/store_meth.c -@@ -127,6 +127,28 @@ static OSSL_METHOD_STORE *get_loader_store(OSSL_LIB_CTX *libctx) - &loader_store_method); - } - -+static int reserve_loader_store(void *store, void *data) -+{ -+ struct loader_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_loader_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_lock_store(store); -+} -+ -+static int unreserve_loader_store(void *store, void *data) -+{ -+ struct loader_data_st *methdata = data; -+ -+ if (store == NULL -+ && (store = get_loader_store(methdata->libctx)) == NULL) -+ return 0; -+ -+ return ossl_method_unlock_store(store); -+} -+ - /* Get loader methods from a store, or put one in */ - static void *get_loader_from_store(void *store, const OSSL_PROVIDER **prov, - void *data) -@@ -313,6 +335,8 @@ inner_loader_fetch(struct loader_data_st *methdata, int id, - || !ossl_method_store_cache_get(store, NULL, id, propq, &method)) { - OSSL_METHOD_CONSTRUCT_METHOD mcm = { - get_tmp_loader_store, -+ reserve_loader_store, -+ unreserve_loader_store, - get_loader_from_store, - put_loader_in_store, - construct_loader, -diff --git a/crypto/threads_win.c b/crypto/threads_win.c -index d65b3826d93a..b5e4d18a84d8 100644 ---- a/crypto/threads_win.c -+++ b/crypto/threads_win.c -@@ -14,6 +14,18 @@ - # endif - #endif - -+/* -+ * VC++ 2008 or earlier x86 compilers do not have an inline implementation -+ * of InterlockedOr64 for 32bit and will fail to run on Windows XP 32bit. -+ * https://docs.microsoft.com/en-us/cpp/intrinsics/interlockedor-intrinsic-functions#requirements -+ * To work around this problem, we implement a manual locking mechanism for -+ * only VC++ 2008 or earlier x86 compilers. -+ */ -+ -+#if (defined(_MSC_VER) && defined(_M_IX86) && _MSC_VER <= 1500) -+# define NO_INTERLOCKEDOR64 -+#endif -+ - #include - - #if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS) -@@ -207,14 +219,36 @@ int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock) - int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret, - CRYPTO_RWLOCK *lock) - { -+#if (defined(NO_INTERLOCKEDOR64)) -+ if (lock == NULL || !CRYPTO_THREAD_write_lock(lock)) -+ return 0; -+ *val |= op; -+ *ret = *val; -+ -+ if (!CRYPTO_THREAD_unlock(lock)) -+ return 0; -+ -+ return 1; -+#else - *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, (LONG64)op) | op; - return 1; -+#endif - } - - int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock) - { -+#if (defined(NO_INTERLOCKEDOR64)) -+ if (lock == NULL || !CRYPTO_THREAD_read_lock(lock)) -+ return 0; -+ *ret = *val; -+ if (!CRYPTO_THREAD_unlock(lock)) -+ return 0; -+ -+ return 1; -+#else - *ret = (uint64_t)InterlockedOr64((LONG64 volatile *)val, 0); - return 1; -+#endif - } - - int openssl_init_fork_handlers(void) -diff --git a/crypto/x509/v3_addr.c b/crypto/x509/v3_addr.c -index 4205e7d7afbb..3fc5f3d62015 100644 ---- a/crypto/x509/v3_addr.c -+++ b/crypto/x509/v3_addr.c -@@ -393,12 +393,14 @@ static int range_should_be_prefix(const unsigned char *min, - /* - * Construct a prefix. - */ --static int make_addressPrefix(IPAddressOrRange **result, -- unsigned char *addr, const int prefixlen) -+static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr, -+ const int prefixlen, const int afilen) - { - int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8; - IPAddressOrRange *aor = IPAddressOrRange_new(); - -+ if (prefixlen < 0 || prefixlen > (afilen * 8)) -+ return 0; - if (aor == NULL) - return 0; - aor->type = IPAddressOrRange_addressPrefix; -@@ -438,7 +440,7 @@ static int make_addressRange(IPAddressOrRange **result, - return 0; - - if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0) -- return make_addressPrefix(result, min, prefixlen); -+ return make_addressPrefix(result, min, prefixlen, length); - - if ((aor = IPAddressOrRange_new()) == NULL) - return 0; -@@ -600,7 +602,9 @@ int X509v3_addr_add_prefix(IPAddrBlocks *addr, - { - IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi); - IPAddressOrRange *aor; -- if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen)) -+ -+ if (aors == NULL -+ || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi))) - return 0; - if (sk_IPAddressOrRange_push(aors, aor)) - return 1; -@@ -995,7 +999,10 @@ static void *v2i_IPAddrBlocks(const struct v3_ext_method *method, - switch (delim) { - case '/': - prefixlen = (int)strtoul(s + i2, &t, 10); -- if (t == s + i2 || *t != '\0') { -+ if (t == s + i2 -+ || *t != '\0' -+ || prefixlen > (length * 8) -+ || prefixlen < 0) { - ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); - X509V3_conf_add_error_name_value(val); - goto err; -diff --git a/crypto/x509/v3_lib.c b/crypto/x509/v3_lib.c -index 42b6ff15277e..5c05b56d9c7f 100644 ---- a/crypto/x509/v3_lib.c -+++ b/crypto/x509/v3_lib.c -@@ -242,8 +242,10 @@ int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, - } - /* If delete, just delete it */ - if (ext_op == X509V3_ADD_DELETE) { -- if (!sk_X509_EXTENSION_delete(*x, extidx)) -+ extmp = sk_X509_EXTENSION_delete(*x, extidx); -+ if (extmp == NULL) - return -1; -+ X509_EXTENSION_free(extmp); - return 1; - } - } else { -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 2f175ca517f5..575047cdb693 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -351,8 +351,6 @@ static int check_issued(ossl_unused X509_STORE_CTX *ctx, X509 *x, X509 *issuer) - * SUBJECT_ISSUER_MISMATCH just means 'x' is clearly not issued by 'issuer'. - * Every other error code likely indicates a real error. - */ -- if (err != X509_V_ERR_SUBJECT_ISSUER_MISMATCH) -- ctx->error = err; - return 0; - } - -@@ -2997,7 +2995,6 @@ static int build_chain(X509_STORE_CTX *ctx) - int alt_untrusted = 0; - int max_depth; - int ok = 0; -- int prev_error = ctx->error; - int i; - - /* Our chain starts with a single untrusted element. */ -@@ -3279,8 +3276,6 @@ static int build_chain(X509_STORE_CTX *ctx) - - switch (trust) { - case X509_TRUST_TRUSTED: -- /* Must restore any previous error value for backward compatibility */ -- ctx->error = prev_error; - return 1; - case X509_TRUST_REJECTED: - /* Callback already issued */ -diff --git a/demos/mac/Makefile b/demos/mac/Makefile -index 86fb323291d2..00d2d8dbe64a 100644 ---- a/demos/mac/Makefile -+++ b/demos/mac/Makefile -@@ -11,13 +11,15 @@ - CFLAGS = $(OPENSSL_INCS_LOCATION) -Wall - LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto - --all: gmac poly1305 -+all: gmac hmac-sha512 cmac-aes256 poly1305 - - gmac: gmac.o -+hmac-sha512: hmac-sha512.o -+cmac-aes256: cmac-aes256.o - poly1305: poly1305.o - --gmac poly1305: -+gmac hmac-sha512 cmac-aes256 poly1305: - $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) - - clean: -- $(RM) gmac poly1305 *.o -+ $(RM) gmac hmac-sha512 cmac-aes256 poly1305 *.o -diff --git a/demos/mac/cmac-aes256.c b/demos/mac/cmac-aes256.c -new file mode 100644 -index 000000000000..6f4fd78b699f ---- /dev/null -+++ b/demos/mac/cmac-aes256.c -@@ -0,0 +1,154 @@ -+/*- -+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* -+ * Example of using EVP_MAC_ methods to calculate -+ * a CMAC of static buffers -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* -+ * Hard coding the key into an application is very bad. -+ * It is done here solely for educational purposes. -+ */ -+static unsigned char key[] = { -+ 0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, -+ 0x12, 0x39, 0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, -+ 0x48, 0xd0, 0xb6, 0x51, 0x89, 0xfc, 0x24, 0x85, -+ 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14, 0xc8, 0xce, -+}; -+ -+static const unsigned char data[] = -+ "To be, or not to be, that is the question,\n" -+ "Whether tis nobler in the minde to suffer\n" -+ "The ſlings and arrowes of outragious fortune,\n" -+ "Or to take Armes again in a sea of troubles,\n" -+ "And by opposing, end them, to die to sleep;\n" -+ "No more, and by a sleep, to say we end\n" -+ "The heart-ache, and the thousand natural shocks\n" -+ "That flesh is heir to? tis a consumation\n" -+ "Devoutly to be wished. To die to sleep,\n" -+ "To sleepe, perchance to dreame, Aye, there's the rub,\n" -+ "For in that sleep of death what dreams may come\n" -+ "When we haue shuffled off this mortal coil\n" -+ "Must give us pause. There's the respect\n" -+ "That makes calamity of so long life:\n" -+ "For who would bear the Ships and Scorns of time,\n" -+ "The oppressor's wrong, the proud man's Contumely,\n" -+ "The pangs of dispised love, the Law's delay,\n" -+; -+ -+/* The known value of the CMAC/AES256 MAC of the above soliloqy */ -+static const unsigned char expected_output[] = { -+ 0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, -+ 0x78, 0xd4, 0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56, -+}; -+ -+/* -+ * A property query used for selecting the MAC implementation. -+ */ -+static const char *propq = NULL; -+ -+int main(void) -+{ -+ int rv = EXIT_FAILURE; -+ OSSL_LIB_CTX *library_context = NULL; -+ EVP_MAC *mac = NULL; -+ EVP_MAC_CTX *mctx = NULL; -+ unsigned char *out = NULL; -+ size_t out_len = 0; -+ OSSL_PARAM params[4], *p = params; -+ char cipher_name[] = "aes256"; -+ -+ library_context = OSSL_LIB_CTX_new(); -+ if (library_context == NULL) { -+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); -+ goto end; -+ } -+ -+ /* Fetch the CMAC implementation */ -+ mac = EVP_MAC_fetch(library_context, "CMAC", propq); -+ if (mac == NULL) { -+ fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); -+ goto end; -+ } -+ -+ /* Create a context for the CMAC operation */ -+ mctx = EVP_MAC_CTX_new(mac); -+ if (mctx == NULL) { -+ fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); -+ goto end; -+ } -+ -+ /* The underlying cipher to be used */ -+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name, -+ sizeof(cipher_name)); -+ *p = OSSL_PARAM_construct_end(); -+ -+ /* Initialise the CMAC operation */ -+ if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { -+ fprintf(stderr, "EVP_MAC_init() failed\n"); -+ goto end; -+ } -+ -+ /* Make one or more calls to process the data to be authenticated */ -+ if (!EVP_MAC_update(mctx, data, sizeof(data))) { -+ fprintf(stderr, "EVP_MAC_update() failed\n"); -+ goto end; -+ } -+ -+ /* Make a call to the final with a NULL buffer to get the length of the MAC */ -+ if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { -+ fprintf(stderr, "EVP_MAC_final() failed\n"); -+ goto end; -+ } -+ out = OPENSSL_malloc(out_len); -+ if (out == NULL) { -+ fprintf(stderr, "malloc failed\n"); -+ goto end; -+ } -+ /* Make one call to the final to get the MAC */ -+ if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { -+ fprintf(stderr, "EVP_MAC_final() failed\n"); -+ goto end; -+ } -+ -+ printf("Generated MAC:\n"); -+ BIO_dump_indent_fp(stdout, out, out_len, 2); -+ putchar('\n'); -+ -+ if (out_len != sizeof(expected_output)) { -+ fprintf(stderr, "Generated MAC has an unexpected length\n"); -+ goto end; -+ } -+ -+ if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { -+ fprintf(stderr, "Generated MAC does not match expected value\n"); -+ goto end; -+ } -+ -+ rv = EXIT_SUCCESS; -+end: -+ if (rv != EXIT_SUCCESS) -+ ERR_print_errors_fp(stderr); -+ /* OpenSSL free functions will ignore NULL arguments */ -+ OPENSSL_free(out); -+ EVP_MAC_CTX_free(mctx); -+ EVP_MAC_free(mac); -+ OSSL_LIB_CTX_free(library_context); -+ return rv; -+} -diff --git a/demos/mac/hmac-sha512.c b/demos/mac/hmac-sha512.c -new file mode 100644 -index 000000000000..c258b90ee395 ---- /dev/null -+++ b/demos/mac/hmac-sha512.c -@@ -0,0 +1,166 @@ -+/*- -+ * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the Apache License 2.0 (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+/* -+ * Example of using EVP_MAC_ methods to calculate -+ * a HMAC of static buffers -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* -+ * Hard coding the key into an application is very bad. -+ * It is done here solely for educational purposes. -+ */ -+static unsigned char key[] = { -+ 0x25, 0xfd, 0x12, 0x99, 0xdf, 0xad, 0x1a, 0x03, -+ 0x0a, 0x81, 0x3c, 0x2d, 0xcc, 0x05, 0xd1, 0x5c, -+ 0x17, 0x7a, 0x36, 0x73, 0x17, 0xef, 0x41, 0x75, -+ 0x71, 0x18, 0xe0, 0x1a, 0xda, 0x99, 0xc3, 0x61, -+ 0x38, 0xb5, 0xb1, 0xe0, 0x82, 0x2c, 0x70, 0xa4, -+ 0xc0, 0x8e, 0x5e, 0xf9, 0x93, 0x9f, 0xcf, 0xf7, -+ 0x32, 0x4d, 0x0c, 0xbd, 0x31, 0x12, 0x0f, 0x9a, -+ 0x15, 0xee, 0x82, 0xdb, 0x8d, 0x29, 0x54, 0x14, -+}; -+ -+static const unsigned char data[] = -+ "To be, or not to be, that is the question,\n" -+ "Whether tis nobler in the minde to suffer\n" -+ "The ſlings and arrowes of outragious fortune,\n" -+ "Or to take Armes again in a sea of troubles,\n" -+ "And by opposing, end them, to die to sleep;\n" -+ "No more, and by a sleep, to say we end\n" -+ "The heart-ache, and the thousand natural shocks\n" -+ "That flesh is heir to? tis a consumation\n" -+ "Devoutly to be wished. To die to sleep,\n" -+ "To sleepe, perchance to dreame, Aye, there's the rub,\n" -+ "For in that sleep of death what dreams may come\n" -+ "When we haue shuffled off this mortal coil\n" -+ "Must give us pause. There's the respect\n" -+ "That makes calamity of so long life:\n" -+ "For who would bear the Ships and Scorns of time,\n" -+ "The oppressor's wrong, the proud man's Contumely,\n" -+ "The pangs of dispised love, the Law's delay,\n" -+; -+ -+/* The known value of the HMAC/SHA3-512 MAC of the above soliloqy */ -+static const unsigned char expected_output[] = { -+ 0x3b, 0x77, 0x5f, 0xf1, 0x4f, 0x9e, 0xb9, 0x23, -+ 0x8f, 0xdc, 0xa0, 0x68, 0x15, 0x7b, 0x8a, 0xf1, -+ 0x96, 0x23, 0xaa, 0x3c, 0x1f, 0xe9, 0xdc, 0x89, -+ 0x11, 0x7d, 0x58, 0x07, 0xe7, 0x96, 0x17, 0xe3, -+ 0x44, 0x8b, 0x03, 0x37, 0x91, 0xc0, 0x6e, 0x06, -+ 0x7c, 0x54, 0xe4, 0xa4, 0xcc, 0xd5, 0x16, 0xbb, -+ 0x5e, 0x4d, 0x64, 0x7d, 0x88, 0x23, 0xc9, 0xb7, -+ 0x25, 0xda, 0xbe, 0x4b, 0xe4, 0xd5, 0x34, 0x30, -+}; -+ -+/* -+ * A property query used for selecting the MAC implementation. -+ */ -+static const char *propq = NULL; -+ -+int main(void) -+{ -+ int rv = EXIT_FAILURE; -+ OSSL_LIB_CTX *library_context = NULL; -+ EVP_MAC *mac = NULL; -+ EVP_MAC_CTX *mctx = NULL; -+ EVP_MD_CTX *digest_context = NULL; -+ unsigned char *out = NULL; -+ size_t out_len = 0; -+ OSSL_PARAM params[4], *p = params; -+ char digest_name[] = "SHA3-512"; -+ -+ library_context = OSSL_LIB_CTX_new(); -+ if (library_context == NULL) { -+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); -+ goto end; -+ } -+ -+ /* Fetch the HMAC implementation */ -+ mac = EVP_MAC_fetch(library_context, "HMAC", propq); -+ if (mac == NULL) { -+ fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); -+ goto end; -+ } -+ -+ /* Create a context for the HMAC operation */ -+ mctx = EVP_MAC_CTX_new(mac); -+ if (mctx == NULL) { -+ fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); -+ goto end; -+ } -+ -+ /* The underlying digest to be used */ -+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, digest_name, -+ sizeof(digest_name)); -+ *p = OSSL_PARAM_construct_end(); -+ -+ /* Initialise the HMAC operation */ -+ if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { -+ fprintf(stderr, "EVP_MAC_init() failed\n"); -+ goto end; -+ } -+ -+ /* Make one or more calls to process the data to be authenticated */ -+ if (!EVP_MAC_update(mctx, data, sizeof(data))) { -+ fprintf(stderr, "EVP_MAC_update() failed\n"); -+ goto end; -+ } -+ -+ /* Make a call to the final with a NULL buffer to get the length of the MAC */ -+ if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { -+ fprintf(stderr, "EVP_MAC_final() failed\n"); -+ goto end; -+ } -+ out = OPENSSL_malloc(out_len); -+ if (out == NULL) { -+ fprintf(stderr, "malloc failed\n"); -+ goto end; -+ } -+ /* Make one call to the final to get the MAC */ -+ if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { -+ fprintf(stderr, "EVP_MAC_final() failed\n"); -+ goto end; -+ } -+ -+ printf("Generated MAC:\n"); -+ BIO_dump_indent_fp(stdout, out, out_len, 2); -+ putchar('\n'); -+ -+ if (out_len != sizeof(expected_output)) { -+ fprintf(stderr, "Generated MAC has an unexpected length\n"); -+ goto end; -+ } -+ -+ if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { -+ fprintf(stderr, "Generated MAC does not match expected value\n"); -+ goto end; -+ } -+ -+ rv = EXIT_SUCCESS; -+end: -+ if (rv != EXIT_SUCCESS) -+ ERR_print_errors_fp(stderr); -+ /* OpenSSL free functions will ignore NULL arguments */ -+ OPENSSL_free(out); -+ EVP_MD_CTX_free(digest_context); -+ EVP_MAC_CTX_free(mctx); -+ EVP_MAC_free(mac); -+ OSSL_LIB_CTX_free(library_context); -+ return rv; -+} -diff --git a/doc/man1/openssl-cmds.pod.in b/doc/man1/openssl-cmds.pod.in -index a1097904df1d..4cfb7ce4ee05 100644 ---- a/doc/man1/openssl-cmds.pod.in -+++ b/doc/man1/openssl-cmds.pod.in -@@ -8,6 +8,7 @@ - asn1parse, - ca, - ciphers, -+cmp, - cms, - crl, - crl2pkcs7, -@@ -88,6 +89,7 @@ L, - L, - L, - L, -+L, - L, - L, - L, -diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in -index 869670125789..f6f1e3882ed7 100644 ---- a/doc/man1/openssl-ec.pod.in -+++ b/doc/man1/openssl-ec.pod.in -@@ -118,8 +118,8 @@ a public key. - =item B<-conv_form> I - - This specifies how the points on the elliptic curve are converted --into octet strings. Possible values are: B (the default --value), B and B. For more information regarding -+into octet strings. Possible values are: B, B (the -+default value) and B. For more information regarding - the point conversion forms please read the X9.62 standard. - B Due to patent issues the B option is disabled - by default for binary curves and can be enabled by defining -diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in -index b86f409ce81e..d05f380bdeaf 100644 ---- a/doc/man1/openssl-x509.pod.in -+++ b/doc/man1/openssl-x509.pod.in -@@ -496,23 +496,27 @@ See L for details. - - Sets the CA serial number file to use. - --When the B<-CA> option is used to sign a certificate it uses a serial --number specified in a file. This file consists of one line containing --an even number of hex digits with the serial number to use. After each --use the serial number is incremented and written out to the file again. -+When creating a certificate with this option and with the B<-CA> option, -+the certificate serial number is stored in the given file. -+This file consists of one line containing -+an even number of hex digits with the serial number used last time. -+After reading this number, it is incremented and used, and the file is updated. - - The default filename consists of the CA certificate file base name with - F<.srl> appended. For example if the CA certificate file is called - F it expects to find a serial number file called - F. - -+If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial> -+is given and the default serial number file does not exist, -+a random number is generated; this is the recommended practice. -+ - =item B<-CAcreateserial> - --With this option the CA serial number file is created if it does not exist: --it will contain the serial number "02" and the certificate being signed will --have the 1 as its serial number. If the B<-CA> option is specified --and the serial number file does not exist a random number is generated; --this is the recommended practice. -+With this option and the B<-CA> option -+the CA serial number file is created if it does not exist. -+A random number is generated, used for the certificate, -+and saved into the serial number file determined as described above. - - =back - -diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod -index b6f4029a678d..5c7bf9465751 100644 ---- a/doc/man1/openssl.pod -+++ b/doc/man1/openssl.pod -@@ -704,15 +704,19 @@ The value is a comma separated list of names, with the following - - =item B - --The tracing functionality. -+Traces the OpenSSL trace API itself. -+ -+=item B -+ -+Traces OpenSSL library initialization and cleanup. - - =item B - --General SSL/TLS. -+Traces the TLS/SSL protocol. - - =item B - --SSL/TLS cipher. -+Traces the ciphers used by the TLS/SSL protocol. - - =item B - -@@ -731,24 +735,44 @@ of generated for each change. - - =item B - --PKCS#5 v2 keygen. -+Traces PKCS#5 v2 key generation. - - =item B - --PKCS#12 key generation. -+Traces PKCS#12 key generation. - - =item B - --PKCS#12 decryption. -+Traces PKCS#12 decryption. - - =item B - --Generates the complete policy tree at various point during X.509 v3 -+Generates the complete policy tree at various points during X.509 v3 - policy evaluation. - - =item B - --BIGNUM context. -+Traces BIGNUM context operations. -+ -+=item B -+ -+Traces CMP client and server activity. -+ -+=item B -+ -+Traces STORE operations. -+ -+=item B -+ -+Traces decoder operations. -+ -+=item B -+ -+Traces encoder operations. -+ -+=item B -+ -+Traces decrementing certain ASN.1 structure references. - - =back - -diff --git a/doc/man3/DH_new.pod b/doc/man3/DH_new.pod -index 62c61c3d393b..dc073b4e3f95 100644 ---- a/doc/man3/DH_new.pod -+++ b/doc/man3/DH_new.pod -@@ -8,6 +8,10 @@ DH_new, DH_free - allocate and free DH objects - - #include - -+The following functions have been deprecated since OpenSSL 3.0, and can be -+hidden entirely by defining B with a suitable version value, -+see L: -+ - DH* DH_new(void); - - void DH_free(DH *dh); -@@ -32,7 +36,14 @@ DH_free() returns no value. - - L, L, - L, --L -+L, -+L -+ -+=head1 HISTORY -+ -+All of these functions were deprecated in OpenSSL 3.0. -+ -+For replacement see EVP_PKEY-DH(7). - - =head1 COPYRIGHT - -diff --git a/doc/man3/DH_new_by_nid.pod b/doc/man3/DH_new_by_nid.pod -index d5ad0ff6ce93..808205f1960d 100644 ---- a/doc/man3/DH_new_by_nid.pod -+++ b/doc/man3/DH_new_by_nid.pod -@@ -7,12 +7,13 @@ DH_new_by_nid, DH_get_nid - create or get DH named parameters - =head1 SYNOPSIS - - #include -- DH *DH_new_by_nid(int nid); - - The following functions have been deprecated since OpenSSL 3.0, and can be - hidden entirely by defining B with a suitable version value, - see L: - -+ DH *DH_new_by_nid(int nid); -+ - int DH_get_nid(const DH *dh); - - =head1 DESCRIPTION -@@ -37,7 +38,7 @@ and optionally q, otherwise it returns B if there is no match. - - =head1 HISTORY - --The DH_get_nid() function was deprecated in OpenSSL 3.0. -+All of these functions were deprecated in OpenSSL 3.0. - - =head1 COPYRIGHT - -diff --git a/doc/man3/EC_KEY_new.pod b/doc/man3/EC_KEY_new.pod -index ce5f5e491f73..98c9adc8ae3a 100644 ---- a/doc/man3/EC_KEY_new.pod -+++ b/doc/man3/EC_KEY_new.pod -@@ -43,7 +43,7 @@ hidden entirely by defining B with a suitable version value, - const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); - int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); - const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); -- int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); -+ int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key); - const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); - int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); - point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); -@@ -136,7 +136,9 @@ that it is valid. - The functions EC_KEY_get0_group(), EC_KEY_set_group(), - EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), - and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, --and the EC_POINT public key for the I respectively. -+and the EC_POINT public key for the B respectively. The function -+EC_KEY_set_private_key() accepts NULL as the priv_key argument to securely clear -+the private key component from the EC_KEY. - - The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the - point_conversion_form for the I. For a description of -@@ -197,10 +199,14 @@ EC_KEY_copy() returns a pointer to the destination key, or NULL on error. - - EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set. - --EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), --EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), --EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), --EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error. -+EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_public_key(), -+EC_KEY_precompute_mult(), EC_KEY_generate_key(), EC_KEY_check_key(), -+EC_KEY_set_public_key_affine_coordinates(), EC_KEY_oct2key() and -+EC_KEY_oct2priv() return 1 on success or 0 on error. -+ -+EC_KEY_set_private_key() returns 1 on success or 0 on error except when the -+priv_key argument is NULL, in that case it returns 0, for legacy compatibility, -+and should not be treated as an error. - - EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY. - -diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod -index c3dfe4e30dc6..1afda9c19b7f 100644 ---- a/doc/man3/EVP_PKEY_gettable_params.pod -+++ b/doc/man3/EVP_PKEY_gettable_params.pod -@@ -92,7 +92,7 @@ buffer size to hold the value. - - #include - -- char *curve_name[64]; -+ char curve_name[64]; - unsigned char pub[256]; - BIGNUM *bn_priv = NULL; - -@@ -113,7 +113,6 @@ buffer size to hold the value. - /* Error */ - } - -- - BN_clear_free(bn_priv); - - =head1 SEE ALSO -diff --git a/doc/man3/OPENSSL_LH_COMPFUNC.pod b/doc/man3/OPENSSL_LH_COMPFUNC.pod -index 82beda458bc4..b4c21dba22db 100644 ---- a/doc/man3/OPENSSL_LH_COMPFUNC.pod -+++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod -@@ -28,7 +28,7 @@ OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error - - TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); - TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); -- TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); -+ TYPE *lh_TYPE_retrieve(LHASH_OF(TYPE) *table, TYPE *data); - - void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); - void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, -diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod -index ad2d73115350..a2495d35a527 100644 ---- a/doc/man3/OSSL_HTTP_REQ_CTX.pod -+++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod -@@ -66,8 +66,8 @@ I), and the maximum expected response header line length I. - A value <= 0 indicates that - the B of 4KiB should be used. - I is also used as the number of content bytes that are read at a time. --The allocated context structure is also populated with an internal allocated --memory B, which collects the HTTP request and additional headers as text. -+The allocated context structure includes an internal memory B, -+which collects the HTTP request header lines. - - OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I. - The I is not free'd, I will be free'd if I is set. -@@ -80,7 +80,7 @@ that the request should go through, otherwise they should be left NULL. - I is the HTTP request path; if left NULL, C is used. - - OSSL_HTTP_REQ_CTX_add1_header() adds header I with value I to the --context I. It can be called more than once to add multiple headers. -+context I. It can be called more than once to add multiple header lines. - For example, to add a C header for C you would call: - - OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com"); -@@ -96,7 +96,7 @@ If the I parameter is nonzero a structure in ASN.1 encoding will be - expected as the response content and input streaming is disabled. This means - that an ASN.1 sequence header is required, its length field is checked, and - OSSL_HTTP_REQ_CTX_get0_mem_bio() should be used to get the buffered response. --Otherwise any input format is allowed without length checks, which is the default. -+Otherwise (by default) any input format is allowed without length checks. - In this case the BIO given as I argument to OSSL_HTTP_REQ_CTX_new() should - be used directly to read the response contents, which may support streaming. - If the I parameter is > 0 this indicates the maximum number of seconds -@@ -124,7 +124,7 @@ The HTTP header C is filled out with the length of the request. - I must be NULL if I is NULL. - If I isn't NULL, - the HTTP header C is also added with the given string value. --All of this ends up in the internal memory B. -+The header lines are added to the internal memory B for the request header. - - OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared in I - and to gather the response via HTTP, using the I and I -@@ -143,17 +143,17 @@ On success it returns a pointer to the BIO that can be used to read the result. - If an ASN.1-encoded response was expected, this is the BIO - returned by OSSL_HTTP_REQ_CTX_get0_mem_bio() when called after the exchange. - This memory BIO does not support streaming. --Otherwise it may be the I given when calling OSSL_HTTP_REQ_CTX_new(), --and this BIO has been read past the end of the response headers, --such that the actual response body can be read via this BIO, -+Otherwise the returned BIO is the I given to OSSL_HTTP_REQ_CTX_new(), - which may support streaming. --The returned BIO pointer must not be freed by the caller. -+When this BIO is returned, it has been read past the end of the response header, -+such that the actual response body can be read from it. -+The returned BIO pointer MUST NOT be freed by the caller. - - OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B. --Before sending the request, this could used to modify the HTTP request text. -+Before the HTTP request is sent, this could be used to adapt its header lines. - I - After receiving a response via HTTP, the BIO represents the current state of --reading the response headers. If the response was expected to be ASN.1 encoded, -+reading the response header. If the response was expected to be ASN.1 encoded, - its contents can be read via this BIO, which does not support streaming. - The returned BIO pointer must not be freed by the caller. - -@@ -200,7 +200,7 @@ Calling OSSL_HTTP_REQ_CTX_set_request_line(). - - =item 2. - --Adding extra headers with OSSL_HTTP_REQ_CTX_add1_header(). -+Adding extra header lines with OSSL_HTTP_REQ_CTX_add1_header(). - This is optional and may be done multiple times with different names. - - =item 3. -@@ -229,7 +229,7 @@ OSSL_HTTP_REQ_CTX_nbio() and OSSL_HTTP_REQ_CTX_nbio_d2i() - return 1 for success, 0 on error or redirection, -1 if retry is needed. - - OSSL_HTTP_REQ_CTX_exchange() and OSSL_HTTP_REQ_CTX_get0_mem_bio() --return a pointer to a B on success and NULL on failure. -+return a pointer to a B on success as described above or NULL on failure. - The returned BIO must not be freed by the caller. - - OSSL_HTTP_REQ_CTX_get_resp_len() returns the size of the response contents -diff --git a/doc/man3/OSSL_HTTP_transfer.pod b/doc/man3/OSSL_HTTP_transfer.pod -index 7e823db3eab5..f7d28d2b403d 100644 ---- a/doc/man3/OSSL_HTTP_transfer.pod -+++ b/doc/man3/OSSL_HTTP_transfer.pod -@@ -102,8 +102,8 @@ The callback function may modify the BIO provided in the I argument, - whereby it may make use of a custom defined argument I, - which may for instance point to an B structure. - During connection establishment, just after calling BIO_do_connect_retry(), the --callback function is invoked with the I argument being 1 and the I --argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled, else 0. -+callback function is invoked with the I argument being 1 and -+I being 1 if I is nonzero (i.e., HTTPS is requested), else 0. - On disconnect I is 0 and I is 1 if no error occurred, else 0. - For instance, on connect the callback may push an SSL BIO to implement HTTPS; - after disconnect it may do some diagnostic output and pop and free the SSL BIO. -@@ -202,7 +202,7 @@ an ASN.1-encoded response is expected, which should include a total length, - the length indications received are checked for consistency - and for not exceeding any given maximum response length. - If an ASN.1-encoded response is expected, the function returns on success --the contents as a memory BIO, which does not support streaming. -+the contents buffered in a memory BIO, which does not support streaming. - Otherwise it returns directly the read BIO that holds the response contents, - which allows a response of indefinite length and may support streaming. - The caller is responsible for freeing the BIO pointer obtained. -@@ -253,8 +253,8 @@ OSSL_HTTP_proxy_connect() and OSSL_HTTP_set1_request() - return 1 on success, 0 on error. - - On success, OSSL_HTTP_exchange(), OSSL_HTTP_get(), and OSSL_HTTP_transfer() --return a memory BIO containing the data received if an ASN.1-encoded response --is expected, else a BIO that may support streaming. -+return a memory BIO that buffers all the data received if an ASN.1-encoded -+response is expected, otherwise a BIO that may support streaming. - The BIO must be freed by the caller. - On failure, they return NULL. - Failure conditions include connection/transfer timeout, parse errors, etc. -diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod -index 7564c6084213..616223b0e115 100644 ---- a/doc/man3/OSSL_trace_set_channel.pod -+++ b/doc/man3/OSSL_trace_set_channel.pod -@@ -136,6 +136,10 @@ Traces the TLS/SSL protocol. - - Traces the ciphers used by the TLS/SSL protocol. - -+=item B -+ -+Traces details about the provider and engine configuration. -+ - =item B - - Traces the ENGINE algorithm table selection. -@@ -175,9 +179,25 @@ point during evaluation. - - Traces BIGNUM context operations. - --=item B -+=item B - --Traces details about the provider and engine configuration. -+Traces CMP client and server activity. -+ -+=item B -+ -+Traces STORE operations. -+ -+=item B -+ -+Traces decoder operations. -+ -+=item B -+ -+Traces encoder operations. -+ -+=item B -+ -+Traces decrementing certain ASN.1 structure references. - - =back - -diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod -index f08656bb85b3..3989766c9c70 100644 ---- a/doc/man3/SSL_CTX_use_certificate.pod -+++ b/doc/man3/SSL_CTX_use_certificate.pod -@@ -92,10 +92,10 @@ SSL_CTX_use_PrivateKey() adds B as private key to B. - SSL_CTX_use_RSAPrivateKey() adds the private key B of type RSA - to B. SSL_use_PrivateKey() adds B as private key to B; - SSL_use_RSAPrivateKey() adds B as private key of type RSA to B. --If a certificate has already been set and the private does not belong --to the certificate an error is returned. To change a certificate, private --key pair the new certificate needs to be set with SSL_use_certificate() --or SSL_CTX_use_certificate() before setting the private key with -+If a certificate has already been set and the private key does not belong -+to the certificate an error is returned. To change a [certificate/private-key] -+pair, the new certificate needs to be set first with SSL_use_certificate() or -+SSL_CTX_use_certificate() before setting the private key with - SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). - - SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 -@@ -149,7 +149,8 @@ Files of type SSL_FILETYPE_PEM can contain more than one item. - - SSL_CTX_use_certificate_chain_file() adds the first certificate found - in the file to the certificate store. The other certificates are added --to the store of chain certificates using L. Note: versions of OpenSSL before 1.0.2 only had a single -+to the store of chain certificates using L. -+Note: versions of OpenSSL before 1.0.2 only had a single - certificate chain store for all certificate types, OpenSSL 1.0.2 and later - have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() - should be used instead of the SSL_CTX_use_certificate_file() function in order -diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod -index 7c3b2c960432..4a2e81b0dbdf 100644 ---- a/doc/man3/X509V3_get_d2i.pod -+++ b/doc/man3/X509V3_get_d2i.pod -@@ -19,7 +19,7 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions - int crit, unsigned long flags); - - void *X509V3_EXT_d2i(X509_EXTENSION *ext); -- X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); -+ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); - - void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); - int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, -@@ -41,7 +41,7 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions - - X509V3_get_d2i() looks for an extension with OID I in the extensions - I and, if found, decodes it. If I is NULL then only one --occurrence of an extension is permissible otherwise the first extension after -+occurrence of an extension is permissible, otherwise the first extension after - index I<*idx> is returned and I<*idx> updated to the location of the extension. - If I is not NULL then I<*crit> is set to a status value: -2 if the - extension occurs multiple times (this is only returned if I is NULL), -@@ -57,24 +57,24 @@ X509V3_EXT_d2i() attempts to decode the ASN.1 data contained in extension - I and returns a pointer to an extension specific structure or NULL - if the extension could not be decoded (invalid syntax or not supported). - --X509V3_EXT_i2d() encodes the extension specific structure I -+X509V3_EXT_i2d() encodes the extension specific structure I - with OID I and criticality I. - - X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of --certificate I, they are otherwise identical to X509V3_get_d2i() and --X509V3_add_i2d(). -+certificate I. They are otherwise identical to X509V3_get_d2i() and -+X509V3_add1_i2d(). - - X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions --of CRL I, they are otherwise identical to X509V3_get_d2i() and --X509V3_add_i2d(). -+of CRL I. They are otherwise identical to X509V3_get_d2i() and -+X509V3_add1_i2d(). - - X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the --extensions of B structure I (i.e for CRL entry extensions), --they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d(). -+extensions of B structure I (i.e for CRL entry extensions). -+They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d(). - - X509_get0_extensions(), X509_CRL_get0_extensions() and --X509_REVOKED_get0_extensions() return a stack of all the extensions --of a certificate a CRL or a CRL entry respectively. -+X509_REVOKED_get0_extensions() return a STACK of all the extensions -+of a certificate, a CRL or a CRL entry respectively. - - =head1 NOTES - -@@ -84,32 +84,35 @@ occurrences is an error. Therefore, the I parameter is usually NULL. - The I parameter may be one of the following values. - - B appends a new extension only if the extension does --not already exist. An error is returned if the extension does already --exist. -+not exist. An error is returned if the extension exists. - - B appends a new extension, ignoring whether the extension --already exists. -+exists. - --B replaces an extension if it exists otherwise appends --a new extension. -+B replaces an existing extension. If the extension does -+not exist, appends a new extension. - --B replaces an existing extension if it exists --otherwise returns an error. -+B replaces an existing extension. If the -+extension does not exist, returns an error. - - B appends a new extension only if the extension does --not already exist. An error B returned if the extension does already --exist. -+not exist. An error is B returned if the extension exists. - --B extension I is deleted: no new extension is added. -+B deletes and frees an existing extension. If the extension -+does not exist, returns an error. No new extension is added. - --If B is ored with I: any error returned will not --be added to the error queue. -+If B is bitwise ORed with I: any error returned -+will not be added to the error queue. - - The function X509V3_get_d2i() and its variants - will return NULL if the extension is not - found, occurs multiple times or cannot be decoded. It is possible to - determine the precise reason by checking the value of I<*crit>. - -+The function X509V3_add1_i2d() and its variants allocate B -+objects on STACK I<*x> depending on I. The B objects -+must be explicitly freed using X509_EXTENSION_free(). -+ - =head1 SUPPORTED EXTENSIONS - - The following sections contain a list of all supported extensions -diff --git a/doc/man3/X509_CRL_get0_by_serial.pod b/doc/man3/X509_CRL_get0_by_serial.pod -index d1e0f077a3a8..e0061563bc7a 100644 ---- a/doc/man3/X509_CRL_get0_by_serial.pod -+++ b/doc/man3/X509_CRL_get0_by_serial.pod -@@ -30,42 +30,42 @@ functions - - =head1 DESCRIPTION - --X509_CRL_get0_by_serial() attempts to find a revoked entry in B for --serial number B. If it is successful it sets B<*ret> to the internal --pointer of the matching entry, as a result B<*ret> must not be freed up -+X509_CRL_get0_by_serial() attempts to find a revoked entry in I for -+serial number I. If it is successful, it sets I<*ret> to the internal -+pointer of the matching entry. As a result, I<*ret> B be freed - after the call. - - X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it --looks for a revoked entry using the serial number of certificate B. -+looks for a revoked entry using the serial number of certificate I. - --X509_CRL_get_REVOKED() returns an internal pointer to a stack of all --revoked entries for B. -+X509_CRL_get_REVOKED() returns an internal pointer to a STACK of all -+revoked entries for I. - - X509_REVOKED_get0_serialNumber() returns an internal pointer to the --serial number of B. -+serial number of I. - - X509_REVOKED_get0_revocationDate() returns an internal pointer to the --revocation date of B. -+revocation date of I. - --X509_REVOKED_set_serialNumber() sets the serial number of B to B. --The supplied B pointer is not used internally so it should be --freed up after use. -+X509_REVOKED_set_serialNumber() sets the serial number of I to I. -+The supplied I pointer is not used internally so it should be -+freed after use. - --X509_REVOKED_set_revocationDate() sets the revocation date of B to --B. The supplied B pointer is not used internally so it should be --freed up after use. -+X509_REVOKED_set_revocationDate() sets the revocation date of I to -+I. The supplied I pointer is not used internally so it should be -+freed after use. - --X509_CRL_add0_revoked() appends revoked entry B to CRL B. The --pointer B is used internally so it must not be freed up after the call: -+X509_CRL_add0_revoked() appends revoked entry I to CRL I. The -+pointer I is used internally so it B be freed after the call: - it is freed when the parent CRL is freed. - --X509_CRL_sort() sorts the revoked entries of B into ascending serial -+X509_CRL_sort() sorts the revoked entries of I into ascending serial - number order. - - =head1 NOTES - - Applications can determine the number of revoked entries returned by --X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one -+X509_CRL_get_REVOKED() using sk_X509_REVOKED_num() and examine each one - in turn using sk_X509_REVOKED_value(). - - =head1 RETURN VALUES -@@ -74,16 +74,16 @@ X509_CRL_get0_by_serial() and X509_CRL_get0_by_cert() return 0 for failure, - 1 on success except if the revoked entry has the reason C (8), - in which case 2 is returned. - -+X509_CRL_get_REVOKED() returns a STACK of revoked entries. -+ -+X509_REVOKED_get0_serialNumber() returns an B structure. -+ -+X509_REVOKED_get0_revocationDate() returns an B structure. -+ - X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), - X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for - failure. - --X509_REVOKED_get0_serialNumber() returns an B pointer. -- --X509_REVOKED_get0_revocationDate() returns an B value. -- --X509_CRL_get_REVOKED() returns a STACK of revoked entries. -- - =head1 SEE ALSO - - L, -diff --git a/doc/man3/X509_STORE_CTX_new.pod b/doc/man3/X509_STORE_CTX_new.pod -index 69f763dcdc04..2319012a98e1 100644 ---- a/doc/man3/X509_STORE_CTX_new.pod -+++ b/doc/man3/X509_STORE_CTX_new.pod -@@ -210,14 +210,18 @@ It should not normally be necessary for end user applications to call - X509_STORE_CTX_purpose_inherit() directly. Typically applications should call - X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this - function it is possible to set the purpose and trust values for the I at --the same time. The I and I arguments can have the same -+the same time. -+Both I and its internal verification parameter pointer must not be NULL. -+The I and I arguments can have the same - purpose values as described for X509_STORE_CTX_set_purpose() above. The I - argument can have the same trust values as described in - X509_STORE_CTX_set_trust() above. Any of the I, I or - I values may also have the value 0 to indicate that the supplied - parameter should be ignored. After calling this function the purpose to be used --for verification is set from the I argument, and the trust is set from --the I argument. If I is 0 then the trust value will be set from -+for verification is set from the I argument unless the purpose was -+already set in I before, and the trust is set from the I argument -+unless the trust was already set in I before. -+If I is 0 then the trust value will be set from - the default trust value for I. If the default trust value for the - purpose is I and I is 0 then the default trust value - associated with the I value is used for the trust setting instead. -diff --git a/doc/man3/X509v3_get_ext_by_NID.pod b/doc/man3/X509v3_get_ext_by_NID.pod -index 8a05a1e528ac..a3f6c562b6d0 100644 ---- a/doc/man3/X509v3_get_ext_by_NID.pod -+++ b/doc/man3/X509v3_get_ext_by_NID.pod -@@ -41,7 +41,8 @@ X509_REVOKED_add_ext - extension stack utility functions - int X509_CRL_get_ext_count(const X509_CRL *x); - X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); - int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); -- int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); -+ int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, -+ int lastpos); - int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); - X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); - int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); -@@ -57,77 +58,79 @@ X509_REVOKED_add_ext - extension stack utility functions - - =head1 DESCRIPTION - --X509v3_get_ext_count() retrieves the number of extensions in B. -+X509v3_get_ext_count() retrieves the number of extensions in I. - --X509v3_get_ext() retrieves extension B from B. The index B --can take any value from B<0> to X509_get_ext_count(x) - 1. The returned --extension is an internal pointer which B be freed up by the -+X509v3_get_ext() retrieves extension I from I. The index I -+can take any value from 0 to X509_get_ext_count(I) - 1. The returned -+extension is an internal pointer which B be freed by the - application. - - X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension --with B or B from extension stack B. The search starts from the --extension after B or from the beginning if is B<-1>. If --the extension is found its index is returned otherwise B<-1> is returned. -+with I or I from extension STACK I. The search starts from the -+extension after I or from the beginning if I is -1. If -+the extension is found, its index is returned, otherwise -1 is returned. - - X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it --looks for an extension of criticality B. A zero value for B --looks for a non-critical extension a nonzero value looks for a critical -+looks for an extension of criticality I. A zero value for I -+looks for a non-critical extension. A nonzero value looks for a critical - extension. - --X509v3_delete_ext() deletes the extension with index B from B. -+X509v3_delete_ext() deletes the extension with index I from I. - The deleted extension is returned and must be freed by the caller. --If B is in invalid index value B is returned. -+If I is an invalid index value, NULL is returned. - --X509v3_add_ext() adds extension B to stack B<*x> at position B. If --B is B<-1> the new extension is added to the end. If B<*x> is B --a new stack will be allocated. The passed extension B is duplicated -+X509v3_add_ext() adds extension I to STACK I<*x> at position I. If -+I is -1, the new extension is added to the end. If I<*x> is NULL, -+a new STACK will be allocated. The passed extension I is duplicated - internally so it must be freed after use. - - X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), - X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() --and X509_add_ext() operate on the extensions of certificate B they are -+and X509_add_ext() operate on the extensions of certificate I. They are - otherwise identical to the X509v3 functions. - - X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), - X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), - X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of --CRL B they are otherwise identical to the X509v3 functions. -+CRL I. They are otherwise identical to the X509v3 functions. - - X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), - X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), - X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and --X509_REVOKED_add_ext() operate on the extensions of CRL entry B --they are otherwise identical to the X509v3 functions. -+X509_REVOKED_add_ext() operate on the extensions of CRL entry I. -+They are otherwise identical to the X509v3 functions. - - =head1 NOTES - --These functions are used to examine stacks of extensions directly. Many --applications will want to parse or encode and add an extension: they should --use the extension encode and decode functions instead such as -+These functions are used to examine stacks of extensions directly. -+Applications that want to parse or encode and add an extension should -+use the extension encode and decode functions instead, such as - X509_add1_ext_i2d() and X509_get_ext_d2i(). - --Extension indices start from zero, so a zero index return value is B an --error. These search functions start from the extension B the B --parameter so it should initially be set to B<-1>, if it is set to zero the --initial extension will not be checked. -- --=head1 BUGS -+For X509v3_get_ext_by_NID(), X509v3_get_ext_by_OBJ(), -+X509v3_get_ext_by_critical() and its variants, a zero index return value -+is not an error since extension STACK I indices start from zero. -+These search functions start from the extension B the I parameter -+so it should initially be set to -1. If it is set to zero, the initial extension -+will not be checked. - - X509v3_delete_ext() and its variants are a bit counter-intuitive - because these functions do not free the extension they delete. -+They return an B object which must be explicitly freed -+using X509_EXTENSION_free(). - - =head1 RETURN VALUES - - X509v3_get_ext_count() returns the extension count. - - X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an --B pointer or B if an error occurs. -+B structure or NULL if an error occurs. - --X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and --X509v3_get_ext_by_critical() return the an extension index or B<-1> if an -+X509v3_get_ext_by_NID(), X509v3_get_ext_by_OBJ() and -+X509v3_get_ext_by_critical() return the extension index or -1 if an - error occurs. - --X509v3_add_ext() returns a stack of extensions or B on error. -+X509v3_add_ext() returns a STACK of extensions or NULL on error. - - X509_add_ext() returns 1 on success and 0 on error. - -diff --git a/doc/man7/EVP_KDF-X942-ASN1.pod b/doc/man7/EVP_KDF-X942-ASN1.pod -index c01ec466fa15..58f0d2b15e2c 100644 ---- a/doc/man7/EVP_KDF-X942-ASN1.pod -+++ b/doc/man7/EVP_KDF-X942-ASN1.pod -@@ -30,7 +30,7 @@ can be used with the EVP_KDF_fetch() function. - - These parameters work as described in L. - --=item "key" (B) -+=item "secret" (B) - - The shared secret used for key derivation. This parameter sets the secret. - -@@ -60,7 +60,7 @@ An optional octet string containing public info contributed by the responder. - An optional octet string containing some additional, mutually-known public - information. Setting this value also sets "use-keybits" to 0. - --=item "use-keybits" (B) -+=item "use-keybits" (B) - - The default value of 1 will use the KEK key length (in bits) as the - "supp-pubinfo". A value of 0 disables setting the "supp-pubinfo". -diff --git a/doc/man7/EVP_SIGNATURE-RSA.pod b/doc/man7/EVP_SIGNATURE-RSA.pod -index 06ca036f0c46..440e1c634f84 100644 ---- a/doc/man7/EVP_SIGNATURE-RSA.pod -+++ b/doc/man7/EVP_SIGNATURE-RSA.pod -@@ -49,10 +49,10 @@ The digest algorithm name to use for the maskGenAlgorithm used by "pss" mode. - Sets the name of the property query associated with the "mgf1-digest" algorithm. - NULL is used if this optional value is not set. - --=item "pss-saltlen" (B) -+=item "saltlen" (B) or - --Set or get the "pss" mode minimum salt length. The value can either be a string --value representing a number or one of the following: -+The "pss" mode minimum salt length. The value can either be an integer, -+a string value representing a number or one of the following string values: - - =over 4 - -@@ -87,6 +87,8 @@ This common parameter is described in L. - - =item "mgf1-digest" (B) - -+=item "saltlen" (B) or -+ - These parameters are as described above. - - =back -diff --git a/include/crypto/rand.h b/include/crypto/rand.h -index fa3b5b2b9394..758aeed4af22 100644 ---- a/include/crypto/rand.h -+++ b/include/crypto/rand.h -@@ -108,15 +108,15 @@ void ossl_random_add_conf_module(void); - /* - * Get and cleanup random seed material. - */ --size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, -+size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, int entropy, - size_t min_len, size_t max_len); --void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle, -+void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); --size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, -+size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char **pout, size_t min_len, size_t max_len, - const void *salt, size_t salt_len); --void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle, -+void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, - unsigned char *buf, size_t len); - - /* -diff --git a/include/internal/core.h b/include/internal/core.h -index 48e1ba465a69..03adb66bd342 100644 ---- a/include/internal/core.h -+++ b/include/internal/core.h -@@ -30,6 +30,10 @@ - typedef struct ossl_method_construct_method_st { - /* Get a temporary store */ - void *(*get_tmp_store)(void *data); -+ /* Reserve the appropriate method store */ -+ int (*lock_store)(void *store, void *data); -+ /* Unreserve the appropriate method store */ -+ int (*unlock_store)(void *store, void *data); - /* Get an already existing method from a store */ - void *(*get)(void *store, const OSSL_PROVIDER **prov, void *data); - /* Store a method in a store */ -@@ -50,9 +54,11 @@ void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, - OSSL_PROVIDER *provider, - int (*pre)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), -+ int (*reserve_store)(int no_store, void *data), - void (*fn)(OSSL_PROVIDER *provider, - const OSSL_ALGORITHM *algo, - int no_store, void *data), -+ int (*unreserve_store)(void *data), - int (*post)(OSSL_PROVIDER *, int operation_id, - int no_store, void *data, int *result), - void *data); -diff --git a/include/internal/ffc.h b/include/internal/ffc.h -index 79cb06aba3b8..50673efb8967 100644 ---- a/include/internal/ffc.h -+++ b/include/internal/ffc.h -@@ -112,6 +112,8 @@ typedef struct ffc_params_st { - */ - const char *mdname; - const char *mdprops; -+ /* Default key length for known named groups according to RFC7919 */ -+ int keylength; - } FFC_PARAMS; - - void ossl_ffc_params_init(FFC_PARAMS *params); -@@ -205,8 +207,9 @@ const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, - int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); - const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); - #ifndef OPENSSL_NO_DH -+int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group); - const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group); --int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); -+int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); - #endif - - #endif /* OSSL_INTERNAL_FFC_H */ -diff --git a/include/internal/property.h b/include/internal/property.h -index 7e9a397a3b49..d09274d0c92c 100644 ---- a/include/internal/property.h -+++ b/include/internal/property.h -@@ -52,6 +52,10 @@ int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop); - /* Implementation store functions */ - OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); - void ossl_method_store_free(OSSL_METHOD_STORE *store); -+ -+int ossl_method_lock_store(OSSL_METHOD_STORE *store); -+int ossl_method_unlock_store(OSSL_METHOD_STORE *store); -+ - int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, - int nid, const char *properties, void *method, - int (*method_up_ref)(void *), -diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c -index 346d7eff66d9..80d048a847b0 100644 ---- a/providers/fips/self_test.c -+++ b/providers/fips/self_test.c -@@ -104,7 +104,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) - return TRUE; - } - --#elif defined(__GNUC__) -+#elif defined(__GNUC__) && !defined(_AIX) - # undef DEP_INIT_ATTRIBUTE - # undef DEP_FINI_ATTRIBUTE - # define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) -@@ -114,7 +114,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) - # pragma init(init) - # pragma fini(cleanup) - --#elif defined(_AIX) -+#elif defined(_AIX) && !defined(__GNUC__) - void _init(void); - void _cleanup(void); - # pragma init(_init) -diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c -index c4301f6b8240..23f28abf9595 100644 ---- a/providers/implementations/ciphers/ciphercommon_gcm.c -+++ b/providers/implementations/ciphers/ciphercommon_gcm.c -@@ -25,6 +25,10 @@ static int gcm_cipher_internal(PROV_GCM_CTX *ctx, unsigned char *out, - size_t *padlen, const unsigned char *in, - size_t len); - -+/* -+ * Called from EVP_CipherInit when there is currently no context via -+ * the new_ctx() function -+ */ - void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, - const PROV_GCM_HW *hw) - { -@@ -38,6 +42,9 @@ void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, - ctx->libctx = PROV_LIBCTX_OF(provctx); - } - -+/* -+ * Called by EVP_CipherInit via the _einit and _dinit functions -+ */ - static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, - const unsigned char *iv, size_t ivlen, - const OSSL_PARAM params[], int enc) -@@ -66,6 +73,7 @@ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, - } - if (!ctx->hw->setkey(ctx, key, ctx->keylen)) - return 0; -+ ctx->tls_enc_records = 0; - } - return ossl_gcm_set_ctx_params(ctx, params); - } -@@ -447,7 +455,6 @@ static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len) - buf = dat->buf; - memcpy(buf, aad, aad_len); - dat->tls_aad_len = aad_len; -- dat->tls_enc_records = 0; - - len = buf[aad_len - 2] << 8 | buf[aad_len - 1]; - /* Correct length for explicit iv. */ -diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c -index 80d6f7b35fdc..7d983f5e51c6 100644 ---- a/providers/implementations/encode_decode/encode_key2text.c -+++ b/providers/implementations/encode_decode/encode_key2text.c -@@ -220,6 +220,7 @@ static int dh_to_text(BIO *out, const void *key, int selection) - const BIGNUM *priv_key = NULL, *pub_key = NULL; - const FFC_PARAMS *params = NULL; - const BIGNUM *p = NULL; -+ long length; - - if (out == NULL || dh == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); -@@ -272,6 +273,11 @@ static int dh_to_text(BIO *out, const void *key, int selection) - if (params != NULL - && !ffc_params_to_text(out, params)) - return 0; -+ length = DH_get_length(dh); -+ if (length > 0 -+ && BIO_printf(out, "recommended-private-length: %ld bits\n", -+ length) <= 0) -+ return 0; - - return 1; - } -diff --git a/providers/implementations/rands/seeding/rand_win.c b/providers/implementations/rands/seeding/rand_win.c -index 704705425a6d..a21b74dd8685 100644 ---- a/providers/implementations/rands/seeding/rand_win.c -+++ b/providers/implementations/rands/seeding/rand_win.c -@@ -28,7 +28,9 @@ - - # ifdef USE_BCRYPTGENRANDOM - # include --# pragma comment(lib, "bcrypt.lib") -+# ifdef _MSC_VER -+# pragma comment(lib, "bcrypt.lib") -+# endif - # ifndef STATUS_SUCCESS - # define STATUS_SUCCESS ((NTSTATUS)0x00000000L) - # endif -diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c -index eb1a76912838..9a9bb77eae43 100644 ---- a/providers/implementations/signature/eddsa_sig.c -+++ b/providers/implementations/signature/eddsa_sig.c -@@ -165,8 +165,14 @@ int ed25519_digest_sign(void *vpeddsactx, unsigned char *sigret, - return 0; - } - #ifdef S390X_EC_ASM -- if (S390X_CAN_SIGN(ED25519)) -- return s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen); -+ if (S390X_CAN_SIGN(ED25519)) { -+ if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); -+ return 0; -+ } -+ *siglen = ED25519_SIGSIZE; -+ return 1; -+ } - #endif /* S390X_EC_ASM */ - if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, - peddsactx->libctx, NULL) == 0) { -@@ -196,8 +202,14 @@ int ed448_digest_sign(void *vpeddsactx, unsigned char *sigret, - return 0; - } - #ifdef S390X_EC_ASM -- if (S390X_CAN_SIGN(ED448)) -- return s390x_ed448_digestsign(edkey, sigret, tbs, tbslen); -+ if (S390X_CAN_SIGN(ED448)) { -+ if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) { -+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); -+ return 0; -+ } -+ *siglen = ED448_SIGSIZE; -+ return 1; -+ } - #endif /* S390X_EC_ASM */ - if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey, - edkey->privkey, NULL, 0, edkey->propq) == 0) { -diff --git a/ssl/ktls.c b/ssl/ktls.c -index 79d980959e3e..2b3217053043 100644 ---- a/ssl/ktls.c -+++ b/ssl/ktls.c -@@ -66,8 +66,11 @@ int ktls_configure_crypto(const SSL *s, const EVP_CIPHER *c, EVP_CIPHER_CTX *dd, - case SSL_AES128GCM: - case SSL_AES256GCM: - crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; -- if (s->version == TLS1_3_VERSION) -+ if (s->version == TLS1_3_VERSION) { - crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); -+ if (crypto_info->iv_len < 0) -+ return 0; -+ } - else - crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; - break; -diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c -index 7cf3169c39d6..7f3d1a7f0ddf 100644 ---- a/ssl/record/rec_layer_d1.c -+++ b/ssl/record/rec_layer_d1.c -@@ -874,6 +874,10 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, - int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); - if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); -+ if (eivlen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); -+ return -1; -+ } - if (eivlen <= 1) - eivlen = 0; - } -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index d26437f026c3..e8b5654c1e23 100644 ---- a/ssl/record/rec_layer_s3.c -+++ b/ssl/record/rec_layer_s3.c -@@ -832,6 +832,10 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf, - int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); - if (mode == EVP_CIPH_CBC_MODE) { - eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); -+ if (eivlen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); -+ goto err; -+ } - if (eivlen <= 1) - eivlen = 0; - } else if (mode == EVP_CIPH_GCM_MODE) { -diff --git a/ssl/record/ssl3_record_tls13.c b/ssl/record/ssl3_record_tls13.c -index 8671b610e7f2..45eefcede0b6 100644 ---- a/ssl/record/ssl3_record_tls13.c -+++ b/ssl/record/ssl3_record_tls13.c -@@ -25,7 +25,8 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - { - EVP_CIPHER_CTX *ctx; - unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; -- size_t ivlen, taglen, offset, loop, hdrlen; -+ size_t taglen, offset, loop, hdrlen; -+ int ivlen; - unsigned char *staticiv; - unsigned char *seq; - int lenu, lenf; -@@ -62,6 +63,10 @@ int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending, - } - - ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); -+ if (ivlen < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } - - if (s->early_data_state == SSL_EARLY_DATA_WRITING - || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index f530c5066d6b..78d4f040565d 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -4301,9 +4301,10 @@ const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, - - if (prefer_sha256) { - const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); -+ const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); - -- if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2), -- OSSL_DIGEST_NAME_SHA2_256)) { -+ if (md != NULL -+ && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { - ret = tmp; - break; - } -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 54431b79c66a..942ab5c6db81 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c -@@ -555,11 +555,14 @@ int ssl_cipher_get_evp(SSL_CTX *ctx, const SSL_SESSION *s, - if (c->algorithm_mac == SSL_AEAD) - mac_pkey_type = NULL; - } else { -- if (!ssl_evp_md_up_ref(ctx->ssl_digest_methods[i])) { -+ const EVP_MD *digest = ctx->ssl_digest_methods[i]; -+ -+ if (digest == NULL -+ || !ssl_evp_md_up_ref(digest)) { - ssl_evp_cipher_free(*enc); - return 0; - } -- *md = ctx->ssl_digest_methods[i]; -+ *md = digest; - if (mac_pkey_type != NULL) - *mac_pkey_type = ctx->ssl_mac_pkey_id[i]; - if (mac_secret_size != NULL) -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index 085dcfba6ce2..68b57a532bfe 100644 ---- a/ssl/ssl_sess.c -+++ b/ssl/ssl_sess.c -@@ -748,6 +748,25 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - c->time = time(NULL); - ssl_session_calculate_timeout(c); - } -+ -+ if (s == NULL) { -+ /* -+ * new cache entry -- remove old ones if cache has become too large -+ * delete cache entry *before* add, so we don't remove the one we're adding! -+ */ -+ -+ ret = 1; -+ -+ if (SSL_CTX_sess_get_cache_size(ctx) > 0) { -+ while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) { -+ if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) -+ break; -+ else -+ ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full); -+ } -+ } -+ } -+ - SSL_SESSION_list_add(ctx, c); - - if (s != NULL) { -@@ -758,21 +777,6 @@ int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) - - SSL_SESSION_free(s); /* s == c */ - ret = 0; -- } else { -- /* -- * new cache entry -- remove old ones if cache has become too large -- */ -- -- ret = 1; -- -- if (SSL_CTX_sess_get_cache_size(ctx) > 0) { -- while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { -- if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) -- break; -- else -- ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full); -- } -- } - } - CRYPTO_THREAD_unlock(ctx->lock); - return ret; -diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c -index 7a38e01e436c..bf89e8247d6a 100644 ---- a/ssl/statem/extensions_srvr.c -+++ b/ssl/statem/extensions_srvr.c -@@ -1154,6 +1154,10 @@ int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, - } - - md = ssl_md(s->ctx, sess->cipher->algorithm2); -+ if (md == NULL) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } - if (!EVP_MD_is_a(md, - EVP_MD_get0_name(ssl_md(s->ctx, - s->s3.tmp.new_cipher->algorithm2)))) { -diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c -index b59eddae332a..3af7234342d2 100644 ---- a/ssl/statem/statem_clnt.c -+++ b/ssl/statem/statem_clnt.c -@@ -1346,12 +1346,14 @@ static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars) - s->session->cipher_id = s->session->cipher->id; - if (s->hit && (s->session->cipher_id != c->id)) { - if (SSL_IS_TLS13(s)) { -+ const EVP_MD *md = ssl_md(s->ctx, c->algorithm2); -+ - /* - * In TLSv1.3 it is valid for the server to select a different - * ciphersuite as long as the hash is the same. - */ -- if (ssl_md(s->ctx, c->algorithm2) -- != ssl_md(s->ctx, s->session->cipher->algorithm2)) { -+ if (md == NULL -+ || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, - SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); - return 0; -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index 79f9832083a4..5626e4ea2aee 100644 ---- a/ssl/statem/statem_srvr.c -+++ b/ssl/statem/statem_srvr.c -@@ -3772,6 +3772,10 @@ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, - goto err; - } - iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); -+ if (iv_len < 0) { -+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); -+ goto err; -+ } - } else { - EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", - s->ctx->propq); -diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c -index 48a0b7f6e590..51c2283db915 100644 ---- a/ssl/t1_lib.c -+++ b/ssl/t1_lib.c -@@ -1785,7 +1785,7 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - SSL_SESSION *sess = NULL; - unsigned char *sdec; - const unsigned char *p; -- int slen, renew_ticket = 0, declen; -+ int slen, ivlen, renew_ticket = 0, declen; - SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; - size_t mlen; - unsigned char tick_hmac[EVP_MAX_MD_SIZE]; -@@ -1898,9 +1898,14 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - goto end; - } - -+ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); -+ if (ivlen < 0) { -+ ret = SSL_TICKET_FATAL_ERR_OTHER; -+ goto end; -+ } -+ - /* Sanity check ticket length: must exceed keyname + IV + HMAC */ -- if (eticklen <= -- TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) { -+ if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) { - ret = SSL_TICKET_NO_DECRYPT; - goto end; - } -@@ -1918,8 +1923,8 @@ SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick, - } - /* Attempt to decrypt session data */ - /* Move p after IV to start of encrypted ticket, update length */ -- p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); -- eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); -+ p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; -+ eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; - sdec = OPENSSL_malloc(eticklen); - if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, - (int)eticklen) <= 0) { -diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c -index 13b4d71a1e4d..07d065e35e95 100644 ---- a/ssl/tls13_enc.c -+++ b/ssl/tls13_enc.c -@@ -257,13 +257,17 @@ int tls13_generate_master_secret(SSL *s, unsigned char *out, - size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - unsigned char *out) - { -- const char *mdname = EVP_MD_get0_name(ssl_handshake_md(s)); -+ const EVP_MD *md = ssl_handshake_md(s); -+ const char *mdname = EVP_MD_get0_name(md); - unsigned char hash[EVP_MAX_MD_SIZE]; - unsigned char finsecret[EVP_MAX_MD_SIZE]; - unsigned char *key = NULL; - size_t len = 0, hashlen; - OSSL_PARAM params[2], *p = params; - -+ if (md == NULL) -+ return 0; -+ - /* Safe to cast away const here since we're not "getting" any data */ - if (s->ctx->propq != NULL) - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, -@@ -281,7 +285,7 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, - } else if (SSL_IS_FIRST_HANDSHAKE(s)) { - key = s->client_finished_secret; - } else { -- if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), -+ if (!tls13_derive_finishedkey(s, md, - s->client_app_traffic_secret, - finsecret, hashlen)) - goto err; -@@ -770,7 +774,7 @@ int tls13_update_key(SSL *s, int sending) - RECORD_LAYER_reset_read_sequence(&s->rlayer); - } - -- if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), -+ if (!derive_secret_key_and_iv(s, sending, md, - s->s3.tmp.new_sym_enc, insecret, NULL, - application_traffic, - sizeof(application_traffic) - 1, secret, key, -@@ -815,7 +819,7 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen, - unsigned int hashsize, datalen; - int ret = 0; - -- if (ctx == NULL || !ossl_statem_export_allowed(s)) -+ if (ctx == NULL || md == NULL || !ossl_statem_export_allowed(s)) - goto err; - - if (!use_context) -@@ -884,7 +888,8 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen, - * - * Here Transcript-Hash is the cipher suite hash algorithm. - */ -- if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 -+ if (md == NULL -+ || EVP_DigestInit_ex(ctx, md, NULL) <= 0 - || EVP_DigestUpdate(ctx, context, contextlen) <= 0 - || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 - || EVP_DigestInit_ex(ctx, md, NULL) <= 0 -diff --git a/ssl/tls_srp.c b/ssl/tls_srp.c -index d918f0a1848d..872d1b66f8af 100644 ---- a/ssl/tls_srp.c -+++ b/ssl/tls_srp.c -@@ -238,7 +238,7 @@ int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, - BN_clear_free(s->srp_ctx.s); - s->srp_ctx.s = NULL; - if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, -- GN->N, GN->g, s->ctx->libctx, -+ s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, - s->ctx->propq)) - return -1; - -diff --git a/test/certs/setup.sh b/test/certs/setup.sh -index 21f9355b8ba3..b9766aab20fe 100755 ---- a/test/certs/setup.sh -+++ b/test/certs/setup.sh -@@ -10,7 +10,7 @@ DAYS=-1 ./mkcert.sh genroot "Root CA" root-key root-expired - # cross root and root cross cert - ./mkcert.sh genroot "Cross Root" cross-key cross-root - ./mkcert.sh genca "Root CA" root-key root-cross-cert cross-key cross-root --# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth, -+# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth - openssl x509 -in root-cert.pem -trustout \ - -addtrust serverAuth -out root+serverAuth.pem - openssl x509 -in root-cert.pem -trustout \ -@@ -79,7 +79,7 @@ openssl x509 -in sroot-cert.pem -trustout \ - - # Primary intermediate ca: ca-cert - ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert --# ca variants: CA:false, key2, DN2, issuer2, expired -+# ca variants: CA:false, no bc, key2, DN2, issuer2, expired - ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert - ./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert - ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert -diff --git a/test/ec_internal_test.c b/test/ec_internal_test.c -index 57092942a16c..5076f9894d5b 100644 ---- a/test/ec_internal_test.c -+++ b/test/ec_internal_test.c -@@ -259,6 +259,39 @@ static int underflow_test(void) - } - #endif - -+/* -+ * Tests behavior of the EC_KEY_set_private_key -+ */ -+static int set_private_key(void) -+{ -+ EC_KEY *key = NULL, *aux_key = NULL; -+ int testresult = 0; -+ -+ key = EC_KEY_new_by_curve_name(NID_secp224r1); -+ aux_key = EC_KEY_new_by_curve_name(NID_secp224r1); -+ if (!TEST_ptr(key) -+ || !TEST_ptr(aux_key) -+ || !TEST_int_eq(EC_KEY_generate_key(key), 1) -+ || !TEST_int_eq(EC_KEY_generate_key(aux_key), 1)) -+ goto err; -+ -+ /* Test setting a valid private key */ -+ if (!TEST_int_eq(EC_KEY_set_private_key(key, aux_key->priv_key), 1)) -+ goto err; -+ -+ /* Test compliance with legacy behavior for NULL private keys */ -+ if (!TEST_int_eq(EC_KEY_set_private_key(key, NULL), 0) -+ || !TEST_ptr_null(key->priv_key)) -+ goto err; -+ -+ testresult = 1; -+ -+ err: -+ EC_KEY_free(key); -+ EC_KEY_free(aux_key); -+ return testresult; -+} -+ - /* - * Tests behavior of the decoded_from_explicit_params flag and API - */ -@@ -416,6 +449,7 @@ int setup_tests(void) - #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 - ADD_TEST(underflow_test); - #endif -+ ADD_TEST(set_private_key); - ADD_TEST(decoded_flag_test); - ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); - -diff --git a/test/evp_extra_test2.c b/test/evp_extra_test2.c -index 0021c4434140..a17afc5ff369 100644 ---- a/test/evp_extra_test2.c -+++ b/test/evp_extra_test2.c -@@ -333,6 +333,10 @@ static int test_dh_tofrom_data_select(void) - OSSL_PARAM params[2]; - EVP_PKEY *key = NULL; - EVP_PKEY_CTX *gctx = NULL; -+# ifndef OPENSSL_NO_DEPRECATED_3_0 -+ const DH *dhkey; -+ const BIGNUM *privkey; -+# endif - - params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); - params[1] = OSSL_PARAM_construct_end(); -@@ -341,6 +345,11 @@ static int test_dh_tofrom_data_select(void) - && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) - && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0) - && TEST_true(do_pkey_tofrom_data_select(key, "DHX")); -+# ifndef OPENSSL_NO_DEPRECATED_3_0 -+ ret = ret && TEST_ptr(dhkey = EVP_PKEY_get0_DH(key)) -+ && TEST_ptr(privkey = DH_get0_priv_key(dhkey)) -+ && TEST_int_le(BN_num_bits(privkey), 225); -+# endif - EVP_PKEY_free(key); - EVP_PKEY_CTX_free(gctx); - return ret; -diff --git a/test/evp_test.c b/test/evp_test.c -index a3ab46010566..ce4c66ddccb3 100644 ---- a/test/evp_test.c -+++ b/test/evp_test.c -@@ -1424,6 +1424,8 @@ static int mac_test_run_mac(EVP_TEST *t) - expected->mac_name, expected->alg); - - if (expected->alg != NULL) { -+ int skip = 0; -+ - /* - * The underlying algorithm may be a cipher or a digest. - * We don't know which it is, but we can ask the MAC what it -@@ -1431,18 +1433,30 @@ static int mac_test_run_mac(EVP_TEST *t) - */ - if (OSSL_PARAM_locate_const(defined_params, - OSSL_MAC_PARAM_CIPHER) != NULL) { -- params[params_n++] = -- OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, -- expected->alg, 0); -+ if (is_cipher_disabled(expected->alg)) -+ skip = 1; -+ else -+ params[params_n++] = -+ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, -+ expected->alg, 0); - } else if (OSSL_PARAM_locate_const(defined_params, - OSSL_MAC_PARAM_DIGEST) != NULL) { -- params[params_n++] = -- OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, -- expected->alg, 0); -+ if (is_digest_disabled(expected->alg)) -+ skip = 1; -+ else -+ params[params_n++] = -+ OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, -+ expected->alg, 0); - } else { - t->err = "MAC_BAD_PARAMS"; - goto err; - } -+ if (skip) { -+ TEST_info("skipping, algorithm '%s' is disabled", expected->alg); -+ t->skip = 1; -+ t->err = NULL; -+ goto err; -+ } - } - if (expected->custom != NULL) - params[params_n++] = -@@ -3285,6 +3299,7 @@ static int digestsign_test_run(EVP_TEST *t) - t->err = "MALLOC_FAILURE"; - goto err; - } -+ got_len *= 2; - if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { - t->err = "DIGESTSIGNFINAL_ERROR"; - goto err; -@@ -3362,6 +3377,7 @@ static int oneshot_digestsign_test_run(EVP_TEST *t) - t->err = "MALLOC_FAILURE"; - goto err; - } -+ got_len *= 2; - if (!EVP_DigestSign(expected->ctx, got, &got_len, - expected->osin, expected->osin_len)) { - t->err = "DIGESTSIGN_ERROR"; -diff --git a/test/ffc_internal_test.c b/test/ffc_internal_test.c -index 026158d4ba24..f3df4ab4fdb7 100644 ---- a/test/ffc_internal_test.c -+++ b/test/ffc_internal_test.c -@@ -27,6 +27,7 @@ - #include "testutil.h" - - #include "internal/ffc.h" -+#include "crypto/security_bits.h" - - #ifndef OPENSSL_NO_DSA - static const unsigned char dsa_2048_224_sha224_p[] = { -@@ -598,6 +599,9 @@ static int ffc_private_gen_test(int index) - /* fail since N > len(q) */ - if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv))) - goto err; -+ /* s must be always set */ -+ if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv))) -+ goto err; - /* pass since 2s <= N <= len(q) */ - if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv))) - goto err; -@@ -609,9 +613,12 @@ static int ffc_private_gen_test(int index) - goto err; - if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) - goto err; -- -- /* N and s are ignored in this case */ -- if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, 0, priv))) -+ /* N is ignored in this case */ -+ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, -+ ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)), -+ priv))) -+ goto err; -+ if (!TEST_int_le(BN_num_bits(priv), 225)) - goto err; - if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) - goto err; -@@ -623,6 +630,37 @@ static int ffc_private_gen_test(int index) - BN_CTX_free(ctx); - return ret; - } -+ -+static int ffc_params_copy_test(void) -+{ -+ int ret = 0; -+ DH *dh = NULL; -+ FFC_PARAMS *params, copy; -+ -+ ossl_ffc_params_init(©); -+ -+ if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072))) -+ goto err; -+ params = ossl_dh_get0_params(dh); -+ -+ if (!TEST_int_eq(params->keylength, 275)) -+ goto err; -+ -+ if (!TEST_true(ossl_ffc_params_copy(©, params))) -+ goto err; -+ -+ if (!TEST_int_eq(copy.keylength, 275)) -+ goto err; -+ -+ if (!TEST_true(ossl_ffc_params_cmp(©, params, 0))) -+ goto err; -+ -+ ret = 1; -+err: -+ ossl_ffc_params_cleanup(©); -+ DH_free(dh); -+ return ret; -+} - #endif /* OPENSSL_NO_DH */ - - int setup_tests(void) -@@ -638,6 +676,7 @@ int setup_tests(void) - ADD_TEST(ffc_public_validate_test); - ADD_TEST(ffc_private_validate_test); - ADD_ALL_TESTS(ffc_private_gen_test, 10); -+ ADD_TEST(ffc_params_copy_test); - #endif /* OPENSSL_NO_DH */ - return 1; - } -diff --git a/test/ocspapitest.c b/test/ocspapitest.c -index 9e8c30625996..bc0c965d853b 100644 ---- a/test/ocspapitest.c -+++ b/test/ocspapitest.c -@@ -78,10 +78,14 @@ static OCSP_BASICRESP *make_dummy_resp(void) - ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); - ASN1_INTEGER *serial = ASN1_INTEGER_new(); - -- if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, -- namestr, -1, -1, 1) -- || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) -- || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) -+ if (!TEST_ptr(name) -+ || !TEST_ptr(key) -+ || !TEST_ptr(serial) -+ || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName, -+ MBSTRING_ASC, -+ namestr, -1, -1, 1)) -+ || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))) -+ || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) - goto err; - cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); - if (!TEST_ptr(bs) -diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t -index e85c7cd7513a..95df179bbe76 100644 ---- a/test/recipes/25-test_x509.t -+++ b/test/recipes/25-test_x509.t -@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/; - - setup("test_x509"); - --plan tests => 21; -+plan tests => 28; - - # Prevent MSys2 filename munging for arguments that look like file paths but - # aren't -@@ -146,3 +146,58 @@ ok(run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "iso_8601", - ok(!run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "invalid_format", - "-in", srctop_file("test/certs", "ca-cert.pem")])), - "Run with invalid -dateopt format"); -+ -+# extracts issuer from a -text formatted-output -+sub get_issuer { -+ my $f = shift(@_); -+ my $issuer = ""; -+ open my $fh, $f or die; -+ while (my $line = <$fh>) { -+ if ($line =~ /Issuer:/) { -+ $issuer = $line; -+ } -+ } -+ close $fh; -+ return $issuer; -+} -+ -+# Tests for signing certs (broken in 1.1.1o) -+my $a_key = "a-key.pem"; -+my $a_cert = "a-cert.pem"; -+my $a2_cert = "a2-cert.pem"; -+my $ca_key = "ca-key.pem"; -+my $ca_cert = "ca-cert.pem"; -+my $cnf = srctop_file('apps', 'openssl.cnf'); -+ -+# Create cert A -+ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:2048", -+ "-config", $cnf, -+ "-keyout", $a_key, "-out", $a_cert, "-days", "365", -+ "-nodes", "-subj", "/CN=test.example.com"]))); -+# Create cert CA - note key size -+ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:4096", -+ "-config", $cnf, -+ "-keyout", $ca_key, "-out", $ca_cert, "-days", "3650", -+ "-nodes", "-subj", "/CN=ca.example.com"]))); -+# Sign cert A with CA (errors on 1.1.1o) -+ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert, -+ "-CAkey", $ca_key, "-set_serial", "1234567890", -+ "-preserve_dates", "-sha256", "-text", "-out", $a2_cert]))); -+# verify issuer is CA -+ok (get_issuer($a2_cert) =~ /CN = ca.example.com/); -+ -+# Tests for issue #16080 (fixed in 1.1.1o) -+my $b_key = "b-key.pem"; -+my $b_csr = "b-cert.csr"; -+my $b_cert = "b-cert.pem"; -+# Create the CSR -+ok(run(app(["openssl", "req", "-new", "-newkey", "rsa:4096", -+ "-keyout", $b_key, "-out", $b_csr, "-nodes", -+ "-config", $cnf, -+ "-subj", "/CN=b.example.com"]))); -+# Sign it - position of "-text" matters! -+ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial", -+ "-CA", $ca_cert, "-CAkey", $ca_key, -+ "-in", $b_csr, "-out", $b_cert]))); -+# Verify issuer is CA -+ok(get_issuer($b_cert) =~ /CN = ca.example.com/); -diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t -index 7ae546e1d70c..86c2785187de 100644 ---- a/test/recipes/30-test_evp.t -+++ b/test/recipes/30-test_evp.t -@@ -104,6 +104,7 @@ my @defltfiles = qw( - evpmac_blake.txt - evpmac_poly1305.txt - evpmac_siphash.txt -+ evpmac_sm3.txt - evpmd_blake.txt - evpmd_md.txt - evpmd_mdc2.txt -diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt -index e2fbfac414bd..b463eaeca7f6 100644 ---- a/test/recipes/30-test_evp_data/evpmac_common.txt -+++ b/test/recipes/30-test_evp_data/evpmac_common.txt -@@ -239,7 +239,6 @@ Input = "Test that SHAKE128 fails" - Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f - Result = MAC_INIT_ERROR - -- - Title = CMAC tests (from FIPS module) - - MAC = CMAC -diff --git a/test/recipes/30-test_evp_data/evpmac_sm3.txt b/test/recipes/30-test_evp_data/evpmac_sm3.txt -new file mode 100644 -index 000000000000..7456b8e7a772 ---- /dev/null -+++ b/test/recipes/30-test_evp_data/evpmac_sm3.txt -@@ -0,0 +1,38 @@ -+# -+# Copyright 2022-2022 The OpenSSL Project Authors. All Rights Reserved. -+# -+# Licensed under the Apache License 2.0 (the "License"). You may not use -+# this file except in compliance with the License. You can obtain a copy -+# in the file LICENSE in the source distribution or at -+# https://www.openssl.org/source/license.html -+ -+# Tests start with one of these keywords -+# Cipher Decrypt Derive Digest Encoding MAC -+# and continue until a blank line. Lines starting with a pound sign are ignored. -+# The keyword Availablein must appear before the test name if needed. -+ -+Title = HMAC-SM3 from GM/T 0042-2015 Appendix D.3 -+ -+MAC = HMAC -+Algorithm = SM3 -+Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -+Key = 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20 -+Output = ca05e144ed05d1857840d1f318a4a8669e559fc8391f414485bfdf7bb408963a -+ -+MAC = HMAC -+Algorithm = SM3 -+Input = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd -+Key = 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425 -+Output = 220bf579ded555393f0159f66c99877822a3ecf610d1552154b41d44b94db3ae -+ -+MAC = HMAC -+Algorithm = SM3 -+Input = "Hi There" -+Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b -+Output = c0ba18c68b90c88bc07de794bfc7d2c8d19ec31ed8773bc2b390c9604e0be11e -+ -+MAC = HMAC -+Algorithm = SM3 -+Input = "what do ya want for nothing?" -+Key = "Jefe" -+Output = 2e87f1d16862e6d964b50a5200bf2b10b764faa9680a296a2405f24bec39f882 -diff --git a/test/recipes/30-test_evp_pkey_provided/DH.priv.txt b/test/recipes/30-test_evp_pkey_provided/DH.priv.txt -index 0e6f9519b4b5..0dd83429f5b6 100644 ---- a/test/recipes/30-test_evp_pkey_provided/DH.priv.txt -+++ b/test/recipes/30-test_evp_pkey_provided/DH.priv.txt -@@ -22,3 +22,4 @@ DH Private-Key: (2048 bit) - a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42: - 83:42 - GROUP: ffdhe2048 -+recommended-private-length: 224 bits -diff --git a/test/recipes/30-test_evp_pkey_provided/DH.pub.txt b/test/recipes/30-test_evp_pkey_provided/DH.pub.txt -index 325e160f36e7..491f9d9d5e1a 100644 ---- a/test/recipes/30-test_evp_pkey_provided/DH.pub.txt -+++ b/test/recipes/30-test_evp_pkey_provided/DH.pub.txt -@@ -19,3 +19,4 @@ DH Public-Key: (2048 bit) - a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42: - 83:42 - GROUP: ffdhe2048 -+recommended-private-length: 224 bits -diff --git a/test/recipes/80-test_cmp_http.t b/test/recipes/80-test_cmp_http.t -index 92f11e8ac8a5..26ba349d6496 100644 ---- a/test/recipes/80-test_cmp_http.t -+++ b/test/recipes/80-test_cmp_http.t -@@ -170,8 +170,8 @@ sub test_cmp_http_aspect { - # from $BLDTOP/test-runs/test_cmp_http and prepending the input files by SRCTOP. - - indir data_dir() => sub { -- plan tests => @server_configurations * @all_aspects -- + (grep(/^Mock$/, @server_configurations) -+ plan tests => 1 + @server_configurations * @all_aspects -+ - (grep(/^Mock$/, @server_configurations) - && grep(/^certstatus$/, @all_aspects)); - - foreach my $server_name (@server_configurations) { -@@ -196,6 +196,7 @@ indir data_dir() => sub { - }; - }; - stop_mock_server($pid) if $pid; -+ ok(1, "killing mock server"); - } - } - }; -@@ -293,4 +294,5 @@ sub stop_mock_server { - my $pid = $_[0]; - print "Killing mock server with pid=$pid\n"; - kill('KILL', $pid); -+ waitpid($pid, 0); - } -diff --git a/test/sslapitest.c b/test/sslapitest.c -index 2911d6e94b34..ac49f3ba91be 100644 ---- a/test/sslapitest.c -+++ b/test/sslapitest.c -@@ -2131,6 +2131,32 @@ static int execute_test_session(int maxprot, int use_int_cache, - goto end; - } - } -+ /* -+ * Make a small cache, force out all other sessions but -+ * sess2, try to add sess1, which should succeed. Then -+ * make sure it's there by checking the owners. Despite -+ * the timeouts, sess1 should have kicked out sess2 -+ */ -+ -+ /* Make sess1 expire before sess2 */ -+ if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0) -+ || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0) -+ || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0) -+ || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0)) -+ goto end; -+ -+ if (!TEST_long_ne(SSL_CTX_sess_set_cache_size(sctx, 1), 0)) -+ goto end; -+ -+ /* Don't care about results - cache should only be sess2 at end */ -+ SSL_CTX_add_session(sctx, sess1); -+ SSL_CTX_add_session(sctx, sess2); -+ -+ /* Now add sess1, and make sure it remains, despite timeout */ -+ if (!TEST_true(SSL_CTX_add_session(sctx, sess1)) -+ || !TEST_ptr(sess1->owner) -+ || !TEST_ptr_null(sess2->owner)) -+ goto end; - - testresult = 1; - -diff --git a/test/v3ext.c b/test/v3ext.c -index 98bd060f6717..e3f864e4ca90 100644 ---- a/test/v3ext.c -+++ b/test/v3ext.c -@@ -224,6 +224,104 @@ static int test_addr_ranges(void) - ASN1_OCTET_STRING_free(ip2); - return testresult; - } -+ -+static struct extvalues_st { -+ const char *value; -+ int pass; -+} extvalues[] = { -+ /* No prefix is ok */ -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.1\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0/0\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0/1\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0/32\n", 1 }, -+ /* Prefix is too long */ -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0/33\n", 0 }, -+ /* Unreasonably large prefix */ -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0/12341234\n", 0 }, -+ /* Invalid IP addresses */ -+ { "sbgp-ipAddrBlock = IPv4:192.0.0\n", 0 }, -+ { "sbgp-ipAddrBlock = IPv4:256.0.0.0\n", 0 }, -+ { "sbgp-ipAddrBlock = IPv4:-1.0.0.0\n", 0 }, -+ { "sbgp-ipAddrBlock = IPv4:192.0.0.0.0\n", 0 }, -+ { "sbgp-ipAddrBlock = IPv3:192.0.0.0\n", 0 }, -+ -+ /* IPv6 */ -+ /* No prefix is ok */ -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001::db8\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/0\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/1\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/32\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000/32\n", 1 }, -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/128\n", 1 }, -+ /* Prefix is too long */ -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/129\n", 0 }, -+ /* Unreasonably large prefix */ -+ { "sbgp-ipAddrBlock = IPv6:2001:db8::/12341234\n", 0 }, -+ /* Invalid IP addresses */ -+ /* Not enough blocks of numbers */ -+ { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000\n", 0 }, -+ /* Too many blocks of numbers */ -+ { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000:0000\n", 0 }, -+ /* First value too large */ -+ { "sbgp-ipAddrBlock = IPv6:1ffff:0db8:0000:0000:0000:0000:0000:0000\n", 0 }, -+ /* First value with invalid characters */ -+ { "sbgp-ipAddrBlock = IPv6:fffg:0db8:0000:0000:0000:0000:0000:0000\n", 0 }, -+ /* First value is negative */ -+ { "sbgp-ipAddrBlock = IPv6:-1:0db8:0000:0000:0000:0000:0000:0000\n", 0 } -+}; -+ -+static int test_ext_syntax(void) -+{ -+ size_t i; -+ int testresult = 1; -+ -+ for (i = 0; i < OSSL_NELEM(extvalues); i++) { -+ X509V3_CTX ctx; -+ BIO *extbio = BIO_new_mem_buf(extvalues[i].value, -+ strlen(extvalues[i].value)); -+ CONF *conf; -+ long eline; -+ -+ if (!TEST_ptr(extbio)) -+ return 0 ; -+ -+ conf = NCONF_new_ex(NULL, NULL); -+ if (!TEST_ptr(conf)) { -+ BIO_free(extbio); -+ return 0; -+ } -+ if (!TEST_long_gt(NCONF_load_bio(conf, extbio, &eline), 0)) { -+ testresult = 0; -+ } else { -+ X509V3_set_ctx_test(&ctx); -+ X509V3_set_nconf(&ctx, conf); -+ -+ if (extvalues[i].pass) { -+ if (!TEST_true(X509V3_EXT_add_nconf(conf, &ctx, "default", -+ NULL))) { -+ TEST_info("Value: %s", extvalues[i].value); -+ testresult = 0; -+ } -+ } else { -+ ERR_set_mark(); -+ if (!TEST_false(X509V3_EXT_add_nconf(conf, &ctx, "default", -+ NULL))) { -+ testresult = 0; -+ TEST_info("Value: %s", extvalues[i].value); -+ ERR_clear_last_mark(); -+ } else { -+ ERR_pop_to_mark(); -+ } -+ } -+ } -+ BIO_free(extbio); -+ NCONF_free(conf); -+ } -+ -+ return testresult; -+} - #endif /* OPENSSL_NO_RFC3779 */ - - OPT_TEST_DECLARE_USAGE("cert.pem\n") -@@ -242,6 +340,7 @@ int setup_tests(void) - #ifndef OPENSSL_NO_RFC3779 - ADD_TEST(test_asid); - ADD_TEST(test_addr_ranges); -+ ADD_TEST(test_ext_syntax); - #endif /* OPENSSL_NO_RFC3779 */ - return 1; - } -diff --git a/util/check-format-test-negatives.c b/util/check-format-test-negatives.c -index 8149ff2b58a6..9edd0b20c273 100644 ---- a/util/check-format-test-negatives.c -+++ b/util/check-format-test-negatives.c -@@ -1,7 +1,6 @@ - /* -- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. -- * Copyright Nokia 2007-2019 -- * Copyright Siemens AG 2015-2019 -+ * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright Siemens AG 2015-2022 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -14,12 +13,94 @@ - * There are some known false positives, though, which are marked below. - */ - -+#define F \ -+ void f() \ -+ { \ -+ int i; \ -+ int j; \ -+ \ -+ return; \ -+ } -+ - /*- - * allow extra SPC in format-tagged multi-line comment - */ - int f(void) /* - * trailing multi-line comment - */ -+{ -+ typedef int INT; -+ void v; -+ short b; -+ char c; -+ signed s; -+ unsigned u; -+ int i; -+ long l; -+ float f; -+ double d; -+ enum {} enu; -+ struct {} stru; -+ union {} un; -+ auto a; -+ extern e; -+ static int stat; -+ const int con; -+ volatile int vola; -+ register int reg; -+ OSSL_x y, *p = params; -+ int params[]; -+ OSSL_PARAM * (* params []) [MAX + 1]; -+ XY *(* fn)(int a, char b); -+ /* -+ * multi-line comment should not disturb detection of local decls -+ */ -+ BIO1 ***b; -+ /* intra-line comment should not disturb detection of local decls */ -+ unsigned k; -+ -+ /* intra-line comment should not disturb detection of end of local decls */ -+ -+ { -+ int x; /* just decls in block */ -+ } -+ if (p != (unsigned char *) -+ &(ctx->tmp[0])) { -+ i -= (p - (unsigned char *) /* do not confuse with var decl */ -+ &(ctx->tmp[0])); -+ } -+ { -+ ctx->buf_off = 0; /* do not confuse with var decl */ -+ return 0; -+ } -+ { -+ ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, -+ (unsigned char *)ctx->tmp, /* no decl */ -+ ctx->tmp_len); -+ } -+ { -+ EVP_EncodeFinal(ctx->base64, -+ (unsigned char *)ctx->buf, &(ctx->len)); /* no decl */ -+ /* push out the bytes */ -+ goto again; -+ } -+ { -+ f(1, (unsigned long)2); /* no decl */ -+ x; -+ } -+ { -+ char *pass_str = get_passwd(opt_srv_secret, "x"); -+ -+ if (pass_str != NULL) { -+ cleanse(opt_srv_secret); -+ res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str, -+ strlen(pass_str)); -+ clear_free(pass_str); -+ } -+ } -+} -+ -+int g(void) - { - if (ctx == NULL) { /* non-leading end-of-line comment */ - if (/* comment after '(' */ pem_name != NULL /* comment before ')' */) -@@ -35,6 +116,12 @@ int f(void) /* - ; - for (i = 0; i < 1;) - ; -+ for (;;) -+ for (; i < n; i++) -+ for (;; p++) -+ ; -+ for (;;) ; /* should not trigger: space before ';' */ -+ lab: ; /* should not trigger: space before ';' */ - - #if X - if (1) /* bad style: just part of control structure depends on #if */ -@@ -153,6 +240,12 @@ int f(void) /* - /* should not trigger: constant on LHS of comparison or assignment operator */ - X509 *x509 = NULL; - int y = a + 1 < b; -+int ret, was_NULL = *certs == NULL; -+ -+/* should not trigger: no space before binary ... operator */ -+float z = 1e-6 * (-1) * b[+6] * 1e+1 * (a)->f * (long)+1 -+ - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9); -+struct st = {-1, 0}; - - const OPTIONS passwd_options[] = { - {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, -@@ -175,6 +268,7 @@ x; - typedef OSSL_CMP_MSG *(*cmp_srv_process_cb_t) - (OSSL_CMP_SRV_CTX *ctx, OSSL_CMP_MSG *msg) - xx; -+ - int f() - { - c; -diff --git a/util/check-format-test-positives.c b/util/check-format-test-positives.c -index 6281c5cbce3b..6d2b1ce5a236 100644 ---- a/util/check-format-test-positives.c -+++ b/util/check-format-test-positives.c -@@ -1,7 +1,6 @@ - /* -- * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. -- * Copyright Nokia 2007-2019 -- * Copyright Siemens AG 2015-2019 -+ * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright Siemens AG 2015-2022 - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -73,8 +72,8 @@ void main(int n) { /*@ opening brace at end of function definition header */ - int f (int a, /*@ space after fn before '(', reported unless sloppy-spc */ - int b, /*@ hanging expr indent off by -1 */ - long I) /*@ single-letter name 'I' */ --{ int /*@ code after '{' opening a block */ -- xx = 1) + /*@ unexpected closing parenthesis */ -+{ int x; /*@ code after '{' opening a block */ -+ int xx = 1) + /*@ unexpected closing parenthesis */ - 0L < /*@ constant on LHS of comparison operator */ - a] - /*@ unexpected closing bracket */ - 3: * /*@ unexpected ':' (without preceding '?') within expr */ -@@ -85,8 +84,11 @@ int f (int a, /*@ space after fn before '(', reported unless sloppy-spc */ - (xx /*@0 unclosed parenthesis in expression */ - ? y /*@0 unclosed '? (conditional expression) */ - [0; /*@4 unclosed bracket in expression */ -- s_type s; /*@ local variable declaration indent off by -1 */ -- somefunc(a, /*@ statement indent off by -1 */ -+ /*@ blank line within local decls */ -+ s_type s; /*@2 local variable declaration indent off by -1 */ -+ t_type t; /*@ local variable declaration indent again off by -1 */ -+ /* */ /*@0 missing blank line after local decls */ -+ somefunc(a, /*@2 statement indent off by -1 */ - "aligned" /*@ expr indent off by -2 accepted if sloppy-hang */ "right" - , b, /*@ expr indent off by -1 */ - b, /*@ expr indent as on line above, accepted if sloppy-hang */ -@@ -338,11 +340,11 @@ void f_looong_body() - ; - - -- ; /*@ 2 essentially empty lines before, if !sloppy-spc */ -+ ; /*@ 2 essentially blank lines before, if !sloppy-spc */ - } /*@ function body length > 200 lines */ - #if 0 /*@0 unclosed #if */ - struct t { /*@0 unclosed brace at decl/block level */ - enum { /*@0 unclosed brace at enum/expression level */ - v = (1 /*@0 unclosed parenthesis */ -- etyp /*@0 empty line follows just before EOF, if !sloppy-spc: */ -+ etyp /*@0 blank line follows just before EOF, if !sloppy-spc: */ - -diff --git a/util/check-format.pl b/util/check-format.pl -index 62471e3c6805..be84d733ff2f 100755 ---- a/util/check-format.pl -+++ b/util/check-format.pl -@@ -1,7 +1,7 @@ - #! /usr/bin/env perl - # --# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. --# Copyright Siemens AG 2019-2020 -+# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. -+# Copyright Siemens AG 2019-2022 - # - # Licensed under the Apache License 2.0 (the "License"). - # You may not use this file except in compliance with the License. -@@ -62,9 +62,9 @@ - # except within if ... else constructs where some branch contains more than one - # statement. Since the exception is hard to recognize when such branches occur - # after the current position (such that false positives would be reported) --# the tool by checks for this rule by defaul only for do/while/for bodies. -+# the tool by checks for this rule by default only for do/while/for bodies. - # Yet with the --1-stmt option false positives are preferred over negatives. --# False negatives occur if the braces are more than two non-empty lines apart. -+# False negatives occur if the braces are more than two non-blank lines apart. - # - # * The presence of multiple consecutive spaces is regarded a coding style nit - # except when this is before end-of-line comments (unless the --eol-comment is given) and -@@ -73,7 +73,7 @@ - # # define CDE 22 - # # define F 3333 - # This pattern is recognized - and consequently extra space not reported - --# for a given line if in the nonempty line before or after (if existing) -+# for a given line if in the non-blank line before or after (if existing) - # for each occurrence of " \S" (where \S means non-space) in the given line - # there is " \S" in the other line in the respective column position. - # This may lead to both false negatives (in case of coincidental " \S") -@@ -134,10 +134,11 @@ while ($ARGV[0] =~ m/^-(\w|-[\w\-]+)$/) { - # status variables - my $self_test; # whether the current input file is regarded to contain (positive/negative) self-tests - my $line; # current line number --my $line_before; # number of previous not essentially empty line (containing at most whitespace and '\') --my $line_before2; # number of not essentially empty line before previous not essentially empty line -+my $line_before; # number of previous not essentially blank line (containing at most whitespace and '\') -+my $line_before2; # number of not essentially blank line before previous not essentially blank line - my $contents; # contents of current line (without blinding) - # $_ # current line, where comments etc. get blinded -+my $code_contents_before; # contents of previous non-comment non-directive line (without blinding), initially "" - my $contents_before; # contents of $line_before (without blinding), if $line_before > 0 - my $contents_before_; # contents of $line_before after blinding comments etc., if $line_before > 0 - my $contents_before2; # contents of $line_before2 (without blinding), if $line_before2 > 0 -@@ -168,6 +169,7 @@ my @nested_symbols; # stack of hanging symbols '(', '{', '[', or '?', in - my @nested_conds_indents; # stack of hanging indents due to conditionals ('?' ... ':') - my $expr_indent; # resulting hanging indent within (multi-line) expressions including type exprs, else 0 - my $hanging_symbol; # character ('(', '{', '[', not: '?') responsible for $expr_indent, if $expr_indent != 0 -+my $in_block_decls; # number of local declaration lines after block opening before normal statements, or -1 if no block opening - my $in_expr; # in expression after if/while/for/switch/return/enum/LHS of assignment - my $in_paren_expr; # in parenthesized if/while/for condition and switch expression, if $expr_indent != 0 - my $in_typedecl; # nesting level of typedef/struct/union/enum -@@ -191,6 +193,7 @@ sub reset_file_state { - $line = 0; - $line_before = 0; - $line_before2 = 0; -+ $code_contents_before = ""; - @nested_block_indents = (); - @nested_hanging_offsets = (); - @nested_in_typedecl = (); -@@ -198,8 +201,9 @@ sub reset_file_state { - @nested_indents = (); - @nested_conds_indents = (); - $expr_indent = 0; -- $in_paren_expr = 0; -+ $in_block_decls = -1; - $in_expr = 0; -+ $in_paren_expr = 0; - $hanging_offset = 0; - @in_do_hanging_offsets = (); - @in_if_hanging_offsets = (); -@@ -316,7 +320,7 @@ sub check_indent { # used for lines outside multi-line string literals - $contents_before) if !$sloppy_cmt && $count_before != $count; - } - # ... but allow normal indentation for the current line, else above check will be done for the line before -- if (($in_comment == 0 || $in_comment < 0) # (no commment,) intra-line comment or end of multi-line comment -+ if (($in_comment == 0 || $in_comment < 0) # (no comment,) intra-line comment or end of multi-line comment - && m/^(\s*)@[\s@]*$/) { # line begins with '@', no code follows (except '\') - if ($count == $ref_indent) { # indentation is like for (normal) code in this line - s/^(\s*)@/$1*/; # blind first '@' as '*' to prevent above delayed check for the line before -@@ -377,6 +381,7 @@ sub update_nested_indents { # may reset $in_paren_expr and in this case also res - my $in_stmt = $in_expr || @nested_symbols != 0; # not: || $in_typedecl != 0 - if ($c =~ m/[{([?]/) { # $c is '{', '(', '[', or '?' - if ($c eq "{") { # '{' in any context -+ $in_block_decls = 0 if !$in_expr && $in_typedecl == 0; - # cancel newly hanging_offset if opening brace '{' is after non-whitespace non-comment: - $hanging_offset -= INDENT_LEVEL if $hanging_offset > 0 && $head =~ m/[^\s\@]/; - push @nested_block_indents, $block_indent; -@@ -458,6 +463,7 @@ reset_file_state(); - - while (<>) { # loop over all lines of all input files - $self_test = $ARGV =~ m/check-format-test/; -+ $_ = "" if $self_test && m/ blank line within local decls /; - $line++; - s/\r$//; # strip any trailing CR '\r' (which are typical on Windows systems) - $contents = $_; -@@ -511,12 +517,12 @@ while (<>) { # loop over all lines of all input files - - # do/prepare checks within multi-line comments - my $self_test_exception = $self_test ? "@" : ""; -- if ($in_comment > 0) { # this still includes the last line of multi-line commment -+ if ($in_comment > 0) { # this still includes the last line of multi-line comment - my ($head, $any_symbol, $cmt_text) = m/^(\s*)(.?)(.*)$/; - if ($any_symbol eq "*") { -- report("no space after leading '*' in multi-line comment") if $cmt_text =~ m|^[^/\s$self_test_exception]|; -+ report("missing space or '*' after leading '*' in multi-line comment") if $cmt_text =~ m|^[^*\s/$self_test_exception]|; - } else { -- report("no leading '*' in multi-line comment"); -+ report("missing leading '*' in multi-line comment"); - } - $in_comment++; - } -@@ -524,13 +530,13 @@ while (<>) { # loop over all lines of all input files - # detect end of comment, must be within multi-line comment, check if it is preceded by non-whitespace text - if ((my ($head, $tail) = m|^(.*?)\*/(.*)$|) && $1 ne '/') { # ending comment: '*/' - report("neither space nor '*' before '*/'") if $head =~ m/[^*\s]$/; -- report("no space after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/' -+ report("missing space after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/' - if (!($head =~ m|/\*|)) { # not begin of comment '/*', which is is handled below - if ($in_comment == 0) { - report("unexpected '*/' outside comment"); - $_ = "$head@@".$tail; # blind the "*/" - } else { -- report("text before '*/' in multi-line comment") if ($head =~ m/\S/); # non-SPC before '*/' -+ report("text before '*/' in multi-line comment") if ($head =~ m/[^*\s]/); # non-SPC before '*/' - $in_comment = -1; # indicate that multi-line comment ends on current line - if ($count > 0) { - # make indentation of end of multi-line comment appear like of leading intra-line comment -@@ -547,9 +553,9 @@ while (<>) { # loop over all lines of all input files - # detect begin of comment, check if it is followed by non-space text - MATCH_COMMENT: - if (my ($head, $opt_minus, $tail) = m|^(.*?)/\*(-?)(.*)$|) { # begin of comment: '/*' -- report("no space before '/*'") -+ report("missing space before '/*'") - if $head =~ m/[^\s(\*]$/; # not space, '(', or or '*' (needed to allow '*/') before comment delimiter -- report("neither space nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/; -+ report("missing space, '*' or '!' after '/*' or '/*-'") if $tail =~ m/^[^*\s!$self_test_exception]/; - my $cmt_text = $opt_minus.$tail; # preliminary - if ($in_comment > 0) { - report("unexpected '/*' inside multi-line comment"); -@@ -562,8 +568,8 @@ while (<>) { # loop over all lines of all input files - } else { # begin of multi-line comment - my $self_test_exception = $self_test ? "(@\d?)?" : ""; - report("text after '/*' in multi-line comment") -- unless $tail =~ m/^$self_test_exception.?\s*$/; -- # tail not essentially empty, first char already checked -+ unless $tail =~ m/^$self_test_exception.?[*\s]*$/; -+ # tail not essentially blank, first char already checked - # adapt to actual indentation of first line - $comment_indent = length($head) + 1; - $_ = "$head@@".blind_nonspace($cmt_text); -@@ -571,6 +577,7 @@ while (<>) { # loop over all lines of all input files - $leading_comment = $head =~ m/^\s*$/; # there is code before beginning delimiter - $formatted_comment = $opt_minus eq "-"; - } -+ } elsif (($head, $tail) = m|^\{-(.*)$|) { # begin of Perl pragma: '{-' - } - - if ($in_comment > 1) { # still inside multi-line comment (not at its begin or end) -@@ -605,7 +612,7 @@ while (<>) { # loop over all lines of all input files - - # at this point all non-space portions of any types of comments have been blinded as @ - -- goto LINE_FINISHED if m/^\s*$/; # essentially empty line: just whitespace (and maybe a trailing '\') -+ goto LINE_FINISHED if m/^\s*$/; # essentially blank line: just whitespace (and maybe a trailing '\') - - # intra-line whitespace nits @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - -@@ -670,6 +677,7 @@ while (<>) { # loop over all lines of all input files - $intra_line =~ s/\s+$//; # strip any (resulting) space at EOL - $intra_line =~ s/(for\s*\([^;]*);;(\))/"$1$2"/eg; # strip trailing ';;' in for (;;) - $intra_line =~ s/(for\s*\([^;]+;[^;]+);(\))/"$1$2"/eg; # strip trailing ';' in for (;;) -+ $intra_line =~ s/(for\s*\();(;)/"$1$2"/eg; # replace leading ';;' in for (;;) by ';' - $intra_line =~ s/(=\s*)\{ /"$1@ "/eg; # do not report {SPC in initializers such as ' = { 0, };' - $intra_line =~ s/, \};/, @;/g; # do not report SPC} in initializers such as ' = { 0, };' - report("space before '$1'") if $intra_line =~ m/[\w)\]]\s+(\+\+|--)/; # postfix ++/-- with preceding space -@@ -678,35 +686,35 @@ while (<>) { # loop over all lines of all input files - report("space before '$1'") if $intra_line =~ m/\s(\.|->)/; # '.' or '->' with preceding space - report("space after '$1'") if $intra_line =~ m/(\.|->)\s/; # '.' or '->' with following space - $intra_line =~ s/\-\>|\+\+|\-\-/@/g; # blind '->,', '++', and '--' -- report("space before '$2'") if $intra_line =~ m/[^:]\s+(;)/; # space before ';' but not after ':' -+ report("space before '$1'") if $intra_line =~ m/[^:)]\s+(;)/; # space before ';' but not after ':' or ')' - report("space before '$1'") if $intra_line =~ m/\s([,)\]])/; # space before ,)] - report("space after '$1'") if $intra_line =~ m/([(\[~!])\s/; # space after ([~! - report("space after '$1'") if $intra_line =~ m/(defined)\s/; # space after 'defined' -- report("no space before '=' or '='") if $intra_line =~ m/\S(=)/; # '=' etc. without preceding space -- report("no space before '$1'") if $intra_line =~ m/\S([|\/%<>^\?])/; # |/%<>^? without preceding space -+ report("missing space before '=' or '='") if $intra_line =~ m/\S(=)/; # '=' etc. without preceding space -+ report("missing space before '$1'") if $intra_line =~ m/\S([|\/%<>^\?])/; # |/%<>^? without preceding space - # TODO ternary ':' without preceding SPC, while allowing no SPC before ':' after 'case' -- report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([+\-])/;# +/- without preceding space or {()[ -- # or ')' (which is used f type casts) -- report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[*!]([*])/; # '*' without preceding space or {()[*! -- report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([&])/; # '&' without preceding space or {()[ -- report("no space after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit -- report("no space after '$1'") if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space -- report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after -+ report("missing space before binary '$2'") if $intra_line =~ m/([^\s{()\[e])([+\-])/; # '+'/'-' without preceding space or {()[e -+ # ')' may be used for type casts or before "->", 'e' may be used for numerical literals such as "1e-6" -+ report("missing space before binary '$1'") if $intra_line =~ m/[^\s{()\[*!]([*])/; # '*' without preceding space or {()[*! -+ report("missing space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([&])/; # '&' without preceding space or {()[ -+ report("missing space after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit -+ report("missing space after '$1'") if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space -+ report("missing space after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after - # TODO unary '*' must not be followed by SPC -- report("no space after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/; # '&' w/o following space or \w( -+ report("missing space after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/; # '&' w/o following space or \w( - # TODO unary '&' must not be followed by SPC -- report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/; # +/- w/o following space or \d( -+ report("missing space after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/; # +/- w/o following space or \d( - # TODO unary '+' and '-' must not be followed by SPC -- report("no space after '$2'") if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC -- report("no space after '$2'") if $intra_line =~ m/(^|\W)(return)[^\w\s;]/; # return w/o SPC or ';' -+ report("missing space after '$2'") if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC -+ report("missing space after '$2'") if $intra_line =~ m/(^|\W)(return)[^\w\s;]/; # return w/o SPC or ';' - report("space after function/macro name") - if $intra_line =~ m/(\w+)\s+\(/ # fn/macro name with space before '(' -- && !($1 =~ m/^(if|while|for|switch|return|typedef|void|char|unsigned|int|long|float|double)$/) # not keyword -+ && !($1 =~ m/^(sizeof|if|else|while|do|for|switch|case|default|break|continue|goto|return|void|char|signed|unsigned|int|short|long|float|double|typedef|enum|struct|union|auto|extern|static|const|volatile|register)$/) # not keyword - && !(m/^\s*#\s*define\s/); # we skip macro definitions here because macros - # without parameters but with body beginning with '(', e.g., '#define X (1)', - # would lead to false positives - TODO also check for macros with parameters -- report("no space before '{'") if $intra_line =~ m/[^\s{(\[]\{/; # '{' without preceding space or {([ -- report("no space after '}'") if $intra_line =~ m/\}[^\s,;\])}]/; # '}' without following space or ,;])} -+ report("missing space before '{'") if $intra_line =~ m/[^\s{(\[]\{/; # '{' without preceding space or {([ -+ report("missing space after '}'") if $intra_line =~ m/\}[^\s,;\])}]/; # '}' without following space or ,;])} - } - - # preprocessor directives @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -@@ -738,7 +746,8 @@ while (<>) { # loop over all lines of all input files - # update indents according to leading closing brace(s) '}' or label or switch case - my $in_stmt = $in_expr || @nested_symbols != 0 || $in_typedecl != 0; - if ($in_stmt) { # expr/stmt/type decl/var def/fn hdr, i.e., not at block level -- if (m/^([\s@]*\})/) { # leading '}', any preceding blinded comment must not be matched -+ if (m/^([\s@]*\})/) { # leading '}' within stmt, any preceding blinded comment must not be matched -+ $in_block_decls = -1; - my $head = $1; - update_nested_indents($head); - $nested_indents_position = length($head); -@@ -785,7 +794,8 @@ while (<>) { # loop over all lines of all input files - } - if ($before ne "") { # non-whitespace non-'{' before '}' - report("code before '}'"); -- } else { # leading '}', any preceding blinded comment must not be matched -+ } else { # leading '}' outside stmt, any preceding blinded comment must not be matched -+ $in_block_decls = -1; - $local_offset = $block_indent + $hanging_offset - INDENT_LEVEL; - update_nested_indents($head); - $nested_indents_position = length($head); -@@ -832,6 +842,27 @@ while (<>) { # loop over all lines of all input files - - check_indent() if $count >= 0; # not for #define and not if multi-line string literal is continued - -+ # check for blank lines within/after local decls @@@@@@@@@@@@@@@@@@@@@@@@@@@ -+ -+ if ($in_block_decls >= 0 && -+ $in_comment == 0 && !m/^\s*\*?@/ && # not in multi-line comment nor an intra-line comment -+ !$in_expr && $expr_indent == 0 && $in_typedecl == 0) { -+ my $blank_line_before = $line > 1 -+ && $code_contents_before =~ m/^\s*(\\\s*)?$/; # essentially blank line: just whitespace (and maybe a trailing '\') -+ if (m/^[\s(]*(char|signed|unsigned|int|short|long|float|double|enum|struct|union|auto|extern|static|const|volatile|register)(\W|$)/ # clear start of local decl -+ || (m/^(\s*(\w+|\[\]|[\*()]))+?\s+[\*\(]*\w+(\s*(\)|\[[^\]]*\]))*\s*[;,=]/ # weak check for decl involving user-defined type -+ && !m/^\s*(\}|sizeof|if|else|while|do|for|switch|case|default|break|continue|goto|return)(\W|$)/)) { -+ $in_block_decls++; -+ report_flexibly($line - 1, "blank line within local decls, before", $contents) if $blank_line_before; -+ } else { -+ report_flexibly($line, "missing blank line after local decls", "\n$contents_before$contents") -+ if $in_block_decls > 0 && !$blank_line_before; -+ $in_block_decls = -1 unless -+ m/^\s*(\\\s*)?$/ # essentially blank line: just whitespace (and maybe a trailing '\') -+ || $in_comment != 0 || m/^\s*\*?@/; # in multi-line comment or an intra-line comment -+ } -+ } -+ - $in_comment = 0 if $in_comment < 0; # multi-line comment has ended - - # do some further checks @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -@@ -851,22 +882,19 @@ while (<>) { # loop over all lines of all input files - $line_opening_brace == $line_before) - && $contents_before =~ m/;/) { # there is at least one terminator ';', so there is some stmt - # TODO do not report cases where a further else branch -- # follows with a block containg more than one line/statement -+ # follows with a block containing more than one line/statement - report_flexibly($line_before, "'$keyword_opening_brace' { 1 stmt }", $contents_before); - } - } - - report("single-letter name '$2'") if (m/(^|.*\W)([IO])(\W.*|$)/); # single-letter name 'I' or 'O' # maybe re-add 'l'? - # constant on LHS of comparison or assignment, e.g., NULL != x or 'a' < c, but not a + 1 == b -- report("constant on LHS of '$2'") -- if (m/(['"]|([\+\-\*\/\/%\&\|\^<>]\s*)?\W[0-9]+L?|NULL)\s*([\!<>=]=|[<=>][^<>])/ && $2 eq ""); -+ report("constant on LHS of '$3'") -+ if (m/(['"]|([\+\-\*\/\/%\&\|\^<>]\s*)?\W[0-9]+L?|\WNULL)\s*([\!<>=]=|[<=>])([<>]?)/ && -+ $2 eq "" && (($3 ne "<" && $3 ne "='" && $3 ne ">") || $4 eq "")); - - # TODO report #if 0 and #if 1 - -- # TODO report empty line within local variable definitions -- -- # TODO report missing empty line after local variable definitions -- - # TODO report needless use of parentheses, while - # macro parameters should always be in parens (except when passed on), e.g., '#define ID(x) (x)' - -@@ -934,7 +962,7 @@ while (<>) { # loop over all lines of all input files - - # set $in_typedecl and potentially $hanging_offset for type declaration - if (!$in_expr && @nested_indents == 0 # not in expression -- && m/(^|^.*\W)(typedef|struct|union|enum)(\W.*|$)$/ -+ && m/(^|^.*\W)(typedef|enum|struct|union)(\W.*|$)$/ - && parens_balance($1) == 0 # not in newly started expression or function arg list - && ($2 eq "typedef" || !($3 =~ m/\s*\w++\s*(.)/ && $1 ne "{")) # 'struct'/'union'/'enum' not followed by '{' - # not needed: && $keyword_opening_brace = $2 if $3 =~ m/\{/; -@@ -1018,12 +1046,12 @@ while (<>) { # loop over all lines of all input files - !($keyword_opening_brace eq "else" && $line_opening_brace < $line_before2); - } - report("code after '{'") if $tail=~ m/[^\s\@]/ && # trailing non-whitespace non-comment (non-'\') -- !($tail=~ m/\}/); # no '}' after last '{' -+ !($tail=~ m/\}/); # missing '}' after last '{' - } - } - - # check for opening brace after if/while/for/switch/do not on same line -- # note that "no '{' on same line after '} else'" is handled further below -+ # note that "missing '{' on same line after '} else'" is handled further below - if (/^[\s@]*{/ && # leading '{' - $line_before > 0 && !($contents_before_ =~ m/^\s*#/) && # not preprocessor directive '#if - (my ($head, $mid, $tail) = ($contents_before_ =~ m/(^|^.*\W)(if|while|for|switch|do)(\W.*$|$)/))) { -@@ -1033,10 +1061,10 @@ while (<>) { # loop over all lines of all input files - # check for closing brace on line before 'else' not followed by leading '{' - elsif (my ($head, $tail) = m/(^|^.*\W)else(\W.*$|$)/) { - if (parens_balance($tail) == 0 && # avoid false positive due to unfinished expr on current line -- !($tail =~ m/{/) && # after 'else' no '{' on same line -+ !($tail =~ m/{/) && # after 'else' missing '{' on same line - !($head =~ m/}[\s@]*$/) && # not: '}' then any whitespace or comments before 'else' - $line_before > 0 && $contents_before_ =~ /}[\s@]*$/) { # trailing '}' on line before -- report("no '{' after '} else'"); -+ report("missing '{' on same line after '} else'"); - } - } - -@@ -1063,10 +1091,10 @@ while (<>) { # loop over all lines of all input files - if ($line_before > 0 && $contents_before_ =~ /}[\s@]*$/) { - report("'else' not on same line as preceding '}'"); - } elsif (parens_balance($tail) == 0) { # avoid false positive due to unfinished expr on current line -- report("no '}' on same line before 'else ... {'") if $brace_after; -+ report("missing '}' on same line before 'else ... {'") if $brace_after; - } - } elsif (parens_balance($tail) == 0) { # avoid false positive due to unfinished expr on current line -- report("no '{' on same line after '} else'") if $brace_before && !$brace_after; -+ report("missing '{' on same line after '} else'") if $brace_before && !$brace_after; - } - } - -@@ -1086,6 +1114,10 @@ while (<>) { # loop over all lines of all input files - # post-processing at end of line @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - - LINE_FINISHED: -+ $code_contents_before = $contents if -+ !m/^\s*#(\s*)(\w+)/ && # not single-line directive -+ $in_comment == 0 && !m/^\s*\*?@/; # not in multi-line comment nor an intra-line comment -+ - # on end of multi-line preprocessor directive, adapt indent - if ($in_directive > 0 && - # need to use original line contents because trailing \ may have been stripped -@@ -1096,12 +1128,12 @@ while (<>) { # loop over all lines of all input files - $hanging_offset = 0; # compensate for this in case macro ends, e.g., as 'while (0)' - } - -- if (m/^\s*$/) { # at begin of file essentially empty line: just whitespace (and maybe a '\') -- report("leading ".($1 eq "" ? "empty" :"whitespace")." line") if $line == 1 && !$sloppy_SPC; -+ if (m/^\s*$/) { # at begin of file essentially blank line: just whitespace (and maybe a '\') -+ report("leading ".($1 eq "" ? "blank" :"whitespace")." line") if $line == 1 && !$sloppy_SPC; - } else { - if ($line_before > 0) { - my $linediff = $line - $line_before - 1; -- report("$linediff empty lines before") if $linediff > 1 && !$sloppy_SPC; -+ report("$linediff blank lines before") if $linediff > 1 && !$sloppy_SPC; - } - $line_before2 = $line_before; - $contents_before2 = $contents_before; -@@ -1123,8 +1155,8 @@ while (<>) { # loop over all lines of all input files - # post-processing at end of file @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ - - if (eof) { -- # check for essentially empty line (which may include a '\') just before EOF -- report(($1 eq "\n" ? "empty line" : $2 ne "" ? "'\\'" : "whitespace")." at EOF") -+ # check for essentially blank line (which may include a '\') just before EOF -+ report(($1 eq "\n" ? "blank line" : $2 ne "" ? "'\\'" : "whitespace")." at EOF") - if $contents =~ m/^(\s*(\\?)\s*)$/ && !$sloppy_SPC; - - # report unclosed expression-level nesting diff -Nru openssl-3.0.5/debian/patches/x509-fix-double-locking-problem.patch openssl-3.0.7/debian/patches/x509-fix-double-locking-problem.patch --- openssl-3.0.5/debian/patches/x509-fix-double-locking-problem.patch 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/debian/patches/x509-fix-double-locking-problem.patch 2022-12-06 14:11:40.000000000 +0000 @@ -0,0 +1,35 @@ +From: Pauli +Date: Fri, 11 Nov 2022 09:40:19 +1100 +Subject: x509: fix double locking problem + +This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the +redundant flag setting. + +Fixes #19643 + +Fixes LOW CVE-2022-3996 + +Reviewed-by: Dmitry Belyavskiy +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/19652) + +(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) +--- + crypto/x509/pcy_map.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c +index 05406c6493fc..60dfd1e3203b 100644 +--- a/crypto/x509/pcy_map.c ++++ b/crypto/x509/pcy_map.c +@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) + + ret = 1; + bad_mapping: +- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { +- x->ex_flags |= EXFLAG_INVALID_POLICY; +- CRYPTO_THREAD_unlock(x->lock); +- } + sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); + return ret; + diff -Nru openssl-3.0.5/debian/rules openssl-3.0.7/debian/rules --- openssl-3.0.5/debian/rules 2022-08-15 03:16:43.000000000 +0000 +++ openssl-3.0.7/debian/rules 2022-12-06 14:11:40.000000000 +0000 @@ -12,7 +12,6 @@ include /usr/share/dpkg/pkg-info.mk export DEB_BUILD_MAINT_OPTIONS = hardening=+all future=+lfs -export DEB_CFLAGS_MAINT_APPEND = -DOPENSSL_TLS_SECURITY_LEVEL=2 SHELL=/bin/bash @@ -30,7 +29,7 @@ MAKEFLAGS += -j$(NUMJOBS) endif -CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng +CONFARGS = --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/$(DEB_HOST_MULTIARCH) no-idea no-mdc2 no-rc5 no-zlib no-ssl3 enable-unit-test no-ssl3-method enable-rfc3779 enable-cms no-capieng no-rdrand #OPT_alpha = ev4 ev5 ARCHOPTS = OPT_$(DEB_HOST_ARCH) OPTS = $($(ARCHOPTS)) @@ -121,6 +120,7 @@ mkdir -p debian/tmp/etc/ssl mv debian/tmp/usr/lib/ssl/{certs,openssl.cnf,private} debian/tmp/etc/ssl/ ln -s /etc/ssl/{certs,openssl.cnf,private} debian/tmp/usr/lib/ssl/ + ln -s /etc/ssl/certs/ca-certificates.crt debian/tmp/usr/lib/ssl/cert.pem ifeq (,$(filter noudeb,$(DEB_BUILD_PROFILES))) cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.* debian/libcrypto3-udeb/usr/lib/ cp -pf debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/*.so debian/libcrypto3-udeb/usr/lib/ossl-modules diff -Nru openssl-3.0.5/demos/cipher/aeskeywrap.c openssl-3.0.7/demos/cipher/aeskeywrap.c --- openssl-3.0.5/demos/cipher/aeskeywrap.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/demos/cipher/aeskeywrap.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,181 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Simple aes wrap encryption demonstration program. + */ + +#include +#include +#include +#include +#include +#include + +/* aes key */ +static const unsigned char wrap_key[] = { + 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66, + 0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69, + 0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f +}; + +/* Unique initialisation vector */ +static const unsigned char wrap_iv[] = { + 0x99, 0xaa, 0x3e, 0x68, 0xed, 0x81, 0x73, 0xa0, 0xee, 0xd0, 0x66, 0x84, + 0x99, 0xaa, 0x3e, 0x68, +}; + +/* Example plaintext to encrypt */ +static const unsigned char wrap_pt[] = { + 0xad, 0x4f, 0xc9, 0xfc, 0x77, 0x69, 0xc9, 0xea, 0xfc, 0xdf, 0x00, 0xac, + 0x34, 0xec, 0x40, 0xbc, 0x28, 0x3f, 0xa4, 0x5e, 0xd8, 0x99, 0xe4, 0x5d, + 0x5e, 0x7a, 0xc4, 0xe6, 0xca, 0x7b, 0xa5, 0xb7, +}; + +/* Expected ciphertext value */ +static const unsigned char wrap_ct[] = { + 0x97, 0x99, 0x55, 0xca, 0xf6, 0x3e, 0x95, 0x54, 0x39, 0xd6, 0xaf, 0x63, 0xff, 0x2c, 0xe3, 0x96, + 0xf7, 0x0d, 0x2c, 0x9c, 0xc7, 0x43, 0xc0, 0xb6, 0x31, 0x43, 0xb9, 0x20, 0xac, 0x6b, 0xd3, 0x67, + 0xad, 0x01, 0xaf, 0xa7, 0x32, 0x74, 0x26, 0x92, +}; + +/* + * A library context and property query can be used to select & filter + * algorithm implementations. If they are NULL then the default library + * context and properties are used. + */ +OSSL_LIB_CTX *libctx = NULL; +const char *propq = NULL; + +int aes_wrap_encrypt(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + + printf("aes wrap Encrypt:\n"); + printf("Plaintext:\n"); + BIO_dump_fp(stdout, wrap_pt, sizeof(wrap_pt)); + + /* Create a context for the encrypt operation */ + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + + /* Fetch the cipher implementation */ + if ((cipher = EVP_CIPHER_fetch(libctx, "AES-256-WRAP", propq)) == NULL) + goto err; + + /* + * Initialise an encrypt operation with the cipher/mode, key and IV. + * We are not setting any custom params so let params be just NULL. + */ + if (!EVP_EncryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL)) + goto err; + + /* Encrypt plaintext */ + if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, wrap_pt, sizeof(wrap_pt))) + goto err; + + /* Finalise: there can be some additional output from padding */ + if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) + goto err; + outlen += tmplen; + + /* Output encrypted block */ + printf("Ciphertext (outlen:%d):\n", outlen); + BIO_dump_fp(stdout, outbuf, outlen); + + if (sizeof(wrap_ct) == outlen && !CRYPTO_memcmp(outbuf, wrap_ct, outlen)) + printf("Final ciphertext matches expected ciphertext\n"); + else + printf("Final ciphertext differs from expected ciphertext\n"); + + ret = 1; +err: + if (!ret) + ERR_print_errors_fp(stderr); + + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +int aes_wrap_decrypt(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx; + EVP_CIPHER *cipher = NULL; + int outlen, tmplen; + unsigned char outbuf[1024]; + + printf("aes wrap Decrypt:\n"); + printf("Ciphertext:\n"); + BIO_dump_fp(stdout, wrap_ct, sizeof(wrap_ct)); + + if ((ctx = EVP_CIPHER_CTX_new()) == NULL) + goto err; + + EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + + /* Fetch the cipher implementation */ + if ((cipher = EVP_CIPHER_fetch(libctx, "aes-256-wrap", propq)) == NULL) + goto err; + + /* + * Initialise an encrypt operation with the cipher/mode, key and IV. + * We are not setting any custom params so let params be just NULL. + */ + if (!EVP_DecryptInit_ex2(ctx, cipher, wrap_key, wrap_iv, /* params */ NULL)) + goto err; + + /* Decrypt plaintext */ + if (!EVP_DecryptUpdate(ctx, outbuf, &outlen, wrap_ct, sizeof(wrap_ct))) + goto err; + + /* Finalise: there can be some additional output from padding */ + if (!EVP_DecryptFinal_ex(ctx, outbuf + outlen, &tmplen)) + goto err; + outlen += tmplen; + + /* Output decrypted block */ + printf("Plaintext (outlen:%d):\n", outlen); + BIO_dump_fp(stdout, outbuf, outlen); + + if (sizeof(wrap_pt) == outlen && !CRYPTO_memcmp(outbuf, wrap_pt, outlen)) + printf("Final plaintext matches original plaintext\n"); + else + printf("Final plaintext differs from original plaintext\n"); + + ret = 1; +err: + if (!ret) + ERR_print_errors_fp(stderr); + + EVP_CIPHER_free(cipher); + EVP_CIPHER_CTX_free(ctx); + + return ret; +} + +int main(int argc, char **argv) +{ + if (!aes_wrap_encrypt()) + return 1; + + if (!aes_wrap_decrypt()) + return 1; + + return 0; +} + diff -Nru openssl-3.0.5/demos/cipher/Makefile openssl-3.0.7/demos/cipher/Makefile --- openssl-3.0.5/demos/cipher/Makefile 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/demos/cipher/Makefile 2022-11-01 14:14:36.000000000 +0000 @@ -7,18 +7,21 @@ # # LD_LIBRARY_PATH=../.. ./aesccm # LD_LIBRARY_PATH=../.. ./aesgcm +# LD_LIBRARY_PATH=../.. ./aeskeywrap +# LD_LIBRARY_PATH=../.. ./ariacbc CFLAGS = $(OPENSSL_INCS_LOCATION) LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto -all: aesccm aesgcm ariacbc +all: aesccm aesgcm aeskeywrap ariacbc aesccm: aesccm.o aesgcm: aesgcm.o +aeskeywrap: aeskeywrap.o ariacbc: ariacbc.o -aesccm aesgcm ariacbc: +aesccm aesgcm aeskeywrap ariacbc: $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) clean: - $(RM) aesccm aesgcm ariacbc *.o + $(RM) aesccm aesgcm aeskeywrap ariacbc *.o diff -Nru openssl-3.0.5/demos/encode/ec_encode.c openssl-3.0.7/demos/encode/ec_encode.c --- openssl-3.0.5/demos/encode/ec_encode.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/demos/encode/ec_encode.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,205 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include +#include +#include + +/* + * Example showing the encoding and decoding of EC public and private keys. A + * PEM-encoded EC key is read in from stdin, decoded, and then re-encoded and + * output for demonstration purposes. Both public and private keys are accepted. + * + * This can be used to load EC keys from a file or save EC keys to a file. + */ + +/* A property query used for selecting algorithm implementations. */ +static const char *propq = NULL; + +/* + * Load a PEM-encoded EC key from a file, optionally decrypting it with a + * supplied passphrase. + */ +static EVP_PKEY *load_key(OSSL_LIB_CTX *libctx, FILE *f, const char *passphrase) +{ + int rv = 0; + EVP_PKEY *pkey = NULL; + OSSL_DECODER_CTX *dctx = NULL; + int selection = 0; + + /* + * Create PEM decoder context expecting an EC key. + * + * For raw (non-PEM-encoded) keys, change "PEM" to "DER". + * + * The selection argument here specifies whether we are willing to accept a + * public key, private key, or either. If it is set to zero, either will be + * accepted. If set to EVP_PKEY_KEYPAIR, a private key will be required, and + * if set to EVP_PKEY_PUBLIC_KEY, a public key will be required. + */ + dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "EC", + selection, + libctx, propq); + if (dctx == NULL) { + fprintf(stderr, "OSSL_DECODER_CTX_new_for_pkey() failed\n"); + goto cleanup; + } + + /* + * Set passphrase if provided; needed to decrypt encrypted PEM files. + * If the input is not encrypted, any passphrase provided is ignored. + * + * Alternative methods for specifying passphrases exist, such as a callback + * (see OSSL_DECODER_CTX_set_passphrase_cb(3)), which may be more useful for + * interactive applications which do not know if a passphrase should be + * prompted for in advance, or for GUI applications. + */ + if (passphrase != NULL) { + if (OSSL_DECODER_CTX_set_passphrase(dctx, + (const unsigned char *)passphrase, + strlen(passphrase)) == 0) { + fprintf(stderr, "OSSL_DECODER_CTX_set_passphrase() failed\n"); + goto cleanup; + } + } + + /* Do the decode, reading from file. */ + if (OSSL_DECODER_from_fp(dctx, f) == 0) { + fprintf(stderr, "OSSL_DECODER_from_fp() failed\n"); + goto cleanup; + } + + rv = 1; +cleanup: + OSSL_DECODER_CTX_free(dctx); + + /* + * pkey is created by OSSL_DECODER_CTX_new_for_pkey, but we + * might fail subsequently, so ensure it's properly freed + * in this case. + */ + if (rv == 0) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + + return pkey; +} + +/* + * Store a EC public or private key to a file using PEM encoding. + * + * If a passphrase is supplied, the file is encrypted, otherwise + * it is unencrypted. + */ +static int store_key(EVP_PKEY *pkey, FILE *f, const char *passphrase) +{ + int rv = 0; + int selection; + OSSL_ENCODER_CTX *ectx = NULL; + + /* + * Create a PEM encoder context. + * + * For raw (non-PEM-encoded) output, change "PEM" to "DER". + * + * The selection argument controls whether the private key is exported + * (EVP_PKEY_KEYPAIR), or only the public key (EVP_PKEY_PUBLIC_KEY). The + * former will fail if we only have a public key. + * + * Note that unlike the decode API, you cannot specify zero here. + * + * Purely for the sake of demonstration, here we choose to export the whole + * key if a passphrase is provided and the public key otherwise. + */ + selection = (passphrase != NULL) + ? EVP_PKEY_KEYPAIR + : EVP_PKEY_PUBLIC_KEY; + + ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", NULL, propq); + if (ectx == NULL) { + fprintf(stderr, "OSSL_ENCODER_CTX_new_for_pkey() failed\n"); + goto cleanup; + } + + /* + * Set passphrase if provided; the encoded output will then be encrypted + * using the passphrase. + * + * Alternative methods for specifying passphrases exist, such as a callback + * (see OSSL_ENCODER_CTX_set_passphrase_cb(3), just as for OSSL_DECODER_CTX; + * however you are less likely to need them as you presumably know whether + * encryption is desired in advance. + * + * Note that specifying a passphrase alone is not enough to cause the + * key to be encrypted. You must set both a cipher and a passphrase. + */ + if (passphrase != NULL) { + /* + * Set cipher. Let's use AES-256-CBC, because it is + * more quantum resistant. + */ + if (OSSL_ENCODER_CTX_set_cipher(ectx, "AES-256-CBC", propq) == 0) { + fprintf(stderr, "OSSL_ENCODER_CTX_set_cipher() failed\n"); + goto cleanup; + } + + /* Set passphrase. */ + if (OSSL_ENCODER_CTX_set_passphrase(ectx, + (const unsigned char *)passphrase, + strlen(passphrase)) == 0) { + fprintf(stderr, "OSSL_ENCODER_CTX_set_passphrase() failed\n"); + goto cleanup; + } + } + + /* Do the encode, writing to the given file. */ + if (OSSL_ENCODER_to_fp(ectx, f) == 0) { + fprintf(stderr, "OSSL_ENCODER_to_fp() failed\n"); + goto cleanup; + } + + rv = 1; +cleanup: + OSSL_ENCODER_CTX_free(ectx); + return rv; +} + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + EVP_PKEY *pkey = NULL; + const char *passphrase_in = NULL, *passphrase_out = NULL; + + /* usage: ec_encode */ + if (argc > 1 && argv[1][0]) + passphrase_in = argv[1]; + + if (argc > 2 && argv[2][0]) + passphrase_out = argv[2]; + + /* Decode PEM key from stdin and then PEM encode it to stdout. */ + pkey = load_key(libctx, stdin, passphrase_in); + if (pkey == NULL) { + fprintf(stderr, "Failed to decode key\n"); + goto cleanup; + } + + if (store_key(pkey, stdout, passphrase_out) == 0) { + fprintf(stderr, "Failed to encode key\n"); + goto cleanup; + } + + rv = 0; +cleanup: + EVP_PKEY_free(pkey); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.5/demos/encode/Makefile openssl-3.0.7/demos/encode/Makefile --- openssl-3.0.5/demos/encode/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/demos/encode/Makefile 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,20 @@ +# +# To run the demos when linked with a shared library (default): +# +# LD_LIBRARY_PATH=../.. ./rsa_encode + +CFLAGS = -I../../include -g -Wall +LDFLAGS = -L../.. +LDLIBS = -lcrypto + +all: ec_encode rsa_encode + +%.o: %.c + $(CC) $(CFLAGS) -c $< + +%_encode: %_encode.o + +test: ; + +clean: + $(RM) *.o rsa_encode ec_encode diff -Nru openssl-3.0.5/demos/mac/cmac-aes256.c openssl-3.0.7/demos/mac/cmac-aes256.c --- openssl-3.0.5/demos/mac/cmac-aes256.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/demos/mac/cmac-aes256.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,154 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example of using EVP_MAC_ methods to calculate + * a CMAC of static buffers + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Hard coding the key into an application is very bad. + * It is done here solely for educational purposes. + */ +static unsigned char key[] = { + 0x6c, 0xde, 0x14, 0xf5, 0xd5, 0x2a, 0x4a, 0xdf, + 0x12, 0x39, 0x1e, 0xbf, 0x36, 0xf9, 0x6a, 0x46, + 0x48, 0xd0, 0xb6, 0x51, 0x89, 0xfc, 0x24, 0x85, + 0xa8, 0x8d, 0xdf, 0x7e, 0x80, 0x14, 0xc8, 0xce, +}; + +static const unsigned char data[] = + "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ſlings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n" +; + +/* The known value of the CMAC/AES256 MAC of the above soliloqy */ +static const unsigned char expected_output[] = { + 0x67, 0x92, 0x32, 0x23, 0x50, 0x3d, 0xc5, 0xba, + 0x78, 0xd4, 0x6d, 0x63, 0xf2, 0x2b, 0xe9, 0x56, +}; + +/* + * A property query used for selecting the MAC implementation. + */ +static const char *propq = NULL; + +int main(void) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *library_context = NULL; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *mctx = NULL; + unsigned char *out = NULL; + size_t out_len = 0; + OSSL_PARAM params[4], *p = params; + char cipher_name[] = "aes256"; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto end; + } + + /* Fetch the CMAC implementation */ + mac = EVP_MAC_fetch(library_context, "CMAC", propq); + if (mac == NULL) { + fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); + goto end; + } + + /* Create a context for the CMAC operation */ + mctx = EVP_MAC_CTX_new(mac); + if (mctx == NULL) { + fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); + goto end; + } + + /* The underlying cipher to be used */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, cipher_name, + sizeof(cipher_name)); + *p = OSSL_PARAM_construct_end(); + + /* Initialise the CMAC operation */ + if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { + fprintf(stderr, "EVP_MAC_init() failed\n"); + goto end; + } + + /* Make one or more calls to process the data to be authenticated */ + if (!EVP_MAC_update(mctx, data, sizeof(data))) { + fprintf(stderr, "EVP_MAC_update() failed\n"); + goto end; + } + + /* Make a call to the final with a NULL buffer to get the length of the MAC */ + if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + out = OPENSSL_malloc(out_len); + if (out == NULL) { + fprintf(stderr, "malloc failed\n"); + goto end; + } + /* Make one call to the final to get the MAC */ + if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + + printf("Generated MAC:\n"); + BIO_dump_indent_fp(stdout, out, out_len, 2); + putchar('\n'); + + if (out_len != sizeof(expected_output)) { + fprintf(stderr, "Generated MAC has an unexpected length\n"); + goto end; + } + + if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { + fprintf(stderr, "Generated MAC does not match expected value\n"); + goto end; + } + + rv = EXIT_SUCCESS; +end: + if (rv != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + /* OpenSSL free functions will ignore NULL arguments */ + OPENSSL_free(out); + EVP_MAC_CTX_free(mctx); + EVP_MAC_free(mac); + OSSL_LIB_CTX_free(library_context); + return rv; +} diff -Nru openssl-3.0.5/demos/mac/hmac-sha512.c openssl-3.0.7/demos/mac/hmac-sha512.c --- openssl-3.0.5/demos/mac/hmac-sha512.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/demos/mac/hmac-sha512.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,166 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example of using EVP_MAC_ methods to calculate + * a HMAC of static buffers + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* + * Hard coding the key into an application is very bad. + * It is done here solely for educational purposes. + */ +static unsigned char key[] = { + 0x25, 0xfd, 0x12, 0x99, 0xdf, 0xad, 0x1a, 0x03, + 0x0a, 0x81, 0x3c, 0x2d, 0xcc, 0x05, 0xd1, 0x5c, + 0x17, 0x7a, 0x36, 0x73, 0x17, 0xef, 0x41, 0x75, + 0x71, 0x18, 0xe0, 0x1a, 0xda, 0x99, 0xc3, 0x61, + 0x38, 0xb5, 0xb1, 0xe0, 0x82, 0x2c, 0x70, 0xa4, + 0xc0, 0x8e, 0x5e, 0xf9, 0x93, 0x9f, 0xcf, 0xf7, + 0x32, 0x4d, 0x0c, 0xbd, 0x31, 0x12, 0x0f, 0x9a, + 0x15, 0xee, 0x82, 0xdb, 0x8d, 0x29, 0x54, 0x14, +}; + +static const unsigned char data[] = + "To be, or not to be, that is the question,\n" + "Whether tis nobler in the minde to suffer\n" + "The ſlings and arrowes of outragious fortune,\n" + "Or to take Armes again in a sea of troubles,\n" + "And by opposing, end them, to die to sleep;\n" + "No more, and by a sleep, to say we end\n" + "The heart-ache, and the thousand natural shocks\n" + "That flesh is heir to? tis a consumation\n" + "Devoutly to be wished. To die to sleep,\n" + "To sleepe, perchance to dreame, Aye, there's the rub,\n" + "For in that sleep of death what dreams may come\n" + "When we haue shuffled off this mortal coil\n" + "Must give us pause. There's the respect\n" + "That makes calamity of so long life:\n" + "For who would bear the Ships and Scorns of time,\n" + "The oppressor's wrong, the proud man's Contumely,\n" + "The pangs of dispised love, the Law's delay,\n" +; + +/* The known value of the HMAC/SHA3-512 MAC of the above soliloqy */ +static const unsigned char expected_output[] = { + 0x3b, 0x77, 0x5f, 0xf1, 0x4f, 0x9e, 0xb9, 0x23, + 0x8f, 0xdc, 0xa0, 0x68, 0x15, 0x7b, 0x8a, 0xf1, + 0x96, 0x23, 0xaa, 0x3c, 0x1f, 0xe9, 0xdc, 0x89, + 0x11, 0x7d, 0x58, 0x07, 0xe7, 0x96, 0x17, 0xe3, + 0x44, 0x8b, 0x03, 0x37, 0x91, 0xc0, 0x6e, 0x06, + 0x7c, 0x54, 0xe4, 0xa4, 0xcc, 0xd5, 0x16, 0xbb, + 0x5e, 0x4d, 0x64, 0x7d, 0x88, 0x23, 0xc9, 0xb7, + 0x25, 0xda, 0xbe, 0x4b, 0xe4, 0xd5, 0x34, 0x30, +}; + +/* + * A property query used for selecting the MAC implementation. + */ +static const char *propq = NULL; + +int main(void) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *library_context = NULL; + EVP_MAC *mac = NULL; + EVP_MAC_CTX *mctx = NULL; + EVP_MD_CTX *digest_context = NULL; + unsigned char *out = NULL; + size_t out_len = 0; + OSSL_PARAM params[4], *p = params; + char digest_name[] = "SHA3-512"; + + library_context = OSSL_LIB_CTX_new(); + if (library_context == NULL) { + fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n"); + goto end; + } + + /* Fetch the HMAC implementation */ + mac = EVP_MAC_fetch(library_context, "HMAC", propq); + if (mac == NULL) { + fprintf(stderr, "EVP_MAC_fetch() returned NULL\n"); + goto end; + } + + /* Create a context for the HMAC operation */ + mctx = EVP_MAC_CTX_new(mac); + if (mctx == NULL) { + fprintf(stderr, "EVP_MAC_CTX_new() returned NULL\n"); + goto end; + } + + /* The underlying digest to be used */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, digest_name, + sizeof(digest_name)); + *p = OSSL_PARAM_construct_end(); + + /* Initialise the HMAC operation */ + if (!EVP_MAC_init(mctx, key, sizeof(key), params)) { + fprintf(stderr, "EVP_MAC_init() failed\n"); + goto end; + } + + /* Make one or more calls to process the data to be authenticated */ + if (!EVP_MAC_update(mctx, data, sizeof(data))) { + fprintf(stderr, "EVP_MAC_update() failed\n"); + goto end; + } + + /* Make a call to the final with a NULL buffer to get the length of the MAC */ + if (!EVP_MAC_final(mctx, NULL, &out_len, 0)) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + out = OPENSSL_malloc(out_len); + if (out == NULL) { + fprintf(stderr, "malloc failed\n"); + goto end; + } + /* Make one call to the final to get the MAC */ + if (!EVP_MAC_final(mctx, out, &out_len, out_len)) { + fprintf(stderr, "EVP_MAC_final() failed\n"); + goto end; + } + + printf("Generated MAC:\n"); + BIO_dump_indent_fp(stdout, out, out_len, 2); + putchar('\n'); + + if (out_len != sizeof(expected_output)) { + fprintf(stderr, "Generated MAC has an unexpected length\n"); + goto end; + } + + if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) { + fprintf(stderr, "Generated MAC does not match expected value\n"); + goto end; + } + + rv = EXIT_SUCCESS; +end: + if (rv != EXIT_SUCCESS) + ERR_print_errors_fp(stderr); + /* OpenSSL free functions will ignore NULL arguments */ + OPENSSL_free(out); + EVP_MD_CTX_free(digest_context); + EVP_MAC_CTX_free(mctx); + EVP_MAC_free(mac); + OSSL_LIB_CTX_free(library_context); + return rv; +} diff -Nru openssl-3.0.5/demos/mac/Makefile openssl-3.0.7/demos/mac/Makefile --- openssl-3.0.5/demos/mac/Makefile 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/demos/mac/Makefile 2022-11-01 14:14:36.000000000 +0000 @@ -11,13 +11,15 @@ CFLAGS = $(OPENSSL_INCS_LOCATION) -Wall LDFLAGS = $(OPENSSL_LIBS_LOCATION) -lssl -lcrypto -all: gmac poly1305 +all: gmac hmac-sha512 cmac-aes256 poly1305 gmac: gmac.o +hmac-sha512: hmac-sha512.o +cmac-aes256: cmac-aes256.o poly1305: poly1305.o -gmac poly1305: +gmac hmac-sha512 cmac-aes256 poly1305: $(CC) $(CFLAGS) -o $@ $< $(LDFLAGS) clean: - $(RM) gmac poly1305 *.o + $(RM) gmac hmac-sha512 cmac-aes256 poly1305 *.o diff -Nru openssl-3.0.5/doc/build.info openssl-3.0.7/doc/build.info --- openssl-3.0.5/doc/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -1495,6 +1495,10 @@ GENERATE[html/man3/OPENSSL_fork_prepare.html]=man3/OPENSSL_fork_prepare.pod DEPEND[man/man3/OPENSSL_fork_prepare.3]=man3/OPENSSL_fork_prepare.pod GENERATE[man/man3/OPENSSL_fork_prepare.3]=man3/OPENSSL_fork_prepare.pod +DEPEND[html/man3/OPENSSL_gmtime.html]=man3/OPENSSL_gmtime.pod +GENERATE[html/man3/OPENSSL_gmtime.html]=man3/OPENSSL_gmtime.pod +DEPEND[man/man3/OPENSSL_gmtime.3]=man3/OPENSSL_gmtime.pod +GENERATE[man/man3/OPENSSL_gmtime.3]=man3/OPENSSL_gmtime.pod DEPEND[html/man3/OPENSSL_hexchar2int.html]=man3/OPENSSL_hexchar2int.pod GENERATE[html/man3/OPENSSL_hexchar2int.html]=man3/OPENSSL_hexchar2int.pod DEPEND[man/man3/OPENSSL_hexchar2int.3]=man3/OPENSSL_hexchar2int.pod @@ -3105,6 +3109,7 @@ html/man3/OPENSSL_LH_stats.html \ html/man3/OPENSSL_config.html \ html/man3/OPENSSL_fork_prepare.html \ +html/man3/OPENSSL_gmtime.html \ html/man3/OPENSSL_hexchar2int.html \ html/man3/OPENSSL_ia32cap.html \ html/man3/OPENSSL_init_crypto.html \ @@ -3700,6 +3705,7 @@ man/man3/OPENSSL_LH_stats.3 \ man/man3/OPENSSL_config.3 \ man/man3/OPENSSL_fork_prepare.3 \ +man/man3/OPENSSL_gmtime.3 \ man/man3/OPENSSL_hexchar2int.3 \ man/man3/OPENSSL_ia32cap.3 \ man/man3/OPENSSL_init_crypto.3 \ diff -Nru openssl-3.0.5/doc/man1/openssl-cmds.pod.in openssl-3.0.7/doc/man1/openssl-cmds.pod.in --- openssl-3.0.5/doc/man1/openssl-cmds.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-cmds.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -8,6 +8,7 @@ asn1parse, ca, ciphers, +cmp, cms, crl, crl2pkcs7, @@ -88,6 +89,7 @@ L, L, L, +L, L, L, L, @@ -150,7 +152,7 @@ =head1 COPYRIGHT -Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl-cmp.pod.in openssl-3.0.7/doc/man1/openssl-cmp.pod.in --- openssl-3.0.5/doc/man1/openssl-cmp.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-cmp.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -266,11 +266,11 @@ X509 Distinguished Name (DN) of subject to use in the requested certificate template. -For KUR, it defaults to the public key -in the PKCS#10 CSR given with the B<-csr> option, if provided, -or of the reference certificate (see B<-oldcert>) if provided. -This default is used for IR and CR only if no SANs are set. If the NULL-DN (C<"/">) is given then no subject is placed in the template. +Default is the subject DN of any PKCS#10 CSR given with the B<-csr> option. +For KUR, a further fallback is the subject DN +of the reference certificate (see B<-oldcert>) if provided. +This fallback is used for IR and CR only if no SANs are set. If provided and neither B<-cert> nor B<-oldcert> is given, the subject DN is used as fallback sender of outgoing CMP messages. @@ -354,8 +354,9 @@ PKCS#10 CSR in PEM or DER format containing a certificate request. With B<-cmd> I it is used directly in a legacy P10CR message. -When used with B<-cmd> I, I, or I, it is transformed into the -respective regular CMP request. +When used with B<-cmd> I, I, or I, +it is transformed into the respective regular CMP request, +while its public key is ignored if I<-newkey> is given. It may also be used with B<-cmd> I to specify the certificate to be revoked via the included subject name and public key. diff -Nru openssl-3.0.5/doc/man1/openssl-dgst.pod.in openssl-3.0.7/doc/man1/openssl-dgst.pod.in --- openssl-3.0.5/doc/man1/openssl-dgst.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-dgst.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -86,7 +86,20 @@ =item B<-xoflen> I -Set the output length for XOF algorithms, such as B. +Set the output length for XOF algorithms, such as B and B. +This option is not supported for signing operations. + +For OpenSSL providers it is recommended to set this value for shake algorithms, +since the default values are set to only supply half of the maximum security +strength. + +For backwards compatibility reasons the default xoflen length for B is +16 (bytes) which results in a security strength of only 64 bits. To ensure the +maximum security strength of 128 bits, the xoflen should be set to at least 32. + +For backwards compatibility reasons the default xoflen length for B is +32 (bytes) which results in a security strength of only 128 bits. To ensure the +maximum security strength of 256 bits, the xoflen should be set to at least 64. =item B<-r> diff -Nru openssl-3.0.5/doc/man1/openssl-ec.pod.in openssl-3.0.7/doc/man1/openssl-ec.pod.in --- openssl-3.0.5/doc/man1/openssl-ec.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-ec.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -118,8 +118,8 @@ =item B<-conv_form> I This specifies how the points on the elliptic curve are converted -into octet strings. Possible values are: B (the default -value), B and B. For more information regarding +into octet strings. Possible values are: B, B (the +default value) and B. For more information regarding the point conversion forms please read the X9.62 standard. B Due to patent issues the B option is disabled by default for binary curves and can be enabled by defining @@ -198,7 +198,7 @@ =head1 COPYRIGHT -Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2003-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl-list.pod.in openssl-3.0.7/doc/man1/openssl-list.pod.in --- openssl-3.0.5/doc/man1/openssl-list.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-list.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -94,10 +94,10 @@ Display a list of cipher commands, which are typically used as input to the L or L commands. -=item B<-digest-algorithms>, B<-kdf-algorithms>, B<-mac-algorithms>, -B<-cipher-algorithms> +=item B<-cipher-algorithms>, B<-digest-algorithms>, B<-kdf-algorithms>, +B<-mac-algorithms>, -Display a list of cipher, digest, kdf and mac algorithms. +Display a list of symmetric cipher, digest, kdf and mac algorithms. See L for a description of how names are displayed. @@ -237,7 +237,7 @@ =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl-mac.pod.in openssl-3.0.7/doc/man1/openssl-mac.pod.in --- openssl-3.0.5/doc/man1/openssl-mac.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-mac.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -35,8 +35,7 @@ Input filename to calculate a MAC for, or standard input by default. Standard input is used if the filename is '-'. -Files are expected to be in binary format, standard input uses hexadecimal text -format. +Files and standard input are expected to be in binary format. =item B<-out> I @@ -166,7 +165,7 @@ =head1 COPYRIGHT -Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl-pkcs12.pod.in openssl-3.0.7/doc/man1/openssl-pkcs12.pod.in --- openssl-3.0.5/doc/man1/openssl-pkcs12.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-pkcs12.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -341,7 +341,7 @@ =item B<-macalg> I -Specify the MAC digest algorithm. If not included SHA1 will be used. +Specify the MAC digest algorithm. If not included SHA256 will be used. =item B<-iter> I @@ -460,7 +460,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl.pod openssl-3.0.7/doc/man1/openssl.pod --- openssl-3.0.5/doc/man1/openssl.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl.pod 2022-11-01 14:14:36.000000000 +0000 @@ -11,16 +11,6 @@ [ I ... ] [ I ... ] -B -B -B | -B | -B | -B | -B | -B | -B - B BI [ I ] =head1 DESCRIPTION @@ -50,21 +40,8 @@ I and I. Detailed documentation and use cases for most standard subcommands are available -(e.g., L). - -The list options B<-standard-commands>, B<-digest-commands>, -and B<-cipher-commands> output a list (one entry per line) of the names -of all standard commands, message digest commands, or cipher commands, -respectively, that are available. - -The list parameters B<-cipher-algorithms>, B<-digest-algorithms>, -and B<-mac-algorithms> list all cipher, message digest, and message -authentication code names, one entry per line. Aliases are listed as: - - from => to - -The list parameter B<-public-key-algorithms> lists all supported public -key algorithms. +(e.g., L). The subcommand L may be used to list +subcommands. The command BI tests whether a command of the specified name is available. If no command named I exists, it @@ -704,15 +681,19 @@ =item B -The tracing functionality. +Traces the OpenSSL trace API itself. + +=item B + +Traces OpenSSL library initialization and cleanup. =item B -General SSL/TLS. +Traces the TLS/SSL protocol. =item B -SSL/TLS cipher. +Traces the ciphers used by the TLS/SSL protocol. =item B @@ -731,24 +712,44 @@ =item B -PKCS#5 v2 keygen. +Traces PKCS#5 v2 key generation. =item B -PKCS#12 key generation. +Traces PKCS#12 key generation. =item B -PKCS#12 decryption. +Traces PKCS#12 decryption. =item B -Generates the complete policy tree at various point during X.509 v3 +Generates the complete policy tree at various points during X.509 v3 policy evaluation. =item B -BIGNUM context. +Traces BIGNUM context operations. + +=item B + +Traces CMP client and server activity. + +=item B + +Traces STORE operations. + +=item B + +Traces decoder operations. + +=item B + +Traces encoder operations. + +=item B + +Traces decrementing certain ASN.1 structure references. =back @@ -775,6 +776,7 @@ L, L, L, +L, L, L, L, @@ -829,7 +831,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man1/openssl-x509.pod.in openssl-3.0.7/doc/man1/openssl-x509.pod.in --- openssl-3.0.5/doc/man1/openssl-x509.pod.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man1/openssl-x509.pod.in 2022-11-01 14:14:36.000000000 +0000 @@ -496,23 +496,27 @@ Sets the CA serial number file to use. -When the B<-CA> option is used to sign a certificate it uses a serial -number specified in a file. This file consists of one line containing -an even number of hex digits with the serial number to use. After each -use the serial number is incremented and written out to the file again. +When creating a certificate with this option and with the B<-CA> option, +the certificate serial number is stored in the given file. +This file consists of one line containing +an even number of hex digits with the serial number used last time. +After reading this number, it is incremented and used, and the file is updated. The default filename consists of the CA certificate file base name with F<.srl> appended. For example if the CA certificate file is called F it expects to find a serial number file called F. +If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial> +is given and the default serial number file does not exist, +a random number is generated; this is the recommended practice. + =item B<-CAcreateserial> -With this option the CA serial number file is created if it does not exist: -it will contain the serial number "02" and the certificate being signed will -have the 1 as its serial number. If the B<-CA> option is specified -and the serial number file does not exist a random number is generated; -this is the recommended practice. +With this option and the B<-CA> option +the CA serial number file is created if it does not exist. +A random number is generated, used for the certificate, +and saved into the serial number file determined as described above. =back @@ -780,7 +784,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/BIO_ctrl.pod openssl-3.0.7/doc/man3/BIO_ctrl.pod --- openssl-3.0.5/doc/man3/BIO_ctrl.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/BIO_ctrl.pod 2022-11-01 14:14:36.000000000 +0000 @@ -100,7 +100,9 @@ returns other negative values if an error occurs. BIO_pending(), BIO_ctrl_pending(), BIO_wpending() and BIO_ctrl_wpending() -return the amount of pending data. +return the amount of pending data. BIO_pending() and BIO_wpending() return +negative value or 0 on error. BIO_ctrl_pending() and BIO_ctrl_wpending() return +0 on error. BIO_get_ktls_send() returns 1 if the BIO is using the Kernel TLS data-path for sending. Otherwise, it returns zero. @@ -139,6 +141,9 @@ supported, if an error occurred, if EOF has not been reached and in the case of BIO_seek() on a file BIO for a successful operation. +In older versions of OpenSSL the BIO_ctrl_pending() and +BIO_ctrl_wpending() could return values greater than INT_MAX on error. + =head1 HISTORY The BIO_get_ktls_send() and BIO_get_ktls_recv() macros were added in diff -Nru openssl-3.0.5/doc/man3/BIO_f_ssl.pod openssl-3.0.7/doc/man3/BIO_f_ssl.pod --- openssl-3.0.5/doc/man3/BIO_f_ssl.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/BIO_f_ssl.pod 2022-11-01 14:14:36.000000000 +0000 @@ -243,13 +243,20 @@ BIO_set_accept_bios(acpt, sbio); out = BIO_new_fp(stdout, BIO_NOCLOSE); - /* Setup accept BIO */ + /* First call to BIO_do_accept() sets up accept BIO */ if (BIO_do_accept(acpt) <= 0) { fprintf(stderr, "Error setting up accept BIO\n"); ERR_print_errors_fp(stderr); exit(1); } +/* Second call to BIO_do_accept() waits for incoming connection */ + if (BIO_do_accept(acpt) <= 0) { + fprintf(stderr, "Error accepting connection\n"); + ERR_print_errors_fp(stderr); + exit(1); + } + /* We only want one connection so remove and free accept BIO */ sbio = BIO_pop(acpt); BIO_free_all(acpt); @@ -291,7 +298,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/BIO_s_accept.pod openssl-3.0.7/doc/man3/BIO_s_accept.pod --- openssl-3.0.5/doc/man3/BIO_s_accept.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/BIO_s_accept.pod 2022-11-01 14:14:36.000000000 +0000 @@ -189,7 +189,7 @@ BIO *abio, *cbio, *cbio2; - /* First call to BIO_accept() sets up accept BIO */ + /* First call to BIO_do_accept() sets up accept BIO */ abio = BIO_new_accept("4444"); if (BIO_do_accept(abio) <= 0) { fprintf(stderr, "Error setting up accept\n"); @@ -232,7 +232,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/CMS_add0_cert.pod openssl-3.0.7/doc/man3/CMS_add0_cert.pod --- openssl-3.0.5/doc/man3/CMS_add0_cert.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/CMS_add0_cert.pod 2022-11-01 14:14:36.000000000 +0000 @@ -19,25 +19,33 @@ =head1 DESCRIPTION -CMS_add0_cert() and CMS_add1_cert() add certificate B to B. -must be of type signed data or enveloped data. +CMS_add0_cert() and CMS_add1_cert() add certificate I to I. +I must be of type signed data or (authenticated) enveloped data. +For signed data, such a certificate can be used when signing or verifying +to fill in the signer certificate or to provide an extra CA certificate +that may be needed for chain building in certificate validation. + +CMS_get1_certs() returns all certificates in I. + +CMS_add0_crl() and CMS_add1_crl() add CRL I to I. +I must be of type signed data or (authenticated) enveloped data. +For signed data, such a CRL may be used in certificate validation. +It may be given both for inclusion when signing a CMS message +and when verifying a signed CMS message. -CMS_get1_certs() returns all certificates in B. - -CMS_add0_crl() and CMS_add1_crl() add CRL B to B. CMS_get1_crls() -returns any CRLs in B. +CMS_get1_crls() returns all CRLs in I. =head1 NOTES -The CMS_ContentInfo structure B must be of type signed data or enveloped +The CMS_ContentInfo structure I must be of type signed data or enveloped data or an error will be returned. -For signed data certificates and CRLs are added to the B and -B fields of SignedData structure. For enveloped data they are added to +For signed data certificates and CRLs are added to the I and +I fields of SignedData structure. For enveloped data they are added to B. -As the B<0> implies CMS_add0_cert() adds B internally to B and it -must not be freed up after the call as opposed to CMS_add1_cert() where B +As the I<0> implies CMS_add0_cert() adds I internally to I and it +must not be freed up after the call as opposed to CMS_add1_cert() where I must be freed up. The same certificate or CRL must not be added to the same cms structure more @@ -50,7 +58,7 @@ CMS_get1_certs() and CMS_get1_crls() return the STACK of certificates or CRLs or NULL if there are none or an error occurs. The only error which will occur -in practice is if the B type is invalid. +in practice is if the I type is invalid. =head1 SEE ALSO @@ -60,7 +68,7 @@ =head1 COPYRIGHT -Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/CMS_verify.pod openssl-3.0.7/doc/man3/CMS_verify.pod --- openssl-3.0.5/doc/man3/CMS_verify.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/CMS_verify.pod 2022-11-01 14:14:36.000000000 +0000 @@ -15,50 +15,58 @@ =head1 DESCRIPTION -CMS_verify() verifies a CMS SignedData structure. B is the CMS_ContentInfo -structure to verify. B is a set of certificates in which to search for -the signing certificate(s). B is a trusted certificate store used for -chain verification. B is the detached content if the content is not -present in B. The content is written to B if it is not NULL. +CMS_verify() is very similar to L. It verifies a +B structure contained in a structure of type B. +I points to the B structure to verify. +The optional I parameter refers to a set of certificates +in which to search for signing certificates. +I may contain extra untrusted CA certificates that may be used for +chain building as well as CRLs that may be used for certificate validation. +I may be NULL or point to +the trusted certificate store to use for chain verification. +I refers to the signed data if the content is detached from I. +Otherwise I should be NULL and the signed data must be in I. +The content is written to the BIO I unless it is NULL. +I is an optional set of flags, which can be used to modify the operation. -B is an optional set of flags, which can be used to modify the verify -operation. - -CMS_get0_signers() retrieves the signing certificate(s) from B, it may only +CMS_get0_signers() retrieves the signing certificate(s) from I, it may only be called after a successful CMS_verify() operation. =head1 VERIFY PROCESS Normally the verify process proceeds as follows. -Initially some sanity checks are performed on B. The type of B must +Initially some sanity checks are performed on I. The type of I must be SignedData. There must be at least one signature on the data and if -the content is detached B cannot be B. +the content is detached I cannot be NULL. An attempt is made to locate all the signing certificate(s), first looking in -the B parameter (if it is not NULL) and then looking in any -certificates contained in the B structure itself. If any signing -certificate cannot be located the operation fails. - -Each signing certificate is chain verified using the B purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If CRL checking is enabled in B any internal -CRLs are used in addition to attempting to look them up in B. If any -chain verify fails an error code is returned. +the I parameter (if it is not NULL) and then looking in any +certificates contained in the I structure unless B is set. +If any signing certificate cannot be located the operation fails. + +Each signing certificate is chain verified using the I purpose and +using the trusted certificate store I if supplied. +Any internal certificates in the message, which may have been added using +L, are used as untrusted CAs. +If CRL checking is enabled in I and B is not set, +any internal CRLs, which may have been added using L, +are used in addition to attempting to look them up in I. +If I is not NULL and any chain verify fails an error code is returned. -Finally the signed content is read (and written to B if it is not NULL) -and the signature's checked. +Finally the signed content is read (and written to I unless it is NULL) +and the signature is checked. -If all signature's verify correctly then the function is successful. +If all signatures verify correctly then the function is successful. -Any of the following flags (ored together) can be passed in the B +Any of the following flags (ored together) can be passed in the I parameter to change the default verify behaviour. If B is set the certificates in the message itself are not -searched when locating the signing certificate(s). This means that all the -signing certificates must be in the B parameter. +searched when locating the signing certificate(s). +This means that all the signing certificates must be in the I parameter. -If B is set and CRL checking is enabled in B then any +If B is set and CRL checking is enabled in I then any CRLs in the message itself are ignored. If the B flag is set MIME headers for type B are deleted @@ -66,7 +74,7 @@ returned. If B is set the signing certificates are not -verified, unless CMS_CADES flag is also set. +chain verified, unless B flag is also set. If B is set the signed attributes signature is not verified, unless CMS_CADES flag is also set. @@ -81,20 +89,20 @@ One application of B is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed -in the B parameter. In this case if the signer is not one of the -certificates supplied in B then the verify will fail because the +in the I parameter. In this case if the signer certificate is not one +of the certificates supplied in I then the verify will fail because the signer cannot be found. In some cases the standard techniques for looking up and validating certificates are not appropriate: for example an application may wish to lookup certificates in a database or perform customised verification. This -can be achieved by setting and verifying the signers certificates manually +can be achieved by setting and verifying the signer certificates manually using the signed data utility functions. Care should be taken when modifying the default verify behaviour, for example setting B will totally disable all content verification and any modified content will be considered valid. This combination is however -useful if one merely wishes to write the content to B and its validity +useful if one merely wishes to write the content to I and its validity is not considered important. Chain verification should arguably be performed using the signing time rather @@ -104,8 +112,7 @@ =head1 RETURN VALUES -CMS_verify() returns 1 for a successful verification and zero if an error -occurred. +CMS_verify() returns 1 for a successful verification and 0 if an error occurred. CMS_get0_signers() returns all signers or NULL if an error occurred. @@ -113,8 +120,8 @@ =head1 BUGS -The trusted certificate store is not searched for the signing certificate, -this is primarily due to the inadequacies of the current B +The trusted certificate store is not searched for the signing certificate. +This is primarily due to the inadequacies of the current B functionality. The lack of single pass processing means that the signed content must all @@ -122,12 +129,13 @@ =head1 SEE ALSO +L, L, L, L, L, L =head1 COPYRIGHT -Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/DEFINE_STACK_OF.pod openssl-3.0.7/doc/man3/DEFINE_STACK_OF.pod --- openssl-3.0.5/doc/man3/DEFINE_STACK_OF.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/DEFINE_STACK_OF.pod 2022-11-01 14:14:36.000000000 +0000 @@ -229,6 +229,13 @@ STACK_OF(), DEFINE_STACK_OF(), DEFINE_STACK_OF_CONST(), and DEFINE_SPECIAL_STACK_OF() are implemented as macros. +It is not an error to call B_num>(), B_value>(), +B_free>(), B_zero>(), B_pop_free>(), +B_delete>(), B_delete_ptr>(), B_pop>(), +B_shift>(), B_find>(), B_find_ex>(), +and B_find_all>() on a NULL stack, empty stack, or with +an invalid index. An error is not raised in these conditions. + The underlying utility B API should not be used directly. It defines these functions: OPENSSL_sk_deep_copy(), OPENSSL_sk_delete(), OPENSSL_sk_delete_ptr(), OPENSSL_sk_dup(), @@ -290,7 +297,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/DH_new_by_nid.pod openssl-3.0.7/doc/man3/DH_new_by_nid.pod --- openssl-3.0.5/doc/man3/DH_new_by_nid.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/DH_new_by_nid.pod 2022-11-01 14:14:36.000000000 +0000 @@ -7,12 +7,13 @@ =head1 SYNOPSIS #include - DH *DH_new_by_nid(int nid); The following functions have been deprecated since OpenSSL 3.0, and can be hidden entirely by defining B with a suitable version value, see L: + DH *DH_new_by_nid(int nid); + int DH_get_nid(const DH *dh); =head1 DESCRIPTION @@ -37,11 +38,11 @@ =head1 HISTORY -The DH_get_nid() function was deprecated in OpenSSL 3.0. +All of these functions were deprecated in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/DH_new.pod openssl-3.0.7/doc/man3/DH_new.pod --- openssl-3.0.5/doc/man3/DH_new.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/DH_new.pod 2022-11-01 14:14:36.000000000 +0000 @@ -8,6 +8,10 @@ #include +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining B with a suitable version value, +see L: + DH* DH_new(void); void DH_free(DH *dh); @@ -32,11 +36,18 @@ L, L, L, -L +L, +L + +=head1 HISTORY + +All of these functions were deprecated in OpenSSL 3.0. + +For replacement see EVP_PKEY-DH(7). =head1 COPYRIGHT -Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/EC_KEY_new.pod openssl-3.0.7/doc/man3/EC_KEY_new.pod --- openssl-3.0.5/doc/man3/EC_KEY_new.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/EC_KEY_new.pod 2022-11-01 14:14:36.000000000 +0000 @@ -43,7 +43,7 @@ const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key); int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group); const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key); - int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv); + int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key); const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key); int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub); point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key); @@ -136,7 +136,9 @@ The functions EC_KEY_get0_group(), EC_KEY_set_group(), EC_KEY_get0_private_key(), EC_KEY_set_private_key(), EC_KEY_get0_public_key(), and EC_KEY_set_public_key() get and set the EC_GROUP object, the private key, -and the EC_POINT public key for the I respectively. +and the EC_POINT public key for the B respectively. The function +EC_KEY_set_private_key() accepts NULL as the priv_key argument to securely clear +the private key component from the EC_KEY. The functions EC_KEY_get_conv_form() and EC_KEY_set_conv_form() get and set the point_conversion_form for the I. For a description of @@ -197,10 +199,14 @@ EC_KEY_get0_engine() returns a pointer to an ENGINE, or NULL if it wasn't set. -EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_private_key(), -EC_KEY_set_public_key(), EC_KEY_precompute_mult(), EC_KEY_generate_key(), -EC_KEY_check_key(), EC_KEY_set_public_key_affine_coordinates(), -EC_KEY_oct2key() and EC_KEY_oct2priv() return 1 on success or 0 on error. +EC_KEY_up_ref(), EC_KEY_set_group(), EC_KEY_set_public_key(), +EC_KEY_precompute_mult(), EC_KEY_generate_key(), EC_KEY_check_key(), +EC_KEY_set_public_key_affine_coordinates(), EC_KEY_oct2key() and +EC_KEY_oct2priv() return 1 on success or 0 on error. + +EC_KEY_set_private_key() returns 1 on success or 0 on error except when the +priv_key argument is NULL, in that case it returns 0, for legacy compatibility, +and should not be treated as an error. EC_KEY_get0_group() returns the EC_GROUP associated with the EC_KEY. @@ -229,7 +235,7 @@ =head1 COPYRIGHT -Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/EVP_PBE_CipherInit.pod openssl-3.0.7/doc/man3/EVP_PBE_CipherInit.pod --- openssl-3.0.5/doc/man3/EVP_PBE_CipherInit.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/EVP_PBE_CipherInit.pod 2022-11-01 14:14:36.000000000 +0000 @@ -3,7 +3,8 @@ =head1 NAME EVP_PBE_CipherInit, EVP_PBE_CipherInit_ex, -EVP_PBE_find, EVP_PBE_find_ex - Password based encryption routines +EVP_PBE_find, EVP_PBE_find_ex, +EVP_PBE_alg_add_type, EVP_PBE_alg_add - Password based encryption routines =head1 SYNOPSIS @@ -20,6 +21,11 @@ int EVP_PBE_find_ex(int type, int pbe_nid, int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen, EVP_PBE_KEYGEN_EX **keygen_ex); + int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid, + int md_nid, EVP_PBE_KEYGEN *keygen); + int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, + EVP_PBE_KEYGEN *keygen); + =head1 DESCRIPTION =head2 PBE operations @@ -66,6 +72,12 @@ If a NULL is supplied for any of I, I, I or I then this parameter is not returned. +=head2 PBE algorithm add + +EVP_PBE_alg_add_type() and EVP_PBE_alg_add() add an algorithm to the list +of known algorithms. Their parameters have the same meaning as for +EVP_PBE_find() and EVP_PBE_find_ex() functions. + =head1 NOTES The arguments I and I to EVP_PBE_CipherInit() and EVP_PBE_CipherInit_ex() @@ -89,7 +101,7 @@ =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod openssl-3.0.7/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod --- openssl-3.0.5/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/EVP_PKEY_CTX_set_hkdf_md.pod 2022-11-01 14:14:36.000000000 +0000 @@ -99,7 +99,7 @@ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL); -The total length of the info buffer cannot exceed 1024 bytes in length: this +The total length of the info buffer cannot exceed 2048 bytes in length: this should be more than enough for any normal use of HKDF. The output length of an HKDF expand operation is specified via the length @@ -159,7 +159,7 @@ =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/EVP_PKEY_fromdata.pod openssl-3.0.7/doc/man3/EVP_PKEY_fromdata.pod --- openssl-3.0.5/doc/man3/EVP_PKEY_fromdata.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/EVP_PKEY_fromdata.pod 2022-11-01 14:14:36.000000000 +0000 @@ -53,6 +53,9 @@ I is described in L. See L for the use of B as parameter descriptor. +Parameters in the I array that are not among the settable parameters +for the given I are ignored. + =head2 Selections The following constants can be used for I: @@ -267,7 +270,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/EVP_PKEY_gettable_params.pod openssl-3.0.7/doc/man3/EVP_PKEY_gettable_params.pod --- openssl-3.0.5/doc/man3/EVP_PKEY_gettable_params.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/EVP_PKEY_gettable_params.pod 2022-11-01 14:14:36.000000000 +0000 @@ -92,7 +92,7 @@ #include - char *curve_name[64]; + char curve_name[64]; unsigned char pub[256]; BIGNUM *bn_priv = NULL; @@ -113,7 +113,6 @@ /* Error */ } - BN_clear_free(bn_priv); =head1 SEE ALSO diff -Nru openssl-3.0.5/doc/man3/OPENSSL_gmtime.pod openssl-3.0.7/doc/man3/OPENSSL_gmtime.pod --- openssl-3.0.5/doc/man3/OPENSSL_gmtime.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/doc/man3/OPENSSL_gmtime.pod 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,62 @@ +=pod + +=head1 NAME + +OPENSSL_gmtime, +OPENSSL_gmtime_adj, +OPENSSL_gmtime_diff - platform-agnostic OpenSSL time routines + +=head1 SYNOPSIS + + #include + + struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); + int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec); + int OPENSSL_gmtime_diff(int *pday, int *psec, + const struct tm *from, const struct tm *to); + +=head1 DESCRIPTION + +OPENSSL_gmtime() returns the UTC time specified by I into the provided +I argument. + +OPENSSL_gmtime_adj() adds the offsets in I and I to I. + +OPENSSL_gmtime_diff() calculates the difference between I and I. + +=head1 NOTES + +It is an error to call OPENSSL_gmtime() with I equal to NULL. The +contents of the time_t given by I are stored into the I. Calling +with I equal to NULL means use the current time. + +OPENSSL_gmtime_adj() converts I into a days and seconds value, adds the +offsets, then converts back into a I specified by I. Leap seconds +are not considered. + +OPENSSL_gmtime_diff() calculates the difference between the two I +structures I and I. The difference in days is placed into I<*pday>, +the remaining seconds are placed to I<*psec>. The value in I<*psec> will be less +than the number of seconds per day (3600). Leap seconds are not considered. + +=head1 RETURN VALUES + +OPENSSL_gmtime() returns NULL on error, or I on success. + +OPENSSL_gmtime_adj() and OPENSSL_gmtime_diff() return 0 on error, and 1 on success. + +=head1 HISTORY + +OPENSSL_gmtime(), OPENSSL_gmtime_adj() and OPENSSL_gmtime_diff() have been +in OpenSSL since 1.0.0. + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.5/doc/man3/OPENSSL_init_crypto.pod openssl-3.0.7/doc/man3/OPENSSL_init_crypto.pod --- openssl-3.0.5/doc/man3/OPENSSL_init_crypto.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OPENSSL_init_crypto.pod 2022-11-01 14:14:36.000000000 +0000 @@ -82,7 +82,7 @@ With this option the library will automatically load and make available all libcrypto digests. This option is a default option. Once selected subsequent calls to OPENSSL_init_crypto() with the option -B will be ignored. +B will be ignored. =item OPENSSL_INIT_NO_ADD_ALL_CIPHERS @@ -289,7 +289,7 @@ =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OPENSSL_LH_COMPFUNC.pod openssl-3.0.7/doc/man3/OPENSSL_LH_COMPFUNC.pod --- openssl-3.0.5/doc/man3/OPENSSL_LH_COMPFUNC.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OPENSSL_LH_COMPFUNC.pod 2022-11-01 14:14:36.000000000 +0000 @@ -28,7 +28,7 @@ TYPE *lh_TYPE_insert(LHASH_OF(TYPE) *table, TYPE *data); TYPE *lh_TYPE_delete(LHASH_OF(TYPE) *table, TYPE *data); - TYPE *lh_retrieve(LHASH_OF(TYPE) *table, TYPE *data); + TYPE *lh_TYPE_retrieve(LHASH_OF(TYPE) *table, TYPE *data); void lh_TYPE_doall(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNC func); void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, @@ -270,7 +270,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OPENSSL_malloc.pod openssl-3.0.7/doc/man3/OPENSSL_malloc.pod --- openssl-3.0.5/doc/man3/OPENSSL_malloc.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OPENSSL_malloc.pod 2022-11-01 14:14:36.000000000 +0000 @@ -149,12 +149,12 @@ failing. If the variable B is parsed as a positive integer, then -it is taken as an open file descriptor, and a record of all allocations is -written to that descriptor. If an allocation will fail, and the platform -supports it, then a backtrace will be written to the descriptor. This can -be useful because a malloc may fail but not be checked, and problems will -only occur later. The following example in classic shell syntax shows how -to use this (will not work on all platforms): +it is taken as an open file descriptor. This is used in conjunction with +B described above. For every allocation it will log +details about how many allocations there have been so far, what percentage +chance there is for this allocation failing, and whether it has actually failed. +The following example in classic shell syntax shows how to use this (will not +work on all platforms): OPENSSL_MALLOC_FAILURES='200;@10' export OPENSSL_MALLOC_FAILURES @@ -179,10 +179,11 @@ always because allocations have already happened). CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp(), CRYPTO_mem_leaks_cb(), -CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and return -1. +CRYPTO_set_mem_debug(), and CRYPTO_mem_ctrl() are deprecated and are no-ops that +always return -1. OPENSSL_mem_debug_push(), OPENSSL_mem_debug_pop(), CRYPTO_mem_debug_push(), and CRYPTO_mem_debug_pop() -are deprecated and return 0. +are deprecated and are no-ops that always return 0. =head1 HISTORY @@ -197,7 +198,7 @@ =head1 COPYRIGHT -Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OSSL_CMP_MSG_get0_header.pod openssl-3.0.7/doc/man3/OSSL_CMP_MSG_get0_header.pod --- openssl-3.0.5/doc/man3/OSSL_CMP_MSG_get0_header.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_CMP_MSG_get0_header.pod 2022-11-01 14:14:36.000000000 +0000 @@ -45,12 +45,14 @@ =over 4 -=item any subject name in I set via L, +=item any subject name in I set via L - +if it is the NULL-DN (i.e., any empty sequence of RDNs), no subject is included, -=item the subject field of any PKCS#10 CSR is given in I, or +=item the subject field of any PKCS#10 CSR set in I +via L, =item the subject field of any reference certificate given in I -(see L), if I is nonzero +(see L), but only if I is nonzero or the I does not include a Subject Alternative Name. =back @@ -61,9 +63,9 @@ =item the public key derived from any key set via L, -=item the public key of any PKCS#10 CSR is given in I, +=item the public key of any PKCS#10 CSR given in I, -=item the public key of any reference certificate given in I, or +=item the public key of any reference certificate given in I, =item the public key derived from any client's private key set via L. @@ -108,7 +110,7 @@ OSSL_CMP_MSG_get_bodytype() returns the body type or -1 on error. -OSSL_CMP_CTX_setup_CRM() returns a pointer to a OSSL_CRMF_MSG on success, +OSSL_CMP_CTX_setup_CRM() returns a pointer to a B on success, NULL on error. d2i_OSSL_CMP_MSG_bio() returns the parsed message or NULL on error. @@ -121,6 +123,13 @@ OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error. +=head1 SEE ALSO + +L, L, +L, L, +L, L, +L, L + =head1 HISTORY The OpenSSL CMP support was added in OpenSSL 3.0. diff -Nru openssl-3.0.5/doc/man3/OSSL_HTTP_REQ_CTX.pod openssl-3.0.7/doc/man3/OSSL_HTTP_REQ_CTX.pod --- openssl-3.0.5/doc/man3/OSSL_HTTP_REQ_CTX.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_HTTP_REQ_CTX.pod 2022-11-01 14:14:36.000000000 +0000 @@ -66,8 +66,8 @@ A value <= 0 indicates that the B of 4KiB should be used. I is also used as the number of content bytes that are read at a time. -The allocated context structure is also populated with an internal allocated -memory B, which collects the HTTP request and additional headers as text. +The allocated context structure includes an internal memory B, +which collects the HTTP request header lines. OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I. The I is not free'd, I will be free'd if I is set. @@ -80,7 +80,7 @@ I is the HTTP request path; if left NULL, C is used. OSSL_HTTP_REQ_CTX_add1_header() adds header I with value I to the -context I. It can be called more than once to add multiple headers. +context I. It can be called more than once to add multiple header lines. For example, to add a C header for C you would call: OSSL_HTTP_REQ_CTX_add1_header(ctx, "Host", "example.com"); @@ -96,7 +96,7 @@ expected as the response content and input streaming is disabled. This means that an ASN.1 sequence header is required, its length field is checked, and OSSL_HTTP_REQ_CTX_get0_mem_bio() should be used to get the buffered response. -Otherwise any input format is allowed without length checks, which is the default. +Otherwise (by default) any input format is allowed without length checks. In this case the BIO given as I argument to OSSL_HTTP_REQ_CTX_new() should be used directly to read the response contents, which may support streaming. If the I parameter is > 0 this indicates the maximum number of seconds @@ -124,7 +124,7 @@ I must be NULL if I is NULL. If I isn't NULL, the HTTP header C is also added with the given string value. -All of this ends up in the internal memory B. +The header lines are added to the internal memory B for the request header. OSSL_HTTP_REQ_CTX_nbio() attempts to send the request prepared in I and to gather the response via HTTP, using the I and I @@ -143,17 +143,17 @@ If an ASN.1-encoded response was expected, this is the BIO returned by OSSL_HTTP_REQ_CTX_get0_mem_bio() when called after the exchange. This memory BIO does not support streaming. -Otherwise it may be the I given when calling OSSL_HTTP_REQ_CTX_new(), -and this BIO has been read past the end of the response headers, -such that the actual response body can be read via this BIO, +Otherwise the returned BIO is the I given to OSSL_HTTP_REQ_CTX_new(), which may support streaming. -The returned BIO pointer must not be freed by the caller. +When this BIO is returned, it has been read past the end of the response header, +such that the actual response body can be read from it. +The returned BIO pointer MUST NOT be freed by the caller. OSSL_HTTP_REQ_CTX_get0_mem_bio() returns the internal memory B. -Before sending the request, this could used to modify the HTTP request text. +Before the HTTP request is sent, this could be used to adapt its header lines. I After receiving a response via HTTP, the BIO represents the current state of -reading the response headers. If the response was expected to be ASN.1 encoded, +reading the response header. If the response was expected to be ASN.1 encoded, its contents can be read via this BIO, which does not support streaming. The returned BIO pointer must not be freed by the caller. @@ -200,7 +200,7 @@ =item 2. -Adding extra headers with OSSL_HTTP_REQ_CTX_add1_header(). +Adding extra header lines with OSSL_HTTP_REQ_CTX_add1_header(). This is optional and may be done multiple times with different names. =item 3. @@ -229,7 +229,7 @@ return 1 for success, 0 on error or redirection, -1 if retry is needed. OSSL_HTTP_REQ_CTX_exchange() and OSSL_HTTP_REQ_CTX_get0_mem_bio() -return a pointer to a B on success and NULL on failure. +return a pointer to a B on success as described above or NULL on failure. The returned BIO must not be freed by the caller. OSSL_HTTP_REQ_CTX_get_resp_len() returns the size of the response contents @@ -256,7 +256,7 @@ =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OSSL_HTTP_transfer.pod openssl-3.0.7/doc/man3/OSSL_HTTP_transfer.pod --- openssl-3.0.5/doc/man3/OSSL_HTTP_transfer.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_HTTP_transfer.pod 2022-11-01 14:14:36.000000000 +0000 @@ -102,8 +102,8 @@ whereby it may make use of a custom defined argument I, which may for instance point to an B structure. During connection establishment, just after calling BIO_do_connect_retry(), the -callback function is invoked with the I argument being 1 and the I -argument being 1 if HTTPS is requested, i.e., SSL/TLS should be enabled, else 0. +callback function is invoked with the I argument being 1 and +I being 1 if I is nonzero (i.e., HTTPS is requested), else 0. On disconnect I is 0 and I is 1 if no error occurred, else 0. For instance, on connect the callback may push an SSL BIO to implement HTTPS; after disconnect it may do some diagnostic output and pop and free the SSL BIO. @@ -202,7 +202,7 @@ the length indications received are checked for consistency and for not exceeding any given maximum response length. If an ASN.1-encoded response is expected, the function returns on success -the contents as a memory BIO, which does not support streaming. +the contents buffered in a memory BIO, which does not support streaming. Otherwise it returns directly the read BIO that holds the response contents, which allows a response of indefinite length and may support streaming. The caller is responsible for freeing the BIO pointer obtained. @@ -253,8 +253,8 @@ return 1 on success, 0 on error. On success, OSSL_HTTP_exchange(), OSSL_HTTP_get(), and OSSL_HTTP_transfer() -return a memory BIO containing the data received if an ASN.1-encoded response -is expected, else a BIO that may support streaming. +return a memory BIO that buffers all the data received if an ASN.1-encoded +response is expected, otherwise a BIO that may support streaming. The BIO must be freed by the caller. On failure, they return NULL. Failure conditions include connection/transfer timeout, parse errors, etc. @@ -274,7 +274,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OSSL_LIB_CTX.pod openssl-3.0.7/doc/man3/OSSL_LIB_CTX.pod --- openssl-3.0.5/doc/man3/OSSL_LIB_CTX.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_LIB_CTX.pod 2022-11-01 14:14:36.000000000 +0000 @@ -83,7 +83,7 @@ application's library context and will be similarly mirrored in the child library context. -OSSL_LIB_CTX_load_config() loads a configuration file using the given C. +OSSL_LIB_CTX_load_config() loads a configuration file using the given I. This can be used to associate a library context with providers that are loaded from a configuration. @@ -118,13 +118,15 @@ OSSL_LIB_CTX_free() doesn't return any value. +OSSL_LIB_CTX_load_config() returns 1 on success, 0 on error. + =head1 HISTORY All of the functions described on this page were added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/OSSL_PARAM_BLD.pod openssl-3.0.7/doc/man3/OSSL_PARAM_BLD.pod --- openssl-3.0.5/doc/man3/OSSL_PARAM_BLD.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_PARAM_BLD.pod 2022-11-01 14:14:36.000000000 +0000 @@ -134,10 +134,12 @@ Both examples creating an OSSL_PARAM array that contains an RSA key. For both, the predefined key variables are: - BIGNUM *p, *q; /* both prime */ - BIGNUM *n; /* = p * q */ - unsigned int e; /* exponent, usually 65537 */ - BIGNUM *d; /* e^-1 */ + BIGNUM *n; /* modulus */ + unsigned int e; /* public exponent */ + BIGNUM *d; /* private exponent */ + BIGNUM *p, *q; /* first two prime factors */ + BIGNUM *dmp1, *dmq1; /* first two CRT exponents */ + BIGNUM *iqmp; /* first CRT coefficient */ =head2 Example 1 @@ -148,11 +150,14 @@ OSSL_PARAM *params = NULL; if (bld == NULL - || !OSSL_PARAM_BLD_push_BN(bld, "p", p) - || !OSSL_PARAM_BLD_push_BN(bld, "q", q) - || !OSSL_PARAM_BLD_push_uint(bld, "e", e) || !OSSL_PARAM_BLD_push_BN(bld, "n", n) + || !OSSL_PARAM_BLD_push_uint(bld, "e", e) || !OSSL_PARAM_BLD_push_BN(bld, "d", d) + || !OSSL_PARAM_BLD_push_BN(bld, "rsa-factor1", p) + || !OSSL_PARAM_BLD_push_BN(bld, "rsa-factor2", q) + || !OSSL_PARAM_BLD_push_BN(bld, "rsa-exponent1", dmp1) + || !OSSL_PARAM_BLD_push_BN(bld, "rsa-exponent2", dmq1) + || !OSSL_PARAM_BLD_push_BN(bld, "rsa-coefficient1", iqmp) || (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) goto err; OSSL_PARAM_BLD_free(bld); @@ -170,7 +175,7 @@ if (nld == NULL || !OSSL_PARAM_BLD_push_BN(bld, "n", n) - || !OSSL_PARAM_BLD_push_BN(bld, "e", e) + || !OSSL_PARAM_BLD_push_uint(bld, "e", e) || (params = OSSL_PARAM_BLD_to_param(bld)) == NULL) goto err; OSSL_PARAM_BLD_free(bld); diff -Nru openssl-3.0.5/doc/man3/OSSL_PROVIDER.pod openssl-3.0.7/doc/man3/OSSL_PROVIDER.pod --- openssl-3.0.5/doc/man3/OSSL_PROVIDER.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_PROVIDER.pod 2022-11-01 14:14:36.000000000 +0000 @@ -18,8 +18,8 @@ typedef struct ossl_provider_st OSSL_PROVIDER; - void OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, - const char *path); + int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, + const char *path); OSSL_PROVIDER *OSSL_PROVIDER_load(OSSL_LIB_CTX *libctx, const char *name); OSSL_PROVIDER *OSSL_PROVIDER_try_load(OSSL_LIB_CTX *libctx, const char *name, @@ -157,7 +157,8 @@ =head1 RETURN VALUES -OSSL_PROVIDER_add(), OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and +OSSL_PROVIDER_set_default_search_path(), OSSL_PROVIDER_add(), +OSSL_PROVIDER_unload(), OSSL_PROVIDER_get_params() and OSSL_PROVIDER_get_capabilities() return 1 on success, or 0 on error. OSSL_PROVIDER_load() and OSSL_PROVIDER_try_load() return a pointer to a diff -Nru openssl-3.0.5/doc/man3/OSSL_trace_set_channel.pod openssl-3.0.7/doc/man3/OSSL_trace_set_channel.pod --- openssl-3.0.5/doc/man3/OSSL_trace_set_channel.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/OSSL_trace_set_channel.pod 2022-11-01 14:14:36.000000000 +0000 @@ -136,6 +136,10 @@ Traces the ciphers used by the TLS/SSL protocol. +=item B + +Traces details about the provider and engine configuration. + =item B Traces the ENGINE algorithm table selection. @@ -175,9 +179,25 @@ Traces BIGNUM context operations. -=item B +=item B -Traces details about the provider and engine configuration. +Traces CMP client and server activity. + +=item B + +Traces STORE operations. + +=item B + +Traces decoder operations. + +=item B + +Traces encoder operations. + +=item B + +Traces decrementing certain ASN.1 structure references. =back @@ -300,7 +320,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/PKCS7_sign_add_signer.pod openssl-3.0.7/doc/man3/PKCS7_sign_add_signer.pod --- openssl-3.0.5/doc/man3/PKCS7_sign_add_signer.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/PKCS7_sign_add_signer.pod 2022-11-01 14:14:36.000000000 +0000 @@ -2,7 +2,8 @@ =head1 NAME -PKCS7_sign_add_signer - add a signer PKCS7 signed data structure +PKCS7_sign_add_signer, +PKCS7_add_certificate, PKCS7_add_crl - add information to PKCS7 structure =head1 SYNOPSIS @@ -10,22 +11,22 @@ PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); - + int PKCS7_add_certificate(PKCS7 *p7, X509 *cert); + int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl); =head1 DESCRIPTION -PKCS7_sign_add_signer() adds a signer with certificate B and private -key B using message digest B to a PKCS7 signed data structure -B. +PKCS7_sign_add_signer() adds a signer with certificate I and private +key I using message digest I to a PKCS7 signed data structure I. -The PKCS7 structure should be obtained from an initial call to PKCS7_sign() -with the flag B set or in the case or re-signing a valid PKCS7 +The B structure should be obtained from an initial call to PKCS7_sign() +with the flag B set or in the case or re-signing a valid PKCS#7 signed data structure. -If the B parameter is B then the default digest for the public +If the I parameter is NULL then the default digest for the public key algorithm will be used. -Unless the B flag is set the returned PKCS7 structure +Unless the B flag is set the returned B structure is not complete and must be finalized either by streaming (if applicable) or a call to PKCS7_final(). @@ -37,13 +38,13 @@ not appropriate. For example if multiple signers or non default digest algorithms are needed. -Any of the following flags (ored together) can be passed in the B +Any of the following flags (ored together) can be passed in the I parameter. If B is set then an attempt is made to copy the content -digest value from the PKCS7 structure: to add a signer to an existing structure. +digest value from the B structure: to add a signer to an existing structure. An error occurs if a matching digest value cannot be found to copy. The -returned PKCS7 structure will be valid and finalized when this flag is set. +returned B structure will be valid and finalized when this flag is set. If B is set in addition to B then the B structure will not be finalized so additional attributes @@ -51,8 +52,8 @@ needed to finalize it. If B is set the signer's certificate will not be included in the -PKCS7 structure, the signer's certificate must still be supplied in the -B parameter though. This can reduce the size of the signature if the +B structure, the signer's certificate must still be supplied in the +I parameter though. This can reduce the size of the signature if the signers certificate can be obtained by other means: for example a previously signed message. @@ -66,20 +67,32 @@ algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of these algorithms is disabled then it will not be included. - -PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO -structure just added, this can be used to set additional attributes +PKCS7_sign_add_signers() returns an internal pointer to the B +structure just added, which can be used to set additional attributes before it is finalized. +PKCS7_add_certificate() adds to the B structure I the certificate +I, which may be an end-entity (signer) certificate +or a CA certificate useful for chain building. +This is done internally by L and similar signing functions. +It may have to be used before calling L +in order to provide any missing certificate(s) needed for verification. + +PKCS7_add_crl() adds the CRL I to the B structure I. +This may be called to provide certificate status information +to be included when signing or to use when verifying the B structure. + =head1 RETURN VALUES -PKCS7_sign_add_signers() returns an internal pointer to the PKCS7_SIGNER_INFO +PKCS7_sign_add_signers() returns an internal pointer to the B structure just added or NULL if an error occurs. +PKCS7_add_certificate() and PKCS7_add_crl() return 1 on success, 0 on error. + =head1 SEE ALSO -L, L, -L, +L, L, +L, L =head1 HISTORY @@ -87,7 +100,7 @@ =head1 COPYRIGHT -Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/PKCS7_sign.pod openssl-3.0.7/doc/man3/PKCS7_sign.pod --- openssl-3.0.5/doc/man3/PKCS7_sign.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/PKCS7_sign.pod 2022-11-01 14:14:36.000000000 +0000 @@ -18,28 +18,28 @@ =head1 DESCRIPTION PKCS7_sign_ex() creates and returns a PKCS#7 signedData structure. -I is the certificate to sign with, Ipkey> is the corresponding -private key. I is an optional additional set of certificates to include -in the PKCS#7 structure (for example any intermediate CAs in the chain). The -library context I and property query I are used when +I is the certificate to sign with, I is the corresponding +private key. I is an optional set of extra certificates to include +in the PKCS#7 structure (for example any intermediate CAs in the chain). +The library context I and property query I are used when retrieving algorithms from providers. -The data to be signed is read from BIO B. +The data to be signed is read from BIO I. -B is an optional set of flags. +I is an optional set of flags. -Any of the following flags (ored together) can be passed in the B +Any of the following flags (ored together) can be passed in the I parameter. Many S/MIME clients expect the signed content to include valid MIME headers. If -the B flag is set MIME headers for type B are prepended +the B flag is set MIME headers for type C are prepended to the data. -If B is set the signer's certificate will not be included in the -PKCS7 structure, the signer's certificate must still be supplied in the -B parameter though. This can reduce the size of the signature if the -signers certificate can be obtained by other means: for example a previously -signed message. +If B is set the signer's certificate and the extra I +will not be included in the PKCS7 structure. +The signer's certificate must still be supplied in the I parameter +though. This can reduce the size of the signatures if the signer's certificates +can be obtained by other means: for example a previously signed message. The data being signed is included in the PKCS7 structure, unless B is set in which case it is omitted. This is used for PKCS7 @@ -63,7 +63,7 @@ If the flags B is set then the returned B structure is just initialized ready to perform the signing operation. The signing is however -B performed and the data to be signed is not read from the B +B performed and the data to be signed is not read from the I parameter. Signing is deferred until after the data has been written. In this way data can be signed in a single pass. @@ -82,20 +82,21 @@ If a signer is specified it will use the default digest for the signing algorithm. This is B for both RSA and DSA keys. -The B, B and B parameters can all be -B if the B flag is set. One or more signers can be added +The I, I and I parameters can all be +NULL if the B flag is set. One or more signers can be added using the function PKCS7_sign_add_signer(). PKCS7_final() must also be called to finalize the structure if streaming is not enabled. Alternative signing digests can also be specified using this method. -If B and B are NULL then a certificates only +If I and I are NULL then a certificates only PKCS#7 structure is output. -In versions of OpenSSL before 1.0.0 the B and B parameters must -B be NULL. +In versions of OpenSSL before 1.0.0 the I and I parameters must +not be NULL. -PKCS7_sign() is similar to PKCS7_sign_ex() but uses default values of +PKCS7_sign() is like PKCS7_sign_ex() except that it uses default values of NULL for the library context I and the property query I. +This is retained for API backward compatibiliy. =head1 BUGS @@ -114,14 +115,14 @@ The function PKCS7_sign_ex() was added in OpenSSL 3.0. -The B flag, and the ability for B, B, -and B parameters to be B were added in OpenSSL 1.0.0. +The B flag, and the ability for I, I, +and I parameters to be NULL were added in OpenSSL 1.0.0. The B flag was added in OpenSSL 1.0.0. =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/PKCS7_verify.pod openssl-3.0.7/doc/man3/PKCS7_verify.pod --- openssl-3.0.5/doc/man3/PKCS7_verify.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/PKCS7_verify.pod 2022-11-01 14:14:36.000000000 +0000 @@ -15,64 +15,76 @@ =head1 DESCRIPTION -PKCS7_verify() verifies a PKCS#7 signedData structure. B is the PKCS7 -structure to verify. B is a set of certificates in which to search for -the signer's certificate. B is a trusted certificate store (used for -chain verification). B is the signed data if the content is not -present in B (that is it is detached). The content is written to B -if it is not NULL. - -B is an optional set of flags, which can be used to modify the verify -operation. - -PKCS7_get0_signers() retrieves the signer's certificates from B, it does -B check their validity or whether any signatures are valid. The B -and B parameters have the same meanings as in PKCS7_verify(). +PKCS7_verify() is very similar to L. +It verifies a PKCS#7 signedData structure given in I. +The optional I parameter refers to a set of certificates +in which to search for signer's certificates. +I may contain extra untrusted CA certificates that may be used for +chain building as well as CRLs that may be used for certificate validation. +I may be NULL or point to +the trusted certificate store to use for chain verification. +I refers to the signed data if the content is detached from I. +Otherwise I should be NULL, and then the signed data must be in I. +The content is written to the BIO I unless it is NULL. +I is an optional set of flags, which can be used to modify the operation. + +PKCS7_get0_signers() retrieves the signer's certificates from I, it does +B check their validity or whether any signatures are valid. The I +and I parameters have the same meanings as in PKCS7_verify(). =head1 VERIFY PROCESS Normally the verify process proceeds as follows. -Initially some sanity checks are performed on B. The type of B must -be signedData. There must be at least one signature on the data and if -the content is detached B cannot be B. If the content is -not detached and B is not B, then the structure has both +Initially some sanity checks are performed on I. The type of I must +be SignedData. There must be at least one signature on the data and if +the content is detached I cannot be NULL. If the content is +not detached and I is not NULL then the structure has both embedded and external content. To treat this as an error, use the flag B. The default behavior allows this, for compatibility with older versions of OpenSSL. An attempt is made to locate all the signer's certificates, first looking in -the B parameter (if it is not B) and then looking in any certificates -contained in the B structure itself. If any signer's certificates cannot be -located the operation fails. +the I parameter (if it is not NULL). Then they are looked up in any +certificates contained in the I structure unless B is set. +If any signer's certificates cannot be located the operation fails. Each signer's certificate is chain verified using the B purpose and -the supplied trusted certificate store. Any internal certificates in the message -are used as untrusted CAs. If any chain verify fails an error code is returned. - -Finally the signed content is read (and written to B is it is not NULL) and -the signature's checked. - -If all signature's verify correctly then the function is successful. - -Any of the following flags (ored together) can be passed in the B parameter -to change the default verify behaviour. Only the flag B is -meaningful to PKCS7_get0_signers(). +using the trusted certificate store I if supplied. +Any internal certificates in the message, which may have been added using +L, are used as untrusted CAs unless B +is set. +If CRL checking is enabled in I and B is not set, +any internal CRLs, which may have been added using L, +are used in addition to attempting to look them up in I. +If I is not NULL and any chain verify fails an error code is returned. + +Finally the signed content is read (and written to I unless it is NULL) +and the signature is checked. + +If all signatures verify correctly then the function is successful. + +Any of the following flags (ored together) can be passed in the I +parameter to change the default verify behaviour. +Only the flag B is meaningful to PKCS7_get0_signers(). If B is set the certificates in the message itself are not -searched when locating the signer's certificate. This means that all the signers -certificates must be in the B parameter. +searched when locating the signer's certificates. +This means that all the signer's certificates must be in the I parameter. + +If B is set and CRL checking is enabled in I then any +CRLs in the message itself are ignored. -If the B flag is set MIME headers for type B are deleted -from the content. If the content is not of type B then an error is +If the B flag is set MIME headers for type C are deleted +from the content. If the content is not of type C then an error is returned. If B is set the signer's certificates are not chain verified. If B is set then the certificates contained in the message are not used as untrusted CAs. This means that the whole verify chain (apart from -the signer's certificate) must be contained in the trusted store. +the signer's certificates) must be contained in the trusted store. If B is set then the signatures on the data are not checked. @@ -80,46 +92,46 @@ One application of B is to only accept messages signed by a small number of certificates. The acceptable certificates would be passed -in the B parameter. In this case if the signer is not one of the -certificates supplied in B then the verify will fail because the +in the I parameter. In this case if the signer's certificate is not one +of the certificates supplied in I then the verify will fail because the signer cannot be found. Care should be taken when modifying the default verify behaviour, for example setting C will totally disable all verification and any signed message will be considered valid. This combination is however -useful if one merely wishes to write the content to B and its validity +useful if one merely wishes to write the content to I and its validity is not considered important. -Chain verification should arguably be performed using the signing time rather +Chain verification should arguably be performed using the signing time rather than the current time. However, since the signing time is supplied by the signer it cannot be trusted without additional evidence (such as a trusted timestamp). =head1 RETURN VALUES -PKCS7_verify() returns one for a successful verification and zero -if an error occurs. +PKCS7_verify() returns 1 for a successful verification and 0 if an error occurs. -PKCS7_get0_signers() returns all signers or B if an error occurred. +PKCS7_get0_signers() returns all signers or NULL if an error occurred. -The error can be obtained from L +The error can be obtained from L. =head1 BUGS -The trusted certificate store is not searched for the signers certificate, -this is primarily due to the inadequacies of the current B +The trusted certificate store is not searched for the signer's certificates. +This is primarily due to the inadequacies of the current B functionality. -The lack of single pass processing and need to hold all data in memory as -mentioned in PKCS7_sign() also applies to PKCS7_verify(). +The lack of single pass processing means that the signed content must all +be held in memory if it is not detached. =head1 SEE ALSO +L, L, L, L, L =head1 COPYRIGHT -Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/SSL_CTX_use_certificate.pod openssl-3.0.7/doc/man3/SSL_CTX_use_certificate.pod --- openssl-3.0.5/doc/man3/SSL_CTX_use_certificate.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/SSL_CTX_use_certificate.pod 2022-11-01 14:14:36.000000000 +0000 @@ -92,10 +92,10 @@ SSL_CTX_use_RSAPrivateKey() adds the private key B of type RSA to B. SSL_use_PrivateKey() adds B as private key to B; SSL_use_RSAPrivateKey() adds B as private key of type RSA to B. -If a certificate has already been set and the private does not belong -to the certificate an error is returned. To change a certificate, private -key pair the new certificate needs to be set with SSL_use_certificate() -or SSL_CTX_use_certificate() before setting the private key with +If a certificate has already been set and the private key does not belong +to the certificate an error is returned. To change a [certificate/private-key] +pair, the new certificate needs to be set first with SSL_use_certificate() or +SSL_CTX_use_certificate() before setting the private key with SSL_CTX_use_PrivateKey() or SSL_use_PrivateKey(). SSL_CTX_use_cert_and_key() and SSL_use_cert_and_key() assign the X.509 @@ -149,7 +149,8 @@ SSL_CTX_use_certificate_chain_file() adds the first certificate found in the file to the certificate store. The other certificates are added -to the store of chain certificates using L. Note: versions of OpenSSL before 1.0.2 only had a single +to the store of chain certificates using L. +Note: versions of OpenSSL before 1.0.2 only had a single certificate chain store for all certificate types, OpenSSL 1.0.2 and later have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() should be used instead of the SSL_CTX_use_certificate_file() function in order @@ -194,7 +195,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/X509_cmp_time.pod openssl-3.0.7/doc/man3/X509_cmp_time.pod --- openssl-3.0.5/doc/man3/X509_cmp_time.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509_cmp_time.pod 2022-11-01 14:14:36.000000000 +0000 @@ -3,7 +3,7 @@ =head1 NAME X509_cmp_time, X509_cmp_current_time, X509_cmp_timeframe, -X509_time_adj, X509_time_adj_ex +X509_time_adj, X509_time_adj_ex, X509_gmtime_adj - X509 time functions =head1 SYNOPSIS @@ -15,36 +15,41 @@ ASN1_TIME *X509_time_adj(ASN1_TIME *asn1_time, long offset_sec, time_t *in_tm); ASN1_TIME *X509_time_adj_ex(ASN1_TIME *asn1_time, int offset_day, long offset_sec, time_t *in_tm); + ASN1_TIME *X509_gmtime_adj(ASN1_TIME *asn1_time, long offset_sec); =head1 DESCRIPTION -X509_cmp_time() compares the ASN1_TIME in B with the time +X509_cmp_time() compares the ASN1_TIME in I with the time in . X509_cmp_current_time() compares the ASN1_TIME in -B with the current time, expressed as time_t. +I with the current time, expressed as time_t. X509_cmp_timeframe() compares the given time period with the reference time -included in the verification parameters B if they are not NULL and contain +included in the verification parameters I if they are not NULL and contain B; else the current time is used as reference time. -X509_time_adj_ex() sets the ASN1_TIME structure B to the time -B and B after B. +X509_time_adj_ex() sets the ASN1_TIME structure I to the time +I and I after I. -X509_time_adj() sets the ASN1_TIME structure B to the time -B after B. This method can only handle second +X509_time_adj() sets the ASN1_TIME structure I to the time +I after I. This method can only handle second offsets up to the capacity of long, so the newer X509_time_adj_ex() API should be preferred. -In both methods, if B is NULL, a new ASN1_TIME structure +In both methods, if I is NULL, a new ASN1_TIME structure is allocated and returned. -In all methods, if B is NULL, the current time, expressed as +In all methods, if I is NULL, the current time, expressed as time_t, is used. -B must satisfy the ASN1_TIME format mandated by RFC 5280, +I must satisfy the ASN1_TIME format mandated by RFC 5280, i.e., its format must be either YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ. +X509_gmtime_adj() sets the ASN1_TIME structure I to the time +I after the current time. It is equivalent to calling +X509_time_adj() with the last parameter as NULL. + =head1 BUGS Unlike many standard comparison functions, X509_cmp_time() and @@ -52,11 +57,11 @@ =head1 RETURN VALUES -X509_cmp_time() and X509_cmp_current_time() return -1 if B -is earlier than, or equal to, B (resp. current time), and 1 +X509_cmp_time() and X509_cmp_current_time() return -1 if I +is earlier than, or equal to, I (resp. current time), and 1 otherwise. These methods return 0 on error. -X509_cmp_timeframe() returns 0 if B is not NULL and the verification +X509_cmp_timeframe() returns 0 if I is not NULL and the verification parameters do not contain B but do contain B. Otherwise it returns 1 if the end time is not NULL and the reference time (which has determined as @@ -64,8 +69,8 @@ reference time is before, else 0 to indicate that the reference time is in range (implying that the end time is not before the start time if both are present). -X509_time_adj() and X509_time_adj_ex() return a pointer to the updated -ASN1_TIME structure, and NULL on error. +X509_time_adj(), X509_time_adj_ex() and X509_gmtime_adj() return a pointer to +the updated ASN1_TIME structure, and NULL on error. =head1 HISTORY @@ -73,7 +78,7 @@ =head1 COPYRIGHT -Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/X509_CRL_get0_by_serial.pod openssl-3.0.7/doc/man3/X509_CRL_get0_by_serial.pod --- openssl-3.0.5/doc/man3/X509_CRL_get0_by_serial.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509_CRL_get0_by_serial.pod 2022-11-01 14:14:36.000000000 +0000 @@ -30,42 +30,42 @@ =head1 DESCRIPTION -X509_CRL_get0_by_serial() attempts to find a revoked entry in B for -serial number B. If it is successful it sets B<*ret> to the internal -pointer of the matching entry, as a result B<*ret> must not be freed up +X509_CRL_get0_by_serial() attempts to find a revoked entry in I for +serial number I. If it is successful, it sets I<*ret> to the internal +pointer of the matching entry. As a result, I<*ret> B be freed after the call. X509_CRL_get0_by_cert() is similar to X509_get0_by_serial() except it -looks for a revoked entry using the serial number of certificate B. +looks for a revoked entry using the serial number of certificate I. -X509_CRL_get_REVOKED() returns an internal pointer to a stack of all -revoked entries for B. +X509_CRL_get_REVOKED() returns an internal pointer to a STACK of all +revoked entries for I. X509_REVOKED_get0_serialNumber() returns an internal pointer to the -serial number of B. +serial number of I. X509_REVOKED_get0_revocationDate() returns an internal pointer to the -revocation date of B. +revocation date of I. -X509_REVOKED_set_serialNumber() sets the serial number of B to B. -The supplied B pointer is not used internally so it should be -freed up after use. - -X509_REVOKED_set_revocationDate() sets the revocation date of B to -B. The supplied B pointer is not used internally so it should be -freed up after use. +X509_REVOKED_set_serialNumber() sets the serial number of I to I. +The supplied I pointer is not used internally so it should be +freed after use. + +X509_REVOKED_set_revocationDate() sets the revocation date of I to +I. The supplied I pointer is not used internally so it should be +freed after use. -X509_CRL_add0_revoked() appends revoked entry B to CRL B. The -pointer B is used internally so it must not be freed up after the call: +X509_CRL_add0_revoked() appends revoked entry I to CRL I. The +pointer I is used internally so it B be freed after the call: it is freed when the parent CRL is freed. -X509_CRL_sort() sorts the revoked entries of B into ascending serial +X509_CRL_sort() sorts the revoked entries of I into ascending serial number order. =head1 NOTES Applications can determine the number of revoked entries returned by -X509_CRL_get_revoked() using sk_X509_REVOKED_num() and examine each one +X509_CRL_get_REVOKED() using sk_X509_REVOKED_num() and examine each one in turn using sk_X509_REVOKED_value(). =head1 RETURN VALUES @@ -74,15 +74,15 @@ 1 on success except if the revoked entry has the reason C (8), in which case 2 is returned. -X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), -X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for -failure. +X509_CRL_get_REVOKED() returns a STACK of revoked entries. -X509_REVOKED_get0_serialNumber() returns an B pointer. +X509_REVOKED_get0_serialNumber() returns an B structure. -X509_REVOKED_get0_revocationDate() returns an B value. +X509_REVOKED_get0_revocationDate() returns an B structure. -X509_CRL_get_REVOKED() returns a STACK of revoked entries. +X509_REVOKED_set_serialNumber(), X509_REVOKED_set_revocationDate(), +X509_CRL_add0_revoked() and X509_CRL_sort() return 1 for success and 0 for +failure. =head1 SEE ALSO @@ -105,7 +105,7 @@ =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/X509_STORE_add_cert.pod openssl-3.0.7/doc/man3/X509_STORE_add_cert.pod --- openssl-3.0.5/doc/man3/X509_STORE_add_cert.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509_STORE_add_cert.pod 2022-11-01 14:14:36.000000000 +0000 @@ -115,7 +115,7 @@ uses NULL for the library context I and property query I. X509_STORE_load_locations_ex() combines -X509_STORE_load_file_ex() and X509_STORE_load_dir() for a given file +X509_STORE_load_file_ex() and X509_STORE_load_path() for a given file and/or directory path. It is permitted to specify just a file, just a directory, or both paths. @@ -162,7 +162,7 @@ =head1 COPYRIGHT -Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man3/X509_STORE_CTX_new.pod openssl-3.0.7/doc/man3/X509_STORE_CTX_new.pod --- openssl-3.0.5/doc/man3/X509_STORE_CTX_new.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509_STORE_CTX_new.pod 2022-11-01 14:14:36.000000000 +0000 @@ -210,14 +210,18 @@ X509_STORE_CTX_purpose_inherit() directly. Typically applications should call X509_STORE_CTX_set_purpose() or X509_STORE_CTX_set_trust() instead. Using this function it is possible to set the purpose and trust values for the I at -the same time. The I and I arguments can have the same +the same time. +Both I and its internal verification parameter pointer must not be NULL. +The I and I arguments can have the same purpose values as described for X509_STORE_CTX_set_purpose() above. The I argument can have the same trust values as described in X509_STORE_CTX_set_trust() above. Any of the I, I or I values may also have the value 0 to indicate that the supplied parameter should be ignored. After calling this function the purpose to be used -for verification is set from the I argument, and the trust is set from -the I argument. If I is 0 then the trust value will be set from +for verification is set from the I argument unless the purpose was +already set in I before, and the trust is set from the I argument +unless the trust was already set in I before. +If I is 0 then the trust value will be set from the default trust value for I. If the default trust value for the purpose is I and I is 0 then the default trust value associated with the I value is used for the trust setting instead. diff -Nru openssl-3.0.5/doc/man3/X509V3_get_d2i.pod openssl-3.0.7/doc/man3/X509V3_get_d2i.pod --- openssl-3.0.5/doc/man3/X509V3_get_d2i.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509V3_get_d2i.pod 2022-11-01 14:14:36.000000000 +0000 @@ -19,7 +19,7 @@ int crit, unsigned long flags); void *X509V3_EXT_d2i(X509_EXTENSION *ext); - X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext); + X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx); int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, @@ -41,7 +41,7 @@ X509V3_get_d2i() looks for an extension with OID I in the extensions I and, if found, decodes it. If I is NULL then only one -occurrence of an extension is permissible otherwise the first extension after +occurrence of an extension is permissible, otherwise the first extension after index I<*idx> is returned and I<*idx> updated to the location of the extension. If I is not NULL then I<*crit> is set to a status value: -2 if the extension occurs multiple times (this is only returned if I is NULL), @@ -57,24 +57,24 @@ I and returns a pointer to an extension specific structure or NULL if the extension could not be decoded (invalid syntax or not supported). -X509V3_EXT_i2d() encodes the extension specific structure I +X509V3_EXT_i2d() encodes the extension specific structure I with OID I and criticality I. X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of -certificate I, they are otherwise identical to X509V3_get_d2i() and -X509V3_add_i2d(). +certificate I. They are otherwise identical to X509V3_get_d2i() and +X509V3_add1_i2d(). X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions -of CRL I, they are otherwise identical to X509V3_get_d2i() and -X509V3_add_i2d(). +of CRL I. They are otherwise identical to X509V3_get_d2i() and +X509V3_add1_i2d(). X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the -extensions of B structure I (i.e for CRL entry extensions), -they are otherwise identical to X509V3_get_d2i() and X509V3_add_i2d(). +extensions of B structure I (i.e for CRL entry extensions). +They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d(). X509_get0_extensions(), X509_CRL_get0_extensions() and -X509_REVOKED_get0_extensions() return a stack of all the extensions -of a certificate a CRL or a CRL entry respectively. +X509_REVOKED_get0_extensions() return a STACK of all the extensions +of a certificate, a CRL or a CRL entry respectively. =head1 NOTES @@ -84,32 +84,35 @@ The I parameter may be one of the following values. B appends a new extension only if the extension does -not already exist. An error is returned if the extension does already -exist. +not exist. An error is returned if the extension exists. B appends a new extension, ignoring whether the extension -already exists. +exists. -B replaces an extension if it exists otherwise appends -a new extension. +B replaces an existing extension. If the extension does +not exist, appends a new extension. -B replaces an existing extension if it exists -otherwise returns an error. +B replaces an existing extension. If the +extension does not exist, returns an error. B appends a new extension only if the extension does -not already exist. An error B returned if the extension does already -exist. +not exist. An error is B returned if the extension exists. -B extension I is deleted: no new extension is added. +B deletes and frees an existing extension. If the extension +does not exist, returns an error. No new extension is added. -If B is ored with I: any error returned will not -be added to the error queue. +If B is bitwise ORed with I: any error returned +will not be added to the error queue. The function X509V3_get_d2i() and its variants will return NULL if the extension is not found, occurs multiple times or cannot be decoded. It is possible to determine the precise reason by checking the value of I<*crit>. +The function X509V3_add1_i2d() and its variants allocate B +objects on STACK I<*x> depending on I. The B objects +must be explicitly freed using X509_EXTENSION_free(). + =head1 SUPPORTED EXTENSIONS The following sections contain a list of all supported extensions diff -Nru openssl-3.0.5/doc/man3/X509v3_get_ext_by_NID.pod openssl-3.0.7/doc/man3/X509v3_get_ext_by_NID.pod --- openssl-3.0.5/doc/man3/X509v3_get_ext_by_NID.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man3/X509v3_get_ext_by_NID.pod 2022-11-01 14:14:36.000000000 +0000 @@ -41,7 +41,8 @@ int X509_CRL_get_ext_count(const X509_CRL *x); X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc); int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos); - int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, int lastpos); + int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj, + int lastpos); int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos); X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); @@ -57,77 +58,79 @@ =head1 DESCRIPTION -X509v3_get_ext_count() retrieves the number of extensions in B. +X509v3_get_ext_count() retrieves the number of extensions in I. -X509v3_get_ext() retrieves extension B from B. The index B -can take any value from B<0> to X509_get_ext_count(x) - 1. The returned -extension is an internal pointer which B be freed up by the +X509v3_get_ext() retrieves extension I from I. The index I +can take any value from 0 to X509_get_ext_count(I) - 1. The returned +extension is an internal pointer which B be freed by the application. X509v3_get_ext_by_NID() and X509v3_get_ext_by_OBJ() look for an extension -with B or B from extension stack B. The search starts from the -extension after B or from the beginning if is B<-1>. If -the extension is found its index is returned otherwise B<-1> is returned. +with I or I from extension STACK I. The search starts from the +extension after I or from the beginning if I is -1. If +the extension is found, its index is returned, otherwise -1 is returned. X509v3_get_ext_by_critical() is similar to X509v3_get_ext_by_NID() except it -looks for an extension of criticality B. A zero value for B -looks for a non-critical extension a nonzero value looks for a critical +looks for an extension of criticality I. A zero value for I +looks for a non-critical extension. A nonzero value looks for a critical extension. -X509v3_delete_ext() deletes the extension with index B from B. +X509v3_delete_ext() deletes the extension with index I from I. The deleted extension is returned and must be freed by the caller. -If B is in invalid index value B is returned. +If I is an invalid index value, NULL is returned. -X509v3_add_ext() adds extension B to stack B<*x> at position B. If -B is B<-1> the new extension is added to the end. If B<*x> is B -a new stack will be allocated. The passed extension B is duplicated +X509v3_add_ext() adds extension I to STACK I<*x> at position I. If +I is -1, the new extension is added to the end. If I<*x> is NULL, +a new STACK will be allocated. The passed extension I is duplicated internally so it must be freed after use. X509_get_ext_count(), X509_get_ext(), X509_get_ext_by_NID(), X509_get_ext_by_OBJ(), X509_get_ext_by_critical(), X509_delete_ext() -and X509_add_ext() operate on the extensions of certificate B they are +and X509_add_ext() operate on the extensions of certificate I. They are otherwise identical to the X509v3 functions. X509_CRL_get_ext_count(), X509_CRL_get_ext(), X509_CRL_get_ext_by_NID(), X509_CRL_get_ext_by_OBJ(), X509_CRL_get_ext_by_critical(), X509_CRL_delete_ext() and X509_CRL_add_ext() operate on the extensions of -CRL B they are otherwise identical to the X509v3 functions. +CRL I. They are otherwise identical to the X509v3 functions. X509_REVOKED_get_ext_count(), X509_REVOKED_get_ext(), X509_REVOKED_get_ext_by_NID(), X509_REVOKED_get_ext_by_OBJ(), X509_REVOKED_get_ext_by_critical(), X509_REVOKED_delete_ext() and -X509_REVOKED_add_ext() operate on the extensions of CRL entry B -they are otherwise identical to the X509v3 functions. +X509_REVOKED_add_ext() operate on the extensions of CRL entry I. +They are otherwise identical to the X509v3 functions. =head1 NOTES -These functions are used to examine stacks of extensions directly. Many -applications will want to parse or encode and add an extension: they should -use the extension encode and decode functions instead such as +These functions are used to examine stacks of extensions directly. +Applications that want to parse or encode and add an extension should +use the extension encode and decode functions instead, such as X509_add1_ext_i2d() and X509_get_ext_d2i(). -Extension indices start from zero, so a zero index return value is B an -error. These search functions start from the extension B the B -parameter so it should initially be set to B<-1>, if it is set to zero the -initial extension will not be checked. - -=head1 BUGS +For X509v3_get_ext_by_NID(), X509v3_get_ext_by_OBJ(), +X509v3_get_ext_by_critical() and its variants, a zero index return value +is not an error since extension STACK I indices start from zero. +These search functions start from the extension B the I parameter +so it should initially be set to -1. If it is set to zero, the initial extension +will not be checked. X509v3_delete_ext() and its variants are a bit counter-intuitive because these functions do not free the extension they delete. +They return an B object which must be explicitly freed +using X509_EXTENSION_free(). =head1 RETURN VALUES X509v3_get_ext_count() returns the extension count. X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an -B pointer or B if an error occurs. +B structure or NULL if an error occurs. -X509v3_get_ext_by_NID() X509v3_get_ext_by_OBJ() and -X509v3_get_ext_by_critical() return the an extension index or B<-1> if an +X509v3_get_ext_by_NID(), X509v3_get_ext_by_OBJ() and +X509v3_get_ext_by_critical() return the extension index or -1 if an error occurs. -X509v3_add_ext() returns a stack of extensions or B on error. +X509v3_add_ext() returns a STACK of extensions or NULL on error. X509_add_ext() returns 1 on success and 0 on error. @@ -137,7 +140,7 @@ =head1 COPYRIGHT -Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/EVP_CIPHER-AES.pod openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod --- openssl-3.0.5/doc/man7/EVP_CIPHER-AES.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod 2022-11-01 14:14:36.000000000 +0000 @@ -27,7 +27,7 @@ =item "AES-128-ECB", "AES-192-ECB" and "AES-256-ECB" -=item "AES-192-OCB", "AES-128-OCB" and "AES-256-OCB" +=item "AES-192-OFB", "AES-128-OFB" and "AES-256-OFB" =item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV" @@ -52,7 +52,7 @@ =over 4 -=item "AES-128-OFB", "AES-192-OFB" and "AES-256-OFB" +=item "AES-128-OCB", "AES-192-OCB" and "AES-256-OCB" =back @@ -67,7 +67,7 @@ =head1 COPYRIGHT -Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/EVP_KDF-X942-ASN1.pod openssl-3.0.7/doc/man7/EVP_KDF-X942-ASN1.pod --- openssl-3.0.5/doc/man7/EVP_KDF-X942-ASN1.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_KDF-X942-ASN1.pod 2022-11-01 14:14:36.000000000 +0000 @@ -30,7 +30,7 @@ These parameters work as described in L. -=item "key" (B) +=item "secret" (B) The shared secret used for key derivation. This parameter sets the secret. @@ -60,7 +60,7 @@ An optional octet string containing some additional, mutually-known public information. Setting this value also sets "use-keybits" to 0. -=item "use-keybits" (B) +=item "use-keybits" (B) The default value of 1 will use the KEK key length (in bits) as the "supp-pubinfo". A value of 0 disables setting the "supp-pubinfo". @@ -141,7 +141,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/EVP_MD-RIPEMD160.pod openssl-3.0.7/doc/man7/EVP_MD-RIPEMD160.pod --- openssl-3.0.5/doc/man7/EVP_MD-RIPEMD160.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_MD-RIPEMD160.pod 2022-11-01 14:14:36.000000000 +0000 @@ -10,7 +10,7 @@ =head2 Identities -This implementation is only available with the legacy provider, and is +This implementation is available in both the default and legacy providers, and is identified with any of the names "RIPEMD-160", "RIPEMD160", "RIPEMD" and "RMD160". @@ -23,9 +23,13 @@ L, L +=head1 HISTORY + +This digest was added to the default provider in OpenSSL 3.0.7. + =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/EVP_MD-SHAKE.pod openssl-3.0.7/doc/man7/EVP_MD-SHAKE.pod --- openssl-3.0.5/doc/man7/EVP_MD-SHAKE.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_MD-SHAKE.pod 2022-11-01 14:14:36.000000000 +0000 @@ -15,18 +15,20 @@ =head2 Identities -This implementation is only available with the default provider, and -includes the following varieties: +This implementation is available in the FIPS provider as well as the default +provider, and includes the following varieties: =over 4 =item KECCAK-KMAC-128 Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128" +This is used by L =item KECCAK-KMAC-256 Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256" +This is used by L =item SHAKE-128 @@ -55,6 +57,14 @@ Sets the digest length for extendable output functions. The length of the "xoflen" parameter should not exceed that of a B. +For backwards compatibility reasons the default xoflen length for SHAKE-128 is +16 (bytes) which results in a security strength of only 64 bits. To ensure the +maximum security strength of 128 bits, the xoflen should be set to at least 32. + +For backwards compatibility reasons the default xoflen length for SHAKE-256 is +32 (bytes) which results in a security strength of only 128 bits. To ensure the +maximum security strength of 256 bits, the xoflen should be set to at least 64. + =back =head1 SEE ALSO @@ -63,7 +73,7 @@ =head1 COPYRIGHT -Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/EVP_PKEY-EC.pod openssl-3.0.7/doc/man7/EVP_PKEY-EC.pod --- openssl-3.0.5/doc/man7/EVP_PKEY-EC.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_PKEY-EC.pod 2022-11-01 14:14:36.000000000 +0000 @@ -110,7 +110,9 @@ =item "pub" (B) -The public key value in EC point format. +The public key value in encoded EC point format. This parameter is used +when importing or exporting the public key value with the EVP_PKEY_fromdata() +and EVP_PKEY_todata() functions. =item "priv" (B) diff -Nru openssl-3.0.5/doc/man7/EVP_SIGNATURE-RSA.pod openssl-3.0.7/doc/man7/EVP_SIGNATURE-RSA.pod --- openssl-3.0.5/doc/man7/EVP_SIGNATURE-RSA.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/EVP_SIGNATURE-RSA.pod 2022-11-01 14:14:36.000000000 +0000 @@ -49,10 +49,10 @@ Sets the name of the property query associated with the "mgf1-digest" algorithm. NULL is used if this optional value is not set. -=item "pss-saltlen" (B) +=item "saltlen" (B) or -Set or get the "pss" mode minimum salt length. The value can either be a string -value representing a number or one of the following: +The "pss" mode minimum salt length. The value can either be an integer, +a string value representing a number or one of the following string values: =over 4 @@ -87,6 +87,8 @@ =item "mgf1-digest" (B) +=item "saltlen" (B) or + These parameters are as described above. =back @@ -100,7 +102,7 @@ =head1 COPYRIGHT -Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.5/doc/man7/migration_guide.pod openssl-3.0.7/doc/man7/migration_guide.pod --- openssl-3.0.5/doc/man7/migration_guide.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/migration_guide.pod 2022-11-01 14:14:36.000000000 +0000 @@ -1194,7 +1194,7 @@ BN_is_prime_ex(), BN_is_prime_fasttest_ex() -Use L which that avoids possible misuse and always uses at least +Use L which avoids possible misuse and always uses at least 64 rounds of the Miller-Rabin primality test. =item * diff -Nru openssl-3.0.5/doc/man7/OSSL_PROVIDER-default.pod openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod --- openssl-3.0.5/doc/man7/OSSL_PROVIDER-default.pod 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod 2022-11-01 14:14:36.000000000 +0000 @@ -69,6 +69,8 @@ =item MD5-SHA1, see L +=item RIPEMD160, see L + =back =head2 Symmetric Ciphers @@ -241,6 +243,10 @@ L, L, L, L +=head1 HISTORY + +The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7. + =head1 COPYRIGHT Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.5/e_os.h openssl-3.0.7/e_os.h --- openssl-3.0.5/e_os.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/e_os.h 2022-11-01 14:14:36.000000000 +0000 @@ -287,7 +287,7 @@ /* end vxworks */ /* system-specific variants defining ossl_sleep() */ -#ifdef OPENSSL_SYS_UNIX +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) # include static ossl_inline void ossl_sleep(unsigned long millis) { diff -Nru openssl-3.0.5/include/crypto/evp.h openssl-3.0.7/include/crypto/evp.h --- openssl-3.0.5/include/crypto/evp.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/crypto/evp.h 2022-11-01 14:14:36.000000000 +0000 @@ -365,7 +365,7 @@ return 1;\ } -#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) +#define EVP_MAXCHUNK ((size_t)1 << 30) #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ diff -Nru openssl-3.0.5/include/crypto/rand.h openssl-3.0.7/include/crypto/rand.h --- openssl-3.0.5/include/crypto/rand.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/crypto/rand.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -108,15 +108,15 @@ /* * Get and cleanup random seed material. */ -size_t ossl_rand_get_entropy(ossl_unused OSSL_CORE_HANDLE *handle, +size_t ossl_rand_get_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char **pout, int entropy, size_t min_len, size_t max_len); -void ossl_rand_cleanup_entropy(ossl_unused OSSL_CORE_HANDLE *handle, +void ossl_rand_cleanup_entropy(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); -size_t ossl_rand_get_nonce(ossl_unused OSSL_CORE_HANDLE *handle, +size_t ossl_rand_get_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char **pout, size_t min_len, size_t max_len, const void *salt, size_t salt_len); -void ossl_rand_cleanup_nonce(ossl_unused OSSL_CORE_HANDLE *handle, +void ossl_rand_cleanup_nonce(ossl_unused const OSSL_CORE_HANDLE *handle, unsigned char *buf, size_t len); /* diff -Nru openssl-3.0.5/include/internal/core.h openssl-3.0.7/include/internal/core.h --- openssl-3.0.5/include/internal/core.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/internal/core.h 2022-11-01 14:14:36.000000000 +0000 @@ -30,6 +30,10 @@ typedef struct ossl_method_construct_method_st { /* Get a temporary store */ void *(*get_tmp_store)(void *data); + /* Reserve the appropriate method store */ + int (*lock_store)(void *store, void *data); + /* Unreserve the appropriate method store */ + int (*unlock_store)(void *store, void *data); /* Get an already existing method from a store */ void *(*get)(void *store, const OSSL_PROVIDER **prov, void *data); /* Store a method in a store */ @@ -50,9 +54,11 @@ OSSL_PROVIDER *provider, int (*pre)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), void (*fn)(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *data), + int (*unreserve_store)(void *data), int (*post)(OSSL_PROVIDER *, int operation_id, int no_store, void *data, int *result), void *data); diff -Nru openssl-3.0.5/include/internal/ffc.h openssl-3.0.7/include/internal/ffc.h --- openssl-3.0.5/include/internal/ffc.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/internal/ffc.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -112,6 +112,8 @@ */ const char *mdname; const char *mdprops; + /* Default key length for known named groups according to RFC7919 */ + int keylength; } FFC_PARAMS; void ossl_ffc_params_init(FFC_PARAMS *params); @@ -205,8 +207,9 @@ int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); #ifndef OPENSSL_NO_DH +int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group); const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group); -int ossl_ffc_named_group_set_pqg(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); +int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); #endif #endif /* OSSL_INTERNAL_FFC_H */ diff -Nru openssl-3.0.5/include/internal/packet.h openssl-3.0.7/include/internal/packet.h --- openssl-3.0.5/include/internal/packet.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/internal/packet.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -228,6 +228,28 @@ return 1; } +/* + * Peek ahead at 8 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt, + uint64_t *data) +{ + if (PACKET_remaining(pkt) < 8) + return 0; + + *data = ((uint64_t)(*pkt->curr)) << 56; + *data |= ((uint64_t)(*(pkt->curr + 1))) << 48; + *data |= ((uint64_t)(*(pkt->curr + 2))) << 40; + *data |= ((uint64_t)(*(pkt->curr + 3))) << 32; + *data |= ((uint64_t)(*(pkt->curr + 4))) << 24; + *data |= ((uint64_t)(*(pkt->curr + 5))) << 16; + *data |= ((uint64_t)(*(pkt->curr + 6))) << 8; + *data |= *(pkt->curr + 7); + + return 1; +} + /* Equivalent of n2l */ /* Get 4 bytes in network order from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) @@ -252,6 +274,17 @@ return ret; } +/* Get 8 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_8(PACKET *pkt, uint64_t *data) +{ + if (!PACKET_peek_net_8(pkt, data)) + return 0; + + packet_forward(pkt, 8); + + return 1; +} + /* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ __owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, unsigned int *data) @@ -833,7 +866,7 @@ * 1 byte will fail. Don't call this directly. Use the convenience macros below * instead. */ -int WPACKET_put_bytes__(WPACKET *pkt, unsigned int val, size_t bytes); +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t bytes); /* * Convenience macros for calling WPACKET_put_bytes with different @@ -847,6 +880,8 @@ WPACKET_put_bytes__((pkt), (val), 3) #define WPACKET_put_bytes_u32(pkt, val) \ WPACKET_put_bytes__((pkt), (val), 4) +#define WPACKET_put_bytes_u64(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 8) /* Set a maximum size that we will not allow the WPACKET to grow beyond */ int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); diff -Nru openssl-3.0.5/include/internal/property.h openssl-3.0.7/include/internal/property.h --- openssl-3.0.5/include/internal/property.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/internal/property.h 2022-11-01 14:14:36.000000000 +0000 @@ -52,6 +52,10 @@ /* Implementation store functions */ OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); void ossl_method_store_free(OSSL_METHOD_STORE *store); + +int ossl_method_lock_store(OSSL_METHOD_STORE *store); +int ossl_method_unlock_store(OSSL_METHOD_STORE *store); + int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, int nid, const char *properties, void *method, int (*method_up_ref)(void *), diff -Nru openssl-3.0.5/include/internal/sockets.h openssl-3.0.7/include/internal/sockets.h --- openssl-3.0.5/include/internal/sockets.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/internal/sockets.h 2022-11-01 14:14:36.000000000 +0000 @@ -28,6 +28,8 @@ # elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) # if defined(__DJGPP__) +# define WATT32 +# define WATT32_NO_OLDIES # include # include # include @@ -134,8 +136,6 @@ # define readsocket(s,b,n) recv((s),(b),(n),0) # define writesocket(s,b,n) send((s),(b),(n),0) # elif defined(__DJGPP__) -# define WATT32 -# define WATT32_NO_OLDIES # define closesocket(s) close_s(s) # define readsocket(s,b,n) read_s(s,b,n) # define writesocket(s,b,n) send(s,b,n,0) diff -Nru openssl-3.0.5/include/openssl/bio.h.in openssl-3.0.7/include/openssl/bio.h.in --- openssl-3.0.5/include/openssl/bio.h.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/openssl/bio.h.in 2022-11-01 14:14:36.000000000 +0000 @@ -796,6 +796,7 @@ # define ossl_bio__attr__(x) # if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) /* * Because we support the 'z' modifier, which made its appearance in C99, diff -Nru openssl-3.0.5/include/openssl/err.h.in openssl-3.0.7/include/openssl/err.h.in --- openssl-3.0.5/include/openssl/err.h.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/include/openssl/err.h.in 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -325,15 +325,27 @@ # define ERR_R_DSA_LIB (ERR_LIB_DSA/* 10 */ | ERR_RFLAG_COMMON) # define ERR_R_X509_LIB (ERR_LIB_X509/* 11 */ | ERR_RFLAG_COMMON) # define ERR_R_ASN1_LIB (ERR_LIB_ASN1/* 13 */ | ERR_RFLAG_COMMON) +# define ERR_R_CONF_LIB (ERR_LIB_CONF/* 14 */ | ERR_RFLAG_COMMON) # define ERR_R_CRYPTO_LIB (ERR_LIB_CRYPTO/* 15 */ | ERR_RFLAG_COMMON) # define ERR_R_EC_LIB (ERR_LIB_EC/* 16 */ | ERR_RFLAG_COMMON) +# define ERR_R_SSL_LIB (ERR_LIB_SSL/* 20 */ | ERR_RFLAG_COMMON) # define ERR_R_BIO_LIB (ERR_LIB_BIO/* 32 */ | ERR_RFLAG_COMMON) # define ERR_R_PKCS7_LIB (ERR_LIB_PKCS7/* 33 */ | ERR_RFLAG_COMMON) # define ERR_R_X509V3_LIB (ERR_LIB_X509V3/* 34 */ | ERR_RFLAG_COMMON) +# define ERR_R_PKCS12_LIB (ERR_LIB_PKCS12/* 35 */ | ERR_RFLAG_COMMON) +# define ERR_R_RAND_LIB (ERR_LIB_RAND/* 36 */ | ERR_RFLAG_COMMON) +# define ERR_R_DSO_LIB (ERR_LIB_DSO/* 37 */ | ERR_RFLAG_COMMON) # define ERR_R_ENGINE_LIB (ERR_LIB_ENGINE/* 38 */ | ERR_RFLAG_COMMON) # define ERR_R_UI_LIB (ERR_LIB_UI/* 40 */ | ERR_RFLAG_COMMON) # define ERR_R_ECDSA_LIB (ERR_LIB_ECDSA/* 42 */ | ERR_RFLAG_COMMON) # define ERR_R_OSSL_STORE_LIB (ERR_LIB_OSSL_STORE/* 44 */ | ERR_RFLAG_COMMON) +# define ERR_R_CMS_LIB (ERR_LIB_CMS/* 46 */ | ERR_RFLAG_COMMON) +# define ERR_R_TS_LIB (ERR_LIB_TS/* 47 */ | ERR_RFLAG_COMMON) +# define ERR_R_CT_LIB (ERR_LIB_CT/* 50 */ | ERR_RFLAG_COMMON) +# define ERR_R_PROV_LIB (ERR_LIB_PROV/* 57 */ | ERR_RFLAG_COMMON) +# define ERR_R_ESS_LIB (ERR_LIB_ESS/* 54 */ | ERR_RFLAG_COMMON) +# define ERR_R_CMP_LIB (ERR_LIB_CMP/* 58 */ | ERR_RFLAG_COMMON) +# define ERR_R_OSSL_ENCODER_LIB (ERR_LIB_OSSL_ENCODER/* 59 */ | ERR_RFLAG_COMMON) # define ERR_R_OSSL_DECODER_LIB (ERR_LIB_OSSL_DECODER/* 60 */ | ERR_RFLAG_COMMON) /* Other common error codes, range 256..2^ERR_RFLAGS_OFFSET-1 */ diff -Nru openssl-3.0.5/INSTALL.md openssl-3.0.7/INSTALL.md --- openssl-3.0.5/INSTALL.md 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/INSTALL.md 2022-11-01 14:14:36.000000000 +0000 @@ -974,7 +974,7 @@ ### no-{protocol}-method - no-{ssl|ssl3|tls|tls1|tls1_1|tls1_2|tls1_3|dtls|dtls1|dtls1_2}-method + no-{ssl3|tls1|tls1_1|tls1_2|dtls1|dtls1_2}-method Analogous to `no-{protocol}` but in addition do not build the methods for applications to explicitly select individual protocol versions. Note that there diff -Nru openssl-3.0.5/NEWS.md openssl-3.0.7/NEWS.md --- openssl-3.0.5/NEWS.md 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/NEWS.md 2022-11-01 14:14:36.000000000 +0000 @@ -18,6 +18,18 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] + + * Added RIPEMD160 to the default provider. + * Fixed regressions introduced in 3.0.6 version. + * Fixed two buffer overflows in punycode decoding functions. + ([CVE-2022-3786]) and ([CVE-2022-3602]) + +### Major changes between OpenSSL 3.0.5 and OpenSSL 3.0.6 [11 Oct 2022] + + * Fix for custom ciphers to prevent accidental use of NULL encryption + ([CVE-2022-3358]) + ### Major changes between OpenSSL 3.0.4 and OpenSSL 3.0.5 [5 Jul 2022] * Fixed heap memory corruption with RSA private key operation @@ -25,7 +37,6 @@ * Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms ([CVE-2022-2097]) - ### Major changes between OpenSSL 3.0.3 and OpenSSL 3.0.4 [21 Jun 2022] * Fixed additional bugs in the c_rehash script which was not properly diff -Nru openssl-3.0.5/providers/defltprov.c openssl-3.0.7/providers/defltprov.c --- openssl-3.0.5/providers/defltprov.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/defltprov.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -148,6 +148,10 @@ { PROV_NAMES_MD5_SHA1, "provider=default", ossl_md5_sha1_functions }, #endif /* OPENSSL_NO_MD5 */ +#ifndef OPENSSL_NO_RMD160 + { PROV_NAMES_RIPEMD_160, "provider=default", ossl_ripemd160_functions }, +#endif /* OPENSSL_NO_RMD160 */ + { PROV_NAMES_NULL, "provider=default", ossl_nullmd_functions }, { NULL, NULL, NULL } }; diff -Nru openssl-3.0.5/providers/fips/self_test.c openssl-3.0.7/providers/fips/self_test.c --- openssl-3.0.5/providers/fips/self_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/fips/self_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -104,7 +104,7 @@ return TRUE; } -#elif defined(__GNUC__) +#elif defined(__GNUC__) && !defined(_AIX) # undef DEP_INIT_ATTRIBUTE # undef DEP_FINI_ATTRIBUTE # define DEP_INIT_ATTRIBUTE static __attribute__((constructor)) @@ -114,7 +114,7 @@ # pragma init(init) # pragma fini(cleanup) -#elif defined(_AIX) +#elif defined(_AIX) && !defined(__GNUC__) void _init(void); void _cleanup(void); # pragma init(_init) diff -Nru openssl-3.0.5/providers/fips/self_test_data.inc openssl-3.0.7/providers/fips/self_test_data.inc --- openssl-3.0.5/providers/fips/self_test_data.inc 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/fips/self_test_data.inc 2022-11-01 14:14:36.000000000 +0000 @@ -1270,11 +1270,11 @@ ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_N, rsa_n), ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_E, rsa_e), ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_D, rsa_d), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_p), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR, rsa_q), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dp), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT, rsa_dq), - ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT, rsa_qInv), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR1, rsa_p), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_FACTOR2, rsa_q), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT1, rsa_dp), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_EXPONENT2, rsa_dq), + ST_KAT_PARAM_BIGNUM(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, rsa_qInv), ST_KAT_PARAM_END() }; diff -Nru openssl-3.0.5/providers/fips.checksum openssl-3.0.7/providers/fips.checksum --- openssl-3.0.5/providers/fips.checksum 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/fips.checksum 2022-11-01 14:14:36.000000000 +0000 @@ -1 +1 @@ -cdcf539402f37a9ae18871827c858ce0fce9d2dd443c71f7fb94b5f6d8ec56b0 providers/fips-sources.checksums +674597de1e7bfa5782d42c044d5475e6fd473c737008a297e8e90746eafb97d9 providers/fips-sources.checksums diff -Nru openssl-3.0.5/providers/fips-sources.checksums openssl-3.0.7/providers/fips-sources.checksums --- openssl-3.0.5/providers/fips-sources.checksums 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/fips-sources.checksums 2022-11-01 14:14:36.000000000 +0000 @@ -21,7 +21,7 @@ c7c6694480bb5319690f94826139a93f5c460ebea6dba101b520a76cb956ec93 crypto/aes/asm/aesni-x86_64.pl f3a8f3c960c0f47aaa8fc2633d18b14e7c7feeccc536b0115a08bc58333122b6 crypto/aes/asm/aesp8-ppc.pl e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8 crypto/aes/asm/aest4-sparcv9.pl -fbee40f89882019c0f03072f92fccd5cfc79bfebea2ff675909e731d0e71d622 crypto/aes/asm/aesv8-armx.pl +90d53250761de35280f57463855b1a41403c68dfe22771b2f622c5c9b3418eb4 crypto/aes/asm/aesv8-armx.pl 15cf92ba0ea6fb216c75bb0c134fa1e1b4159a3f9d3c571b2a8319252c4ae633 crypto/aes/asm/bsaes-armv7.pl 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6 crypto/aes/asm/bsaes-x86_64.pl 1ff94d6bf6c8ae4809f64657eb89260fe3cb22137f649d3c73f72cb190258196 crypto/aes/asm/vpaes-armv8.pl @@ -46,7 +46,7 @@ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 crypto/bn/asm/ppc64-mont-fixed.pl a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f crypto/bn/asm/ppc64-mont.pl 231579e532443665020d4d522d9f11713d9c5d5c814b95b434b0f65452e16de4 crypto/bn/asm/rsaz-avx2.pl -8e193a1457ca30823f6172c9ec4568c1628c57c10ee12b88c7656adcc5f54491 crypto/bn/asm/rsaz-avx512.pl +1657600d320ea549b527b2d878a7658533d60d26eeb38f42ea470fc612f9bb53 crypto/bn/asm/rsaz-avx512.pl 31e84dc905b13e38850071528d3abbfcaf8910bbc8b46f38d19c2b386a5f838e crypto/bn/asm/rsaz-x86_64.pl 30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf crypto/bn/asm/s390x-gf2m.pl 590388d69d7ac3a0e9af4014792f4f0fdb9552719e8fb48ebc7e5dfca2a491d4 crypto/bn/asm/s390x-mont.pl @@ -86,9 +86,9 @@ 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c 4e3bf49a788ec36cd1d919475bc410a743931aa144e7c60d603e9c0b448faab4 crypto/bn/bn_nist.c -0d85203a3bd9ba7ebf711885cfb621eefb27002f5cb4ef2adfe4f49c7dd7b4a6 crypto/bn/bn_prime.c +c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h -18779263932eb2bf50728b9758fc83b1e721a1d22aa75d6443c80591ccd9bb79 crypto/bn/bn_rand.c +eeeb2f85b60ae10e00907335032724f6ce198eb319e7a81f8eddaef0f67db6e3 crypto/bn/bn_rand.c 1f6e13da1d9965b341f81bc0842a987a7db9b7de0fa7f7040d49be01b92d282b crypto/bn/bn_recp.c 626226d4dae8e19530a60d8a94b270b262740550787fc46f686b301a043c705b crypto/bn/bn_rsa_fips186_4.c 704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c @@ -97,13 +97,13 @@ 24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c be27115efd36f0077a3ec26b1ff1f586b0b8969ba05d8ffa34b2ff4badf227bf crypto/bn/rsaz_exp.c c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz_exp.h -933eec28f16b82d3ef56fe01e99b81d7b40cf49caecee4fa4a69389ea101dc4f crypto/bn/rsaz_exp_x2.c +d231fa689f53994616b9ef1f661e4f90333184deae324d5d4a218aad891c500d crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d crypto/cmac/cmac.c 58068d6533fed9359b164ddc9711b2dd7b2a76f32ad94103d91dbe3462ac95d8 crypto/context.c -a6bfcf4960a0d2dc4d4888bbd3d558d8d1464d219721b6739cc7ef67191f0a11 crypto/core_algorithm.c -9f5ac75f2f84160ca11e7b630f4f6ab0398a1d11267a4984e66e3a4d4624beb5 crypto/core_fetch.c +c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c +f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c 02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c 469e2f53b5f76cd487a60d3d4c44c8fc3a6c4d08405597ba664661ba485508d3 crypto/cpuid.c 71f0fff881eb4c5505fb17662f0ea4bbff24c6858c045a013ad8f786b07da5c4 crypto/cryptlib.c @@ -119,7 +119,7 @@ 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c d2d0569bea2598bd405f23b60e5283a6ce353f1145a25ff8f28cf15711743156 crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c -129ee295875e68ad444070b0676f1021eb254cbd87ab22d6baaf7e4e6e59a40b crypto/dh/dh_group_params.c +6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c 0afa7dd237f9b21b0cfb0de10505facd57eb07ded905d888d43a1de2356d4002 crypto/dh/dh_key.c b0046b2c4e1d74ff4e93f2486a00f63728909b8a75cbdd29b9100e607f97995c crypto/dh/dh_lib.c @@ -165,7 +165,7 @@ 86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a crypto/ec/ec_check.c 265f911b9d4aada326a2d52cd8a589b556935c8b641598dcd36c6f85d29ce655 crypto/ec/ec_curve.c 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f crypto/ec/ec_cvt.c -32eea77301ce2a10bbe6f4a0b638770526d073b5c4b7c2efd540f9d1d9b7c7c4 crypto/ec/ec_key.c +95ce53663ab8a1d05bd6f4999f30113e1edce771fb6d218a772fe02de7bdaf4d crypto/ec/ec_key.c 7e40fc646863e0675bbb90f075b809f61bdf0600d8095c8366858d9533ab7700 crypto/ec/ec_kmeth.c bbd6f618c3dfe425ce0ba1c6710fe59418130e06351881162a590475e6438c44 crypto/ec/ec_lib.c a8a4690e42b4af60aad822aa8b16196df337906af53ea4db926707f7b596ff27 crypto/ec/ec_local.h @@ -186,34 +186,34 @@ 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c 28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c 0e75a058dcbbb62cfe39fec6c4a85385dc1a8fce794e4278ce6cebb29763b82b crypto/evp/dh_support.c -7fca5ec7c5723b799a7d84d5803071b8f495511e1baf89d430e6800a5228cdad crypto/evp/digest.c +59d514629005748901718e82f2646ecb1d7fbedbc872726749ce9a5af0d205f2 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c -8b28b8637ef4d0236b0126c0327dd80b4db102eb783a13d3c9b43300dae5229b crypto/evp/evp_enc.c -303dd2567f616c27287af33692f68787a473857f98066a0e2057d1b3169714cd crypto/evp/evp_fetch.c -180d533070c843d9cdcc0ddac1c2228d7e0c4ec28685387b67d582ae4dab5858 crypto/evp/evp_lib.c -bde9125e5ff6f7a9705e42039e8e879ff32b5244275fe7262deeeea1f1cf387d crypto/evp/evp_local.h -e822c16fc4dc30f2c86e8598c721a9ddfe46d318ce78f4e8e883cdcf8b936221 crypto/evp/evp_rand.c +1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c +7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c +d2b6c0e2736f20e4db4b7b8dd2b372de861624f3fed1290ee4c6dde383842071 crypto/evp/evp_lib.c +78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h +117e679d49d2ae87e49d3c942ff0ce768959e8b9713f84a99025cabba462ccd5 crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c -06442eff7fd25971d247fa3a769c6df56f5eb8cdedbd764cd2daa7e0c7ab3f2f crypto/evp/exchange.c -a3164e3247e2a38f4f9a20db463779b5260e4e6639ac8eec6e960b265fc8cce5 crypto/evp/kdf_lib.c +ca8c6cfd30efd53f2e5d1f19bcf09a3a3d0dff6d8947c3943d07a3f4b354aa86 crypto/evp/exchange.c +9e25042581b73e295c059c6217f3ecf809134d518eb79b1b67f34e3ca9145677 crypto/evp/kdf_lib.c 1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c -38715a14f202e7d24602e5cc19d2f78abbd9f5fa3dde8d7b2bfded907690e18f crypto/evp/kem.c +5179624b8e03615dc9caedc9ec16d094fa081495613dd552d71c2c39475bcd83 crypto/evp/kem.c 724d2ac784d6f22cb0a382abc23ac0f2d76f2f6831fcd09e101f6f27d0c3e4ed crypto/evp/keymgmt_lib.c -3d0a2c5fea0d9bb01a09e1eabc041e3bc76ba4ee90bc0af54ef414e7ca3a531f crypto/evp/keymgmt_meth.c +a976cf4e7bfb61e06a147360b748238010d23efb069d191fd023abc38d9a2af9 crypto/evp/keymgmt_meth.c e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c -5b8b0bcd4b720b66ce6bc54090ec333891126bb7f6cce4502daf2333668c3db9 crypto/evp/mac_lib.c +4290c95f63b43688a8da57690d122add5161a6811f9753da1444d28f46739961 crypto/evp/mac_lib.c e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c 9c5ef2f0b513ad1b8458146efbff80c2b6185626d0571e5aa6a31e471d37d615 crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c -f3a5cbbccb1078cf1fafd74c4caa9f30827081832fbe6dfa5579b17ef809776c crypto/evp/signature.c +4b2dbddf0f9ceed34c3822347138be754fb194febca1c21c46bcc3a5cce33674 crypto/evp/signature.c b06cb8fd4bd95aae1f66e1e145269c82169257f1a60ef0f78f80a3d4c5131fac crypto/ex_data.c -324feb067d0f8deb4334f3e6518f570114cb388c85b24f9232bd931a64ff0a9e crypto/ffc/ffc_backend.c -5fe89ce2ce34848b832a2b5a7ac42c161d7ec214a641b7fb11fb1153f2186f74 crypto/ffc/ffc_dh.c -82abf1f9645336b7dff5e3fa153899280ecaa27b3dad50e6a9ba94d871961888 crypto/ffc/ffc_key_generate.c +709d40d5096497349b8b9e2917e949a0a75e6065df62798d1816866ca7e7b4ca crypto/ffc/ffc_backend.c +a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c +854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c 084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c -ecc0d737ccece492f86262dd45f8f03eef2beacafce8022f91939a372f68ac90 crypto/ffc/ffc_params.c +b18d5d7cfc95163defea41f5a081e90f6a7163a6b81c6cfadb8b470ef2e83fc5 crypto/ffc/ffc_params.c 5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c @@ -244,19 +244,19 @@ e55a816c356b2d526bc6e40c8b81afa02576e4d44c7d7b6bbe444fb8b01aad41 crypto/modes/wrap128.c 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c -7b8d9f5dfe00460df5fbcfd4a5f2f36128020ebd2ced85ff5071b91f98740b2e crypto/packet.c +8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c cc4483ec9ba7a30908e3a433a6817e2f211d4c1f69c206e6bae24bbd39a68281 crypto/param_build.c c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c 02dfeb286c85567bb1b6323a53c089ba66447db97695cc78eceb6677fbc76bf9 crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c 48c20b804e18ede5e45697a766e7dbe6ef6b3da9f58c7b37bd8f293df2ac7d34 crypto/property/defn_cache.c -71ad129266bce870fd4a3bd9b6bdab7b0d670674da3bab2d1ad0c05c733a1999 crypto/property/property.c +32539c14a8e4a0992b001e99a79f112746fd518d51edab57ccdec3516715ed4b crypto/property/property.c a2c69527b60692a8b07cfdfe7e75f654daa092411d5de5e02b446a4ef3752855 crypto/property/property_local.h 921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c -56b4012330c71701f9f1a883723d7a906a07243bf5a678c89245d19864312188 crypto/provider_core.c +9653ec9c1476350a94b9cc7f8be3d99961fd803870c9ac03315298d2909a6a8e crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c 4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c @@ -328,14 +328,14 @@ 3d972a11be18bfbfcd45790028635d63548bfe0a2e45d2fc56b6051b759d22f0 crypto/sha/sha3.c 8038a5a97f826f519424db634be5b082b3f7eca3ccb89875ca40fa6bd7dfdcfd crypto/sha/sha512.c 6c6f0e6069ac98e407a5810b84deace2d1396d252c584703bcd154d1a015c3ea crypto/sha/sha_local.h -4f6b66f811144648d6cb6bc26e08779529acbbd563519590c726d0e51699fe96 crypto/sparse_array.c -b39e5ba863af36e455cc5864fe8c5d0fc05a6aaef0d528a115951d1248e8fa8b crypto/stack/stack.c +c50c584c55e56347bb43aca4b796b5344d70daece3061f586b79c871c21f5d1a crypto/sparse_array.c +8da78169fa8c09dc3c29c9bf1602b22e88c5eac4815e274ba1864c166e31584b crypto/stack/stack.c 7b4efa594d8d1f3ecbf4605cf54f72fb296a3b1d951bdc69e415aaa08f34e5c8 crypto/threads_lib.c a41ae93a755e2ec89b3cb5b4932e2b508fdda92ace2e025a2650a6da0e9e972c crypto/threads_none.c 2637a8727dee790812b000f2e02b336f7907949df633dda72938bbaafdb204fe crypto/threads_pthread.c -68e1cdeb948d3a106b5a27b76bcddbae6bb053b2bdc4a21a1fec9797a00cd904 crypto/threads_win.c +7959c65c27280cdb1166a30a27c931befd6cfa4ed109094c40eb5a6d253c790c crypto/threads_win.c fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd crypto/x86_64cpuid.pl -468184a0f6923228df9f13e76dd8011b76fc47982579c3db36de2715573d5692 e_os.h +0a9c484f640d96e918921f57f592e82e99ccdbe35d3138d64b10c7af839e9a07 e_os.h 6f353dc7c8c4d8f24f7ffbf920668ccb224ebb5810805a7c80d96770cd858005 include/crypto/aes_platform.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h 8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h @@ -348,11 +348,11 @@ 20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h 2ea47c059e84ce9d14cc31f4faf45f64d631de9e2937aa1d7a83de5571c63574 include/crypto/ec.h edbfae8720502a4708983b60eac72aa04f031059f197ada31627cb5e72812858 include/crypto/ecx.h -96bc39bfe3f79e81bc22f64a62c16d26c3770a5a3b38cdcec6803e8c064653bf include/crypto/evp.h +41974ef3d365c608cf35310f99f7006f7995f8cc380f316ab4a280772cd092ae include/crypto/evp.h bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h 162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h -0e4472433ca4008aa4fc9234761be70f323a22a4519bb9d62728dc001d606f04 include/crypto/rand.h +8aa4f71ebd9753baceed428e323d5f550d74aff43ab9a55eda7c096d838b8f49 include/crypto/rand.h 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h 306abf9d327a9e63fff2cdef730275abc4d2781254a032b1f370f3428eb5a2ef include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h @@ -361,20 +361,20 @@ 5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h 782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h 92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h -b9e3b1e43de2a8b6d9f4b3f153bc78053853763d598082882e85d3b7684c2832 include/internal/core.h +c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h 3325b895d15c0a6341f456a8d866a0f83e80fc8a31a01c34fcfd717715b33075 include/internal/der.h fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -f3ff7911d2ca3c229ff39aecd21c98c92cd4b7eae2e853175b3abb5b97d24a2e include/internal/ffc.h +557aa7985c8cde8fd9fa59a49f47fa955ec36b36f6fe9edd4bfd3872e3b13a9a include/internal/ffc.h 100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99 include/internal/namemap.h b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h ae41a2fb41bf592bbb47e4855cf4efd9ef85fc11f910a7e195ceef78fb4321dc include/internal/numbers.h -ea1bec4f1fff37aef8d4a62745bb451baa3e3ad20ba1bc68920a24f5cbb2f0a7 include/internal/packet.h +b89cca3b727d4526b459246de11e768a20333555bf3a9ed9a9b8beb2b565dc7f include/internal/packet.h dd7ddecf30bef3002313e6b776ce34d660931e783b2f6edacf64c7c6e729e688 include/internal/param_build_set.h -33cc89d81a36f7df51701e26c6266bc15a680d3bbc42851947ca24f5a61ca37b include/internal/property.h +d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/internal/property.h 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h 6a899ef3e360c7144d84d3c3dbbd14aa457f5d38b83b13c0be7ec7f372076595 include/internal/provider.h 5af9a40c44def13576fe2c0eb082fb73c3565c5e00f902d51b1ed1593d481ccb include/internal/refcount.h @@ -388,7 +388,7 @@ 98aa2fc5eae9ef2a36d3d0053212696d58893baa083fa1fcf720660fb4bc0a9f include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h 1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in -2998b9b522c88cea61c17d31382b99b2760796bd54332a6fb643ff356c3c0db5 include/openssl/bio.h.in +2cd8163cdc6c93386bc05e8ed983e5ca604d0bf9da65500cab736cfa8bc2b048 include/openssl/bio.h.in 0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h 7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h 9ad8b04764797f5138f01f549ba18b44cf698ffc7fe795fef42c1822d84a6ff4 include/openssl/bnerr.h @@ -416,7 +416,7 @@ dad1943d309aaadb800be4a3056096abec611d81982b83c601b482405e11d5c0 include/openssl/ecerr.h 61c76ee3f12ed0e42503a56421ca00f1cb9a0f4caa5f9c4421c374bcd45917d7 include/openssl/encoder.h 69dd983f45b8ccd551f084796519446552963a18c52b70470d978b597c81b2dc include/openssl/encodererr.h -0bb50eda4fe2600c20779d5e3c49668cf2dd8f295104549a33e57bc95a9219eb include/openssl/err.h.in +c6ee8f17d7252bdd0807a124dc6d50a95c32c04e17688b7c2e061998570b7028 include/openssl/err.h.in 12ec111c0e22581e0169be5e1838353a085fb51e3042ef59a7db1cee7da73c5b include/openssl/evp.h 5bd1b5dcd14067a1fe490d49df911002793c0b4f0bd4492cd8f71cfed7bf9f2a include/openssl/evperr.h 5381d96fe867a4ee0ebc09b9e3a262a0d7a27edc5f91dccfb010c7d713cd0820 include/openssl/fips_names.h @@ -483,11 +483,11 @@ 527eda471e26763a5fcf123b2d290234d5c836de7b8ef6eef2166ef439919d82 providers/common/securitycheck_fips.c abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101 providers/fips/fips_entry.c 0f761a26c8fa6ad8d5a15c817afe1741352b21769b2164a2eb7dd50e1f6fe04f providers/fips/fipsprov.c -24a2e1a855de57b9d970727fcc11ebe7e06c0d4884d3cedbacf59fa471f91e72 providers/fips/self_test.c +52b48aece6aa3592593c94b53326410c75efb95ac480697ce414679446b49943 providers/fips/self_test.c f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h -5b3379a3d382c4dad37841dbd58b77ed5ff712b0a37c485771b828fa9b39c351 providers/fips/self_test_data.inc +d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc 629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c -f054b24ea53ad5db41dd7f37f20f42166ed68b832121a94858cb0173b1aaeb1d providers/implementations/asymciphers/rsa_enc.c +6b082c1af446ef9a2bfe68a9ee4362dfa4f1f09f975f11f9ba2e5010493039c6 providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h 89378cce6d31e8c2f221f9f29d0b17622624eb83e4ecec8465f7641f68352917 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c @@ -523,7 +523,7 @@ dd72ea861edf70b94197821ceb00e07165d550934a2e851d62afa5034b79f468 providers/implementations/ciphers/ciphercommon_block.c 4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2 providers/implementations/ciphers/ciphercommon_ccm.c 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c -f0e15648f42621d24c28f3165437bb9a49b6f4a666381688b954fe2633a40adf providers/implementations/ciphers/ciphercommon_gcm.c +3b83f58d6ff1ae77de1ae8bee8a44ea2e5e4491c802b156fa77783ddebd44598 providers/implementations/ciphers/ciphercommon_gcm.c bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/implementations/ciphers/ciphercommon_gcm_hw.c 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693 providers/implementations/ciphers/ciphercommon_hw.c c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h @@ -534,7 +534,7 @@ 9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c 0cc02005660c5c340660123decac838c59b7460ef1003d9d50edc604cfd8e375 providers/implementations/exchange/kdf_exch.c -0832bd4dd2d125754a87aef5b1f188017bcd7ee909cf62f8228ac4c5c68397be providers/implementations/include/prov/ciphercommon.h +31d3dba3d2e6b043b0d14a74caf6bf1a6c550471fb992a495ab7d3337081a526 providers/implementations/include/prov/ciphercommon.h 6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06 providers/implementations/include/prov/ciphercommon_aead.h dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h 0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h @@ -556,7 +556,7 @@ 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c 6ac9f9b04d195bd545d2357fad1769c098b84896c188d19de0b7f747b2db0ff6 providers/implementations/keymgmt/dh_kmgmt.c 5db963d0b3d86912b8234d90f2d8d15438c3e9710572b9d6a8d911a5bcd29836 providers/implementations/keymgmt/dsa_kmgmt.c -dfeacd5e4cb8ddcc09a40e4ac47b838de5671c9d5246004474ddba245e7599d7 providers/implementations/keymgmt/ec_kmgmt.c +c7ff403834b8ead9c4b0f3fdbaae72500c350a51529af4205a61cef92612dd19 providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1 providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c @@ -575,7 +575,7 @@ 04339b66c10017229ef368cb48077f58a252ebfda9ab12b9f919e4149b1036ed providers/implementations/rands/test_rng.c cafb9e6f54ad15889fcebddac6df61336bff7d78936f7de3bb5aab8aee5728d2 providers/implementations/signature/dsa_sig.c a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c -b057870cf8be1fd28834670fb092f0e6f202424c7ae19282fe9df4e52c9ce036 providers/implementations/signature/eddsa_sig.c +effdaa4a7b8f6c2326994ba1578a77af5e60a9ed89a5b8fab876950657366da0 providers/implementations/signature/eddsa_sig.c 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c 2334c8bba705032b8c1db5dd28e024a45a73b72cae82a2d815fe855445a49d10 providers/implementations/signature/rsa_sig.c a14e901b02fe095713624db4080b3aa3ca685d43f9ebec03041f992240973346 ssl/record/tls_pad.c diff -Nru openssl-3.0.5/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.7/providers/implementations/asymciphers/rsa_enc.c --- openssl-3.0.5/providers/implementations/asymciphers/rsa_enc.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/asymciphers/rsa_enc.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -425,7 +425,7 @@ const OSSL_PARAM *p; char mdname[OSSL_MAX_NAME_SIZE]; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; - char *str = mdname; + char *str = NULL; if (prsactx == NULL) return 0; @@ -434,13 +434,14 @@ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); if (p != NULL) { + str = mdname; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) return 0; - str = mdprops; p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); if (p != NULL) { + str = mdprops; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) return 0; } @@ -496,13 +497,14 @@ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); if (p != NULL) { + str = mdname; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) return 0; - str = mdprops; p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); if (p != NULL) { + str = mdprops; if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) return 0; } else { diff -Nru openssl-3.0.5/providers/implementations/ciphers/ciphercommon_gcm.c openssl-3.0.7/providers/implementations/ciphers/ciphercommon_gcm.c --- openssl-3.0.5/providers/implementations/ciphers/ciphercommon_gcm.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/ciphers/ciphercommon_gcm.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,6 +25,10 @@ size_t *padlen, const unsigned char *in, size_t len); +/* + * Called from EVP_CipherInit when there is currently no context via + * the new_ctx() function + */ void ossl_gcm_initctx(void *provctx, PROV_GCM_CTX *ctx, size_t keybits, const PROV_GCM_HW *hw) { @@ -38,6 +42,9 @@ ctx->libctx = PROV_LIBCTX_OF(provctx); } +/* + * Called by EVP_CipherInit via the _einit and _dinit functions + */ static int gcm_init(void *vctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[], int enc) @@ -66,6 +73,7 @@ } if (!ctx->hw->setkey(ctx, key, ctx->keylen)) return 0; + ctx->tls_enc_records = 0; } return ossl_gcm_set_ctx_params(ctx, params); } @@ -447,7 +455,6 @@ buf = dat->buf; memcpy(buf, aad, aad_len); dat->tls_aad_len = aad_len; - dat->tls_enc_records = 0; len = buf[aad_len - 2] << 8 | buf[aad_len - 1]; /* Correct length for explicit iv. */ diff -Nru openssl-3.0.5/providers/implementations/digests/build.info openssl-3.0.7/providers/implementations/digests/build.info --- openssl-3.0.5/providers/implementations/digests/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/digests/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -15,7 +15,11 @@ $MD4_GOAL=../../liblegacy.a $MDC2_GOAL=../../liblegacy.a $WHIRLPOOL_GOAL=../../liblegacy.a -$RIPEMD_GOAL=../../liblegacy.a +IF[{- !$disabled{module} -}] + $RIPEMD_GOAL=../../libdefault.a ../../liblegacy.a +ELSE + $RIPEMD_GOAL=../../libdefault.a +ENDIF # This source is common for all digests in all our providers. SOURCE[$COMMON_GOAL]=digestcommon.c diff -Nru openssl-3.0.5/providers/implementations/encode_decode/encode_key2text.c openssl-3.0.7/providers/implementations/encode_decode/encode_key2text.c --- openssl-3.0.5/providers/implementations/encode_decode/encode_key2text.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/encode_decode/encode_key2text.c 2022-11-01 14:14:36.000000000 +0000 @@ -220,6 +220,7 @@ const BIGNUM *priv_key = NULL, *pub_key = NULL; const FFC_PARAMS *params = NULL; const BIGNUM *p = NULL; + long length; if (out == NULL || dh == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); @@ -272,6 +273,11 @@ if (params != NULL && !ffc_params_to_text(out, params)) return 0; + length = DH_get_length(dh); + if (length > 0 + && BIO_printf(out, "recommended-private-length: %ld bits\n", + length) <= 0) + return 0; return 1; } diff -Nru openssl-3.0.5/providers/implementations/include/prov/ciphercommon.h openssl-3.0.7/providers/implementations/include/prov/ciphercommon.h --- openssl-3.0.5/providers/implementations/include/prov/ciphercommon.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/include/prov/ciphercommon.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,8 +14,8 @@ #include "internal/cryptlib.h" #include "crypto/modes.h" -#define MAXCHUNK ((size_t)1 << (sizeof(long) * 8 - 2)) -#define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) +# define MAXCHUNK ((size_t)1 << 30) +# define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) #define GENERIC_BLOCK_SIZE 16 #define IV_STATE_UNINITIALISED 0 /* initial state is not initialized */ diff -Nru openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c --- openssl-3.0.5/providers/implementations/keymgmt/ec_kmgmt.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-01 14:14:36.000000000 +0000 @@ -637,8 +637,10 @@ BN_CTX *bnctx = NULL; ecg = EC_KEY_get0_group(eck); - if (ecg == NULL) + if (ecg == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); return 0; + } libctx = ossl_ec_key_get_libctx(eck); propq = ossl_ec_key_get0_propq(eck); @@ -727,8 +729,13 @@ } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { - p->return_size = EC_POINT_point2oct(EC_KEY_get0_group(key), - EC_KEY_get0_public_key(key), + const EC_POINT *ecp = EC_KEY_get0_public_key(key); + + if (ecp == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PUBLIC_KEY); + goto err; + } + p->return_size = EC_POINT_point2oct(ecg, ecp, POINT_CONVERSION_UNCOMPRESSED, p->data, p->return_size, bnctx); if (p->return_size == 0) diff -Nru openssl-3.0.5/providers/implementations/rands/seeding/rand_vms.c openssl-3.0.7/providers/implementations/rands/seeding/rand_vms.c --- openssl-3.0.5/providers/implementations/rands/seeding/rand_vms.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/rands/seeding/rand_vms.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -474,34 +474,6 @@ return ossl_rand_pool_entropy_available(pool); } -int ossl_pool_add_nonce_data(RAND_POOL *pool) -{ - struct { - pid_t pid; - CRYPTO_THREAD_ID tid; - unsigned __int64 time; - } data; - - /* Erase the entire structure including any padding */ - memset(&data, 0, sizeof(data)); - - /* - * Add process id, thread id, and a high resolution timestamp - * (where available, which is OpenVMS v8.4 and up) to ensure that - * the nonce is unique with high probability for different process - * instances. - */ - data.pid = getpid(); - data.tid = CRYPTO_THREAD_get_current_id(); -#if __CRTL_VER >= 80400000 - sys$gettim_prec(&data.time); -#else - sys$gettim((void*)&data.time); -#endif - - return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); -} - /* * SYS$GET_ENTROPY METHOD * ====================== @@ -575,28 +547,56 @@ return data_collect_method(pool); } - -int ossl_rand_pool_add_additional_data(RAND_POOL *pool) +int ossl_pool_add_nonce_data(RAND_POOL *pool) { + /* + * Two variables to ensure that two nonces won't ever be the same + */ + static unsigned __int64 last_time = 0; + static unsigned __int32 last_seq = 0; + struct { + pid_t pid; CRYPTO_THREAD_ID tid; unsigned __int64 time; + unsigned __int32 seq; } data; /* Erase the entire structure including any padding */ memset(&data, 0, sizeof(data)); /* - * Add some noise from the thread id and a high resolution timer. - * The thread id adds a little randomness if the drbg is accessed - * concurrently (which is the case for the drbg). + * Add process id, thread id, a timestamp, and a sequence number in case + * the same time stamp is repeated, to ensure that the nonce is unique + * with high probability for different process instances. + * + * The normal OpenVMS time is specified to be high granularity (100ns), + * but the time update granularity given by sys$gettim() may be lower. + * + * OpenVMS version 8.4 (which is the latest for Alpha and Itanium) and + * on have sys$gettim_prec() as well, which is supposedly having a better + * time update granularity, but tests on Itanium (and even Alpha) have + * shown that compared with sys$gettim(), the difference is marginal, + * so of very little significance in terms of entropy. + * Given that, and that it's a high ask to expect everyone to have + * upgraded to OpenVMS version 8.4, only sys$gettim() is used, and a + * sequence number is added as well, in case sys$gettim() returns the + * same time value more than once. + * + * This function is assumed to be called under thread lock, and does + * therefore not take concurrency into account. */ + data.pid = getpid(); data.tid = CRYPTO_THREAD_get_current_id(); -#if __CRTL_VER >= 80400000 - sys$gettim_prec(&data.time); -#else + data.seq = 0; sys$gettim((void*)&data.time); -#endif + + if (data.time == last_time) { + data.seq = ++last_seq; + } else { + last_time = data.time; + last_seq = 0; + } return ossl_rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0); } diff -Nru openssl-3.0.5/providers/implementations/rands/seeding/rand_win.c openssl-3.0.7/providers/implementations/rands/seeding/rand_win.c --- openssl-3.0.5/providers/implementations/rands/seeding/rand_win.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/rands/seeding/rand_win.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,7 +28,9 @@ # ifdef USE_BCRYPTGENRANDOM # include -# pragma comment(lib, "bcrypt.lib") +# ifdef _MSC_VER +# pragma comment(lib, "bcrypt.lib") +# endif # ifndef STATUS_SUCCESS # define STATUS_SUCCESS ((NTSTATUS)0x00000000L) # endif diff -Nru openssl-3.0.5/providers/implementations/signature/eddsa_sig.c openssl-3.0.7/providers/implementations/signature/eddsa_sig.c --- openssl-3.0.5/providers/implementations/signature/eddsa_sig.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/providers/implementations/signature/eddsa_sig.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -165,8 +165,14 @@ return 0; } #ifdef S390X_EC_ASM - if (S390X_CAN_SIGN(ED25519)) - return s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen); + if (S390X_CAN_SIGN(ED25519)) { + if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); + return 0; + } + *siglen = ED25519_SIGSIZE; + return 1; + } #endif /* S390X_EC_ASM */ if (ossl_ed25519_sign(sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, peddsactx->libctx, NULL) == 0) { @@ -196,8 +202,14 @@ return 0; } #ifdef S390X_EC_ASM - if (S390X_CAN_SIGN(ED448)) - return s390x_ed448_digestsign(edkey, sigret, tbs, tbslen); + if (S390X_CAN_SIGN(ED448)) { + if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SIGN); + return 0; + } + *siglen = ED448_SIGSIZE; + return 1; + } #endif /* S390X_EC_ASM */ if (ossl_ed448_sign(peddsactx->libctx, sigret, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL, 0, edkey->propq) == 0) { diff -Nru openssl-3.0.5/README-ENGINES.md openssl-3.0.7/README-ENGINES.md --- openssl-3.0.5/README-ENGINES.md 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/README-ENGINES.md 2022-11-01 14:14:36.000000000 +0000 @@ -314,4 +314,3 @@ A quick test done right before the release showed that trying "openssl speed -engine cswift" generated errors. If the DSO gets enabled, an attempt is made to write at memory address 0x00000002. - diff -Nru openssl-3.0.5/ssl/ktls.c openssl-3.0.7/ssl/ktls.c --- openssl-3.0.5/ssl/ktls.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ktls.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,8 +66,11 @@ case SSL_AES128GCM: case SSL_AES256GCM: crypto_info->cipher_algorithm = CRYPTO_AES_NIST_GCM_16; - if (s->version == TLS1_3_VERSION) + if (s->version == TLS1_3_VERSION) { crypto_info->iv_len = EVP_CIPHER_CTX_get_iv_length(dd); + if (crypto_info->iv_len < 0) + return 0; + } else crypto_info->iv_len = EVP_GCM_TLS_FIXED_IV_LEN; break; diff -Nru openssl-3.0.5/ssl/record/rec_layer_d1.c openssl-3.0.7/ssl/record/rec_layer_d1.c --- openssl-3.0.5/ssl/record/rec_layer_d1.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/record/rec_layer_d1.c 2022-11-01 14:14:36.000000000 +0000 @@ -874,6 +874,10 @@ int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); + if (eivlen < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); + return -1; + } if (eivlen <= 1) eivlen = 0; } diff -Nru openssl-3.0.5/ssl/record/rec_layer_s3.c openssl-3.0.7/ssl/record/rec_layer_s3.c --- openssl-3.0.5/ssl/record/rec_layer_s3.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/record/rec_layer_s3.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -115,10 +115,22 @@ if (s->rlayer.rstate == SSL_ST_READ_BODY) return 0; + /* Take into account DTLS buffered app data */ + if (SSL_IS_DTLS(s)) { + DTLS1_RECORD_DATA *rdata; + pitem *item, *iter; + + iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q); + while ((item = pqueue_next(&iter)) != NULL) { + rdata = item->data; + num += rdata->rrec.length; + } + } + for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) { if (SSL3_RECORD_get_type(&s->rlayer.rrec[i]) != SSL3_RT_APPLICATION_DATA) - return 0; + return num; num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]); } @@ -832,6 +844,10 @@ int mode = EVP_CIPHER_CTX_get_mode(s->enc_write_ctx); if (mode == EVP_CIPH_CBC_MODE) { eivlen = EVP_CIPHER_CTX_get_iv_length(s->enc_write_ctx); + if (eivlen < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_LIBRARY_BUG); + goto err; + } if (eivlen <= 1) eivlen = 0; } else if (mode == EVP_CIPH_GCM_MODE) { diff -Nru openssl-3.0.5/ssl/record/ssl3_record_tls13.c openssl-3.0.7/ssl/record/ssl3_record_tls13.c --- openssl-3.0.5/ssl/record/ssl3_record_tls13.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/record/ssl3_record_tls13.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ { EVP_CIPHER_CTX *ctx; unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH]; - size_t ivlen, taglen, offset, loop, hdrlen; + size_t taglen, offset, loop, hdrlen; + int ivlen; unsigned char *staticiv; unsigned char *seq; int lenu, lenf; @@ -62,6 +63,10 @@ } ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } if (s->early_data_state == SSL_EARLY_DATA_WRITING || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) { diff -Nru openssl-3.0.5/ssl/s3_lib.c openssl-3.0.7/ssl/s3_lib.c --- openssl-3.0.5/ssl/s3_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/s3_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -4301,9 +4301,10 @@ if (prefer_sha256) { const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii); + const EVP_MD *md = ssl_md(s->ctx, tmp->algorithm2); - if (EVP_MD_is_a(ssl_md(s->ctx, tmp->algorithm2), - OSSL_DIGEST_NAME_SHA2_256)) { + if (md != NULL + && EVP_MD_is_a(md, OSSL_DIGEST_NAME_SHA2_256)) { ret = tmp; break; } diff -Nru openssl-3.0.5/ssl/ssl_ciph.c openssl-3.0.7/ssl/ssl_ciph.c --- openssl-3.0.5/ssl/ssl_ciph.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ssl_ciph.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -532,7 +532,8 @@ ctmp.id = s->compress_meth; if (ssl_comp_methods != NULL) { i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp); - *comp = sk_SSL_COMP_value(ssl_comp_methods, i); + if (i >= 0) + *comp = sk_SSL_COMP_value(ssl_comp_methods, i); } /* If were only interested in comp then return success */ if ((enc == NULL) && (md == NULL)) @@ -555,11 +556,14 @@ if (c->algorithm_mac == SSL_AEAD) mac_pkey_type = NULL; } else { - if (!ssl_evp_md_up_ref(ctx->ssl_digest_methods[i])) { + const EVP_MD *digest = ctx->ssl_digest_methods[i]; + + if (digest == NULL + || !ssl_evp_md_up_ref(digest)) { ssl_evp_cipher_free(*enc); return 0; } - *md = ctx->ssl_digest_methods[i]; + *md = digest; if (mac_pkey_type != NULL) *mac_pkey_type = ctx->ssl_mac_pkey_id[i]; if (mac_secret_size != NULL) @@ -1059,9 +1063,7 @@ * alphanumeric, so we call this an error. */ ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_COMMAND); - retval = found = 0; - l++; - break; + return 0; } if (rule == CIPHER_SPECIAL) { diff -Nru openssl-3.0.5/ssl/ssl_lib.c openssl-3.0.7/ssl/ssl_lib.c --- openssl-3.0.5/ssl/ssl_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ssl_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1550,12 +1550,26 @@ { /* * Similar to SSL_pending() but returns a 1 to indicate that we have - * unprocessed data available or 0 otherwise (as opposed to the number of - * bytes available). Unlike SSL_pending() this will take into account - * read_ahead data. A 1 return simply indicates that we have unprocessed - * data. That data may not result in any application data, or we may fail - * to parse the records for some reason. + * processed or unprocessed data available or 0 otherwise (as opposed to the + * number of bytes available). Unlike SSL_pending() this will take into + * account read_ahead data. A 1 return simply indicates that we have data. + * That data may not result in any application data, or we may fail to parse + * the records for some reason. */ + + /* Check buffered app data if any first */ + if (SSL_IS_DTLS(s)) { + DTLS1_RECORD_DATA *rdata; + pitem *item, *iter; + + iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q); + while ((item = pqueue_next(&iter)) != NULL) { + rdata = item->data; + if (rdata->rrec.length > 0) + return 1; + } + } + if (RECORD_LAYER_processed_read_pending(&s->rlayer)) return 1; diff -Nru openssl-3.0.5/ssl/ssl_local.h openssl-3.0.7/ssl/ssl_local.h --- openssl-3.0.5/ssl/ssl_local.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ssl_local.h 2022-11-01 14:14:36.000000000 +0000 @@ -2752,7 +2752,9 @@ #define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET" #define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET" #define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0" +#define CLIENT_APPLICATION_N_LABEL "CLIENT_TRAFFIC_SECRET_N" #define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0" +#define SERVER_APPLICATION_N_LABEL "SERVER_TRAFFIC_SECRET_N" #define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET" #define EXPORTER_SECRET_LABEL "EXPORTER_SECRET" diff -Nru openssl-3.0.5/ssl/ssl_rsa.c openssl-3.0.7/ssl/ssl_rsa.c --- openssl-3.0.5/ssl/ssl_rsa.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ssl_rsa.c 2022-11-01 14:14:36.000000000 +0000 @@ -703,16 +703,68 @@ return 1; } +static size_t extension_contextoff(unsigned int version) +{ + return version == SSL_SERVERINFOV1 ? 4 : 0; +} + +static size_t extension_append_length(unsigned int version, size_t extension_length) +{ + return extension_length + extension_contextoff(version); +} + +static void extension_append(unsigned int version, + const unsigned char *extension, + const size_t extension_length, + unsigned char *serverinfo) +{ + const size_t contextoff = extension_contextoff(version); + + if (contextoff > 0) { + /* We know this only uses the last 2 bytes */ + serverinfo[0] = 0; + serverinfo[1] = 0; + serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; + serverinfo[3] = SYNTHV1CONTEXT & 0xff; + } + + memcpy(serverinfo + contextoff, extension, extension_length); +} + int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version, const unsigned char *serverinfo, size_t serverinfo_length) { - unsigned char *new_serverinfo; + unsigned char *new_serverinfo = NULL; if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); return 0; } + if (version == SSL_SERVERINFOV1) { + /* + * Convert serverinfo version v1 to v2 and call yourself recursively + * over the converted serverinfo. + */ + const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1, + serverinfo_length); + unsigned char *sinfo; + int ret; + + sinfo = OPENSSL_malloc(sinfo_length); + if (sinfo == NULL) { + ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + + extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo); + + ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo, + sinfo_length); + + OPENSSL_free(sinfo); + return ret; + } if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length, NULL)) { ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_SERVERINFO_DATA); @@ -765,7 +817,7 @@ unsigned int name_len; int ret = 0; BIO *bin = NULL; - size_t num_extensions = 0, contextoff = 0; + size_t num_extensions = 0; if (ctx == NULL || file == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); @@ -784,6 +836,7 @@ for (num_extensions = 0;; num_extensions++) { unsigned int version; + size_t append_length; if (PEM_read_bio(bin, &name, &header, &extension, &extension_length) == 0) { @@ -826,11 +879,6 @@ ERR_raise(ERR_LIB_SSL, SSL_R_BAD_DATA); goto end; } - /* - * File does not have a context value so we must take account of - * this later. - */ - contextoff = 4; } else { /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */ if (extension_length < 8 @@ -841,25 +889,16 @@ } } /* Append the decoded extension to the serverinfo buffer */ - tmp = OPENSSL_realloc(serverinfo, serverinfo_length + extension_length - + contextoff); + append_length = extension_append_length(version, extension_length); + tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length); if (tmp == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); goto end; } serverinfo = tmp; - if (contextoff > 0) { - unsigned char *sinfo = serverinfo + serverinfo_length; - - /* We know this only uses the last 2 bytes */ - sinfo[0] = 0; - sinfo[1] = 0; - sinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff; - sinfo[3] = SYNTHV1CONTEXT & 0xff; - } - memcpy(serverinfo + serverinfo_length + contextoff, - extension, extension_length); - serverinfo_length += extension_length + contextoff; + extension_append(version, extension, extension_length, + serverinfo + serverinfo_length); + serverinfo_length += append_length; OPENSSL_free(name); name = NULL; diff -Nru openssl-3.0.5/ssl/ssl_sess.c openssl-3.0.7/ssl/ssl_sess.c --- openssl-3.0.5/ssl/ssl_sess.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/ssl_sess.c 2022-11-01 14:14:36.000000000 +0000 @@ -748,25 +748,17 @@ c->time = time(NULL); ssl_session_calculate_timeout(c); } - SSL_SESSION_list_add(ctx, c); - if (s != NULL) { - /* - * existing cache entry -- decrement previously incremented reference - * count because it already takes into account the cache - */ - - SSL_SESSION_free(s); /* s == c */ - ret = 0; - } else { + if (s == NULL) { /* * new cache entry -- remove old ones if cache has become too large + * delete cache entry *before* add, so we don't remove the one we're adding! */ ret = 1; if (SSL_CTX_sess_get_cache_size(ctx) > 0) { - while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) { + while (SSL_CTX_sess_number(ctx) >= SSL_CTX_sess_get_cache_size(ctx)) { if (!remove_session_lock(ctx, ctx->session_cache_tail, 0)) break; else @@ -774,6 +766,18 @@ } } } + + SSL_SESSION_list_add(ctx, c); + + if (s != NULL) { + /* + * existing cache entry -- decrement previously incremented reference + * count because it already takes into account the cache + */ + + SSL_SESSION_free(s); /* s == c */ + ret = 0; + } CRYPTO_THREAD_unlock(ctx->lock); return ret; } diff -Nru openssl-3.0.5/ssl/statem/extensions.c openssl-3.0.7/ssl/statem/extensions.c --- openssl-3.0.5/ssl/statem/extensions.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/extensions.c 2022-11-01 14:14:36.000000000 +0000 @@ -98,6 +98,9 @@ * Definitions of all built-in extensions. NOTE: Changes in the number or order * of these extensions should be mirrored with equivalent changes to the * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h. + * Extensions should be added to test/ext_internal_test.c as well, as that + * tests the ordering of the extensions. + * * Each extension has an initialiser, a client and * server side parser and a finaliser. The initialiser is called (if the * extension is relevant to the given context) even if we did not see the @@ -118,7 +121,7 @@ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at * the end, keep these extensions before signature_algorithm. */ -#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL } +#define INVALID_EXTENSION { TLSEXT_TYPE_invalid, 0, NULL, NULL, NULL, NULL, NULL, NULL } static const EXTENSION_DEFINITION ext_defs[] = { { TLSEXT_TYPE_renegotiate, @@ -385,6 +388,17 @@ } }; +/* Returns a TLSEXT_TYPE for the given index */ +unsigned int ossl_get_extension_type(size_t idx) +{ + size_t num_exts = OSSL_NELEM(ext_defs); + + if (idx >= num_exts) + return TLSEXT_TYPE_out_of_range; + + return ext_defs[idx].type; +} + /* Check whether an extension's context matches the current context */ static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx) { diff -Nru openssl-3.0.5/ssl/statem/extensions_clnt.c openssl-3.0.7/ssl/statem/extensions_clnt.c --- openssl-3.0.5/ssl/statem/extensions_clnt.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/extensions_clnt.c 2022-11-01 14:14:36.000000000 +0000 @@ -679,6 +679,10 @@ if (!tls_group_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED)) continue; + if (!tls_valid_group(s, pgroups[i], TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) + continue; + curve_id = pgroups[i]; break; } @@ -974,7 +978,7 @@ X509 *x, size_t chainidx) { #ifndef OPENSSL_NO_TLS1_3 - uint32_t now, agesec, agems = 0; + uint32_t agesec, agems = 0; size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen; unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL; const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL; @@ -1030,8 +1034,7 @@ * this in multiple places in the code, so portability shouldn't be an * issue. */ - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)s->session->time; + agesec = (uint32_t)(time(NULL) - s->session->time); /* * We calculate the age in seconds but the server may work in ms. Due to * rounding errors we could overestimate the age by up to 1s. It is @@ -1776,7 +1779,9 @@ break; } if (i >= num_groups - || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) { + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_BAD_KEY_SHARE); return 0; } diff -Nru openssl-3.0.5/ssl/statem/extensions_srvr.c openssl-3.0.7/ssl/statem/extensions_srvr.c --- openssl-3.0.5/ssl/statem/extensions_srvr.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/extensions_srvr.c 2022-11-01 14:14:36.000000000 +0000 @@ -12,16 +12,16 @@ #include "statem_local.h" #include "internal/cryptlib.h" -#define COOKIE_STATE_FORMAT_VERSION 0 +#define COOKIE_STATE_FORMAT_VERSION 1 /* * 2 bytes for packet length, 2 bytes for format version, 2 bytes for * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for - * key_share present flag, 4 bytes for timestamp, 2 bytes for the hashlen, + * key_share present flag, 8 bytes for timestamp, 2 bytes for the hashlen, * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing. */ -#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 4 + 2 + EVP_MAX_MD_SIZE + 1 \ +#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \ + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH) /* @@ -648,7 +648,14 @@ } /* Check if this share is for a group we can use */ - if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) { + if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1) + || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED) + /* + * We tolerate but ignore a group id that we don't think is + * suitable for TLSv1.3 + */ + || !tls_valid_group(s, group_id, TLS1_3_VERSION, TLS1_3_VERSION, + 0, NULL)) { /* Share not suitable */ continue; } @@ -690,7 +697,7 @@ unsigned char hmac[SHA256_DIGEST_LENGTH]; unsigned char hrr[MAX_HRR_SIZE]; size_t rawlen, hmaclen, hrrlen, ciphlen; - unsigned long tm, now; + uint64_t tm, now; /* Ignore any cookie if we're not set up to verify it */ if (s->ctx->verify_stateless_cookie_cb == NULL @@ -791,7 +798,7 @@ } if (!PACKET_get_1(&cookie, &key_share) - || !PACKET_get_net_4(&cookie, &tm) + || !PACKET_get_net_8(&cookie, &tm) || !PACKET_get_length_prefixed_2(&cookie, &chhash) || !PACKET_get_length_prefixed_1(&cookie, &appcookie) || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) { @@ -800,7 +807,7 @@ } /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */ - now = (unsigned long)time(NULL); + now = time(NULL); if (tm > now || (now - tm) > 600) { /* Cookie is stale. Ignore it */ return 1; @@ -1087,7 +1094,7 @@ s->ext.early_data_ok = 1; s->ext.ticket_expected = 1; } else { - uint32_t ticket_age = 0, now, agesec, agems; + uint32_t ticket_age = 0, agesec, agems; int ret; /* @@ -1127,8 +1134,7 @@ } ticket_age = (uint32_t)ticket_agel; - now = (uint32_t)time(NULL); - agesec = now - (uint32_t)sess->time; + agesec = (uint32_t)(time(NULL) - sess->time); agems = agesec * (uint32_t)1000; ticket_age -= sess->ext.tick_age_add; @@ -1154,6 +1160,10 @@ } md = ssl_md(s->ctx, sess->cipher->algorithm2); + if (md == NULL) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } if (!EVP_MD_is_a(md, EVP_MD_get0_name(ssl_md(s->ctx, s->s3.tmp.new_cipher->algorithm2)))) { @@ -1737,7 +1747,7 @@ &ciphlen) /* Is there a key_share extension present in this HRR? */ || !WPACKET_put_bytes_u8(pkt, s->s3.peer_tmp == NULL) - || !WPACKET_put_bytes_u32(pkt, (unsigned int)time(NULL)) + || !WPACKET_put_bytes_u64(pkt, time(NULL)) || !WPACKET_start_sub_packet_u16(pkt) || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); diff -Nru openssl-3.0.5/ssl/statem/statem.c openssl-3.0.7/ssl/statem/statem.c --- openssl-3.0.5/ssl/statem/statem.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/statem.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -849,10 +849,24 @@ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return SUB_STATE_ERROR; } - if (confunc != NULL && !confunc(s, &pkt)) { - WPACKET_cleanup(&pkt); - check_fatal(s); - return SUB_STATE_ERROR; + if (confunc != NULL) { + int tmpret; + + tmpret = confunc(s, &pkt); + if (tmpret <= 0) { + WPACKET_cleanup(&pkt); + check_fatal(s); + return SUB_STATE_ERROR; + } else if (tmpret == 2) { + /* + * The construction function decided not to construct the + * message after all and continue. Skip sending. + */ + WPACKET_cleanup(&pkt); + st->write_state = WRITE_STATE_POST_WORK; + st->write_state_work = WORK_MORE_A; + break; + } /* else success */ } if (!ssl_close_construct_packet(s, &pkt, mt) || !WPACKET_finish(&pkt)) { diff -Nru openssl-3.0.5/ssl/statem/statem_clnt.c openssl-3.0.7/ssl/statem/statem_clnt.c --- openssl-3.0.5/ssl/statem/statem_clnt.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/statem_clnt.c 2022-11-01 14:14:36.000000000 +0000 @@ -1346,12 +1346,14 @@ s->session->cipher_id = s->session->cipher->id; if (s->hit && (s->session->cipher_id != c->id)) { if (SSL_IS_TLS13(s)) { + const EVP_MD *md = ssl_md(s->ctx, c->algorithm2); + /* * In TLSv1.3 it is valid for the server to select a different * ciphersuite as long as the hash is the same. */ - if (ssl_md(s->ctx, c->algorithm2) - != ssl_md(s->ctx, s->session->cipher->algorithm2)) { + if (md == NULL + || md != ssl_md(s->ctx, s->session->cipher->algorithm2)) { SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED); return 0; diff -Nru openssl-3.0.5/ssl/statem/statem_dtls.c openssl-3.0.7/ssl/statem/statem_dtls.c --- openssl-3.0.5/ssl/statem/statem_dtls.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/statem_dtls.c 2022-11-01 14:14:36.000000000 +0000 @@ -491,23 +491,64 @@ * (2) update s->init_num */ pitem *item; + piterator iter; hm_fragment *frag; int ret; + int chretran = 0; + iter = pqueue_iterator(s->d1->buffered_messages); do { - item = pqueue_peek(s->d1->buffered_messages); + item = pqueue_next(&iter); if (item == NULL) return 0; frag = (hm_fragment *)item->data; if (frag->msg_header.seq < s->d1->handshake_read_seq) { - /* This is a stale message that has been buffered so clear it */ - pqueue_pop(s->d1->buffered_messages); - dtls1_hm_fragment_free(frag); - pitem_free(item); - item = NULL; - frag = NULL; + pitem *next; + hm_fragment *nextfrag; + + if (!s->server + || frag->msg_header.seq != 0 + || s->d1->handshake_read_seq != 1 + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + /* + * This is a stale message that has been buffered so clear it. + * It is safe to pop this message from the queue even though + * we have an active iterator + */ + pqueue_pop(s->d1->buffered_messages); + dtls1_hm_fragment_free(frag); + pitem_free(item); + item = NULL; + frag = NULL; + } else { + /* + * We have fragments for a ClientHello without a cookie, + * even though we have sent a HelloVerifyRequest. It is possible + * that the HelloVerifyRequest got lost and this is a + * retransmission of the original ClientHello + */ + next = pqueue_next(&iter); + if (next != NULL) { + nextfrag = (hm_fragment *)next->data; + if (nextfrag->msg_header.seq == s->d1->handshake_read_seq) { + /* + * We have fragments for both a ClientHello without + * cookie and one with. Ditch the one without. + */ + pqueue_pop(s->d1->buffered_messages); + dtls1_hm_fragment_free(frag); + pitem_free(item); + item = next; + frag = nextfrag; + } else { + chretran = 1; + } + } else { + chretran = 1; + } + } } } while (item == NULL); @@ -515,7 +556,7 @@ if (frag->reassembly != NULL) return 0; - if (s->d1->handshake_read_seq == frag->msg_header.seq) { + if (s->d1->handshake_read_seq == frag->msg_header.seq || chretran) { size_t frag_len = frag->msg_header.frag_len; pqueue_pop(s->d1->buffered_messages); @@ -533,6 +574,16 @@ pitem_free(item); if (ret) { + if (chretran) { + /* + * We got a new ClientHello with a message sequence of 0. + * Reset the read/write sequences back to the beginning. + * We process it like this is the first time we've seen a + * ClientHello from the client. + */ + s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; + } *len = frag_len; return 1; } @@ -759,6 +810,7 @@ int i, ret, recvd_type; struct hm_header_st msg_hdr; size_t readbytes; + int chretran = 0; *errtype = 0; @@ -828,8 +880,20 @@ * although we're still expecting seq 0 (ClientHello) */ if (msg_hdr.seq != s->d1->handshake_read_seq) { - *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); - return 0; + if (!s->server + || msg_hdr.seq != 0 + || s->d1->handshake_read_seq != 1 + || wire[0] != SSL3_MT_CLIENT_HELLO + || s->statem.hand_state != DTLS_ST_SW_HELLO_VERIFY_REQUEST) { + *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr); + return 0; + } + /* + * We received a ClientHello and sent back a HelloVerifyRequest. We + * now seem to have received a retransmitted initial ClientHello. That + * is allowed (possibly our HelloVerifyRequest got lost). + */ + chretran = 1; } if (frag_len && frag_len < mlen) { @@ -895,6 +959,17 @@ goto f_err; } + if (chretran) { + /* + * We got a new ClientHello with a message sequence of 0. + * Reset the read/write sequences back to the beginning. + * We process it like this is the first time we've seen a ClientHello + * from the client. + */ + s->d1->handshake_read_seq = 0; + s->d1->next_handshake_write_seq = 0; + } + /* * Note that s->init_num is *not* used as current offset in * s->init_buf->data, but as a counter summing up fragments' lengths: as diff -Nru openssl-3.0.5/ssl/statem/statem_local.h openssl-3.0.7/ssl/statem/statem_local.h --- openssl-3.0.5/ssl/statem/statem_local.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/statem_local.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,11 @@ /* Dummy message type */ #define SSL3_MT_DUMMY -1 +/* Invalid extension ID for non-supported extensions */ +#define TLSEXT_TYPE_invalid 0x10000 +#define TLSEXT_TYPE_out_of_range 0x10001 +unsigned int ossl_get_extension_type(size_t idx); + extern const unsigned char hrrrandom[]; /* Message processing return codes */ diff -Nru openssl-3.0.5/ssl/statem/statem_srvr.c openssl-3.0.7/ssl/statem/statem_srvr.c --- openssl-3.0.5/ssl/statem/statem_srvr.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/statem/statem_srvr.c 2022-11-01 14:14:36.000000000 +0000 @@ -3660,6 +3660,10 @@ return 1; } +/* + * Returns 1 on success, 0 to abort construction of the ticket (non-fatal), or + * -1 on fatal error + */ static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add, unsigned char *tick_nonce) { @@ -3674,7 +3678,7 @@ SSL_CTX *tctx = s->session_ctx; unsigned char iv[EVP_MAX_IV_LENGTH]; unsigned char key_name[TLSEXT_KEYNAME_LENGTH]; - int iv_len, ok = 0; + int iv_len, ok = -1; size_t macoffset, macendoffset; /* get session encoding length */ @@ -3755,7 +3759,15 @@ #endif if (ret == 0) { - + /* + * In TLSv1.2 we construct a 0 length ticket. In TLSv1.3 a 0 + * length ticket is not allowed so we abort construction of the + * ticket + */ + if (SSL_IS_TLS13(s)) { + ok = 0; + goto err; + } /* Put timeout and length */ if (!WPACKET_put_bytes_u32(pkt, 0) || !WPACKET_put_bytes_u16(pkt, 0)) { @@ -3772,6 +3784,10 @@ goto err; } iv_len = EVP_CIPHER_CTX_get_iv_length(ctx); + if (iv_len < 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + goto err; + } } else { EVP_CIPHER *cipher = EVP_CIPHER_fetch(s->ctx->libctx, "AES-256-CBC", s->ctx->propq); @@ -3864,6 +3880,20 @@ return 1; } +static void tls_update_ticket_counts(SSL *s) +{ + /* + * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets| + * gets reset to 0 if we send more tickets following a post-handshake + * auth, but |next_ticket_nonce| does not. If we're sending extra + * tickets, decrement the count of pending extra tickets. + */ + s->sent_tickets++; + s->next_ticket_nonce++; + if (s->ext.extra_tickets_expected > 0) + s->ext.extra_tickets_expected--; +} + int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt) { SSL_CTX *tctx = s->session_ctx; @@ -3872,6 +3902,7 @@ unsigned char age_add_c[sizeof(uint32_t)]; uint32_t age_add; } age_add_u; + int ret = 0; age_add_u.age_add = 0; @@ -3969,10 +4000,20 @@ /* SSLfatal() already called */ goto err; } - } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add, - tick_nonce)) { - /* SSLfatal() already called */ - goto err; + } else { + int tmpret; + + tmpret = construct_stateless_ticket(s, pkt, age_add_u.age_add, + tick_nonce); + if (tmpret != 1) { + if (tmpret == 0) { + ret = 2; /* Non-fatal. Abort construction but continue */ + /* We count this as a success so update the counts anwyay */ + tls_update_ticket_counts(s); + } + /* else SSLfatal() already called */ + goto err; + } } if (SSL_IS_TLS13(s)) { @@ -3982,22 +4023,13 @@ /* SSLfatal() already called */ goto err; } - /* - * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets| - * gets reset to 0 if we send more tickets following a post-handshake - * auth, but |next_ticket_nonce| does not. If we're sending extra - * tickets, decrement the count of pending extra tickets. - */ - s->sent_tickets++; - s->next_ticket_nonce++; - if (s->ext.extra_tickets_expected > 0) - s->ext.extra_tickets_expected--; + tls_update_ticket_counts(s); ssl_update_cache(s, SSL_SESS_CACHE_SERVER); } - return 1; + ret = 1; err: - return 0; + return ret; } /* diff -Nru openssl-3.0.5/ssl/t1_lib.c openssl-3.0.7/ssl/t1_lib.c --- openssl-3.0.5/ssl/t1_lib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/t1_lib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1785,7 +1785,7 @@ SSL_SESSION *sess = NULL; unsigned char *sdec; const unsigned char *p; - int slen, renew_ticket = 0, declen; + int slen, ivlen, renew_ticket = 0, declen; SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER; size_t mlen; unsigned char tick_hmac[EVP_MAX_MD_SIZE]; @@ -1898,9 +1898,14 @@ goto end; } + ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); + if (ivlen < 0) { + ret = SSL_TICKET_FATAL_ERR_OTHER; + goto end; + } + /* Sanity check ticket length: must exceed keyname + IV + HMAC */ - if (eticklen <= - TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx) + mlen) { + if (eticklen <= TLSEXT_KEYNAME_LENGTH + ivlen + mlen) { ret = SSL_TICKET_NO_DECRYPT; goto end; } @@ -1918,8 +1923,8 @@ } /* Attempt to decrypt session data */ /* Move p after IV to start of encrypted ticket, update length */ - p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); - eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_get_iv_length(ctx); + p = etick + TLSEXT_KEYNAME_LENGTH + ivlen; + eticklen -= TLSEXT_KEYNAME_LENGTH + ivlen; sdec = OPENSSL_malloc(eticklen); if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p, (int)eticklen) <= 0) { diff -Nru openssl-3.0.5/ssl/tls13_enc.c openssl-3.0.7/ssl/tls13_enc.c --- openssl-3.0.5/ssl/tls13_enc.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/tls13_enc.c 2022-11-01 14:14:36.000000000 +0000 @@ -257,13 +257,17 @@ size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen, unsigned char *out) { - const char *mdname = EVP_MD_get0_name(ssl_handshake_md(s)); + const EVP_MD *md = ssl_handshake_md(s); + const char *mdname = EVP_MD_get0_name(md); unsigned char hash[EVP_MAX_MD_SIZE]; unsigned char finsecret[EVP_MAX_MD_SIZE]; unsigned char *key = NULL; size_t len = 0, hashlen; OSSL_PARAM params[2], *p = params; + if (md == NULL) + return 0; + /* Safe to cast away const here since we're not "getting" any data */ if (s->ctx->propq != NULL) *p++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_PROPERTIES, @@ -281,7 +285,7 @@ } else if (SSL_IS_FIRST_HANDSHAKE(s)) { key = s->client_finished_secret; } else { - if (!tls13_derive_finishedkey(s, ssl_handshake_md(s), + if (!tls13_derive_finishedkey(s, md, s->client_app_traffic_secret, finsecret, hashlen)) goto err; @@ -747,12 +751,19 @@ static const unsigned char application_traffic[] = "traffic upd"; #endif const EVP_MD *md = ssl_handshake_md(s); - size_t hashlen = EVP_MD_get_size(md); + size_t hashlen; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char *insecret, *iv; unsigned char secret[EVP_MAX_MD_SIZE]; + char *log_label; EVP_CIPHER_CTX *ciph_ctx; - int ret = 0; + int ret = 0, l; + + if ((l = EVP_MD_get_size(md)) <= 0) { + SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + return 0; + } + hashlen = (size_t)l; if (s->server == sending) insecret = s->server_app_traffic_secret; @@ -770,7 +781,7 @@ RECORD_LAYER_reset_read_sequence(&s->rlayer); } - if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s), + if (!derive_secret_key_and_iv(s, sending, md, s->s3.tmp.new_sym_enc, insecret, NULL, application_traffic, sizeof(application_traffic) - 1, secret, key, @@ -781,6 +792,13 @@ memcpy(insecret, secret, hashlen); + /* Call Key log on successful traffic secret update */ + log_label = s->server == sending ? SERVER_APPLICATION_N_LABEL : CLIENT_APPLICATION_N_LABEL; + if (!ssl_log_secret(s, log_label, secret, hashlen)) { + /* SSLfatal() already called */ + goto err; + } + s->statem.enc_write_state = ENC_WRITE_STATE_VALID; ret = 1; err: @@ -815,7 +833,7 @@ unsigned int hashsize, datalen; int ret = 0; - if (ctx == NULL || !ossl_statem_export_allowed(s)) + if (ctx == NULL || md == NULL || !ossl_statem_export_allowed(s)) goto err; if (!use_context) @@ -884,7 +902,8 @@ * * Here Transcript-Hash is the cipher suite hash algorithm. */ - if (EVP_DigestInit_ex(ctx, md, NULL) <= 0 + if (md == NULL + || EVP_DigestInit_ex(ctx, md, NULL) <= 0 || EVP_DigestUpdate(ctx, context, contextlen) <= 0 || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0 || EVP_DigestInit_ex(ctx, md, NULL) <= 0 diff -Nru openssl-3.0.5/ssl/tls_srp.c openssl-3.0.7/ssl/tls_srp.c --- openssl-3.0.5/ssl/tls_srp.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/ssl/tls_srp.c 2022-11-01 14:14:36.000000000 +0000 @@ -238,7 +238,7 @@ BN_clear_free(s->srp_ctx.s); s->srp_ctx.s = NULL; if (!SRP_create_verifier_BN_ex(user, pass, &s->srp_ctx.s, &s->srp_ctx.v, - GN->N, GN->g, s->ctx->libctx, + s->srp_ctx.N, s->srp_ctx.g, s->ctx->libctx, s->ctx->propq)) return -1; diff -Nru openssl-3.0.5/test/aesgcmtest.c openssl-3.0.7/test/aesgcmtest.c --- openssl-3.0.5/test/aesgcmtest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/aesgcmtest.c 2022-11-01 14:14:36.000000000 +0000 @@ -116,7 +116,6 @@ return ret; } -#ifdef FIPS_MODULE static int ivgen_test(void) { unsigned char iv_gen[16]; @@ -127,14 +126,11 @@ return do_encrypt(iv_gen, ct, &ctlen, tag, &taglen) && do_decrypt(iv_gen, ct, ctlen, tag, taglen); } -#endif /* FIPS_MODULE */ int setup_tests(void) { ADD_TEST(kat_test); ADD_TEST(badkeylen_test); -#ifdef FIPS_MODULE ADD_TEST(ivgen_test); -#endif /* FIPS_MODULE */ return 1; } diff -Nru openssl-3.0.5/test/asynctest.c openssl-3.0.7/test/asynctest.c --- openssl-3.0.5/test/asynctest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/asynctest.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -409,6 +409,7 @@ ret = 1; err: ASYNC_WAIT_CTX_free(waitctx); + ASYNC_cleanup_thread(); OSSL_LIB_CTX_free(libctx); return ret; } diff -Nru openssl-3.0.5/test/build.info openssl-3.0.7/test/build.info --- openssl-3.0.5/test/build.info 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/build.info 2022-11-01 14:14:36.000000000 +0000 @@ -40,7 +40,7 @@ exptest pbetest localetest evp_pkey_ctx_new_from_name\ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test evp_libctx_test ossl_store_test \ - v3nametest v3ext \ + v3nametest v3ext punycode_test \ evp_pkey_provided_test evp_test evp_extra_test evp_extra_test2 \ evp_fetch_prov_test v3nametest v3ext \ crltest danetest bad_dtls_test lhash_test sparse_array_test \ @@ -62,7 +62,7 @@ context_internal_test aesgcmtest params_test evp_pkey_dparams_test \ keymgmt_internal_test hexstr_test provider_status_test defltfips_test \ bio_readbuffer_test user_property_test pkcs7_test upcallstest \ - provfetchtest prov_config_test rand_test + provfetchtest prov_config_test rand_test fips_version_test IF[{- !$disabled{'deprecated-3.0'} -}] PROGRAMS{noinst}=enginetest @@ -185,9 +185,6 @@ SOURCE[evp_fetch_prov_test]=evp_fetch_prov_test.c INCLUDE[evp_fetch_prov_test]=../include ../apps/include DEPEND[evp_fetch_prov_test]=../libcrypto libtestutil.a - IF[{- $disabled{fips} || !$target{dso_scheme} -}] - DEFINE[evp_extra_test]=NO_FIPS_MODULE - ENDIF SOURCE[provfetchtest]=provfetchtest.c INCLUDE[provfetchtest]=../include ../apps/include @@ -293,6 +290,10 @@ INCLUDE[pkcs7_test]=../include ../apps/include DEPEND[pkcs7_test]=../libcrypto libtestutil.a + SOURCE[punycode_test]=punycode_test.c + INCLUDE[punycode_test]=../include ../apps/include + DEPEND[punycode_test]=../libcrypto.a libtestutil.a + SOURCE[stack_test]=stack_test.c INCLUDE[stack_test]=../include ../apps/include DEPEND[stack_test]=../libcrypto libtestutil.a @@ -394,6 +395,10 @@ INCLUDE[defltfips_test]=../include ../apps/include DEPEND[defltfips_test]=../libcrypto libtestutil.a + SOURCE[fips_version_test]=fips_version_test.c + INCLUDE[fips_version_test]=../include ../apps/include + DEPEND[fips_version_test]=../libcrypto libtestutil.a + SOURCE[ocspapitest]=ocspapitest.c INCLUDE[ocspapitest]=../include ../apps/include DEPEND[ocspapitest]=../libcrypto libtestutil.a @@ -777,6 +782,11 @@ INCLUDE[ssl_old_test]=.. ../include ../apps/include DEPEND[ssl_old_test]=../libcrypto.a ../libssl.a libtestutil.a + PROGRAMS{noinst}=ext_internal_test + SOURCE[ext_internal_test]=ext_internal_test.c + INCLUDE[ext_internal_test]=.. ../include ../apps/include + DEPEND[ext_internal_test]=../libcrypto.a ../libssl.a libtestutil.a + PROGRAMS{noinst}=algorithmid_test SOURCE[algorithmid_test]=algorithmid_test.c INCLUDE[algorithmid_test]=../include ../apps/include diff -Nru openssl-3.0.5/test/certs/setup.sh openssl-3.0.7/test/certs/setup.sh --- openssl-3.0.5/test/certs/setup.sh 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/certs/setup.sh 2022-11-01 14:14:36.000000000 +0000 @@ -10,7 +10,7 @@ # cross root and root cross cert ./mkcert.sh genroot "Cross Root" cross-key cross-root ./mkcert.sh genca "Root CA" root-key root-cross-cert cross-key cross-root -# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth, +# trust variants: +serverAuth -serverAuth +clientAuth -clientAuth openssl x509 -in root-cert.pem -trustout \ -addtrust serverAuth -out root+serverAuth.pem openssl x509 -in root-cert.pem -trustout \ @@ -79,7 +79,7 @@ # Primary intermediate ca: ca-cert ./mkcert.sh genca "CA" ca-key ca-cert root-key root-cert -# ca variants: CA:false, key2, DN2, issuer2, expired +# ca variants: CA:false, no bc, key2, DN2, issuer2, expired ./mkcert.sh genee "CA" ca-key ca-nonca root-key root-cert ./mkcert.sh gen_nonbc_ca "CA" ca-key ca-nonbc root-key root-cert ./mkcert.sh genca "CA" ca-key2 ca-cert2 root-key root-cert diff -Nru openssl-3.0.5/test/cmsapitest.c openssl-3.0.7/test/cmsapitest.c --- openssl-3.0.5/test/cmsapitest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/cmsapitest.c 2022-11-01 14:14:36.000000000 +0000 @@ -289,18 +289,61 @@ return ret; } -static int test_d2i_CMS_bio_file_encrypted_data(void) +static unsigned char *read_all(BIO *bio, long *p_len) +{ + const int step = 256; + unsigned char *buf = NULL; + unsigned char *tmp = NULL; + int ret; + + *p_len = 0; + for (;;) { + tmp = OPENSSL_realloc(buf, *p_len + step); + if (tmp == NULL) + break; + buf = tmp; + ret = BIO_read(bio, buf + *p_len, step); + if (ret < 0) + break; + + *p_len += ret; + + if (ret < step) + return buf; + } + + /* Error */ + OPENSSL_free(buf); + *p_len = 0; + return NULL; +} + +static int test_d2i_CMS_decode(const int idx) { BIO *bio = NULL; CMS_ContentInfo *cms = NULL; + unsigned char *buf = NULL; + const unsigned char *tmp = NULL; + long buf_len = 0; int ret = 0; - ERR_clear_error(); - - if (!TEST_ptr(bio = BIO_new_file(derin, "r")) - || !TEST_ptr(cms = d2i_CMS_bio(bio, NULL))) + if (!TEST_ptr(bio = BIO_new_file(derin, "r"))) goto end; + switch (idx) { + case 0: + if (!TEST_ptr(cms = d2i_CMS_bio(bio, NULL))) + goto end; + break; + case 1: + if (!TEST_ptr(buf = read_all(bio, &buf_len))) + goto end; + tmp = buf; + if (!TEST_ptr(cms = d2i_CMS_ContentInfo(NULL, &tmp, buf_len))) + goto end; + break; + } + if (!TEST_int_eq(ERR_peek_error(), 0)) goto end; @@ -308,6 +351,7 @@ end: CMS_ContentInfo_free(cms); BIO_free(bio); + OPENSSL_free(buf); return ret; } @@ -357,7 +401,7 @@ ADD_TEST(test_encrypt_decrypt_aes_192_gcm); ADD_TEST(test_encrypt_decrypt_aes_256_gcm); ADD_TEST(test_d2i_CMS_bio_NULL); - ADD_TEST(test_d2i_CMS_bio_file_encrypted_data); + ADD_ALL_TESTS(test_d2i_CMS_decode, 2); return 1; } diff -Nru openssl-3.0.5/test/drbgtest.c openssl-3.0.7/test/drbgtest.c --- openssl-3.0.5/test/drbgtest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/drbgtest.c 2022-11-01 14:14:36.000000000 +0000 @@ -132,15 +132,23 @@ /* * When building the FIPS module, it isn't possible to disable the continuous - * RNG tests. Tests that require this are skipped. + * RNG tests. Tests that require this are skipped and this means a detection + * mechanism for the FIPS provider being in use. */ -static int crngt_skip(void) +static int using_fips_rng(void) { -#ifdef FIPS_MODULE - return 1; -#else - return 0; -#endif + EVP_RAND_CTX *primary = RAND_get0_primary(NULL); + const OSSL_PROVIDER *prov; + const char *name; + + if (!TEST_ptr(primary)) + return 0; + + prov = EVP_RAND_get0_provider(EVP_RAND_CTX_get0_rand(primary)); + if (!TEST_ptr(prov)) + return 0; + name = OSSL_PROVIDER_get0_name(prov); + return strcmp(name, "OpenSSL FIPS Provider") == 0; } /* @@ -269,7 +277,7 @@ } -#if defined(OPENSSL_SYS_UNIX) +#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD) /* number of children to fork */ #define DRBG_FORK_COUNT 9 /* two results per child, two for the parent */ @@ -540,7 +548,7 @@ /* * Test whether the default rand_method (RAND_OpenSSL()) is - * setup correctly, in particular whether reseeding works + * setup correctly, in particular whether reseeding works * as designed. */ static int test_rand_reseed(void) @@ -550,7 +558,7 @@ int rv = 0; time_t before_reseed; - if (crngt_skip()) + if (using_fips_rng()) return TEST_skip("CRNGT cannot be disabled"); #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -582,7 +590,6 @@ EVP_RAND_uninstantiate(private); EVP_RAND_uninstantiate(public); - /* * Test initial seeding of shared DRBGs */ @@ -592,7 +599,6 @@ 1, 1, 1, 0))) goto error; - /* * Test initial state of shared DRBGs */ @@ -640,7 +646,6 @@ /* fill 'randomness' buffer with some arbitrary data */ memset(rand_add_buf, 'r', sizeof(rand_add_buf)); -#ifndef FIPS_MODULE /* * Test whether all three DRBGs are reseeded by RAND_add(). * The before_reseed time has to be measured here and passed into the @@ -657,22 +662,6 @@ 1, 1, 1, before_reseed))) goto error; -#else /* FIPS_MODULE */ - /* - * In FIPS mode, random data provided by the application via RAND_add() - * is not considered a trusted entropy source. It is only treated as - * additional_data and no reseeding is forced. This test assures that - * no reseeding occurs. - */ - before_reseed = time(NULL); - RAND_add(rand_add_buf, sizeof(rand_add_buf), sizeof(rand_add_buf)); - if (!TEST_true(test_drbg_reseed(1, - primary, public, private, - NULL, NULL, - 0, 0, 0, - before_reseed))) - goto error; -#endif rv = 1; @@ -822,7 +811,7 @@ unsigned char buf1[51], buf2[sizeof(buf1)]; int ret = 0, xreseed, yreseed, zreseed; - if (crngt_skip()) + if (using_fips_rng()) return TEST_skip("CRNGT cannot be disabled"); /* Initialise a three long DRBG chain */ @@ -906,7 +895,7 @@ int setup_tests(void) { ADD_TEST(test_rand_reseed); -#if defined(OPENSSL_SYS_UNIX) +#if defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_RAND_SEED_EGD) ADD_ALL_TESTS(test_rand_fork_safety, RANDOM_SIZE); #endif ADD_TEST(test_rand_prediction_resistance); diff -Nru openssl-3.0.5/test/dtlstest.c openssl-3.0.7/test/dtlstest.c --- openssl-3.0.5/test/dtlstest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/dtlstest.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,22 @@ #define RECORD_SEQUENCE 10 +static const char dummy_cookie[] = "0123456"; + +static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, + unsigned int *cookie_len) +{ + memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); + *cookie_len = sizeof(dummy_cookie); + return 1; +} + +static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, + unsigned int cookie_len) +{ + return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); +} + static unsigned int timer_cb(SSL *s, unsigned int timer_us) { ++timer_cb_count; @@ -127,6 +143,17 @@ return testresult; } +/* One record for the cookieless initial ClientHello */ +#define CLI_TO_SRV_COOKIE_EXCH 1 + +/* + * In a resumption handshake we use 2 records for the initial ClientHello in + * this test because we are using a very small MTU and the ClientHello is + * bigger than in the non resumption case. + */ +#define CLI_TO_SRV_RESUME_COOKIE_EXCH 2 +#define SRV_TO_CLI_COOKIE_EXCH 1 + #define CLI_TO_SRV_EPOCH_0_RECS 3 #define CLI_TO_SRV_EPOCH_1_RECS 1 #if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) @@ -141,7 +168,8 @@ #endif #define SRV_TO_CLI_EPOCH_1_RECS 1 #define TOTAL_FULL_HAND_RECORDS \ - (CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ + (CLI_TO_SRV_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \ + CLI_TO_SRV_EPOCH_0_RECS + CLI_TO_SRV_EPOCH_1_RECS + \ SRV_TO_CLI_EPOCH_0_RECS + SRV_TO_CLI_EPOCH_1_RECS) #define CLI_TO_SRV_RESUME_EPOCH_0_RECS 3 @@ -149,7 +177,8 @@ #define SRV_TO_CLI_RESUME_EPOCH_0_RECS 2 #define SRV_TO_CLI_RESUME_EPOCH_1_RECS 1 #define TOTAL_RESUME_HAND_RECORDS \ - (CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \ + (CLI_TO_SRV_RESUME_COOKIE_EXCH + SRV_TO_CLI_COOKIE_EXCH + \ + CLI_TO_SRV_RESUME_EPOCH_0_RECS + CLI_TO_SRV_RESUME_EPOCH_1_RECS + \ SRV_TO_CLI_RESUME_EPOCH_0_RECS + SRV_TO_CLI_RESUME_EPOCH_1_RECS) #define TOTAL_RECORDS (TOTAL_FULL_HAND_RECORDS + TOTAL_RESUME_HAND_RECORDS) @@ -167,7 +196,8 @@ int testresult = 0; int epoch = 0; SSL_SESSION *sess = NULL; - int cli_to_srv_epoch0, cli_to_srv_epoch1, srv_to_cli_epoch0; + int cli_to_srv_cookie, cli_to_srv_epoch0, cli_to_srv_epoch1; + int srv_to_cli_epoch0; if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), DTLS_client_method(), @@ -186,6 +216,10 @@ if (!TEST_true(SSL_CTX_set_dh_auto(sctx, 1))) goto end; + SSL_CTX_set_options(sctx, SSL_OP_COOKIE_EXCHANGE); + SSL_CTX_set_cookie_generate_cb(sctx, generate_cookie_cb); + SSL_CTX_set_cookie_verify_cb(sctx, verify_cookie_cb); + if (idx >= TOTAL_FULL_HAND_RECORDS) { /* We're going to do a resumption handshake. Get a session first. */ if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, @@ -204,11 +238,13 @@ cli_to_srv_epoch0 = CLI_TO_SRV_RESUME_EPOCH_0_RECS; cli_to_srv_epoch1 = CLI_TO_SRV_RESUME_EPOCH_1_RECS; srv_to_cli_epoch0 = SRV_TO_CLI_RESUME_EPOCH_0_RECS; + cli_to_srv_cookie = CLI_TO_SRV_RESUME_COOKIE_EXCH; idx -= TOTAL_FULL_HAND_RECORDS; } else { cli_to_srv_epoch0 = CLI_TO_SRV_EPOCH_0_RECS; cli_to_srv_epoch1 = CLI_TO_SRV_EPOCH_1_RECS; srv_to_cli_epoch0 = SRV_TO_CLI_EPOCH_0_RECS; + cli_to_srv_cookie = CLI_TO_SRV_COOKIE_EXCH; } c_to_s_fbio = BIO_new(bio_f_tls_dump_filter()); @@ -229,18 +265,18 @@ DTLS_set_timer_cb(serverssl, timer_cb); /* Work out which record to drop based on the test number */ - if (idx >= cli_to_srv_epoch0 + cli_to_srv_epoch1) { + if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1) { mempackbio = SSL_get_wbio(serverssl); - idx -= cli_to_srv_epoch0 + cli_to_srv_epoch1; - if (idx >= srv_to_cli_epoch0) { + idx -= cli_to_srv_cookie + cli_to_srv_epoch0 + cli_to_srv_epoch1; + if (idx >= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0) { epoch = 1; - idx -= srv_to_cli_epoch0; + idx -= SRV_TO_CLI_COOKIE_EXCH + srv_to_cli_epoch0; } } else { mempackbio = SSL_get_wbio(clientssl); - if (idx >= cli_to_srv_epoch0) { + if (idx >= cli_to_srv_cookie + cli_to_srv_epoch0) { epoch = 1; - idx -= cli_to_srv_epoch0; + idx -= cli_to_srv_cookie + cli_to_srv_epoch0; } mempackbio = BIO_next(mempackbio); } @@ -270,22 +306,6 @@ } #endif /* !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC) */ -static const char dummy_cookie[] = "0123456"; - -static int generate_cookie_cb(SSL *ssl, unsigned char *cookie, - unsigned int *cookie_len) -{ - memcpy(cookie, dummy_cookie, sizeof(dummy_cookie)); - *cookie_len = sizeof(dummy_cookie); - return 1; -} - -static int verify_cookie_cb(SSL *ssl, const unsigned char *cookie, - unsigned int cookie_len) -{ - return TEST_mem_eq(cookie, cookie_len, dummy_cookie, sizeof(dummy_cookie)); -} - static int test_cookie(void) { SSL_CTX *sctx = NULL, *cctx = NULL; @@ -442,6 +462,93 @@ return testresult; } +/* + * Test that swapping an app data record so that it is received before the + * Finished message still works. + */ +static int test_swap_app_data(void) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *sssl = NULL, *cssl = NULL; + int testresult = 0; + BIO *bio; + char msg[] = { 0x00, 0x01, 0x02, 0x03 }; + char buf[10]; + + if (!TEST_true(create_ssl_ctx_pair(NULL, DTLS_server_method(), + DTLS_client_method(), + DTLS1_VERSION, 0, + &sctx, &cctx, cert, privkey))) + return 0; + +#ifndef OPENSSL_NO_DTLS1_2 + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "AES128-SHA"))) + goto end; +#else + /* Default sigalgs are SHA1 based in priv_key), 1)) + goto err; + + /* Test compliance with legacy behavior for NULL private keys */ + if (!TEST_int_eq(EC_KEY_set_private_key(key, NULL), 0) + || !TEST_ptr_null(key->priv_key)) + goto err; + + testresult = 1; + + err: + EC_KEY_free(key); + EC_KEY_free(aux_key); + return testresult; +} + +/* * Tests behavior of the decoded_from_explicit_params flag and API */ static int decoded_flag_test(void) @@ -416,6 +449,7 @@ #ifndef OPENSSL_NO_EC_NISTP_64_GCC_128 ADD_TEST(underflow_test); #endif + ADD_TEST(set_private_key); ADD_TEST(decoded_flag_test); ADD_ALL_TESTS(ecpkparams_i2d2i_test, crv_len); diff -Nru openssl-3.0.5/test/endecode_test.c openssl-3.0.7/test/endecode_test.c --- openssl-3.0.5/test/endecode_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/endecode_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -43,6 +43,7 @@ static int default_libctx = 1; static int is_fips = 0; +static int is_fips_3_0_0 = 0; static OSSL_LIB_CTX *testctx = NULL; static OSSL_LIB_CTX *keyctx = NULL; @@ -170,7 +171,7 @@ output_type, output_structure, pass, pcipher))) goto end; - if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips) { + if ((flags & FLAG_FAIL_IF_FIPS) != 0 && is_fips && !is_fips_3_0_0) { if (TEST_false(decode_cb(file, line, (void **)&pkey2, encoded, encoded_len, output_type, output_structure, (flags & FLAG_DECODE_WITH_TYPE ? type : NULL), @@ -1319,6 +1320,11 @@ return 0; } + /* FIPS(3.0.0): provider imports explicit params but they won't work #17998 */ + is_fips_3_0_0 = fips_provider_version_eq(testctx, 3, 0, 0); + if (is_fips_3_0_0 < 0) + return 0; + /* Separate provider/ctx for generating the test data */ if (!TEST_ptr(keyctx = OSSL_LIB_CTX_new())) return 0; diff -Nru openssl-3.0.5/test/evp_extra_test2.c openssl-3.0.7/test/evp_extra_test2.c --- openssl-3.0.5/test/evp_extra_test2.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/evp_extra_test2.c 2022-11-01 14:14:36.000000000 +0000 @@ -21,7 +21,9 @@ #include #include #include +#include #include + #include "testutil.h" #include "internal/nelem.h" @@ -333,6 +335,10 @@ OSSL_PARAM params[2]; EVP_PKEY *key = NULL; EVP_PKEY_CTX *gctx = NULL; +# ifndef OPENSSL_NO_DEPRECATED_3_0 + const DH *dhkey; + const BIGNUM *privkey; +# endif params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); params[1] = OSSL_PARAM_construct_end(); @@ -341,6 +347,11 @@ && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) && TEST_int_gt(EVP_PKEY_generate(gctx, &key), 0) && TEST_true(do_pkey_tofrom_data_select(key, "DHX")); +# ifndef OPENSSL_NO_DEPRECATED_3_0 + ret = ret && TEST_ptr(dhkey = EVP_PKEY_get0_DH(key)) + && TEST_ptr(privkey = DH_get0_priv_key(dhkey)) + && TEST_int_le(BN_num_bits(privkey), 225); +# endif EVP_PKEY_free(key); EVP_PKEY_CTX_free(gctx); return ret; @@ -1049,6 +1060,34 @@ return ret; } +#if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_MD5 +static int test_evp_pbe_alg_add(void) +{ + int ret = 0; + int cipher_nid = 0, md_nid = 0; + EVP_PBE_KEYGEN_EX *keygen_ex = NULL; + EVP_PBE_KEYGEN *keygen = NULL; + + if (!TEST_true(EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), + PKCS5_PBE_keyivgen))) + goto err; + + if (!TEST_true(EVP_PBE_find_ex(EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC, + &cipher_nid, &md_nid, &keygen, &keygen_ex))) + goto err; + + if (!TEST_true(keygen != NULL)) + goto err; + if (!TEST_true(keygen_ex == NULL)) + goto err; + + ret = 1; + +err: + return ret; +} +#endif + int setup_tests(void) { if (!test_get_libctx(&mainctx, &nullprov, NULL, NULL, NULL)) { @@ -1085,6 +1124,9 @@ ADD_TEST(test_rsa_pss_sign); ADD_TEST(test_evp_md_ctx_copy); ADD_ALL_TESTS(test_provider_unload_effective, 2); +#if !defined OPENSSL_NO_DES && !defined OPENSSL_NO_MD5 + ADD_TEST(test_evp_pbe_alg_add); +#endif return 1; } diff -Nru openssl-3.0.5/test/evp_extra_test.c openssl-3.0.7/test/evp_extra_test.c --- openssl-3.0.5/test/evp_extra_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/evp_extra_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -897,6 +897,7 @@ EVP_PKEY *params_and_keypair = NULL; BIGNUM *priv = NULL; int ret = 0; + unsigned char *encoded = NULL; /* * Setup the parameters for our pkey object. For our purposes they don't @@ -1005,6 +1006,17 @@ || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) goto err; + /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ + if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) + goto err; + OPENSSL_free(encoded); + encoded = NULL; + if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { + OPENSSL_free(encoded); + encoded = NULL; + goto err; + } + ret = 1; err: OSSL_PARAM_free(params); @@ -1800,7 +1812,7 @@ } #endif -#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) +#if !defined(OPENSSL_NO_SM2) static int test_EVP_SM2_verify(void) { @@ -2740,6 +2752,61 @@ return ret; } +static int test_RSA_OAEP_set_get_params(void) +{ + int ret = 0; + EVP_PKEY *key = NULL; + EVP_PKEY_CTX *key_ctx = NULL; + + if (nullprov != NULL) + return TEST_skip("Test does not support a non-default library context"); + + if (!TEST_ptr(key = load_example_rsa_key()) + || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) + goto err; + + { + int padding = RSA_PKCS1_OAEP_PADDING; + OSSL_PARAM params[4]; + + params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, + OSSL_DIGEST_NAME_SHA2_256, 0); + params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, + OSSL_DIGEST_NAME_SHA1, 0); + params[3] = OSSL_PARAM_construct_end(); + + if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) + goto err; + } + { + OSSL_PARAM params[3]; + char oaepmd[30] = { '\0' }; + char mgf1md[30] = { '\0' }; + + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, + oaepmd, sizeof(oaepmd)); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, + mgf1md, sizeof(mgf1md)); + params[2] = OSSL_PARAM_construct_end(); + + if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) + goto err; + + if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) + || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) + goto err; + } + + ret = 1; + + err: + EVP_PKEY_free(key); + EVP_PKEY_CTX_free(key_ctx); + + return ret; +} + #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) static int test_decrypt_null_chunks(void) { @@ -4278,7 +4345,7 @@ * library context in this test. */ if (testctx != NULL) - return 1; + return TEST_skip("Non-default libctx"); custom_md_init_called = custom_md_cleanup_called = 0; @@ -4300,7 +4367,7 @@ /* * Initing our custom md and then initing another md should * result in the init and cleanup functions of the custom md - * from being called. + * being called. */ || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) @@ -4317,6 +4384,88 @@ return testresult; } +typedef struct { + int data; +} custom_ciph_ctx; + +static int custom_ciph_init_called = 0; +static int custom_ciph_cleanup_called = 0; + +static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); + + if (p == NULL) + return 0; + + custom_ciph_init_called++; + return 1; +} + +static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) +{ + custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); + + if (p == NULL) + /* Nothing to do */ + return 1; + + custom_ciph_cleanup_called++; + return 1; +} + +static int test_custom_ciph_meth(void) +{ + EVP_CIPHER_CTX *ciphctx = NULL; + EVP_CIPHER *tmp = NULL; + int testresult = 0; + int nid; + + /* + * We are testing deprecated functions. We don't support a non-default + * library context in this test. + */ + if (testctx != NULL) + return TEST_skip("Non-default libctx"); + + custom_ciph_init_called = custom_ciph_cleanup_called = 0; + + nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); + if (!TEST_int_ne(nid, NID_undef)) + goto err; + tmp = EVP_CIPHER_meth_new(nid, 16, 16); + if (!TEST_ptr(tmp)) + goto err; + + if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) + || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) + || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) + || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, + sizeof(custom_ciph_ctx)))) + goto err; + + ciphctx = EVP_CIPHER_CTX_new(); + if (!TEST_ptr(ciphctx) + /* + * Initing our custom cipher and then initing another cipher + * should result in the init and cleanup functions of the custom + * cipher being called. + */ + || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) + || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, + NULL, NULL, 1)) + || !TEST_int_eq(custom_ciph_init_called, 1) + || !TEST_int_eq(custom_ciph_cleanup_called, 1)) + goto err; + + testresult = 1; + err: + EVP_CIPHER_CTX_free(ciphctx); + EVP_CIPHER_meth_free(tmp); + return testresult; +} + # ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Test we can create a signature keys with an associated ENGINE */ static int test_signatures_with_engine(int tst) @@ -4540,7 +4689,7 @@ #ifndef OPENSSL_NO_EC ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); #endif -#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE) +#if !defined(OPENSSL_NO_SM2) ADD_TEST(test_EVP_SM2); ADD_TEST(test_EVP_SM2_verify); #endif @@ -4572,6 +4721,7 @@ ADD_TEST(test_DSA_priv_pub); #endif ADD_TEST(test_RSA_get_set_params); + ADD_TEST(test_RSA_OAEP_set_get_params); #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) ADD_TEST(test_decrypt_null_chunks); #endif @@ -4615,6 +4765,7 @@ ADD_ALL_TESTS(test_custom_pmeth, 12); ADD_TEST(test_evp_md_cipher_meth); ADD_TEST(test_custom_md_meth); + ADD_TEST(test_custom_ciph_meth); # ifndef OPENSSL_NO_DYNAMIC_ENGINE /* Tests only support the default libctx */ diff -Nru openssl-3.0.5/test/evp_test.c openssl-3.0.7/test/evp_test.c --- openssl-3.0.5/test/evp_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/evp_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -1424,6 +1424,8 @@ expected->mac_name, expected->alg); if (expected->alg != NULL) { + int skip = 0; + /* * The underlying algorithm may be a cipher or a digest. * We don't know which it is, but we can ask the MAC what it @@ -1431,18 +1433,30 @@ */ if (OSSL_PARAM_locate_const(defined_params, OSSL_MAC_PARAM_CIPHER) != NULL) { - params[params_n++] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, - expected->alg, 0); + if (is_cipher_disabled(expected->alg)) + skip = 1; + else + params[params_n++] = + OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, + expected->alg, 0); } else if (OSSL_PARAM_locate_const(defined_params, OSSL_MAC_PARAM_DIGEST) != NULL) { - params[params_n++] = - OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, - expected->alg, 0); + if (is_digest_disabled(expected->alg)) + skip = 1; + else + params[params_n++] = + OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, + expected->alg, 0); } else { t->err = "MAC_BAD_PARAMS"; goto err; } + if (skip) { + TEST_info("skipping, algorithm '%s' is disabled", expected->alg); + t->skip = 1; + t->err = NULL; + goto err; + } } if (expected->custom != NULL) params[params_n++] = @@ -1561,7 +1575,8 @@ goto err; } } - if (reinit--) { + /* FIPS(3.0.0): can't reinitialise MAC contexts #18100 */ + if (reinit-- && fips_provider_version_gt(libctx, 3, 0, 0)) { OSSL_PARAM ivparams[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; int ret; @@ -2868,21 +2883,26 @@ unsigned char *got = NULL; size_t got_len = 0; - /* Find out the KDF output size */ - if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { - t->err = "INTERNAL_ERROR"; - goto err; - } - - /* - * We may get an absurd output size, which signals that anything goes. - * If not, we specify a too big buffer for the output, to test that - * EVP_PKEY_derive() can cope with it. - */ - if (got_len == SIZE_MAX || got_len == 0) + if (fips_provider_version_eq(libctx, 3, 0, 0)) { + /* FIPS(3.0.0): can't deal with oversized output buffers #18533 */ got_len = expected->output_len; - else - got_len = expected->output_len * 2; + } else { + /* Find out the KDF output size */ + if (EVP_PKEY_derive(expected->ctx, NULL, &got_len) <= 0) { + t->err = "INTERNAL_ERROR"; + goto err; + } + + /* + * We may get an absurd output size, which signals that anything goes. + * If not, we specify a too big buffer for the output, to test that + * EVP_PKEY_derive() can cope with it. + */ + if (got_len == SIZE_MAX || got_len == 0) + got_len = expected->output_len; + else + got_len = expected->output_len * 2; + } if (!TEST_ptr(got = OPENSSL_malloc(got_len == 0 ? 1 : got_len))) { t->err = "INTERNAL_ERROR"; @@ -3285,6 +3305,7 @@ t->err = "MALLOC_FAILURE"; goto err; } + got_len *= 2; if (!EVP_DigestSignFinal(expected->ctx, got, &got_len)) { t->err = "DIGESTSIGNFINAL_ERROR"; goto err; @@ -3362,6 +3383,7 @@ t->err = "MALLOC_FAILURE"; goto err; } + got_len *= 2; if (!EVP_DigestSign(expected->ctx, got, &got_len, expected->osin, expected->osin_len)) { t->err = "DIGESTSIGN_ERROR"; @@ -3683,7 +3705,7 @@ KEY_LIST *key, **klist; EVP_PKEY *pkey; PAIR *pp; - int i, skip_availablein = 0; + int i, j, skipped = 0; top: do { @@ -3770,7 +3792,23 @@ t->skip = 1; return 0; } - skip_availablein++; + skipped++; + pp++; + goto start; + } else if (strcmp(pp->key, "FIPSversion") == 0) { + if (prov_available("fips")) { + j = fips_provider_version_match(libctx, pp->value); + if (j < 0) { + TEST_info("Line %d: error matching FIPS versions\n", t->s.curr); + return 0; + } else if (j == 0) { + TEST_info("skipping, FIPS provider incompatible version: %s:%d", + t->s.test_file, t->s.start); + t->skip = 1; + return 0; + } + } + skipped++; pp++; goto start; } @@ -3789,7 +3827,7 @@ *klist = key; /* Go back and start a new stanza. */ - if ((t->s.numpairs - skip_availablein) != 1) + if ((t->s.numpairs - skipped) != 1) TEST_info("Line %d: missing blank line\n", t->s.curr); goto top; } @@ -3806,7 +3844,7 @@ return 0; } - for (pp++, i = 1; i < (t->s.numpairs - skip_availablein); pp++, i++) { + for (pp++, i = 1; i < (t->s.numpairs - skipped); pp++, i++) { if (strcmp(pp->key, "Securitycheck") == 0) { #if defined(OPENSSL_NO_FIPS_SECURITYCHECKS) #else diff -Nru openssl-3.0.5/test/ext_internal_test.c openssl-3.0.7/test/ext_internal_test.c --- openssl-3.0.5/test/ext_internal_test.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/ext_internal_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,105 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/nelem.h" +#include "../ssl/ssl_local.h" +#include "../ssl/statem/statem_local.h" +#include "testutil.h" + +#define EXT_ENTRY(name) { TLSEXT_IDX_##name, TLSEXT_TYPE_##name, #name } +#define EXT_EXCEPTION(name) { TLSEXT_IDX_##name, TLSEXT_TYPE_invalid, #name } +#define EXT_END(name) { TLSEXT_IDX_##name, TLSEXT_TYPE_out_of_range, #name } + +typedef struct { + size_t idx; + unsigned int type; + char *name; +} EXT_LIST; + +/* The order here does matter! */ +static EXT_LIST ext_list[] = { + + EXT_ENTRY(renegotiate), + EXT_ENTRY(server_name), + EXT_ENTRY(max_fragment_length), +#ifndef OPENSSL_NO_SRP + EXT_ENTRY(srp), +#else + EXT_EXCEPTION(srp), +#endif + EXT_ENTRY(ec_point_formats), + EXT_ENTRY(supported_groups), + EXT_ENTRY(session_ticket), +#ifndef OPENSSL_NO_OCSP + EXT_ENTRY(status_request), +#else + EXT_EXCEPTION(status_request), +#endif +#ifndef OPENSSL_NO_NEXTPROTONEG + EXT_ENTRY(next_proto_neg), +#else + EXT_EXCEPTION(next_proto_neg), +#endif + EXT_ENTRY(application_layer_protocol_negotiation), +#ifndef OPENSSL_NO_SRTP + EXT_ENTRY(use_srtp), +#else + EXT_EXCEPTION(use_srtp), +#endif + EXT_ENTRY(encrypt_then_mac), +#ifndef OPENSSL_NO_CT + EXT_ENTRY(signed_certificate_timestamp), +#else + EXT_EXCEPTION(signed_certificate_timestamp), +#endif + EXT_ENTRY(extended_master_secret), + EXT_ENTRY(signature_algorithms_cert), + EXT_ENTRY(post_handshake_auth), + EXT_ENTRY(signature_algorithms), + EXT_ENTRY(supported_versions), + EXT_ENTRY(psk_kex_modes), + EXT_ENTRY(key_share), + EXT_ENTRY(cookie), + EXT_ENTRY(cryptopro_bug), + EXT_ENTRY(early_data), + EXT_ENTRY(certificate_authorities), + EXT_ENTRY(padding), + EXT_ENTRY(psk), + EXT_END(num_builtins) +}; + +static int test_extension_list(void) +{ + size_t n = OSSL_NELEM(ext_list); + size_t i; + unsigned int type; + int retval = 1; + + for (i = 0; i < n; i++) { + if (!TEST_size_t_eq(i, ext_list[i].idx)) { + retval = 0; + TEST_error("TLSEXT_IDX_%s=%zd, found at=%zd\n", + ext_list[i].name, ext_list[i].idx, i); + } + type = ossl_get_extension_type(ext_list[i].idx); + if (!TEST_uint_eq(type, ext_list[i].type)) { + retval = 0; + TEST_error("TLSEXT_IDX_%s=%zd expected=0x%05X got=0x%05X", + ext_list[i].name, ext_list[i].idx, ext_list[i].type, + type); + } + } + return retval; +} + +int setup_tests(void) +{ + ADD_TEST(test_extension_list); + return 1; +} diff -Nru openssl-3.0.5/test/ffc_internal_test.c openssl-3.0.7/test/ffc_internal_test.c --- openssl-3.0.5/test/ffc_internal_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/ffc_internal_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -27,6 +27,7 @@ #include "testutil.h" #include "internal/ffc.h" +#include "crypto/security_bits.h" #ifndef OPENSSL_NO_DSA static const unsigned char dsa_2048_224_sha224_p[] = { @@ -598,6 +599,9 @@ /* fail since N > len(q) */ if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N + 1, 112, priv))) goto err; + /* s must be always set */ + if (!TEST_false(ossl_ffc_generate_private_key(ctx, params, N, 0, priv))) + goto err; /* pass since 2s <= N <= len(q) */ if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, N, 112, priv))) goto err; @@ -609,9 +613,12 @@ goto err; if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) goto err; - - /* N and s are ignored in this case */ - if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, 0, priv))) + /* N is ignored in this case */ + if (!TEST_true(ossl_ffc_generate_private_key(ctx, params, 0, + ossl_ifc_ffc_compute_security_bits(BN_num_bits(params->p)), + priv))) + goto err; + if (!TEST_int_le(BN_num_bits(priv), 225)) goto err; if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) goto err; @@ -623,6 +630,37 @@ BN_CTX_free(ctx); return ret; } + +static int ffc_params_copy_test(void) +{ + int ret = 0; + DH *dh = NULL; + FFC_PARAMS *params, copy; + + ossl_ffc_params_init(©); + + if (!TEST_ptr(dh = DH_new_by_nid(NID_ffdhe3072))) + goto err; + params = ossl_dh_get0_params(dh); + + if (!TEST_int_eq(params->keylength, 275)) + goto err; + + if (!TEST_true(ossl_ffc_params_copy(©, params))) + goto err; + + if (!TEST_int_eq(copy.keylength, 275)) + goto err; + + if (!TEST_true(ossl_ffc_params_cmp(©, params, 0))) + goto err; + + ret = 1; +err: + ossl_ffc_params_cleanup(©); + DH_free(dh); + return ret; +} #endif /* OPENSSL_NO_DH */ int setup_tests(void) @@ -638,6 +676,7 @@ ADD_TEST(ffc_public_validate_test); ADD_TEST(ffc_private_validate_test); ADD_ALL_TESTS(ffc_private_gen_test, 10); + ADD_TEST(ffc_params_copy_test); #endif /* OPENSSL_NO_DH */ return 1; } diff -Nru openssl-3.0.5/test/fips_version_test.c openssl-3.0.7/test/fips_version_test.c --- openssl-3.0.5/test/fips_version_test.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/fips_version_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,78 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "testutil.h" + +static OSSL_LIB_CTX *libctx = NULL; +static OSSL_PROVIDER *libprov = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONFIG_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS test_options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, + { NULL } + }; + return test_options; +} + +static int test_fips_version(int n) +{ + const char *version = test_get_argument(n); + + if (!TEST_ptr(version)) + return 0; + return TEST_int_eq(fips_provider_version_match(libctx, version), 1); +} + +int setup_tests(void) +{ + char *config_file = NULL; + OPTION_CHOICE o; + int n; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + case OPT_TEST_CASES: + break; + default: + case OPT_ERR: + return 0; + } + } + + if (!test_get_libctx(&libctx, NULL, config_file, &libprov, NULL)) + return 0; + + n = test_get_argument_count(); + if (n == 0) + return 0; + + ADD_ALL_TESTS(test_fips_version, n); + return 1; +} + +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(libprov); + OSSL_LIB_CTX_free(libctx); +} diff -Nru openssl-3.0.5/test/helpers/ssltestlib.c openssl-3.0.7/test/helpers/ssltestlib.c --- openssl-3.0.5/test/helpers/ssltestlib.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/helpers/ssltestlib.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -350,8 +350,8 @@ unsigned int seq, offset, len, epoch; BIO_clear_retry_flags(bio); - thispkt = sk_MEMPACKET_value(ctx->pkts, 0); - if (thispkt == NULL || thispkt->num != ctx->currpkt) { + if ((thispkt = sk_MEMPACKET_value(ctx->pkts, 0)) == NULL + || thispkt->num != ctx->currpkt) { /* Probably run out of data */ BIO_set_retry_read(bio); return -1; @@ -410,6 +410,39 @@ return outl; } +/* Take the last and penultimate packets and swap them around */ +int mempacket_swap_recent(BIO *bio) +{ + MEMPACKET_TEST_CTX *ctx = BIO_get_data(bio); + MEMPACKET *thispkt; + int numpkts = sk_MEMPACKET_num(ctx->pkts); + + /* We need at least 2 packets to be able to swap them */ + if (numpkts <= 1) + return 0; + + /* Get the penultimate packet */ + thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 2); + if (thispkt == NULL) + return 0; + + if (sk_MEMPACKET_delete(ctx->pkts, numpkts - 2) != thispkt) + return 0; + + /* Re-add it to the end of the list */ + thispkt->num++; + if (sk_MEMPACKET_insert(ctx->pkts, thispkt, numpkts - 1) <= 0) + return 0; + + /* We also have to adjust the packet number of the other packet */ + thispkt = sk_MEMPACKET_value(ctx->pkts, numpkts - 2); + if (thispkt == NULL) + return 0; + thispkt->num--; + + return 1; +} + int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type) { @@ -469,7 +502,9 @@ thispkt->type = type; } - for(i = 0; (looppkt = sk_MEMPACKET_value(ctx->pkts, i)) != NULL; i++) { + for (i = 0; i < sk_MEMPACKET_num(ctx->pkts); i++) { + if (!TEST_ptr(looppkt = sk_MEMPACKET_value(ctx->pkts, i))) + goto err; /* Check if we found the right place to insert this packet */ if (looppkt->num > thispkt->num) { if (sk_MEMPACKET_insert(ctx->pkts, thispkt, i) == 0) diff -Nru openssl-3.0.5/test/helpers/ssltestlib.h openssl-3.0.7/test/helpers/ssltestlib.h --- openssl-3.0.5/test/helpers/ssltestlib.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/helpers/ssltestlib.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,6 +49,7 @@ #define MEMPACKET_CTRL_GET_DROP_REC (3 << 15) #define MEMPACKET_CTRL_SET_DUPLICATE_REC (4 << 15) +int mempacket_swap_recent(BIO *bio); int mempacket_test_inject(BIO *bio, const char *in, int inl, int pktnum, int type); diff -Nru openssl-3.0.5/test/ocspapitest.c openssl-3.0.7/test/ocspapitest.c --- openssl-3.0.5/test/ocspapitest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/ocspapitest.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,10 +78,14 @@ ASN1_BIT_STRING *key = ASN1_BIT_STRING_new(); ASN1_INTEGER *serial = ASN1_INTEGER_new(); - if (!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, - namestr, -1, -1, 1) - || !ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes)) - || !ASN1_INTEGER_set_uint64(serial, (uint64_t)1)) + if (!TEST_ptr(name) + || !TEST_ptr(key) + || !TEST_ptr(serial) + || !TEST_true(X509_NAME_add_entry_by_NID(name, NID_commonName, + MBSTRING_ASC, + namestr, -1, -1, 1)) + || !TEST_true(ASN1_BIT_STRING_set(key, keybytes, sizeof(keybytes))) + || !TEST_true(ASN1_INTEGER_set_uint64(serial, (uint64_t)1))) goto err; cid = OCSP_cert_id_new(EVP_sha256(), name, key, serial); if (!TEST_ptr(bs) diff -Nru openssl-3.0.5/test/punycode_test.c openssl-3.0.7/test/punycode_test.c --- openssl-3.0.5/test/punycode_test.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/punycode_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,220 @@ +/* + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +#include "crypto/punycode.h" +#include "internal/nelem.h" +#include "testutil.h" + + +static const struct puny_test { + unsigned int raw[50]; + const char *encoded; +} puny_cases[] = { + /* Test cases from RFC 3492 */ + { /* Arabic (Egyptian) */ + { 0x0644, 0x064A, 0x0647, 0x0645, 0x0627, 0x0628, 0x062A, 0x0643, 0x0644, + 0x0645, 0x0648, 0x0634, 0x0639, 0x0631, 0x0628, 0x064A, 0x061F + }, + "egbpdaj6bu4bxfgehfvwxn" + }, + { /* Chinese (simplified) */ + { 0x4ED6, 0x4EEC, 0x4E3A, 0x4EC0, 0x4E48, 0x4E0D, 0x8BF4, 0x4E2D, 0x6587 + }, + "ihqwcrb4cv8a8dqg056pqjye" + }, + { /* Chinese (traditional) */ + { 0x4ED6, 0x5011, 0x7232, 0x4EC0, 0x9EBD, 0x4E0D, 0x8AAA, 0x4E2D, 0x6587 + }, + "ihqwctvzc91f659drss3x8bo0yb" + }, + { /* Czech: Proprostnemluvesky */ + { 0x0050, 0x0072, 0x006F, 0x010D, 0x0070, 0x0072, 0x006F, 0x0073, 0x0074, + 0x011B, 0x006E, 0x0065, 0x006D, 0x006C, 0x0075, 0x0076, 0x00ED, 0x010D, + 0x0065, 0x0073, 0x006B, 0x0079 + }, + "Proprostnemluvesky-uyb24dma41a" + }, + { /* Hebrew */ + { 0x05DC, 0x05DE, 0x05D4, 0x05D4, 0x05DD, 0x05E4, 0x05E9, 0x05D5, 0x05D8, + 0x05DC, 0x05D0, 0x05DE, 0x05D3, 0x05D1, 0x05E8, 0x05D9, 0x05DD, 0x05E2, + 0x05D1, 0x05E8, 0x05D9, 0x05EA + }, + "4dbcagdahymbxekheh6e0a7fei0b" + }, + { /* Hindi (Devanagari) */ + { 0x092F, 0x0939, 0x0932, 0x094B, 0x0917, 0x0939, 0x093F, 0x0928, 0x094D, + 0x0926, 0x0940, 0x0915, 0x094D, 0x092F, 0x094B, 0x0902, 0x0928, 0x0939, + 0x0940, 0x0902, 0x092C, 0x094B, 0x0932, 0x0938, 0x0915, 0x0924, 0x0947, + 0x0939, 0x0948, 0x0902 + }, + "i1baa7eci9glrd9b2ae1bj0hfcgg6iyaf8o0a1dig0cd" + }, + { /* Japanese (kanji and hiragana) */ + { 0x306A, 0x305C, 0x307F, 0x3093, 0x306A, 0x65E5, 0x672C, 0x8A9E, 0x3092, + 0x8A71, 0x3057, 0x3066, 0x304F, 0x308C, 0x306A, 0x3044, 0x306E, 0x304B + }, + "n8jok5ay5dzabd5bym9f0cm5685rrjetr6pdxa" + }, + { /* Korean (Hangul syllables) */ + { 0xC138, 0xACC4, 0xC758, 0xBAA8, 0xB4E0, 0xC0AC, 0xB78C, 0xB4E4, 0xC774, + 0xD55C, 0xAD6D, 0xC5B4, 0xB97C, 0xC774, 0xD574, 0xD55C, 0xB2E4, 0xBA74, + 0xC5BC, 0xB9C8, 0xB098, 0xC88B, 0xC744, 0xAE4C + }, + "989aomsvi5e83db1d2a355cv1e0vak1dwrv93d5xbh15a0dt30a5jpsd879ccm6fea98c" + }, + { /* Russian (Cyrillic) */ + { 0x043F, 0x043E, 0x0447, 0x0435, 0x043C, 0x0443, 0x0436, 0x0435, 0x043E, + 0x043D, 0x0438, 0x043D, 0x0435, 0x0433, 0x043E, 0x0432, 0x043E, 0x0440, + 0x044F, 0x0442, 0x043F, 0x043E, 0x0440, 0x0443, 0x0441, 0x0441, 0x043A, + 0x0438 + }, + "b1abfaaepdrnnbgefbaDotcwatmq2g4l" + }, + { /* Spanish */ + { 0x0050, 0x006F, 0x0072, 0x0071, 0x0075, 0x00E9, 0x006E, 0x006F, 0x0070, + 0x0075, 0x0065, 0x0064, 0x0065, 0x006E, 0x0073, 0x0069, 0x006D, 0x0070, + 0x006C, 0x0065, 0x006D, 0x0065, 0x006E, 0x0074, 0x0065, 0x0068, 0x0061, + 0x0062, 0x006C, 0x0061, 0x0072, 0x0065, 0x006E, 0x0045, 0x0073, 0x0070, + 0x0061, 0x00F1, 0x006F, 0x006C + }, + "PorqunopuedensimplementehablarenEspaol-fmd56a" + }, + { /* Vietnamese */ + { 0x0054, 0x1EA1, 0x0069, 0x0073, 0x0061, 0x006F, 0x0068, 0x1ECD, 0x006B, + 0x0068, 0x00F4, 0x006E, 0x0067, 0x0074, 0x0068, 0x1EC3, 0x0063, 0x0068, + 0x1EC9, 0x006E, 0x00F3, 0x0069, 0x0074, 0x0069, 0x1EBF, 0x006E, 0x0067, + 0x0056, 0x0069, 0x1EC7, 0x0074 + }, + "TisaohkhngthchnitingVit-kjcr8268qyxafd2f1b9g" + }, + { /* Japanese: 3B */ + { 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F + }, + "3B-ww4c5e180e575a65lsy2b" + }, + { /* Japanese: -with-SUPER-MONKEYS */ + { 0x5B89, 0x5BA4, 0x5948, 0x7F8E, 0x6075, 0x002D, 0x0077, 0x0069, 0x0074, + 0x0068, 0x002D, 0x0053, 0x0055, 0x0050, 0x0045, 0x0052, 0x002D, 0x004D, + 0x004F, 0x004E, 0x004B, 0x0045, 0x0059, 0x0053 + }, + "-with-SUPER-MONKEYS-pc58ag80a8qai00g7n9n" + }, + { /* Japanese: Hello-Another-Way- */ + { 0x0048, 0x0065, 0x006C, 0x006C, 0x006F, 0x002D, 0x0041, 0x006E, 0x006F, + 0x0074, 0x0068, 0x0065, 0x0072, 0x002D, 0x0057, 0x0061, 0x0079, 0x002D, + 0x305D, 0x308C, 0x305E, 0x308C, 0x306E, 0x5834, 0x6240 + }, + "Hello-Another-Way--fc4qua05auwb3674vfr0b" + }, + { /* Japanese: 2 */ + { 0x3072, 0x3068, 0x3064, 0x5C4B, 0x6839, 0x306E, 0x4E0B, 0x0032 + }, + "2-u9tlzr9756bt3uc0v" + }, + { /* Japanese: MajiKoi5 */ + { 0x004D, 0x0061, 0x006A, 0x0069, 0x3067, 0x004B, 0x006F, 0x0069, 0x3059, + 0x308B, 0x0035, 0x79D2, 0x524D + }, + "MajiKoi5-783gue6qz075azm5e" + }, + { /* Japanese: de */ + { 0x30D1, 0x30D5, 0x30A3, 0x30FC, 0x0064, 0x0065, 0x30EB, 0x30F3, 0x30D0 + }, + "de-jg4avhby1noc0d" + }, + { /* Japanese: */ + { 0x305D, 0x306E, 0x30B9, 0x30D4, 0x30FC, 0x30C9, 0x3067 + }, + "d9juau41awczczp" + }, + { /* -> $1.00 <- */ + { 0x002D, 0x003E, 0x0020, 0x0024, 0x0031, 0x002E, 0x0030, 0x0030, 0x0020, + 0x003C, 0x002D + }, + "-> $1.00 <--" + } +}; + +static int test_punycode(int n) +{ + const struct puny_test *tc = puny_cases + n; + unsigned int buffer[50]; + unsigned int bsize = OSSL_NELEM(buffer); + size_t i; + + if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), + buffer, &bsize))) + return 0; + for (i = 0; i < sizeof(tc->raw); i++) + if (tc->raw[i] == 0) + break; + if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), + tc->raw, i * sizeof(*tc->raw))) + return 0; + return 1; +} + +static int test_a2ulabel(void) +{ + char out[50]; + size_t outlen; + + /* + * Test that no buffer correctly returns the true length. + * The punycode being passed in and parsed is malformed but we're not + * verifying that behaviour here. + */ + if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", NULL, &outlen), 0) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1)) + return 0; + /* Test that a short input length returns the true length */ + outlen = 1; + if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) + || !TEST_str_eq(out,"\xc2\x80.b.c")) + return 0; + /* Test for an off by one on the buffer size works */ + outlen = 6; + if (!TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 0) + || !TEST_size_t_eq(outlen, 7) + || !TEST_int_eq(ossl_a2ulabel("xn--a.b.c", out, &outlen), 1) + || !TEST_str_eq(out,"\xc2\x80.b.c")) + return 0; + return 1; +} + +static int test_puny_overrun(void) +{ + static const unsigned int out[] = { + 0x0033, 0x5E74, 0x0042, 0x7D44, 0x91D1, 0x516B, 0x5148, 0x751F + }; + static const char *in = "3B-ww4c5e180e575a65lsy2b"; + unsigned int buf[OSSL_NELEM(out)]; + unsigned int bsize = OSSL_NELEM(buf) - 1; + + if (!TEST_false(ossl_punycode_decode(in, strlen(in), buf, &bsize))) { + if (TEST_mem_eq(buf, bsize * sizeof(*buf), out, sizeof(out))) + TEST_error("CRITICAL: buffer overrun detected!"); + return 0; + } + return 1; +} + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_punycode, OSSL_NELEM(puny_cases)); + ADD_TEST(test_a2ulabel); + ADD_TEST(test_puny_overrun); + return 1; +} diff -Nru openssl-3.0.5/test/recipes/02-test_internal_exts.t openssl-3.0.7/test/recipes/02-test_internal_exts.t --- openssl-3.0.5/test/recipes/02-test_internal_exts.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/recipes/02-test_internal_exts.t 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,15 @@ +#! /usr/bin/env perl +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test; +use OpenSSL::Test::Simple; + +setup("test_internal_exts"); + +simple_test("test_internal_exts", "ext_internal_test"); diff -Nru openssl-3.0.5/test/recipes/04-test_punycode.t openssl-3.0.7/test/recipes/04-test_punycode.t --- openssl-3.0.5/test/recipes/04-test_punycode.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/recipes/04-test_punycode.t 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,11 @@ +#! /usr/bin/env perl +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use OpenSSL::Test::Simple; + +simple_test("test_punycode", "punycode_test"); diff -Nru openssl-3.0.5/test/recipes/15-test_ecparam.t openssl-3.0.7/test/recipes/15-test_ecparam.t --- openssl-3.0.5/test/recipes/15-test_ecparam.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/15-test_ecparam.t 2022-11-01 14:14:36.000000000 +0000 @@ -119,7 +119,7 @@ subtest "Check loading of fips and non-fips params" => sub { plan skip_all => "FIPS is disabled" if $no_fips; - plan tests => 3; + plan tests => 8; my $fipsconf = srctop_file("test", "fips-and-base.cnf"); my $defaultconf = srctop_file("test", "default.cnf"); @@ -141,5 +141,36 @@ '-check'])), "Fail loading named non-fips curve"); + ok(!run(app(['openssl', 'pkeyparam', + '-in', data_file('valid', 'secp112r1-named.pem'), + '-check'])), + "Fail loading named non-fips curve using pkeyparam"); + + ok(run(app(['openssl', 'ecparam', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-in', data_file('valid', 'secp112r1-named.pem'), + '-check'])), + "Loading named non-fips curve in FIPS mode with non-FIPS property". + " query"); + + ok(run(app(['openssl', 'pkeyparam', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-in', data_file('valid', 'secp112r1-named.pem'), + '-check'])), + "Loading named non-fips curve in FIPS mode with non-FIPS property". + " query using pkeyparam"); + + ok(!run(app(['openssl', 'ecparam', + '-genkey', '-name', 'secp112r1'])), + "Fail generating key for named non-fips curve"); + + ok(run(app(['openssl', 'ecparam', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-genkey', '-name', 'secp112r1'])), + "Generating key for named non-fips curve with non-FIPS property query"); + $ENV{OPENSSL_CONF} = $defaultconf; }; diff -Nru openssl-3.0.5/test/recipes/15-test_ec.t openssl-3.0.7/test/recipes/15-test_ec.t --- openssl-3.0.5/test/recipes/15-test_ec.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/15-test_ec.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -18,7 +18,9 @@ plan skip_all => 'EC is not supported in this build' if disabled('ec'); -plan tests => 14; +plan tests => 15; + +my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -85,3 +87,25 @@ -in => srctop_file("test", "tested448pub.pem"), -args => ["pkey", "-pubin", "-pubout"] ); }; + +subtest 'Check loading of fips and non-fips keys' => sub { + plan skip_all => "FIPS is disabled" + if $no_fips; + + plan tests => 2; + + my $fipsconf = srctop_file("test", "fips-and-base.cnf"); + $ENV{OPENSSL_CONF} = $fipsconf; + + ok(!run(app(['openssl', 'pkey', + '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), + "Checking non-fips curve key fails in FIPS provider"); + + ok(run(app(['openssl', 'pkey', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-check', '-in', srctop_file("test", "testec-p112r1.pem")])), + "Checking non-fips curve key succeeds with non-fips property query"); + + delete $ENV{OPENSSL_CONF}; +} diff -Nru openssl-3.0.5/test/recipes/15-test_genrsa.t openssl-3.0.7/test/recipes/15-test_genrsa.t --- openssl-3.0.5/test/recipes/15-test_genrsa.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/15-test_genrsa.t 2022-11-01 14:14:36.000000000 +0000 @@ -24,7 +24,7 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); plan tests => - ($no_fips ? 0 : 3) # Extra FIPS related tests + ($no_fips ? 0 : 5) # Extra FIPS related tests + 15; # We want to know that an absurdly small number of bits isn't support @@ -129,6 +129,17 @@ '-out', 'genrsatest3072.pem'])), "Generating RSA key with 3072 bits"); + ok(!run(app(['openssl', 'genrsa', @prov, '512'])), + "Generating RSA key with 512 bits should fail in FIPS provider"); + + ok(!run(app(['openssl', 'genrsa', + @prov, + '-provider', 'default', + '-propquery', '?fips!=yes', + '512'])), + "Generating RSA key with 512 bits should succeed with FIPS provider as". + " default with a non-FIPS property query"); + # We want to know that an absurdly large number of bits fails the RNG check is(run(app([ 'openssl', 'genpkey', @prov, diff -Nru openssl-3.0.5/test/recipes/20-test_cli_fips.t openssl-3.0.7/test/recipes/20-test_cli_fips.t --- openssl-3.0.5/test/recipes/20-test_cli_fips.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/20-test_cli_fips.t 2022-11-01 14:14:36.000000000 +0000 @@ -67,7 +67,7 @@ } -my $tsignverify_count = 8; +my $tsignverify_count = 9; sub tsignverify { my $prefix = shift; my $fips_key = shift; @@ -149,6 +149,18 @@ $testtext); $testtext = $prefix.': '. + 'Verify something with a non-FIPS key'. + ' in FIPS mode but with a non-FIPS property query'; + ok(run(app(['openssl', 'dgst', + '-provider', 'default', + '-propquery', '?fips!=yes', + '-sha256', + '-verify', $nonfips_pub_key, + '-signature', $sigfile, + $tbs_data])), + $testtext); + + $testtext = $prefix.': '. 'Verify a valid signature against the wrong data with a non-FIPS key'. ' (should fail)'; ok(!run(app(['openssl', 'dgst', '-sha256', diff -Nru openssl-3.0.5/test/recipes/20-test_dgst.t openssl-3.0.7/test/recipes/20-test_dgst.t --- openssl-3.0.5/test/recipes/20-test_dgst.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/20-test_dgst.t 2022-11-01 14:14:36.000000000 +0000 @@ -17,7 +17,7 @@ setup("test_dgst"); -plan tests => 10; +plan tests => 12; sub tsignverify { my $testtext = shift; @@ -178,3 +178,29 @@ ok($xofdata[1] =~ $expected, "XOF: Check second digest value is consistent with the first ($xofdata[1]) vs ($expected)"); }; + +subtest "SHAKE digest generation with no xoflen set `dgst` CLI" => sub { + plan tests => 1; + + my $testdata = srctop_file('test', 'data.bin'); + my @xofdata = run(app(['openssl', 'dgst', '-shake128', $testdata], stderr => "outerr.txt"), capture => 1); + chomp(@xofdata); + my $expected = qr/SHAKE-128\(\Q$testdata\E\)= bb565dac72640109e1c926ef441d3fa6/; + ok($xofdata[0] =~ $expected, "Check short digest is output"); +}; + +SKIP: { + skip "ECDSA is not supported by this OpenSSL build", 1 + if disabled("ec"); + + subtest "signing with xoflen is not supported `dgst` CLI" => sub { + plan tests => 1; + my $data_to_sign = srctop_file('test', 'data.bin'); + + ok(!run(app(['openssl', 'dgst', '-shake256', '-xoflen', '64', + '-sign', srctop_file("test","testec-p256.pem"), + '-out', 'test.sig', + srctop_file('test', 'data.bin')])), + "Generating signature with xoflen should fail"); + } +} diff -Nru openssl-3.0.5/test/recipes/20-test_dhparam.t openssl-3.0.7/test/recipes/20-test_dhparam.t --- openssl-3.0.5/test/recipes/20-test_dhparam.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/20-test_dhparam.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -10,7 +10,7 @@ use strict; use warnings; -use OpenSSL::Test qw(:DEFAULT data_file); +use OpenSSL::Test qw(:DEFAULT data_file srctop_file); use OpenSSL::Test::Utils; #Tests for the dhparam CLI application @@ -19,7 +19,9 @@ plan skip_all => "DH is not supported in this build" if disabled("dh"); -plan tests => 17; +plan tests => 21; + +my $fipsconf = srctop_file("test", "fips-and-base.cnf"); sub checkdhparams { my $file = shift; #Filename containing params @@ -171,6 +173,34 @@ checkdhparams("gen-x942-0-512.der", "X9.42", 0, "DER", 512); }; } +SKIP: { + skip "Skipping tests that are only supported in a fips build with security ". + "checks", 4 if (disabled("fips") || disabled("fips-securitychecks")); + + $ENV{OPENSSL_CONF} = $fipsconf; + + ok(!run(app(['openssl', 'dhparam', '-check', '512'])), + "Generating 512 bit DH params should fail in FIPS mode"); + + ok(run(app(['openssl', 'dhparam', '-provider', 'default', '-propquery', + '?fips!=yes', '-check', '512'])), + "Generating 512 bit DH params should succeed in FIPS mode using". + " non-FIPS property query"); + + SKIP: { + skip "Skipping tests that require DSA", 2 if disabled("dsa"); + + ok(!run(app(['openssl', 'dhparam', '-dsaparam', '-check', '512'])), + "Generating 512 bit DSA-style DH params should fail in FIPS mode"); + + ok(run(app(['openssl', 'dhparam', '-provider', 'default', '-propquery', + '?fips!=yes', '-dsaparam', '-check', '512'])), + "Generating 512 bit DSA-style DH params should succeed in FIPS". + " mode using non-FIPS property query"); + } + + delete $ENV{OPENSSL_CONF}; +} ok(run(app(["openssl", "dhparam", "-noout", "-text"], stdin => data_file("pkcs3-2-1024.pem"))), diff -Nru openssl-3.0.5/test/recipes/25-test_verify.t openssl-3.0.7/test/recipes/25-test_verify.t --- openssl-3.0.5/test/recipes/25-test_verify.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/25-test_verify.t 2022-11-01 14:14:36.000000000 +0000 @@ -312,12 +312,18 @@ # Same as above but with base provider used for decoding SKIP: { my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); - skip "EC is not supported or FIPS is disabled", 3 - if disabled("ec") || $no_fips; - my $provconf = srctop_file("test", "fips-and-base.cnf"); my $provpath = bldtop_dir("providers"); my @prov = ("-provider-path", $provpath); + + skip "EC is not supported or FIPS is disabled", 3 + if disabled("ec") || $no_fips; + + run(test(["fips_version_test", "-config", $provconf, ">3.0.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version is too old", 3 + if !$exit; + $ENV{OPENSSL_CONF} = $provconf; ok(!verify("ee-cert-ec-explicit", "", ["root-cert"], diff -Nru openssl-3.0.5/test/recipes/25-test_x509.t openssl-3.0.7/test/recipes/25-test_x509.t --- openssl-3.0.5/test/recipes/25-test_x509.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/25-test_x509.t 2022-11-01 14:14:36.000000000 +0000 @@ -16,7 +16,7 @@ setup("test_x509"); -plan tests => 21; +plan tests => 28; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -146,3 +146,58 @@ ok(!run(app(["openssl", "x509", "-noout", "-dates", "-dateopt", "invalid_format", "-in", srctop_file("test/certs", "ca-cert.pem")])), "Run with invalid -dateopt format"); + +# extracts issuer from a -text formatted-output +sub get_issuer { + my $f = shift(@_); + my $issuer = ""; + open my $fh, $f or die; + while (my $line = <$fh>) { + if ($line =~ /Issuer:/) { + $issuer = $line; + } + } + close $fh; + return $issuer; +} + +# Tests for signing certs (broken in 1.1.1o) +my $a_key = "a-key.pem"; +my $a_cert = "a-cert.pem"; +my $a2_cert = "a2-cert.pem"; +my $ca_key = "ca-key.pem"; +my $ca_cert = "ca-cert.pem"; +my $cnf = srctop_file('apps', 'openssl.cnf'); + +# Create cert A +ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:2048", + "-config", $cnf, + "-keyout", $a_key, "-out", $a_cert, "-days", "365", + "-nodes", "-subj", "/CN=test.example.com"]))); +# Create cert CA - note key size +ok(run(app(["openssl", "req", "-x509", "-newkey", "rsa:4096", + "-config", $cnf, + "-keyout", $ca_key, "-out", $ca_cert, "-days", "3650", + "-nodes", "-subj", "/CN=ca.example.com"]))); +# Sign cert A with CA (errors on 1.1.1o) +ok(run(app(["openssl", "x509", "-in", $a_cert, "-CA", $ca_cert, + "-CAkey", $ca_key, "-set_serial", "1234567890", + "-preserve_dates", "-sha256", "-text", "-out", $a2_cert]))); +# verify issuer is CA +ok (get_issuer($a2_cert) =~ /CN = ca.example.com/); + +# Tests for issue #16080 (fixed in 1.1.1o) +my $b_key = "b-key.pem"; +my $b_csr = "b-cert.csr"; +my $b_cert = "b-cert.pem"; +# Create the CSR +ok(run(app(["openssl", "req", "-new", "-newkey", "rsa:4096", + "-keyout", $b_key, "-out", $b_csr, "-nodes", + "-config", $cnf, + "-subj", "/CN=b.example.com"]))); +# Sign it - position of "-text" matters! +ok(run(app(["openssl", "x509", "-req", "-text", "-CAcreateserial", + "-CA", $ca_cert, "-CAkey", $ca_key, + "-in", $b_csr, "-out", $b_cert]))); +# Verify issuer is CA +ok(get_issuer($b_cert) =~ /CN = ca.example.com/); diff -Nru openssl-3.0.5/test/recipes/30-test_evp_data/evpciph_des3_common.txt openssl-3.0.7/test/recipes/30-test_evp_data/evpciph_des3_common.txt --- openssl-3.0.5/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_data/evpciph_des3_common.txt 2022-11-01 14:14:36.000000000 +0000 @@ -22,6 +22,8 @@ NextIV = 1c673812cfde9675 # DES EDE3 ECB test +# FIPS(3.0.0): has a bug in the IV length #17591 +FIPSversion = >3.0.0 Cipher = DES-EDE3-ECB Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210 Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000 diff -Nru openssl-3.0.5/test/recipes/30-test_evp_data/evpmac_common.txt openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_common.txt --- openssl-3.0.5/test/recipes/30-test_evp_data/evpmac_common.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_common.txt 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -239,7 +239,6 @@ Key = 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f Result = MAC_INIT_ERROR - Title = CMAC tests (from FIPS module) MAC = CMAC diff -Nru openssl-3.0.5/test/recipes/30-test_evp_data/evpmac_sm3.txt openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_sm3.txt --- openssl-3.0.5/test/recipes/30-test_evp_data/evpmac_sm3.txt 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_sm3.txt 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,38 @@ +# +# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# Tests start with one of these keywords +# Cipher Decrypt Derive Digest Encoding MAC +# and continue until a blank line. Lines starting with a pound sign are ignored. +# The keyword Availablein must appear before the test name if needed. + +Title = HMAC-SM3 from GM/T 0042-2015 Appendix D.3 + +MAC = HMAC +Algorithm = SM3 +Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopqabcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +Key = 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20 +Output = ca05e144ed05d1857840d1f318a4a8669e559fc8391f414485bfdf7bb408963a + +MAC = HMAC +Algorithm = SM3 +Input = cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd +Key = 0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425 +Output = 220bf579ded555393f0159f66c99877822a3ecf610d1552154b41d44b94db3ae + +MAC = HMAC +Algorithm = SM3 +Input = "Hi There" +Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b +Output = c0ba18c68b90c88bc07de794bfc7d2c8d19ec31ed8773bc2b390c9604e0be11e + +MAC = HMAC +Algorithm = SM3 +Input = "what do ya want for nothing?" +Key = "Jefe" +Output = 2e87f1d16862e6d964b50a5200bf2b10b764faa9680a296a2405f24bec39f882 diff -Nru openssl-3.0.5/test/recipes/30-test_evp_data/evpmd_ripemd.txt openssl-3.0.7/test/recipes/30-test_evp_data/evpmd_ripemd.txt --- openssl-3.0.5/test/recipes/30-test_evp_data/evpmd_ripemd.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_data/evpmd_ripemd.txt 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,42 +13,42 @@ Title = RIPEMD160 tests -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "" Output = 9c1185a5c5e9fc54612808977ee8f548b2258d31 -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "a" Output = 0bdc9d2d256b3ee9daae347be6f4dc835a467ffe -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "abc" Output = 8eb208f7e05d987a9b044a8e98c6b087f15a0bfc -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "message digest" Output = 5d0689ef49d2fae572b881b123a85ffa21595f36 -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "abcdefghijklmnopqrstuvwxyz" Output = f71c27109c692c1b56bbdceb5b9d2865b3708dbc -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" Output = 12a053384a9c0c88e405a06c27dcf49ada62eb2b -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" Output = b0e20b6e3116640286ed3a87a5713079b21f5189 -Availablein = legacy +Availablein = legacy default Digest = RIPEMD160 Input = "12345678901234567890123456789012345678901234567890123456789012345678901234567890" Output = 9b752e45573d4b39f4dbd3323cab82bf63326bfb diff -Nru openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ffdhe.txt openssl-3.0.7/test/recipes/30-test_evp_data/evppkey_ffdhe.txt --- openssl-3.0.5/test/recipes/30-test_evp_data/evppkey_ffdhe.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_data/evppkey_ffdhe.txt 2022-11-01 14:14:36.000000000 +0000 @@ -105,6 +105,8 @@ Ctrl = dh_pad:1 SharedSecret=89A249DF4EE9033B89C2B4E52072A736D94F51143A1ED5C8F1E91FCBEBE09654 +# FIPS(3.0.0): allows the padding to be set, later versions do not #17859 +FIPSversion = >3.0.0 Derive=ffdhe2048-2 PeerKey=ffdhe2048-1-pub KDFType=X942KDF-ASN1 diff -Nru openssl-3.0.5/test/recipes/30-test_evp_pkey_provided/DH.priv.txt openssl-3.0.7/test/recipes/30-test_evp_pkey_provided/DH.priv.txt --- openssl-3.0.5/test/recipes/30-test_evp_pkey_provided/DH.priv.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_pkey_provided/DH.priv.txt 2022-11-01 14:14:36.000000000 +0000 @@ -22,3 +22,4 @@ a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42: 83:42 GROUP: ffdhe2048 +recommended-private-length: 224 bits diff -Nru openssl-3.0.5/test/recipes/30-test_evp_pkey_provided/DH.pub.txt openssl-3.0.7/test/recipes/30-test_evp_pkey_provided/DH.pub.txt --- openssl-3.0.5/test/recipes/30-test_evp_pkey_provided/DH.pub.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp_pkey_provided/DH.pub.txt 2022-11-01 14:14:36.000000000 +0000 @@ -19,3 +19,4 @@ a8:ee:72:13:45:65:15:42:17:aa:d8:ab:cf:33:42: 83:42 GROUP: ffdhe2048 +recommended-private-length: 224 bits diff -Nru openssl-3.0.5/test/recipes/30-test_evp.t openssl-3.0.7/test/recipes/30-test_evp.t --- openssl-3.0.5/test/recipes/30-test_evp.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/30-test_evp.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -104,6 +104,7 @@ evpmac_blake.txt evpmac_poly1305.txt evpmac_siphash.txt + evpmac_sm3.txt evpmd_blake.txt evpmd_md.txt evpmd_mdc2.txt diff -Nru openssl-3.0.5/test/recipes/70-test_key_share.t openssl-3.0.7/test/recipes/70-test_key_share.t --- openssl-3.0.5/test/recipes/70-test_key_share.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/70-test_key_share.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,8 @@ ZERO_LEN_KEX_DATA => 9, TRAILING_DATA => 10, SELECT_X25519 => 11, - NO_KEY_SHARES_IN_HRR => 12 + NO_KEY_SHARES_IN_HRR => 12, + NON_TLS1_3_KEY_SHARE => 13 }; use constant { @@ -85,7 +86,7 @@ $proxy->serverflags("-groups P-256"); } $proxy->start() or plan skip_all => "Unable to start up Proxy for tests"; -plan tests => 22; +plan tests => 23; ok(TLSProxy::Message->success(), "Success after HRR"); #Test 2: The server sending an HRR requesting a group the client already sent @@ -290,11 +291,27 @@ $proxy->start(); ok(TLSProxy::Message->fail(), "Server sends HRR with no key_shares"); +SKIP: { + skip "No EC support in this OpenSSL build", 1 if disabled("ec"); + #Test 23: Trailing data on key_share in ServerHello should fail + $proxy->clear(); + $direction = CLIENT_TO_SERVER; + $proxy->clientflags("-groups secp192r1:P-256:X25519"); + $proxy->ciphers("AES128-SHA:\@SECLEVEL=0"); + $testtype = NON_TLS1_3_KEY_SHARE; + $proxy->start(); + my $ishrr = defined ${$proxy->message_list}[2] + &&(${$proxy->message_list}[0]->mt == TLSProxy::Message::MT_CLIENT_HELLO) + && (${$proxy->message_list}[2]->mt == TLSProxy::Message::MT_CLIENT_HELLO); + ok(TLSProxy::Message->success() && $ishrr, + "Client sends a key_share for a Non TLSv1.3 group"); +} + sub modify_key_shares_filter { my $proxy = shift; - # We're only interested in the initial ClientHello + # We're only interested in the initial ClientHello/SererHello/HRR if (($direction == CLIENT_TO_SERVER && $proxy->flight != 0 && ($proxy->flight != 1 || $testtype != NO_KEY_SHARES_IN_HRR)) || ($direction == SERVER_TO_CLIENT && $proxy->flight != 1)) { @@ -307,12 +324,19 @@ my $ext; my $suppgroups; - #Setup supported groups to include some unrecognised groups - $suppgroups = pack "C8", - 0x00, 0x06, #List Length - 0xff, 0xfe, #Non existing group 1 - 0xff, 0xff, #Non existing group 2 - 0x00, 0x1d; #x25519 + if ($testtype != NON_TLS1_3_KEY_SHARE) { + #Setup supported groups to include some unrecognised groups + $suppgroups = pack "C8", + 0x00, 0x06, #List Length + 0xff, 0xfe, #Non existing group 1 + 0xff, 0xff, #Non existing group 2 + 0x00, 0x1d; #x25519 + } else { + $suppgroups = pack "C6", + 0x00, 0x04, #List Length + 0x00, 0x13, + 0x00, 0x1d; #x25519 + } if ($testtype == EMPTY_EXTENSION) { $ext = pack "C2", @@ -376,6 +400,13 @@ 0x00, 0x17, #P-256 0x00, 0x01, #key_exchange data length 0xff; #Dummy key_share data + } elsif ($testtype == NON_TLS1_3_KEY_SHARE) { + $ext = pack "C6H98", + 0x00, 0x35, #List Length + 0x00, 0x13, #P-192 + 0x00, 0x31, #key_exchange data length + "04EE3B38D1CB800A1A2B702FC8423599F2AC7161E175C865F8". + "3DAF78BCBAE561464E8144359BE70CB7989D28A2F43F8F2C"; #key_exchange data } if ($testtype != EMPTY_EXTENSION @@ -383,7 +414,6 @@ $message->set_extension( TLSProxy::Message::EXT_SUPPORTED_GROUPS, $suppgroups); } - if ($testtype == MISSING_EXTENSION) { $message->delete_extension( TLSProxy::Message::EXT_KEY_SHARE); diff -Nru openssl-3.0.5/test/recipes/80-test_cmp_http.t openssl-3.0.7/test/recipes/80-test_cmp_http.t --- openssl-3.0.5/test/recipes/80-test_cmp_http.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/80-test_cmp_http.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. # Copyright Nokia 2007-2019 # Copyright Siemens AG 2015-2019 # @@ -170,8 +170,8 @@ # from $BLDTOP/test-runs/test_cmp_http and prepending the input files by SRCTOP. indir data_dir() => sub { - plan tests => @server_configurations * @all_aspects - + (grep(/^Mock$/, @server_configurations) + plan tests => 1 + @server_configurations * @all_aspects + - (grep(/^Mock$/, @server_configurations) && grep(/^certstatus$/, @all_aspects)); foreach my $server_name (@server_configurations) { @@ -196,6 +196,7 @@ }; }; stop_mock_server($pid) if $pid; + ok(1, "killing mock server"); } } }; @@ -293,4 +294,5 @@ my $pid = $_[0]; print "Killing mock server with pid=$pid\n"; kill('KILL', $pid); + waitpid($pid, 0); } diff -Nru openssl-3.0.5/test/recipes/80-test_ssl_new.t openssl-3.0.7/test/recipes/80-test_ssl_new.t --- openssl-3.0.5/test/recipes/80-test_ssl_new.t 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/80-test_ssl_new.t 2022-11-01 14:14:36.000000000 +0000 @@ -1,11 +1,15 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html +# For manually running these tests, set specific environment variables like this: +# CTLOG_FILE=test/ct/log_list.cnf +# TEST_CERTS_DIR=test/certs +# For details on the environment variables needed, see test/README.ssltest.md use strict; use warnings; @@ -163,13 +167,14 @@ skip "No tests available; skipping tests", 1 if $skip; skip "Stale sources; skipping tests", 1 if !$run_test; + my $msg = "running CTLOG_FILE=test/ct/log_list.cnf". # $ENV{CTLOG_FILE}. + " TEST_CERTS_DIR=test/certs". # $ENV{TEST_CERTS_DIR}. + " test/ssl_test test/ssl-tests/$conf $provider"; if ($provider eq "fips") { ok(run(test(["ssl_test", $output_file, $provider, - srctop_file("test", "fips-and-base.cnf")])), - "running ssl_test $conf"); + srctop_file("test", "fips-and-base.cnf")])), $msg); } else { - ok(run(test(["ssl_test", $output_file, $provider])), - "running ssl_test $conf"); + ok(run(test(["ssl_test", $output_file, $provider])), $msg); } } } diff -Nru openssl-3.0.5/test/recipes/95-test_external_pyca_data/cryptography.sh openssl-3.0.7/test/recipes/95-test_external_pyca_data/cryptography.sh --- openssl-3.0.5/test/recipes/95-test_external_pyca_data/cryptography.sh 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recipes/95-test_external_pyca_data/cryptography.sh 2022-11-01 14:14:36.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. # Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use @@ -39,22 +39,27 @@ rm -rf venv-cryptography python -m venv venv-cryptography . ./venv-cryptography/bin/activate +# Upgrade pip to always have latest +pip install -U pip cd pyca-cryptography -pip install .[test] +echo "------------------------------------------------------------------" +echo "Building cryptography and installing test requirements" +echo "------------------------------------------------------------------" +LDFLAGS="-L$O_LIB" CFLAGS="-I$O_BINC -I$O_SINC " pip install .[test] pip install -e vectors echo "------------------------------------------------------------------" -echo "Building cryptography" +echo "Print linked libraries" echo "------------------------------------------------------------------" -CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pip install . +ldd $(find ../venv-cryptography/lib/ -iname '*.so') + echo "------------------------------------------------------------------" echo "Running tests" echo "------------------------------------------------------------------" - -CFLAGS="-I$O_BINC -I$O_SINC -L$O_LIB" pytest -n auto tests --wycheproof-root=../wycheproof +pytest -n auto tests --wycheproof-root=../wycheproof cd ../ deactivate diff -Nru openssl-3.0.5/test/recordlentest.c openssl-3.0.7/test/recordlentest.c --- openssl-3.0.5/test/recordlentest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/recordlentest.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -101,8 +101,6 @@ return 1; #endif - ERR_clear_error(); - if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), TLS_client_method(), TLS1_VERSION, 0, diff -Nru openssl-3.0.5/test/rsa_complex.c openssl-3.0.7/test/rsa_complex.c --- openssl-3.0.5/test/rsa_complex.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/rsa_complex.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -11,13 +11,18 @@ * Check to see if there is a conflict between complex.h and openssl/rsa.h. * The former defines "I" as a macro and earlier versions of the latter use * for function arguments. + * + * Will always succeed on djgpp, since its libc does not have complex.h. */ -#if defined(__STDC_VERSION__) -# if __STDC_VERSION__ >= 199901L -# include + +#if !defined(__DJGPP__) +# if defined(__STDC_VERSION__) +# if __STDC_VERSION__ >= 199901L +# include +# endif # endif +# include #endif -#include #include int main(int argc, char *argv[]) diff -Nru openssl-3.0.5/test/sslapitest.c openssl-3.0.7/test/sslapitest.c --- openssl-3.0.5/test/sslapitest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/sslapitest.c 2022-11-01 14:14:36.000000000 +0000 @@ -134,20 +134,6 @@ }; -static unsigned char serverinfov1[] = { - 0xff, 0xff, /* Dummy extension type */ - 0x00, 0x01, /* Extension length is 1 byte */ - 0xff /* Dummy extension data */ -}; - -static unsigned char serverinfov2[] = { - 0x00, 0x00, 0x00, - (unsigned char)(SSL_EXT_CLIENT_HELLO & 0xff), /* Dummy context - 4 bytes */ - 0xff, 0xff, /* Dummy extension type */ - 0x00, 0x01, /* Extension length is 1 byte */ - 0xff /* Dummy extension data */ -}; - static int hostname_cb(SSL *s, int *al, void *arg) { const char *hostname = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); @@ -2131,6 +2117,32 @@ goto end; } } + /* + * Make a small cache, force out all other sessions but + * sess2, try to add sess1, which should succeed. Then + * make sure it's there by checking the owners. Despite + * the timeouts, sess1 should have kicked out sess2 + */ + + /* Make sess1 expire before sess2 */ + if (!TEST_long_gt(SSL_SESSION_set_time(sess1, 1000), 0) + || !TEST_long_gt(SSL_SESSION_set_timeout(sess1, 1000), 0) + || !TEST_long_gt(SSL_SESSION_set_time(sess2, 2000), 0) + || !TEST_long_gt(SSL_SESSION_set_timeout(sess2, 2000), 0)) + goto end; + + if (!TEST_long_ne(SSL_CTX_sess_set_cache_size(sctx, 1), 0)) + goto end; + + /* Don't care about results - cache should only be sess2 at end */ + SSL_CTX_add_session(sctx, sess1); + SSL_CTX_add_session(sctx, sess2); + + /* Now add sess1, and make sure it remains, despite timeout */ + if (!TEST_true(SSL_CTX_add_session(sctx, sess1)) + || !TEST_ptr(sess1->owner) + || !TEST_ptr_null(sess2->owner)) + goto end; testresult = 1; @@ -5805,62 +5817,138 @@ return testresult; } -/* - * Test loading of serverinfo data in various formats. test_sslmessages actually - * tests to make sure the extensions appear in the handshake - */ -static int test_serverinfo(int tst) -{ - unsigned int version; - unsigned char *sibuf; - size_t sibuflen; - int ret, expected, testresult = 0; - SSL_CTX *ctx; +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) - ctx = SSL_CTX_new_ex(libctx, NULL, TLS_method()); - if (!TEST_ptr(ctx)) - goto end; +#define SYNTHV1CONTEXT (SSL_EXT_TLS1_2_AND_BELOW_ONLY \ + | SSL_EXT_CLIENT_HELLO \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_IGNORE_ON_RESUMPTION) + +#define TLS13CONTEXT (SSL_EXT_TLS1_3_CERTIFICATE \ + | SSL_EXT_TLS1_2_SERVER_HELLO \ + | SSL_EXT_CLIENT_HELLO) + +#define SERVERINFO_CUSTOM \ + 0x00, (char)TLSEXT_TYPE_signed_certificate_timestamp, \ + 0x00, 0x03, \ + 0x04, 0x05, 0x06 \ + +static const unsigned char serverinfo_custom_tls13[] = { + 0x00, 0x00, (TLS13CONTEXT >> 8) & 0xff, TLS13CONTEXT & 0xff, + SERVERINFO_CUSTOM +}; +static const unsigned char serverinfo_custom_v2[] = { + 0x00, 0x00, (SYNTHV1CONTEXT >> 8) & 0xff, SYNTHV1CONTEXT & 0xff, + SERVERINFO_CUSTOM +}; +static const unsigned char serverinfo_custom_v1[] = { + SERVERINFO_CUSTOM +}; +static const size_t serverinfo_custom_tls13_len = sizeof(serverinfo_custom_tls13); +static const size_t serverinfo_custom_v2_len = sizeof(serverinfo_custom_v2); +static const size_t serverinfo_custom_v1_len = sizeof(serverinfo_custom_v1); + +static int serverinfo_custom_parse_cb(SSL *s, unsigned int ext_type, + unsigned int context, + const unsigned char *in, + size_t inlen, X509 *x, + size_t chainidx, int *al, + void *parse_arg) +{ + const size_t len = serverinfo_custom_v1_len; + const unsigned char *si = &serverinfo_custom_v1[len - 3]; + int *p_cb_result = (int*)parse_arg; + *p_cb_result = TEST_mem_eq(in, inlen, si, 3); + return 1; +} - if ((tst & 0x01) == 0x01) - version = SSL_SERVERINFOV2; - else - version = SSL_SERVERINFOV1; +static int test_serverinfo_custom(const int idx) +{ + SSL_CTX *sctx = NULL, *cctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0; + int cb_result = 0; - if ((tst & 0x02) == 0x02) { - sibuf = serverinfov2; - sibuflen = sizeof(serverinfov2); - expected = (version == SSL_SERVERINFOV2); - } else { - sibuf = serverinfov1; - sibuflen = sizeof(serverinfov1); - expected = (version == SSL_SERVERINFOV1); + /* + * Following variables are set in the switch statement + * according to the test iteration. + * Default values do not make much sense: test would fail with them. + */ + int serverinfo_version = 0; + int protocol_version = 0; + unsigned int extension_context = 0; + const unsigned char *si = NULL; + size_t si_len = 0; + + const int call_use_serverinfo_ex = idx > 0; + switch (idx) { + case 0: /* FALLTHROUGH */ + case 1: + serverinfo_version = SSL_SERVERINFOV1; + protocol_version = TLS1_2_VERSION; + extension_context = SYNTHV1CONTEXT; + si = serverinfo_custom_v1; + si_len = serverinfo_custom_v1_len; + break; + case 2: + serverinfo_version = SSL_SERVERINFOV2; + protocol_version = TLS1_2_VERSION; + extension_context = SYNTHV1CONTEXT; + si = serverinfo_custom_v2; + si_len = serverinfo_custom_v2_len; + break; + case 3: + serverinfo_version = SSL_SERVERINFOV2; + protocol_version = TLS1_3_VERSION; + extension_context = TLS13CONTEXT; + si = serverinfo_custom_tls13; + si_len = serverinfo_custom_tls13_len; + break; } - if ((tst & 0x04) == 0x04) { - ret = SSL_CTX_use_serverinfo_ex(ctx, version, sibuf, sibuflen); - } else { - ret = SSL_CTX_use_serverinfo(ctx, sibuf, sibuflen); + if (!TEST_true(create_ssl_ctx_pair(libctx, + TLS_method(), + TLS_method(), + protocol_version, + protocol_version, + &sctx, &cctx, cert, privkey))) + goto end; - /* - * The version variable is irrelevant in this case - it's what is in the - * buffer that matters - */ - if ((tst & 0x02) == 0x02) - expected = 0; - else - expected = 1; + if (call_use_serverinfo_ex) { + if (!TEST_true(SSL_CTX_use_serverinfo_ex(sctx, serverinfo_version, + si, si_len))) + goto end; + } else { + if (!TEST_true(SSL_CTX_use_serverinfo(sctx, si, si_len))) + goto end; } - if (!TEST_true(ret == expected)) + if (!TEST_true(SSL_CTX_add_custom_ext(cctx, TLSEXT_TYPE_signed_certificate_timestamp, + extension_context, + NULL, NULL, NULL, + serverinfo_custom_parse_cb, + &cb_result)) + || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, + NULL, NULL)) + || !TEST_true(create_ssl_connection(serverssl, clientssl, + SSL_ERROR_NONE)) + || !TEST_int_eq(SSL_do_handshake(clientssl), 1)) + goto end; + + if (!TEST_true(cb_result)) goto end; testresult = 1; end: - SSL_CTX_free(ctx); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); return testresult; } +#endif /* * Test that SSL_export_keying_material() produces expected results. There are @@ -7522,11 +7610,24 @@ { const unsigned char tick_aes_key[16] = "0123456789abcdef"; const unsigned char tick_hmac_key[16] = "0123456789abcdef"; - EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); - EVP_MD *sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL); + EVP_CIPHER *aes128cbc; + EVP_MD *sha256; int ret; tick_key_cb_called = 1; + + if (tick_key_renew == -1) + return 0; + + aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); + if (!TEST_ptr(aes128cbc)) + return 0; + sha256 = EVP_MD_fetch(libctx, "SHA-256", NULL); + if (!TEST_ptr(sha256)) { + EVP_CIPHER_free(aes128cbc); + return 0; + } + memset(iv, 0, AES_BLOCK_SIZE); memset(key_name, 0, 16); if (aes128cbc == NULL @@ -7552,10 +7653,18 @@ const unsigned char tick_aes_key[16] = "0123456789abcdef"; unsigned char tick_hmac_key[16] = "0123456789abcdef"; OSSL_PARAM params[2]; - EVP_CIPHER *aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); + EVP_CIPHER *aes128cbc; int ret; tick_key_cb_called = 1; + + if (tick_key_renew == -1) + return 0; + + aes128cbc = EVP_CIPHER_fetch(libctx, "AES-128-CBC", NULL); + if (!TEST_ptr(aes128cbc)) + return 0; + memset(iv, 0, AES_BLOCK_SIZE); memset(key_name, 0, 16); params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST, @@ -7588,10 +7697,14 @@ * Test 9: TLSv1.3, old ticket key callback, ticket, no renewal * Test 10: TLSv1.2, old ticket key callback, ticket, renewal * Test 11: TLSv1.3, old ticket key callback, ticket, renewal - * Test 12: TLSv1.2, ticket key callback, ticket, no renewal - * Test 13: TLSv1.3, ticket key callback, ticket, no renewal - * Test 14: TLSv1.2, ticket key callback, ticket, renewal - * Test 15: TLSv1.3, ticket key callback, ticket, renewal + * Test 12: TLSv1.2, old ticket key callback, no ticket + * Test 13: TLSv1.3, old ticket key callback, no ticket + * Test 14: TLSv1.2, ticket key callback, ticket, no renewal + * Test 15: TLSv1.3, ticket key callback, ticket, no renewal + * Test 16: TLSv1.2, ticket key callback, ticket, renewal + * Test 17: TLSv1.3, ticket key callback, ticket, renewal + * Test 18: TLSv1.2, ticket key callback, no ticket + * Test 19: TLSv1.3, ticket key callback, no ticket */ static int test_ticket_callbacks(int tst) { @@ -7609,15 +7722,18 @@ return 1; #endif #ifdef OPENSSL_NO_DEPRECATED_3_0 - if (tst >= 8 && tst <= 11) + if (tst >= 8 && tst <= 13) return 1; #endif gen_tick_called = dec_tick_called = tick_key_cb_called = 0; /* Which tests the ticket key callback should request renewal for */ - if (tst == 10 || tst == 11 || tst == 14 || tst == 15) + + if (tst == 10 || tst == 11 || tst == 16 || tst == 17) tick_key_renew = 1; + else if (tst == 12 || tst == 13 || tst == 18 || tst == 19) + tick_key_renew = -1; /* abort sending the ticket/0-length ticket */ else tick_key_renew = 0; @@ -7666,7 +7782,7 @@ NULL))) goto end; - if (tst >= 12) { + if (tst >= 14) { if (!TEST_true(SSL_CTX_set_tlsext_ticket_key_evp_cb(sctx, tick_key_evp_cb))) goto end; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -7711,7 +7827,8 @@ goto end; if (tick_dec_ret == SSL_TICKET_RETURN_IGNORE - || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW) { + || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW + || tick_key_renew == -1) { if (!TEST_false(SSL_session_reused(clientssl))) goto end; } else { @@ -7724,7 +7841,8 @@ || tick_dec_ret == SSL_TICKET_RETURN_IGNORE_RENEW || tick_dec_ret == SSL_TICKET_RETURN_USE_RENEW) ? 1 : 0) - || !TEST_int_eq(dec_tick_called, 1)) + /* There is no ticket to decrypt in tests 13 and 19 */ + || !TEST_int_eq(dec_tick_called, (tst == 13 || tst == 19) ? 0 : 1)) goto end; testresult = 1; @@ -8411,7 +8529,7 @@ * Check if the cipher exists before attempting to use it since it only has * a hardware specific implementation. */ - ciph = EVP_CIPHER_fetch(NULL, fetchable_ciphers[test_index], ""); + ciph = EVP_CIPHER_fetch(libctx, fetchable_ciphers[test_index], ""); if (ciph == NULL) { TEST_skip("Multiblock cipher is not available for %s", cipherlist); return 1; @@ -9975,7 +10093,6 @@ #else ADD_ALL_TESTS(test_custom_exts, 3); #endif - ADD_ALL_TESTS(test_serverinfo, 8); ADD_ALL_TESTS(test_export_key_mat, 6); #ifndef OSSL_NO_USABLE_TLS1_3 ADD_ALL_TESTS(test_export_key_mat_early, 3); @@ -9993,7 +10110,7 @@ ADD_ALL_TESTS(test_info_callback, 6); ADD_ALL_TESTS(test_ssl_pending, 2); ADD_ALL_TESTS(test_ssl_get_shared_ciphers, OSSL_NELEM(shared_ciphers_data)); - ADD_ALL_TESTS(test_ticket_callbacks, 16); + ADD_ALL_TESTS(test_ticket_callbacks, 20); ADD_ALL_TESTS(test_shutdown, 7); ADD_ALL_TESTS(test_incorrect_shutdown, 2); ADD_ALL_TESTS(test_cert_cb, 6); @@ -10027,6 +10144,9 @@ ADD_TEST(test_set_verify_cert_store_ssl); ADD_ALL_TESTS(test_session_timeout, 1); ADD_TEST(test_load_dhfile); +#if !defined(OPENSSL_NO_TLS1_2) && !defined(OSSL_NO_USABLE_TLS1_3) + ADD_ALL_TESTS(test_serverinfo_custom, 4); +#endif return 1; err: diff -Nru openssl-3.0.5/test/sslcorrupttest.c openssl-3.0.7/test/sslcorrupttest.c --- openssl-3.0.5/test/sslcorrupttest.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/sslcorrupttest.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -192,8 +192,6 @@ docorrupt = 0; - ERR_clear_error(); - TEST_info("Starting #%d, %s", testidx, cipher_list[testidx]); if (!TEST_true(create_ssl_ctx_pair(NULL, TLS_server_method(), diff -Nru openssl-3.0.5/test/ssl-tests/14-curves.cnf openssl-3.0.7/test/ssl-tests/14-curves.cnf --- openssl-3.0.5/test/ssl-tests/14-curves.cnf 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/ssl-tests/14-curves.cnf 2022-11-01 14:14:36.000000000 +0000 @@ -1,6 +1,6 @@ # Generated with generate_ssl_tests.pl -num_tests = 55 +num_tests = 80 test-0 = 0-curve-prime256v1 test-1 = 1-curve-secp384r1 @@ -32,31 +32,56 @@ test-27 = 27-curve-brainpoolP256r1 test-28 = 28-curve-brainpoolP384r1 test-29 = 29-curve-brainpoolP512r1 -test-30 = 30-curve-sect233k1-tls13 -test-31 = 31-curve-sect233r1-tls13 -test-32 = 32-curve-sect283k1-tls13 -test-33 = 33-curve-sect283r1-tls13 -test-34 = 34-curve-sect409k1-tls13 -test-35 = 35-curve-sect409r1-tls13 -test-36 = 36-curve-sect571k1-tls13 -test-37 = 37-curve-sect571r1-tls13 -test-38 = 38-curve-secp224r1-tls13 -test-39 = 39-curve-sect163k1-tls13 -test-40 = 40-curve-sect163r2-tls13 -test-41 = 41-curve-prime192v1-tls13 -test-42 = 42-curve-sect163r1-tls13 -test-43 = 43-curve-sect193r1-tls13 -test-44 = 44-curve-sect193r2-tls13 -test-45 = 45-curve-sect239k1-tls13 -test-46 = 46-curve-secp160k1-tls13 -test-47 = 47-curve-secp160r1-tls13 -test-48 = 48-curve-secp160r2-tls13 -test-49 = 49-curve-secp192k1-tls13 -test-50 = 50-curve-secp224k1-tls13 -test-51 = 51-curve-secp256k1-tls13 -test-52 = 52-curve-brainpoolP256r1-tls13 -test-53 = 53-curve-brainpoolP384r1-tls13 -test-54 = 54-curve-brainpoolP512r1-tls13 +test-30 = 30-curve-sect233k1-tls12-in-tls13 +test-31 = 31-curve-sect233r1-tls12-in-tls13 +test-32 = 32-curve-sect283k1-tls12-in-tls13 +test-33 = 33-curve-sect283r1-tls12-in-tls13 +test-34 = 34-curve-sect409k1-tls12-in-tls13 +test-35 = 35-curve-sect409r1-tls12-in-tls13 +test-36 = 36-curve-sect571k1-tls12-in-tls13 +test-37 = 37-curve-sect571r1-tls12-in-tls13 +test-38 = 38-curve-secp224r1-tls12-in-tls13 +test-39 = 39-curve-sect163k1-tls12-in-tls13 +test-40 = 40-curve-sect163r2-tls12-in-tls13 +test-41 = 41-curve-prime192v1-tls12-in-tls13 +test-42 = 42-curve-sect163r1-tls12-in-tls13 +test-43 = 43-curve-sect193r1-tls12-in-tls13 +test-44 = 44-curve-sect193r2-tls12-in-tls13 +test-45 = 45-curve-sect239k1-tls12-in-tls13 +test-46 = 46-curve-secp160k1-tls12-in-tls13 +test-47 = 47-curve-secp160r1-tls12-in-tls13 +test-48 = 48-curve-secp160r2-tls12-in-tls13 +test-49 = 49-curve-secp192k1-tls12-in-tls13 +test-50 = 50-curve-secp224k1-tls12-in-tls13 +test-51 = 51-curve-secp256k1-tls12-in-tls13 +test-52 = 52-curve-brainpoolP256r1-tls12-in-tls13 +test-53 = 53-curve-brainpoolP384r1-tls12-in-tls13 +test-54 = 54-curve-brainpoolP512r1-tls12-in-tls13 +test-55 = 55-curve-sect233k1-tls13 +test-56 = 56-curve-sect233r1-tls13 +test-57 = 57-curve-sect283k1-tls13 +test-58 = 58-curve-sect283r1-tls13 +test-59 = 59-curve-sect409k1-tls13 +test-60 = 60-curve-sect409r1-tls13 +test-61 = 61-curve-sect571k1-tls13 +test-62 = 62-curve-sect571r1-tls13 +test-63 = 63-curve-secp224r1-tls13 +test-64 = 64-curve-sect163k1-tls13 +test-65 = 65-curve-sect163r2-tls13 +test-66 = 66-curve-prime192v1-tls13 +test-67 = 67-curve-sect163r1-tls13 +test-68 = 68-curve-sect193r1-tls13 +test-69 = 69-curve-sect193r2-tls13 +test-70 = 70-curve-sect239k1-tls13 +test-71 = 71-curve-secp160k1-tls13 +test-72 = 72-curve-secp160r1-tls13 +test-73 = 73-curve-secp160r2-tls13 +test-74 = 74-curve-secp192k1-tls13 +test-75 = 75-curve-secp224k1-tls13 +test-76 = 76-curve-secp256k1-tls13 +test-77 = 77-curve-brainpoolP256r1-tls13 +test-78 = 78-curve-brainpoolP384r1-tls13 +test-79 = 79-curve-brainpoolP512r1-tls13 # =========================================================== [0-curve-prime256v1] @@ -929,676 +954,1426 @@ # =========================================================== -[30-curve-sect233k1-tls13] -ssl_conf = 30-curve-sect233k1-tls13-ssl +[30-curve-sect233k1-tls12-in-tls13] +ssl_conf = 30-curve-sect233k1-tls12-in-tls13-ssl -[30-curve-sect233k1-tls13-ssl] -server = 30-curve-sect233k1-tls13-server -client = 30-curve-sect233k1-tls13-client +[30-curve-sect233k1-tls12-in-tls13-ssl] +server = 30-curve-sect233k1-tls12-in-tls13-server +client = 30-curve-sect233k1-tls12-in-tls13-client -[30-curve-sect233k1-tls13-server] +[30-curve-sect233k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect233k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[30-curve-sect233k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect233k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-30] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[31-curve-sect233r1-tls12-in-tls13] +ssl_conf = 31-curve-sect233r1-tls12-in-tls13-ssl + +[31-curve-sect233r1-tls12-in-tls13-ssl] +server = 31-curve-sect233r1-tls12-in-tls13-server +client = 31-curve-sect233r1-tls12-in-tls13-client + +[31-curve-sect233r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect233r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[31-curve-sect233r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect233r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-31] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[32-curve-sect283k1-tls12-in-tls13] +ssl_conf = 32-curve-sect283k1-tls12-in-tls13-ssl + +[32-curve-sect283k1-tls12-in-tls13-ssl] +server = 32-curve-sect283k1-tls12-in-tls13-server +client = 32-curve-sect283k1-tls12-in-tls13-client + +[32-curve-sect283k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect283k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[32-curve-sect283k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect283k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-32] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[33-curve-sect283r1-tls12-in-tls13] +ssl_conf = 33-curve-sect283r1-tls12-in-tls13-ssl + +[33-curve-sect283r1-tls12-in-tls13-ssl] +server = 33-curve-sect283r1-tls12-in-tls13-server +client = 33-curve-sect283r1-tls12-in-tls13-client + +[33-curve-sect283r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect283r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[33-curve-sect283r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect283r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-33] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[34-curve-sect409k1-tls12-in-tls13] +ssl_conf = 34-curve-sect409k1-tls12-in-tls13-ssl + +[34-curve-sect409k1-tls12-in-tls13-ssl] +server = 34-curve-sect409k1-tls12-in-tls13-server +client = 34-curve-sect409k1-tls12-in-tls13-client + +[34-curve-sect409k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect409k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[34-curve-sect409k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect409k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-34] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[35-curve-sect409r1-tls12-in-tls13] +ssl_conf = 35-curve-sect409r1-tls12-in-tls13-ssl + +[35-curve-sect409r1-tls12-in-tls13-ssl] +server = 35-curve-sect409r1-tls12-in-tls13-server +client = 35-curve-sect409r1-tls12-in-tls13-client + +[35-curve-sect409r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect409r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[35-curve-sect409r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect409r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-35] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[36-curve-sect571k1-tls12-in-tls13] +ssl_conf = 36-curve-sect571k1-tls12-in-tls13-ssl + +[36-curve-sect571k1-tls12-in-tls13-ssl] +server = 36-curve-sect571k1-tls12-in-tls13-server +client = 36-curve-sect571k1-tls12-in-tls13-client + +[36-curve-sect571k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect571k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[36-curve-sect571k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect571k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-36] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[37-curve-sect571r1-tls12-in-tls13] +ssl_conf = 37-curve-sect571r1-tls12-in-tls13-ssl + +[37-curve-sect571r1-tls12-in-tls13-ssl] +server = 37-curve-sect571r1-tls12-in-tls13-server +client = 37-curve-sect571r1-tls12-in-tls13-client + +[37-curve-sect571r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect571r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[37-curve-sect571r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect571r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-37] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[38-curve-secp224r1-tls12-in-tls13] +ssl_conf = 38-curve-secp224r1-tls12-in-tls13-ssl + +[38-curve-secp224r1-tls12-in-tls13-ssl] +server = 38-curve-secp224r1-tls12-in-tls13-server +client = 38-curve-secp224r1-tls12-in-tls13-client + +[38-curve-secp224r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp224r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[38-curve-secp224r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp224r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-38] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[39-curve-sect163k1-tls12-in-tls13] +ssl_conf = 39-curve-sect163k1-tls12-in-tls13-ssl + +[39-curve-sect163k1-tls12-in-tls13-ssl] +server = 39-curve-sect163k1-tls12-in-tls13-server +client = 39-curve-sect163k1-tls12-in-tls13-client + +[39-curve-sect163k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[39-curve-sect163k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-39] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[40-curve-sect163r2-tls12-in-tls13] +ssl_conf = 40-curve-sect163r2-tls12-in-tls13-ssl + +[40-curve-sect163r2-tls12-in-tls13-ssl] +server = 40-curve-sect163r2-tls12-in-tls13-server +client = 40-curve-sect163r2-tls12-in-tls13-client + +[40-curve-sect163r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[40-curve-sect163r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-40] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[41-curve-prime192v1-tls12-in-tls13] +ssl_conf = 41-curve-prime192v1-tls12-in-tls13-ssl + +[41-curve-prime192v1-tls12-in-tls13-ssl] +server = 41-curve-prime192v1-tls12-in-tls13-server +client = 41-curve-prime192v1-tls12-in-tls13-client + +[41-curve-prime192v1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = prime192v1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[41-curve-prime192v1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = prime192v1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-41] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[42-curve-sect163r1-tls12-in-tls13] +ssl_conf = 42-curve-sect163r1-tls12-in-tls13-ssl + +[42-curve-sect163r1-tls12-in-tls13-ssl] +server = 42-curve-sect163r1-tls12-in-tls13-server +client = 42-curve-sect163r1-tls12-in-tls13-client + +[42-curve-sect163r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect163r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[42-curve-sect163r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect163r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-42] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[43-curve-sect193r1-tls12-in-tls13] +ssl_conf = 43-curve-sect193r1-tls12-in-tls13-ssl + +[43-curve-sect193r1-tls12-in-tls13-ssl] +server = 43-curve-sect193r1-tls12-in-tls13-server +client = 43-curve-sect193r1-tls12-in-tls13-client + +[43-curve-sect193r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect193r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[43-curve-sect193r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect193r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-43] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[44-curve-sect193r2-tls12-in-tls13] +ssl_conf = 44-curve-sect193r2-tls12-in-tls13-ssl + +[44-curve-sect193r2-tls12-in-tls13-ssl] +server = 44-curve-sect193r2-tls12-in-tls13-server +client = 44-curve-sect193r2-tls12-in-tls13-client + +[44-curve-sect193r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect193r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[44-curve-sect193r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect193r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-44] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[45-curve-sect239k1-tls12-in-tls13] +ssl_conf = 45-curve-sect239k1-tls12-in-tls13-ssl + +[45-curve-sect239k1-tls12-in-tls13-ssl] +server = 45-curve-sect239k1-tls12-in-tls13-server +client = 45-curve-sect239k1-tls12-in-tls13-client + +[45-curve-sect239k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = sect239k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[45-curve-sect239k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = sect239k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-45] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[46-curve-secp160k1-tls12-in-tls13] +ssl_conf = 46-curve-secp160k1-tls12-in-tls13-ssl + +[46-curve-secp160k1-tls12-in-tls13-ssl] +server = 46-curve-secp160k1-tls12-in-tls13-server +client = 46-curve-secp160k1-tls12-in-tls13-client + +[46-curve-secp160k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[46-curve-secp160k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-46] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[47-curve-secp160r1-tls12-in-tls13] +ssl_conf = 47-curve-secp160r1-tls12-in-tls13-ssl + +[47-curve-secp160r1-tls12-in-tls13-ssl] +server = 47-curve-secp160r1-tls12-in-tls13-server +client = 47-curve-secp160r1-tls12-in-tls13-client + +[47-curve-secp160r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[47-curve-secp160r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-47] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[48-curve-secp160r2-tls12-in-tls13] +ssl_conf = 48-curve-secp160r2-tls12-in-tls13-ssl + +[48-curve-secp160r2-tls12-in-tls13-ssl] +server = 48-curve-secp160r2-tls12-in-tls13-server +client = 48-curve-secp160r2-tls12-in-tls13-client + +[48-curve-secp160r2-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp160r2:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[48-curve-secp160r2-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp160r2:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-48] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[49-curve-secp192k1-tls12-in-tls13] +ssl_conf = 49-curve-secp192k1-tls12-in-tls13-ssl + +[49-curve-secp192k1-tls12-in-tls13-ssl] +server = 49-curve-secp192k1-tls12-in-tls13-server +client = 49-curve-secp192k1-tls12-in-tls13-client + +[49-curve-secp192k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp192k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[49-curve-secp192k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp192k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-49] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[50-curve-secp224k1-tls12-in-tls13] +ssl_conf = 50-curve-secp224k1-tls12-in-tls13-ssl + +[50-curve-secp224k1-tls12-in-tls13-ssl] +server = 50-curve-secp224k1-tls12-in-tls13-server +client = 50-curve-secp224k1-tls12-in-tls13-client + +[50-curve-secp224k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp224k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[50-curve-secp224k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp224k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-50] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[51-curve-secp256k1-tls12-in-tls13] +ssl_conf = 51-curve-secp256k1-tls12-in-tls13-ssl + +[51-curve-secp256k1-tls12-in-tls13-ssl] +server = 51-curve-secp256k1-tls12-in-tls13-server +client = 51-curve-secp256k1-tls12-in-tls13-client + +[51-curve-secp256k1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = secp256k1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[51-curve-secp256k1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = secp256k1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-51] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[52-curve-brainpoolP256r1-tls12-in-tls13] +ssl_conf = 52-curve-brainpoolP256r1-tls12-in-tls13-ssl + +[52-curve-brainpoolP256r1-tls12-in-tls13-ssl] +server = 52-curve-brainpoolP256r1-tls12-in-tls13-server +client = 52-curve-brainpoolP256r1-tls12-in-tls13-client + +[52-curve-brainpoolP256r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP256r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[52-curve-brainpoolP256r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP256r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-52] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[53-curve-brainpoolP384r1-tls12-in-tls13] +ssl_conf = 53-curve-brainpoolP384r1-tls12-in-tls13-ssl + +[53-curve-brainpoolP384r1-tls12-in-tls13-ssl] +server = 53-curve-brainpoolP384r1-tls12-in-tls13-server +client = 53-curve-brainpoolP384r1-tls12-in-tls13-client + +[53-curve-brainpoolP384r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP384r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[53-curve-brainpoolP384r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP384r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-53] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[54-curve-brainpoolP512r1-tls12-in-tls13] +ssl_conf = 54-curve-brainpoolP512r1-tls12-in-tls13-ssl + +[54-curve-brainpoolP512r1-tls12-in-tls13-ssl] +server = 54-curve-brainpoolP512r1-tls12-in-tls13-server +client = 54-curve-brainpoolP512r1-tls12-in-tls13-client + +[54-curve-brainpoolP512r1-tls12-in-tls13-server] +Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem +CipherString = DEFAULT@SECLEVEL=1 +Curves = brainpoolP512r1:P-256 +MaxProtocol = TLSv1.3 +PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem + +[54-curve-brainpoolP512r1-tls12-in-tls13-client] +CipherString = ECDHE@SECLEVEL=1 +Curves = brainpoolP512r1:P-256 +MaxProtocol = TLSv1.3 +MinProtocol = TLSv1.3 +VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem +VerifyMode = Peer + +[test-54] +ExpectedProtocol = TLSv1.3 +ExpectedResult = Success +ExpectedTmpKeyType = P-256 + + +# =========================================================== + +[55-curve-sect233k1-tls13] +ssl_conf = 55-curve-sect233k1-tls13-ssl + +[55-curve-sect233k1-tls13-ssl] +server = 55-curve-sect233k1-tls13-server +client = 55-curve-sect233k1-tls13-client + +[55-curve-sect233k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[30-curve-sect233k1-tls13-client] +[55-curve-sect233k1-tls13-client] CipherString = ECDHE Curves = sect233k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-30] +[test-55] ExpectedResult = ClientFail # =========================================================== -[31-curve-sect233r1-tls13] -ssl_conf = 31-curve-sect233r1-tls13-ssl +[56-curve-sect233r1-tls13] +ssl_conf = 56-curve-sect233r1-tls13-ssl -[31-curve-sect233r1-tls13-ssl] -server = 31-curve-sect233r1-tls13-server -client = 31-curve-sect233r1-tls13-client +[56-curve-sect233r1-tls13-ssl] +server = 56-curve-sect233r1-tls13-server +client = 56-curve-sect233r1-tls13-client -[31-curve-sect233r1-tls13-server] +[56-curve-sect233r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect233r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[31-curve-sect233r1-tls13-client] +[56-curve-sect233r1-tls13-client] CipherString = ECDHE Curves = sect233r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-31] +[test-56] ExpectedResult = ClientFail # =========================================================== -[32-curve-sect283k1-tls13] -ssl_conf = 32-curve-sect283k1-tls13-ssl +[57-curve-sect283k1-tls13] +ssl_conf = 57-curve-sect283k1-tls13-ssl -[32-curve-sect283k1-tls13-ssl] -server = 32-curve-sect283k1-tls13-server -client = 32-curve-sect283k1-tls13-client +[57-curve-sect283k1-tls13-ssl] +server = 57-curve-sect283k1-tls13-server +client = 57-curve-sect283k1-tls13-client -[32-curve-sect283k1-tls13-server] +[57-curve-sect283k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[32-curve-sect283k1-tls13-client] +[57-curve-sect283k1-tls13-client] CipherString = ECDHE Curves = sect283k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-32] +[test-57] ExpectedResult = ClientFail # =========================================================== -[33-curve-sect283r1-tls13] -ssl_conf = 33-curve-sect283r1-tls13-ssl +[58-curve-sect283r1-tls13] +ssl_conf = 58-curve-sect283r1-tls13-ssl -[33-curve-sect283r1-tls13-ssl] -server = 33-curve-sect283r1-tls13-server -client = 33-curve-sect283r1-tls13-client +[58-curve-sect283r1-tls13-ssl] +server = 58-curve-sect283r1-tls13-server +client = 58-curve-sect283r1-tls13-client -[33-curve-sect283r1-tls13-server] +[58-curve-sect283r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect283r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[33-curve-sect283r1-tls13-client] +[58-curve-sect283r1-tls13-client] CipherString = ECDHE Curves = sect283r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-33] +[test-58] ExpectedResult = ClientFail # =========================================================== -[34-curve-sect409k1-tls13] -ssl_conf = 34-curve-sect409k1-tls13-ssl +[59-curve-sect409k1-tls13] +ssl_conf = 59-curve-sect409k1-tls13-ssl -[34-curve-sect409k1-tls13-ssl] -server = 34-curve-sect409k1-tls13-server -client = 34-curve-sect409k1-tls13-client +[59-curve-sect409k1-tls13-ssl] +server = 59-curve-sect409k1-tls13-server +client = 59-curve-sect409k1-tls13-client -[34-curve-sect409k1-tls13-server] +[59-curve-sect409k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[34-curve-sect409k1-tls13-client] +[59-curve-sect409k1-tls13-client] CipherString = ECDHE Curves = sect409k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-34] +[test-59] ExpectedResult = ClientFail # =========================================================== -[35-curve-sect409r1-tls13] -ssl_conf = 35-curve-sect409r1-tls13-ssl +[60-curve-sect409r1-tls13] +ssl_conf = 60-curve-sect409r1-tls13-ssl -[35-curve-sect409r1-tls13-ssl] -server = 35-curve-sect409r1-tls13-server -client = 35-curve-sect409r1-tls13-client +[60-curve-sect409r1-tls13-ssl] +server = 60-curve-sect409r1-tls13-server +client = 60-curve-sect409r1-tls13-client -[35-curve-sect409r1-tls13-server] +[60-curve-sect409r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect409r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[35-curve-sect409r1-tls13-client] +[60-curve-sect409r1-tls13-client] CipherString = ECDHE Curves = sect409r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-35] +[test-60] ExpectedResult = ClientFail # =========================================================== -[36-curve-sect571k1-tls13] -ssl_conf = 36-curve-sect571k1-tls13-ssl +[61-curve-sect571k1-tls13] +ssl_conf = 61-curve-sect571k1-tls13-ssl -[36-curve-sect571k1-tls13-ssl] -server = 36-curve-sect571k1-tls13-server -client = 36-curve-sect571k1-tls13-client +[61-curve-sect571k1-tls13-ssl] +server = 61-curve-sect571k1-tls13-server +client = 61-curve-sect571k1-tls13-client -[36-curve-sect571k1-tls13-server] +[61-curve-sect571k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[36-curve-sect571k1-tls13-client] +[61-curve-sect571k1-tls13-client] CipherString = ECDHE Curves = sect571k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-36] +[test-61] ExpectedResult = ClientFail # =========================================================== -[37-curve-sect571r1-tls13] -ssl_conf = 37-curve-sect571r1-tls13-ssl +[62-curve-sect571r1-tls13] +ssl_conf = 62-curve-sect571r1-tls13-ssl -[37-curve-sect571r1-tls13-ssl] -server = 37-curve-sect571r1-tls13-server -client = 37-curve-sect571r1-tls13-client +[62-curve-sect571r1-tls13-ssl] +server = 62-curve-sect571r1-tls13-server +client = 62-curve-sect571r1-tls13-client -[37-curve-sect571r1-tls13-server] +[62-curve-sect571r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect571r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[37-curve-sect571r1-tls13-client] +[62-curve-sect571r1-tls13-client] CipherString = ECDHE Curves = sect571r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-37] +[test-62] ExpectedResult = ClientFail # =========================================================== -[38-curve-secp224r1-tls13] -ssl_conf = 38-curve-secp224r1-tls13-ssl +[63-curve-secp224r1-tls13] +ssl_conf = 63-curve-secp224r1-tls13-ssl -[38-curve-secp224r1-tls13-ssl] -server = 38-curve-secp224r1-tls13-server -client = 38-curve-secp224r1-tls13-client +[63-curve-secp224r1-tls13-ssl] +server = 63-curve-secp224r1-tls13-server +client = 63-curve-secp224r1-tls13-client -[38-curve-secp224r1-tls13-server] +[63-curve-secp224r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[38-curve-secp224r1-tls13-client] +[63-curve-secp224r1-tls13-client] CipherString = ECDHE Curves = secp224r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-38] +[test-63] ExpectedResult = ClientFail # =========================================================== -[39-curve-sect163k1-tls13] -ssl_conf = 39-curve-sect163k1-tls13-ssl +[64-curve-sect163k1-tls13] +ssl_conf = 64-curve-sect163k1-tls13-ssl -[39-curve-sect163k1-tls13-ssl] -server = 39-curve-sect163k1-tls13-server -client = 39-curve-sect163k1-tls13-client +[64-curve-sect163k1-tls13-ssl] +server = 64-curve-sect163k1-tls13-server +client = 64-curve-sect163k1-tls13-client -[39-curve-sect163k1-tls13-server] +[64-curve-sect163k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[39-curve-sect163k1-tls13-client] +[64-curve-sect163k1-tls13-client] CipherString = ECDHE Curves = sect163k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-39] +[test-64] ExpectedResult = ClientFail # =========================================================== -[40-curve-sect163r2-tls13] -ssl_conf = 40-curve-sect163r2-tls13-ssl +[65-curve-sect163r2-tls13] +ssl_conf = 65-curve-sect163r2-tls13-ssl -[40-curve-sect163r2-tls13-ssl] -server = 40-curve-sect163r2-tls13-server -client = 40-curve-sect163r2-tls13-client +[65-curve-sect163r2-tls13-ssl] +server = 65-curve-sect163r2-tls13-server +client = 65-curve-sect163r2-tls13-client -[40-curve-sect163r2-tls13-server] +[65-curve-sect163r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[40-curve-sect163r2-tls13-client] +[65-curve-sect163r2-tls13-client] CipherString = ECDHE Curves = sect163r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-40] +[test-65] ExpectedResult = ClientFail # =========================================================== -[41-curve-prime192v1-tls13] -ssl_conf = 41-curve-prime192v1-tls13-ssl +[66-curve-prime192v1-tls13] +ssl_conf = 66-curve-prime192v1-tls13-ssl -[41-curve-prime192v1-tls13-ssl] -server = 41-curve-prime192v1-tls13-server -client = 41-curve-prime192v1-tls13-client +[66-curve-prime192v1-tls13-ssl] +server = 66-curve-prime192v1-tls13-server +client = 66-curve-prime192v1-tls13-client -[41-curve-prime192v1-tls13-server] +[66-curve-prime192v1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = prime192v1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[41-curve-prime192v1-tls13-client] +[66-curve-prime192v1-tls13-client] CipherString = ECDHE Curves = prime192v1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-41] +[test-66] ExpectedResult = ClientFail # =========================================================== -[42-curve-sect163r1-tls13] -ssl_conf = 42-curve-sect163r1-tls13-ssl +[67-curve-sect163r1-tls13] +ssl_conf = 67-curve-sect163r1-tls13-ssl -[42-curve-sect163r1-tls13-ssl] -server = 42-curve-sect163r1-tls13-server -client = 42-curve-sect163r1-tls13-client +[67-curve-sect163r1-tls13-ssl] +server = 67-curve-sect163r1-tls13-server +client = 67-curve-sect163r1-tls13-client -[42-curve-sect163r1-tls13-server] +[67-curve-sect163r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect163r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[42-curve-sect163r1-tls13-client] +[67-curve-sect163r1-tls13-client] CipherString = ECDHE Curves = sect163r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-42] +[test-67] ExpectedResult = ClientFail # =========================================================== -[43-curve-sect193r1-tls13] -ssl_conf = 43-curve-sect193r1-tls13-ssl +[68-curve-sect193r1-tls13] +ssl_conf = 68-curve-sect193r1-tls13-ssl -[43-curve-sect193r1-tls13-ssl] -server = 43-curve-sect193r1-tls13-server -client = 43-curve-sect193r1-tls13-client +[68-curve-sect193r1-tls13-ssl] +server = 68-curve-sect193r1-tls13-server +client = 68-curve-sect193r1-tls13-client -[43-curve-sect193r1-tls13-server] +[68-curve-sect193r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[43-curve-sect193r1-tls13-client] +[68-curve-sect193r1-tls13-client] CipherString = ECDHE Curves = sect193r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-43] +[test-68] ExpectedResult = ClientFail # =========================================================== -[44-curve-sect193r2-tls13] -ssl_conf = 44-curve-sect193r2-tls13-ssl +[69-curve-sect193r2-tls13] +ssl_conf = 69-curve-sect193r2-tls13-ssl -[44-curve-sect193r2-tls13-ssl] -server = 44-curve-sect193r2-tls13-server -client = 44-curve-sect193r2-tls13-client +[69-curve-sect193r2-tls13-ssl] +server = 69-curve-sect193r2-tls13-server +client = 69-curve-sect193r2-tls13-client -[44-curve-sect193r2-tls13-server] +[69-curve-sect193r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect193r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[44-curve-sect193r2-tls13-client] +[69-curve-sect193r2-tls13-client] CipherString = ECDHE Curves = sect193r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-44] +[test-69] ExpectedResult = ClientFail # =========================================================== -[45-curve-sect239k1-tls13] -ssl_conf = 45-curve-sect239k1-tls13-ssl +[70-curve-sect239k1-tls13] +ssl_conf = 70-curve-sect239k1-tls13-ssl -[45-curve-sect239k1-tls13-ssl] -server = 45-curve-sect239k1-tls13-server -client = 45-curve-sect239k1-tls13-client +[70-curve-sect239k1-tls13-ssl] +server = 70-curve-sect239k1-tls13-server +client = 70-curve-sect239k1-tls13-client -[45-curve-sect239k1-tls13-server] +[70-curve-sect239k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = sect239k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[45-curve-sect239k1-tls13-client] +[70-curve-sect239k1-tls13-client] CipherString = ECDHE Curves = sect239k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-45] +[test-70] ExpectedResult = ClientFail # =========================================================== -[46-curve-secp160k1-tls13] -ssl_conf = 46-curve-secp160k1-tls13-ssl +[71-curve-secp160k1-tls13] +ssl_conf = 71-curve-secp160k1-tls13-ssl -[46-curve-secp160k1-tls13-ssl] -server = 46-curve-secp160k1-tls13-server -client = 46-curve-secp160k1-tls13-client +[71-curve-secp160k1-tls13-ssl] +server = 71-curve-secp160k1-tls13-server +client = 71-curve-secp160k1-tls13-client -[46-curve-secp160k1-tls13-server] +[71-curve-secp160k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[46-curve-secp160k1-tls13-client] +[71-curve-secp160k1-tls13-client] CipherString = ECDHE Curves = secp160k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-46] +[test-71] ExpectedResult = ClientFail # =========================================================== -[47-curve-secp160r1-tls13] -ssl_conf = 47-curve-secp160r1-tls13-ssl +[72-curve-secp160r1-tls13] +ssl_conf = 72-curve-secp160r1-tls13-ssl -[47-curve-secp160r1-tls13-ssl] -server = 47-curve-secp160r1-tls13-server -client = 47-curve-secp160r1-tls13-client +[72-curve-secp160r1-tls13-ssl] +server = 72-curve-secp160r1-tls13-server +client = 72-curve-secp160r1-tls13-client -[47-curve-secp160r1-tls13-server] +[72-curve-secp160r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[47-curve-secp160r1-tls13-client] +[72-curve-secp160r1-tls13-client] CipherString = ECDHE Curves = secp160r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-47] +[test-72] ExpectedResult = ClientFail # =========================================================== -[48-curve-secp160r2-tls13] -ssl_conf = 48-curve-secp160r2-tls13-ssl +[73-curve-secp160r2-tls13] +ssl_conf = 73-curve-secp160r2-tls13-ssl -[48-curve-secp160r2-tls13-ssl] -server = 48-curve-secp160r2-tls13-server -client = 48-curve-secp160r2-tls13-client +[73-curve-secp160r2-tls13-ssl] +server = 73-curve-secp160r2-tls13-server +client = 73-curve-secp160r2-tls13-client -[48-curve-secp160r2-tls13-server] +[73-curve-secp160r2-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp160r2 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[48-curve-secp160r2-tls13-client] +[73-curve-secp160r2-tls13-client] CipherString = ECDHE Curves = secp160r2 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-48] +[test-73] ExpectedResult = ClientFail # =========================================================== -[49-curve-secp192k1-tls13] -ssl_conf = 49-curve-secp192k1-tls13-ssl +[74-curve-secp192k1-tls13] +ssl_conf = 74-curve-secp192k1-tls13-ssl -[49-curve-secp192k1-tls13-ssl] -server = 49-curve-secp192k1-tls13-server -client = 49-curve-secp192k1-tls13-client +[74-curve-secp192k1-tls13-ssl] +server = 74-curve-secp192k1-tls13-server +client = 74-curve-secp192k1-tls13-client -[49-curve-secp192k1-tls13-server] +[74-curve-secp192k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp192k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[49-curve-secp192k1-tls13-client] +[74-curve-secp192k1-tls13-client] CipherString = ECDHE Curves = secp192k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-49] +[test-74] ExpectedResult = ClientFail # =========================================================== -[50-curve-secp224k1-tls13] -ssl_conf = 50-curve-secp224k1-tls13-ssl +[75-curve-secp224k1-tls13] +ssl_conf = 75-curve-secp224k1-tls13-ssl -[50-curve-secp224k1-tls13-ssl] -server = 50-curve-secp224k1-tls13-server -client = 50-curve-secp224k1-tls13-client +[75-curve-secp224k1-tls13-ssl] +server = 75-curve-secp224k1-tls13-server +client = 75-curve-secp224k1-tls13-client -[50-curve-secp224k1-tls13-server] +[75-curve-secp224k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp224k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[50-curve-secp224k1-tls13-client] +[75-curve-secp224k1-tls13-client] CipherString = ECDHE Curves = secp224k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-50] +[test-75] ExpectedResult = ClientFail # =========================================================== -[51-curve-secp256k1-tls13] -ssl_conf = 51-curve-secp256k1-tls13-ssl +[76-curve-secp256k1-tls13] +ssl_conf = 76-curve-secp256k1-tls13-ssl -[51-curve-secp256k1-tls13-ssl] -server = 51-curve-secp256k1-tls13-server -client = 51-curve-secp256k1-tls13-client +[76-curve-secp256k1-tls13-ssl] +server = 76-curve-secp256k1-tls13-server +client = 76-curve-secp256k1-tls13-client -[51-curve-secp256k1-tls13-server] +[76-curve-secp256k1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = secp256k1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[51-curve-secp256k1-tls13-client] +[76-curve-secp256k1-tls13-client] CipherString = ECDHE Curves = secp256k1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-51] +[test-76] ExpectedResult = ClientFail # =========================================================== -[52-curve-brainpoolP256r1-tls13] -ssl_conf = 52-curve-brainpoolP256r1-tls13-ssl +[77-curve-brainpoolP256r1-tls13] +ssl_conf = 77-curve-brainpoolP256r1-tls13-ssl -[52-curve-brainpoolP256r1-tls13-ssl] -server = 52-curve-brainpoolP256r1-tls13-server -client = 52-curve-brainpoolP256r1-tls13-client +[77-curve-brainpoolP256r1-tls13-ssl] +server = 77-curve-brainpoolP256r1-tls13-server +client = 77-curve-brainpoolP256r1-tls13-client -[52-curve-brainpoolP256r1-tls13-server] +[77-curve-brainpoolP256r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP256r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[52-curve-brainpoolP256r1-tls13-client] +[77-curve-brainpoolP256r1-tls13-client] CipherString = ECDHE Curves = brainpoolP256r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-52] +[test-77] ExpectedResult = ClientFail # =========================================================== -[53-curve-brainpoolP384r1-tls13] -ssl_conf = 53-curve-brainpoolP384r1-tls13-ssl +[78-curve-brainpoolP384r1-tls13] +ssl_conf = 78-curve-brainpoolP384r1-tls13-ssl -[53-curve-brainpoolP384r1-tls13-ssl] -server = 53-curve-brainpoolP384r1-tls13-server -client = 53-curve-brainpoolP384r1-tls13-client +[78-curve-brainpoolP384r1-tls13-ssl] +server = 78-curve-brainpoolP384r1-tls13-server +client = 78-curve-brainpoolP384r1-tls13-client -[53-curve-brainpoolP384r1-tls13-server] +[78-curve-brainpoolP384r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP384r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[53-curve-brainpoolP384r1-tls13-client] +[78-curve-brainpoolP384r1-tls13-client] CipherString = ECDHE Curves = brainpoolP384r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-53] +[test-78] ExpectedResult = ClientFail # =========================================================== -[54-curve-brainpoolP512r1-tls13] -ssl_conf = 54-curve-brainpoolP512r1-tls13-ssl +[79-curve-brainpoolP512r1-tls13] +ssl_conf = 79-curve-brainpoolP512r1-tls13-ssl -[54-curve-brainpoolP512r1-tls13-ssl] -server = 54-curve-brainpoolP512r1-tls13-server -client = 54-curve-brainpoolP512r1-tls13-client +[79-curve-brainpoolP512r1-tls13-ssl] +server = 79-curve-brainpoolP512r1-tls13-server +client = 79-curve-brainpoolP512r1-tls13-client -[54-curve-brainpoolP512r1-tls13-server] +[79-curve-brainpoolP512r1-tls13-server] Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem CipherString = DEFAULT Curves = brainpoolP512r1 MaxProtocol = TLSv1.3 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem -[54-curve-brainpoolP512r1-tls13-client] +[79-curve-brainpoolP512r1-tls13-client] CipherString = ECDHE Curves = brainpoolP512r1 MinProtocol = TLSv1.3 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem VerifyMode = Peer -[test-54] +[test-79] ExpectedResult = ClientFail diff -Nru openssl-3.0.5/test/ssl-tests/14-curves.cnf.in openssl-3.0.7/test/ssl-tests/14-curves.cnf.in --- openssl-3.0.5/test/ssl-tests/14-curves.cnf.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/ssl-tests/14-curves.cnf.in 2022-11-01 14:14:36.000000000 +0000 @@ -73,6 +73,30 @@ foreach (0..$#curves_tls_1_2) { my $curve = $curves_tls_1_2[$_]; push @tests, { + name => "curve-${curve}-tls12-in-tls13", + server => { + "Curves" => "$curve:P-256", + "CipherString" => 'DEFAULT@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3" + }, + client => { + "CipherString" => 'ECDHE@SECLEVEL=1', + "MaxProtocol" => "TLSv1.3", + "MinProtocol" => "TLSv1.3", + "Curves" => "$curve:P-256" + }, + test => { + #This curve is not allowed in a TLSv1.3 key_share. We should + #succeed but fallback to P-256 + "ExpectedTmpKeyType" => "P-256", + "ExpectedProtocol" => "TLSv1.3", + "ExpectedResult" => "Success" + }, + }; + } + foreach (0..$#curves_tls_1_2) { + my $curve = $curves_tls_1_2[$_]; + push @tests, { name => "curve-${curve}-tls13", server => { "Curves" => $curve, diff -Nru openssl-3.0.5/test/testec-p112r1.pem openssl-3.0.7/test/testec-p112r1.pem --- openssl-3.0.5/test/testec-p112r1.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.7/test/testec-p112r1.pem 2022-11-01 14:14:36.000000000 +0000 @@ -0,0 +1,7 @@ +-----BEGIN EC PARAMETERS----- +BgUrgQQABg== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MD4CAQEEDqpz3/ZgfdnaauL3MgNsoAcGBSuBBAAGoSADHgAErmlghD+XSf6spLhs +7CqP1x1K6h2kfELB84SYKg== +-----END EC PRIVATE KEY----- diff -Nru openssl-3.0.5/test/test_test.c openssl-3.0.7/test/test_test.c --- openssl-3.0.5/test/test_test.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/test_test.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -33,19 +33,19 @@ static int test_int(void) { if (!TEST(1, TEST_int_eq(1, 1)) - | !TEST(0, TEST_int_eq(1, -1)) - | !TEST(1, TEST_int_ne(1, 2)) - | !TEST(0, TEST_int_ne(3, 3)) - | !TEST(1, TEST_int_lt(4, 9)) - | !TEST(0, TEST_int_lt(9, 4)) - | !TEST(1, TEST_int_le(4, 9)) - | !TEST(1, TEST_int_le(5, 5)) - | !TEST(0, TEST_int_le(9, 4)) - | !TEST(1, TEST_int_gt(8, 5)) - | !TEST(0, TEST_int_gt(5, 8)) - | !TEST(1, TEST_int_ge(8, 5)) - | !TEST(1, TEST_int_ge(6, 6)) - | !TEST(0, TEST_int_ge(5, 8))) + || !TEST(0, TEST_int_eq(1, -1)) + || !TEST(1, TEST_int_ne(1, 2)) + || !TEST(0, TEST_int_ne(3, 3)) + || !TEST(1, TEST_int_lt(4, 9)) + || !TEST(0, TEST_int_lt(9, 4)) + || !TEST(1, TEST_int_le(4, 9)) + || !TEST(1, TEST_int_le(5, 5)) + || !TEST(0, TEST_int_le(9, 4)) + || !TEST(1, TEST_int_gt(8, 5)) + || !TEST(0, TEST_int_gt(5, 8)) + || !TEST(1, TEST_int_ge(8, 5)) + || !TEST(1, TEST_int_ge(6, 6)) + || !TEST(0, TEST_int_ge(5, 8))) goto err; return 1; @@ -56,19 +56,19 @@ static int test_uint(void) { if (!TEST(1, TEST_uint_eq(3u, 3u)) - | !TEST(0, TEST_uint_eq(3u, 5u)) - | !TEST(1, TEST_uint_ne(4u, 2u)) - | !TEST(0, TEST_uint_ne(6u, 6u)) - | !TEST(1, TEST_uint_lt(5u, 9u)) - | !TEST(0, TEST_uint_lt(9u, 5u)) - | !TEST(1, TEST_uint_le(5u, 9u)) - | !TEST(1, TEST_uint_le(7u, 7u)) - | !TEST(0, TEST_uint_le(9u, 5u)) - | !TEST(1, TEST_uint_gt(11u, 1u)) - | !TEST(0, TEST_uint_gt(1u, 11u)) - | !TEST(1, TEST_uint_ge(11u, 1u)) - | !TEST(1, TEST_uint_ge(6u, 6u)) - | !TEST(0, TEST_uint_ge(1u, 11u))) + || !TEST(0, TEST_uint_eq(3u, 5u)) + || !TEST(1, TEST_uint_ne(4u, 2u)) + || !TEST(0, TEST_uint_ne(6u, 6u)) + || !TEST(1, TEST_uint_lt(5u, 9u)) + || !TEST(0, TEST_uint_lt(9u, 5u)) + || !TEST(1, TEST_uint_le(5u, 9u)) + || !TEST(1, TEST_uint_le(7u, 7u)) + || !TEST(0, TEST_uint_le(9u, 5u)) + || !TEST(1, TEST_uint_gt(11u, 1u)) + || !TEST(0, TEST_uint_gt(1u, 11u)) + || !TEST(1, TEST_uint_ge(11u, 1u)) + || !TEST(1, TEST_uint_ge(6u, 6u)) + || !TEST(0, TEST_uint_ge(1u, 11u))) goto err; return 1; @@ -79,19 +79,19 @@ static int test_char(void) { if (!TEST(1, TEST_char_eq('a', 'a')) - | !TEST(0, TEST_char_eq('a', 'A')) - | !TEST(1, TEST_char_ne('a', 'c')) - | !TEST(0, TEST_char_ne('e', 'e')) - | !TEST(1, TEST_char_lt('i', 'x')) - | !TEST(0, TEST_char_lt('x', 'i')) - | !TEST(1, TEST_char_le('i', 'x')) - | !TEST(1, TEST_char_le('n', 'n')) - | !TEST(0, TEST_char_le('x', 'i')) - | !TEST(1, TEST_char_gt('w', 'n')) - | !TEST(0, TEST_char_gt('n', 'w')) - | !TEST(1, TEST_char_ge('w', 'n')) - | !TEST(1, TEST_char_ge('p', 'p')) - | !TEST(0, TEST_char_ge('n', 'w'))) + || !TEST(0, TEST_char_eq('a', 'A')) + || !TEST(1, TEST_char_ne('a', 'c')) + || !TEST(0, TEST_char_ne('e', 'e')) + || !TEST(1, TEST_char_lt('i', 'x')) + || !TEST(0, TEST_char_lt('x', 'i')) + || !TEST(1, TEST_char_le('i', 'x')) + || !TEST(1, TEST_char_le('n', 'n')) + || !TEST(0, TEST_char_le('x', 'i')) + || !TEST(1, TEST_char_gt('w', 'n')) + || !TEST(0, TEST_char_gt('n', 'w')) + || !TEST(1, TEST_char_ge('w', 'n')) + || !TEST(1, TEST_char_ge('p', 'p')) + || !TEST(0, TEST_char_ge('n', 'w'))) goto err; return 1; @@ -102,19 +102,19 @@ static int test_uchar(void) { if (!TEST(1, TEST_uchar_eq(49, 49)) - | !TEST(0, TEST_uchar_eq(49, 60)) - | !TEST(1, TEST_uchar_ne(50, 2)) - | !TEST(0, TEST_uchar_ne(66, 66)) - | !TEST(1, TEST_uchar_lt(60, 80)) - | !TEST(0, TEST_uchar_lt(80, 60)) - | !TEST(1, TEST_uchar_le(60, 80)) - | !TEST(1, TEST_uchar_le(78, 78)) - | !TEST(0, TEST_uchar_le(80, 60)) - | !TEST(1, TEST_uchar_gt(88, 37)) - | !TEST(0, TEST_uchar_gt(37, 88)) - | !TEST(1, TEST_uchar_ge(88, 37)) - | !TEST(1, TEST_uchar_ge(66, 66)) - | !TEST(0, TEST_uchar_ge(37, 88))) + || !TEST(0, TEST_uchar_eq(49, 60)) + || !TEST(1, TEST_uchar_ne(50, 2)) + || !TEST(0, TEST_uchar_ne(66, 66)) + || !TEST(1, TEST_uchar_lt(60, 80)) + || !TEST(0, TEST_uchar_lt(80, 60)) + || !TEST(1, TEST_uchar_le(60, 80)) + || !TEST(1, TEST_uchar_le(78, 78)) + || !TEST(0, TEST_uchar_le(80, 60)) + || !TEST(1, TEST_uchar_gt(88, 37)) + || !TEST(0, TEST_uchar_gt(37, 88)) + || !TEST(1, TEST_uchar_ge(88, 37)) + || !TEST(1, TEST_uchar_ge(66, 66)) + || !TEST(0, TEST_uchar_ge(37, 88))) goto err; return 1; @@ -125,19 +125,19 @@ static int test_long(void) { if (!TEST(1, TEST_long_eq(123l, 123l)) - | !TEST(0, TEST_long_eq(123l, -123l)) - | !TEST(1, TEST_long_ne(123l, 500l)) - | !TEST(0, TEST_long_ne(1000l, 1000l)) - | !TEST(1, TEST_long_lt(-8923l, 102934563l)) - | !TEST(0, TEST_long_lt(102934563l, -8923l)) - | !TEST(1, TEST_long_le(-8923l, 102934563l)) - | !TEST(1, TEST_long_le(12345l, 12345l)) - | !TEST(0, TEST_long_le(102934563l, -8923l)) - | !TEST(1, TEST_long_gt(84325677l, 12345l)) - | !TEST(0, TEST_long_gt(12345l, 84325677l)) - | !TEST(1, TEST_long_ge(84325677l, 12345l)) - | !TEST(1, TEST_long_ge(465869l, 465869l)) - | !TEST(0, TEST_long_ge(12345l, 84325677l))) + || !TEST(0, TEST_long_eq(123l, -123l)) + || !TEST(1, TEST_long_ne(123l, 500l)) + || !TEST(0, TEST_long_ne(1000l, 1000l)) + || !TEST(1, TEST_long_lt(-8923l, 102934563l)) + || !TEST(0, TEST_long_lt(102934563l, -8923l)) + || !TEST(1, TEST_long_le(-8923l, 102934563l)) + || !TEST(1, TEST_long_le(12345l, 12345l)) + || !TEST(0, TEST_long_le(102934563l, -8923l)) + || !TEST(1, TEST_long_gt(84325677l, 12345l)) + || !TEST(0, TEST_long_gt(12345l, 84325677l)) + || !TEST(1, TEST_long_ge(84325677l, 12345l)) + || !TEST(1, TEST_long_ge(465869l, 465869l)) + || !TEST(0, TEST_long_ge(12345l, 84325677l))) goto err; return 1; @@ -148,19 +148,19 @@ static int test_ulong(void) { if (!TEST(1, TEST_ulong_eq(919ul, 919ul)) - | !TEST(0, TEST_ulong_eq(919ul, 10234ul)) - | !TEST(1, TEST_ulong_ne(8190ul, 66ul)) - | !TEST(0, TEST_ulong_ne(10555ul, 10555ul)) - | !TEST(1, TEST_ulong_lt(10234ul, 1000000ul)) - | !TEST(0, TEST_ulong_lt(1000000ul, 10234ul)) - | !TEST(1, TEST_ulong_le(10234ul, 1000000ul)) - | !TEST(1, TEST_ulong_le(100000ul, 100000ul)) - | !TEST(0, TEST_ulong_le(1000000ul, 10234ul)) - | !TEST(1, TEST_ulong_gt(100000000ul, 22ul)) - | !TEST(0, TEST_ulong_gt(22ul, 100000000ul)) - | !TEST(1, TEST_ulong_ge(100000000ul, 22ul)) - | !TEST(1, TEST_ulong_ge(10555ul, 10555ul)) - | !TEST(0, TEST_ulong_ge(22ul, 100000000ul))) + || !TEST(0, TEST_ulong_eq(919ul, 10234ul)) + || !TEST(1, TEST_ulong_ne(8190ul, 66ul)) + || !TEST(0, TEST_ulong_ne(10555ul, 10555ul)) + || !TEST(1, TEST_ulong_lt(10234ul, 1000000ul)) + || !TEST(0, TEST_ulong_lt(1000000ul, 10234ul)) + || !TEST(1, TEST_ulong_le(10234ul, 1000000ul)) + || !TEST(1, TEST_ulong_le(100000ul, 100000ul)) + || !TEST(0, TEST_ulong_le(1000000ul, 10234ul)) + || !TEST(1, TEST_ulong_gt(100000000ul, 22ul)) + || !TEST(0, TEST_ulong_gt(22ul, 100000000ul)) + || !TEST(1, TEST_ulong_ge(100000000ul, 22ul)) + || !TEST(1, TEST_ulong_ge(10555ul, 10555ul)) + || !TEST(0, TEST_ulong_ge(22ul, 100000000ul))) goto err; return 1; @@ -171,19 +171,19 @@ static int test_size_t(void) { if (!TEST(1, TEST_size_t_eq((size_t)10, (size_t)10)) - | !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12)) - | !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12)) - | !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24)) - | !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88)) - | !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30)) - | !TEST(1, TEST_size_t_le((size_t)30, (size_t)88)) - | !TEST(1, TEST_size_t_le((size_t)33, (size_t)33)) - | !TEST(0, TEST_size_t_le((size_t)88, (size_t)30)) - | !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33)) - | !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52)) - | !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33)) - | !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38)) - | !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52))) + || !TEST(0, TEST_size_t_eq((size_t)10, (size_t)12)) + || !TEST(1, TEST_size_t_ne((size_t)10, (size_t)12)) + || !TEST(0, TEST_size_t_ne((size_t)24, (size_t)24)) + || !TEST(1, TEST_size_t_lt((size_t)30, (size_t)88)) + || !TEST(0, TEST_size_t_lt((size_t)88, (size_t)30)) + || !TEST(1, TEST_size_t_le((size_t)30, (size_t)88)) + || !TEST(1, TEST_size_t_le((size_t)33, (size_t)33)) + || !TEST(0, TEST_size_t_le((size_t)88, (size_t)30)) + || !TEST(1, TEST_size_t_gt((size_t)52, (size_t)33)) + || !TEST(0, TEST_size_t_gt((size_t)33, (size_t)52)) + || !TEST(1, TEST_size_t_ge((size_t)52, (size_t)33)) + || !TEST(1, TEST_size_t_ge((size_t)38, (size_t)38)) + || !TEST(0, TEST_size_t_ge((size_t)33, (size_t)52))) goto err; return 1; @@ -194,19 +194,19 @@ static int test_time_t(void) { if (!TEST(1, TEST_time_t_eq((time_t)10, (time_t)10)) - | !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12)) - | !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12)) - | !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24)) - | !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88)) - | !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30)) - | !TEST(1, TEST_time_t_le((time_t)30, (time_t)88)) - | !TEST(1, TEST_time_t_le((time_t)33, (time_t)33)) - | !TEST(0, TEST_time_t_le((time_t)88, (time_t)30)) - | !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33)) - | !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52)) - | !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33)) - | !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38)) - | !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52))) + || !TEST(0, TEST_time_t_eq((time_t)10, (time_t)12)) + || !TEST(1, TEST_time_t_ne((time_t)10, (time_t)12)) + || !TEST(0, TEST_time_t_ne((time_t)24, (time_t)24)) + || !TEST(1, TEST_time_t_lt((time_t)30, (time_t)88)) + || !TEST(0, TEST_time_t_lt((time_t)88, (time_t)30)) + || !TEST(1, TEST_time_t_le((time_t)30, (time_t)88)) + || !TEST(1, TEST_time_t_le((time_t)33, (time_t)33)) + || !TEST(0, TEST_time_t_le((time_t)88, (time_t)30)) + || !TEST(1, TEST_time_t_gt((time_t)52, (time_t)33)) + || !TEST(0, TEST_time_t_gt((time_t)33, (time_t)52)) + || !TEST(1, TEST_time_t_ge((time_t)52, (time_t)33)) + || !TEST(1, TEST_time_t_ge((time_t)38, (time_t)38)) + || !TEST(0, TEST_time_t_ge((time_t)33, (time_t)52))) goto err; return 1; @@ -220,19 +220,19 @@ char y = 1; if (!TEST(1, TEST_ptr(&y)) - | !TEST(0, TEST_ptr(NULL)) - | !TEST(0, TEST_ptr_null(&y)) - | !TEST(1, TEST_ptr_null(NULL)) - | !TEST(1, TEST_ptr_eq(NULL, NULL)) - | !TEST(0, TEST_ptr_eq(NULL, &y)) - | !TEST(0, TEST_ptr_eq(&y, NULL)) - | !TEST(0, TEST_ptr_eq(&y, &x)) - | !TEST(1, TEST_ptr_eq(&x, &x)) - | !TEST(0, TEST_ptr_ne(NULL, NULL)) - | !TEST(1, TEST_ptr_ne(NULL, &y)) - | !TEST(1, TEST_ptr_ne(&y, NULL)) - | !TEST(1, TEST_ptr_ne(&y, &x)) - | !TEST(0, TEST_ptr_ne(&x, &x))) + || !TEST(0, TEST_ptr(NULL)) + || !TEST(0, TEST_ptr_null(&y)) + || !TEST(1, TEST_ptr_null(NULL)) + || !TEST(1, TEST_ptr_eq(NULL, NULL)) + || !TEST(0, TEST_ptr_eq(NULL, &y)) + || !TEST(0, TEST_ptr_eq(&y, NULL)) + || !TEST(0, TEST_ptr_eq(&y, &x)) + || !TEST(1, TEST_ptr_eq(&x, &x)) + || !TEST(0, TEST_ptr_ne(NULL, NULL)) + || !TEST(1, TEST_ptr_ne(NULL, &y)) + || !TEST(1, TEST_ptr_ne(&y, NULL)) + || !TEST(1, TEST_ptr_ne(&y, &x)) + || !TEST(0, TEST_ptr_ne(&x, &x))) goto err; return 1; @@ -243,9 +243,9 @@ static int test_bool(void) { if (!TEST(0, TEST_true(0)) - | !TEST(1, TEST_true(1)) - | !TEST(1, TEST_false(0)) - | !TEST(0, TEST_false(1))) + || !TEST(1, TEST_true(1)) + || !TEST(1, TEST_false(0)) + || !TEST(0, TEST_false(1))) goto err; return 1; @@ -258,19 +258,19 @@ static char buf[] = "abc"; if (!TEST(1, TEST_str_eq(NULL, NULL)) - | !TEST(1, TEST_str_eq("abc", buf)) - | !TEST(0, TEST_str_eq("abc", NULL)) - | !TEST(0, TEST_str_eq("abc", "")) - | !TEST(0, TEST_str_eq(NULL, buf)) - | !TEST(0, TEST_str_ne(NULL, NULL)) - | !TEST(0, TEST_str_eq("", NULL)) - | !TEST(0, TEST_str_eq(NULL, "")) - | !TEST(0, TEST_str_ne("", "")) - | !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5")) - | !TEST(0, TEST_str_ne("abc", buf)) - | !TEST(1, TEST_str_ne("abc", NULL)) - | !TEST(1, TEST_str_ne(NULL, buf)) - | !TEST(0, TEST_str_eq("abcdef", "abcdefghijk"))) + || !TEST(1, TEST_str_eq("abc", buf)) + || !TEST(0, TEST_str_eq("abc", NULL)) + || !TEST(0, TEST_str_eq("abc", "")) + || !TEST(0, TEST_str_eq(NULL, buf)) + || !TEST(0, TEST_str_ne(NULL, NULL)) + || !TEST(0, TEST_str_eq("", NULL)) + || !TEST(0, TEST_str_eq(NULL, "")) + || !TEST(0, TEST_str_ne("", "")) + || !TEST(0, TEST_str_eq("\1\2\3\4\5", "\1x\3\6\5")) + || !TEST(0, TEST_str_ne("abc", buf)) + || !TEST(1, TEST_str_ne("abc", NULL)) + || !TEST(1, TEST_str_ne(NULL, buf)) + || !TEST(0, TEST_str_eq("abcdef", "abcdefghijk"))) goto err; return 1; @@ -283,16 +283,16 @@ static char buf[] = "xyz"; if (!TEST(1, TEST_mem_eq(NULL, 0, NULL, 0)) - | !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2)) - | !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3)) - | !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3)) - | !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0)) - | !TEST(0, TEST_mem_eq(NULL, 0, "", 0)) - | !TEST(0, TEST_mem_eq("", 0, NULL, 0)) - | !TEST(0, TEST_mem_ne("", 0, "", 0)) - | !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0)) - | !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf))) - | !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf)))) + || !TEST(1, TEST_mem_eq(NULL, 1, NULL, 2)) + || !TEST(0, TEST_mem_eq(NULL, 0, "xyz", 3)) + || !TEST(0, TEST_mem_eq(NULL, 7, "abc", 3)) + || !TEST(0, TEST_mem_ne(NULL, 0, NULL, 0)) + || !TEST(0, TEST_mem_eq(NULL, 0, "", 0)) + || !TEST(0, TEST_mem_eq("", 0, NULL, 0)) + || !TEST(0, TEST_mem_ne("", 0, "", 0)) + || !TEST(0, TEST_mem_eq("xyz", 3, NULL, 0)) + || !TEST(0, TEST_mem_eq("xyz", 3, buf, sizeof(buf))) + || !TEST(1, TEST_mem_eq("xyz", 4, buf, sizeof(buf)))) goto err; return 1; @@ -315,61 +315,61 @@ int r = 0; if (!TEST(1, TEST_int_eq(BN_dec2bn(&a, "0"), 1)) - | !TEST(1, TEST_BN_eq_word(a, 0)) - | !TEST(0, TEST_BN_eq_word(a, 30)) - | !TEST(1, TEST_BN_abs_eq_word(a, 0)) - | !TEST(0, TEST_BN_eq_one(a)) - | !TEST(1, TEST_BN_eq_zero(a)) - | !TEST(0, TEST_BN_ne_zero(a)) - | !TEST(1, TEST_BN_le_zero(a)) - | !TEST(0, TEST_BN_lt_zero(a)) - | !TEST(1, TEST_BN_ge_zero(a)) - | !TEST(0, TEST_BN_gt_zero(a)) - | !TEST(1, TEST_BN_even(a)) - | !TEST(0, TEST_BN_odd(a)) - | !TEST(1, TEST_BN_eq(b, c)) - | !TEST(0, TEST_BN_eq(a, b)) - | !TEST(0, TEST_BN_ne(NULL, c)) - | !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1)) - | !TEST(1, TEST_BN_eq_word(b, 1)) - | !TEST(1, TEST_BN_eq_one(b)) - | !TEST(0, TEST_BN_abs_eq_word(b, 0)) - | !TEST(1, TEST_BN_abs_eq_word(b, 1)) - | !TEST(0, TEST_BN_eq_zero(b)) - | !TEST(1, TEST_BN_ne_zero(b)) - | !TEST(0, TEST_BN_le_zero(b)) - | !TEST(0, TEST_BN_lt_zero(b)) - | !TEST(1, TEST_BN_ge_zero(b)) - | !TEST(1, TEST_BN_gt_zero(b)) - | !TEST(0, TEST_BN_even(b)) - | !TEST(1, TEST_BN_odd(b)) - | !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10)) - | !TEST(0, TEST_BN_eq_word(c, 334739439)) - | !TEST(1, TEST_BN_abs_eq_word(c, 334739439)) - | !TEST(0, TEST_BN_eq_zero(c)) - | !TEST(1, TEST_BN_ne_zero(c)) - | !TEST(1, TEST_BN_le_zero(c)) - | !TEST(1, TEST_BN_lt_zero(c)) - | !TEST(0, TEST_BN_ge_zero(c)) - | !TEST(0, TEST_BN_gt_zero(c)) - | !TEST(0, TEST_BN_even(c)) - | !TEST(1, TEST_BN_odd(c)) - | !TEST(1, TEST_BN_eq(a, a)) - | !TEST(0, TEST_BN_ne(a, a)) - | !TEST(0, TEST_BN_eq(a, b)) - | !TEST(1, TEST_BN_ne(a, b)) - | !TEST(0, TEST_BN_lt(a, c)) - | !TEST(1, TEST_BN_lt(c, b)) - | !TEST(0, TEST_BN_lt(b, c)) - | !TEST(0, TEST_BN_le(a, c)) - | !TEST(1, TEST_BN_le(c, b)) - | !TEST(0, TEST_BN_le(b, c)) - | !TEST(1, TEST_BN_gt(a, c)) - | !TEST(0, TEST_BN_gt(c, b)) - | !TEST(1, TEST_BN_gt(b, c)) - | !TEST(1, TEST_BN_ge(a, c)) - | !TEST(0, TEST_BN_ge(c, b)) - | !TEST(1, TEST_BN_ge(b, c))) + || !TEST(1, TEST_BN_eq_word(a, 0)) + || !TEST(0, TEST_BN_eq_word(a, 30)) + || !TEST(1, TEST_BN_abs_eq_word(a, 0)) + || !TEST(0, TEST_BN_eq_one(a)) + || !TEST(1, TEST_BN_eq_zero(a)) + || !TEST(0, TEST_BN_ne_zero(a)) + || !TEST(1, TEST_BN_le_zero(a)) + || !TEST(0, TEST_BN_lt_zero(a)) + || !TEST(1, TEST_BN_ge_zero(a)) + || !TEST(0, TEST_BN_gt_zero(a)) + || !TEST(1, TEST_BN_even(a)) + || !TEST(0, TEST_BN_odd(a)) + || !TEST(1, TEST_BN_eq(b, c)) + || !TEST(0, TEST_BN_eq(a, b)) + || !TEST(0, TEST_BN_ne(NULL, c)) + || !TEST(1, TEST_int_eq(BN_dec2bn(&b, "1"), 1)) + || !TEST(1, TEST_BN_eq_word(b, 1)) + || !TEST(1, TEST_BN_eq_one(b)) + || !TEST(0, TEST_BN_abs_eq_word(b, 0)) + || !TEST(1, TEST_BN_abs_eq_word(b, 1)) + || !TEST(0, TEST_BN_eq_zero(b)) + || !TEST(1, TEST_BN_ne_zero(b)) + || !TEST(0, TEST_BN_le_zero(b)) + || !TEST(0, TEST_BN_lt_zero(b)) + || !TEST(1, TEST_BN_ge_zero(b)) + || !TEST(1, TEST_BN_gt_zero(b)) + || !TEST(0, TEST_BN_even(b)) + || !TEST(1, TEST_BN_odd(b)) + || !TEST(1, TEST_int_eq(BN_dec2bn(&c, "-334739439"), 10)) + || !TEST(0, TEST_BN_eq_word(c, 334739439)) + || !TEST(1, TEST_BN_abs_eq_word(c, 334739439)) + || !TEST(0, TEST_BN_eq_zero(c)) + || !TEST(1, TEST_BN_ne_zero(c)) + || !TEST(1, TEST_BN_le_zero(c)) + || !TEST(1, TEST_BN_lt_zero(c)) + || !TEST(0, TEST_BN_ge_zero(c)) + || !TEST(0, TEST_BN_gt_zero(c)) + || !TEST(0, TEST_BN_even(c)) + || !TEST(1, TEST_BN_odd(c)) + || !TEST(1, TEST_BN_eq(a, a)) + || !TEST(0, TEST_BN_ne(a, a)) + || !TEST(0, TEST_BN_eq(a, b)) + || !TEST(1, TEST_BN_ne(a, b)) + || !TEST(0, TEST_BN_lt(a, c)) + || !TEST(1, TEST_BN_lt(c, b)) + || !TEST(0, TEST_BN_lt(b, c)) + || !TEST(0, TEST_BN_le(a, c)) + || !TEST(1, TEST_BN_le(c, b)) + || !TEST(0, TEST_BN_le(b, c)) + || !TEST(1, TEST_BN_gt(a, c)) + || !TEST(0, TEST_BN_gt(c, b)) + || !TEST(1, TEST_BN_gt(b, c)) + || !TEST(1, TEST_BN_ge(a, c)) + || !TEST(0, TEST_BN_ge(c, b)) + || !TEST(1, TEST_BN_ge(b, c))) goto err; r = 1; diff -Nru openssl-3.0.5/test/testutil/driver.c openssl-3.0.7/test/testutil/driver.c --- openssl-3.0.5/test/testutil/driver.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/testutil/driver.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -331,6 +331,7 @@ test_flush_tapout(); } else if (all_tests[i].num == -1) { set_test_title(all_tests[i].test_case_name); + ERR_clear_error(); verdict = all_tests[i].test_fn(); finalize(verdict != 0); test_verdict(verdict, "%d - %s", test_case_count + 1, test_title); @@ -338,8 +339,6 @@ num_failed++; test_case_count++; } else { - int num_failed_inner = 0; - verdict = TEST_SKIP_CODE; set_test_title(all_tests[i].test_case_name); if (all_tests[i].subtest) { @@ -367,10 +366,10 @@ j = (j + jstep) % all_tests[i].num; if (single_iter != -1 && ((jj + 1) != single_iter)) continue; + ERR_clear_error(); v = all_tests[i].param_test_fn(j); if (v == 0) { - ++num_failed_inner; verdict = 0; } else if (v != TEST_SKIP_CODE && verdict != 0) { verdict = 1; diff -Nru openssl-3.0.5/test/testutil/output.h openssl-3.0.7/test/testutil/output.h --- openssl-3.0.5/test/testutil/output.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/testutil/output.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +14,7 @@ # define ossl_test__attr__(x) # if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__MINGW32__) && !defined(__MINGW64__) \ && !defined(__APPLE__) /* * Because we support the 'z' modifier, which made its appearance in C99, diff -Nru openssl-3.0.5/test/testutil/provider.c openssl-3.0.7/test/testutil/provider.c --- openssl-3.0.5/test/testutil/provider.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/testutil/provider.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,7 +8,9 @@ */ #include "../testutil.h" +#include #include +#include #include int test_get_libctx(OSSL_LIB_CTX **libctx, OSSL_PROVIDER **default_null_prov, @@ -62,3 +64,141 @@ return test_get_libctx(libctx, default_null_prov, test_get_argument(argn + 1), provider, module_name); } + +typedef struct { + int major, minor, patch; +} FIPS_VERSION; + +/* + * Query the FIPS provider to determine it's version number. + * Returns 1 if the version is retrieved correctly, 0 if the FIPS provider isn't + * loaded and -1 on error. + */ +static int fips_provider_version(OSSL_LIB_CTX *libctx, FIPS_VERSION *vers) +{ + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + OSSL_PROVIDER *fips_prov; + char *vs; + + if (!OSSL_PROVIDER_available(libctx, "fips")) + return 0; + *params = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_VERSION, &vs, 0); + if ((fips_prov = OSSL_PROVIDER_load(libctx, "fips")) == NULL) + return -1; + if (!OSSL_PROVIDER_get_params(fips_prov, params) + || sscanf(vs, "%d.%d.%d", &vers->major, &vers->minor, &vers->patch) != 3) + goto err; + if (!OSSL_PROVIDER_unload(fips_prov)) + return -1; + return 1; + err: + OSSL_PROVIDER_unload(fips_prov); + return -1; +} + +int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return major == prov.major && minor == prov.minor && patch == prov.patch; +} + +int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return major != prov.major || minor != prov.minor || patch != prov.patch; +} + +int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return prov.major < major + || (prov.major == major + && (prov.minor < minor + || (prov.minor == minor && prov.patch <= patch))); +} + +int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return prov.major > major + || (prov.major == major + && (prov.minor > minor + || (prov.minor == minor && prov.patch > patch))); +} + +int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) +{ + const char *p; + int major, minor, patch, r; + enum { + MODE_EQ, MODE_NE, MODE_LE, MODE_GT + } mode; + + while (*versions != '\0') { + for (; isspace(*versions); versions++) + continue; + if (*versions == '\0') + break; + for (p = versions; *versions != '\0' && !isspace(*versions); versions++) + continue; + if (*p == '!') { + mode = MODE_NE; + p++; + } else if (*p == '=') { + mode = MODE_EQ; + p++; + } else if (*p == '<' && p[1] == '=') { + mode = MODE_LE; + p += 2; + } else if (*p == '>') { + mode = MODE_GT; + p++; + } else if (isdigit(*p)) { + mode = MODE_EQ; + } else { + TEST_info("Error matching FIPS version: mode %s\n", p); + return -1; + } + if (sscanf(p, "%d.%d.%d", &major, &minor, &patch) != 3) { + TEST_info("Error matching FIPS version: version %s\n", p); + return -1; + } + switch (mode) { + case MODE_EQ: + r = fips_provider_version_eq(libctx, major, minor, patch); + break; + case MODE_NE: + r = fips_provider_version_ne(libctx, major, minor, patch); + break; + case MODE_LE: + r = fips_provider_version_le(libctx, major, minor, patch); + break; + case MODE_GT: + r = fips_provider_version_gt(libctx, major, minor, patch); + break; + } + if (r < 0) { + TEST_info("Error matching FIPS version: internal error\n"); + return -1; + } + if (r == 0) + return 0; + } + return 1; +} diff -Nru openssl-3.0.5/test/testutil.h openssl-3.0.7/test/testutil.h --- openssl-3.0.5/test/testutil.h 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/testutil.h 2022-11-01 14:14:36.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -235,6 +235,40 @@ int global_init(void); int setup_tests(void); void cleanup_tests(void); + +/* + * Helper functions to detect specific versions of the FIPS provider being in use. + * Because of FIPS rules, code changes after a module has been validated are + * difficult and because we provide a hard guarantee of ABI and behavioural + * stability going forwards, it is a requirement to have tests be conditional + * on specific FIPS provider versions. Without this, bug fixes cannot be tested + * in later releases. + * + * The reason for not including e.g. a less than test is to help avoid any + * temptation to use FIPS provider version numbers that don't exist. Until the + * `new' provider is validated, its version isn't set in stone. Thus a change + * in test behaviour must depend on already validated module versions only. + * + * In all cases, the function returns true if: + * 1. the FIPS provider version matches the criteria specified or + * 2. the FIPS provider isn't being used. + */ +int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch); +int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch); +int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch); +int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch); + +/* + * This function matches fips provider version with (potentially multiple) + * maj.min.patch version strings in versions. + * The operator can be one of = ! <= or > comparison symbols. + * If the fips provider matches all the version comparisons (or if there is no + * fips provider available) the function returns 1. + * If the fips provider does not match the version comparisons, it returns 0. + * On error the function returns -1. + */ +int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions); + /* * Used to supply test specific command line options, * If non optional parameters are used, then the first entry in the OPTIONS[] @@ -251,7 +285,9 @@ */ # define PRINTF_FORMAT(a, b) -# if defined(__GNUC__) && defined(__STDC_VERSION__) +# if defined(__GNUC__) && defined(__STDC_VERSION__) \ + && !defined(__MINGW32__) && !defined(__MINGW64__) \ + && !defined(__APPLE__) /* * Because we support the 'z' modifier, which made its appearance in C99, * we can't use __attribute__ with pre C99 dialects. diff -Nru openssl-3.0.5/test/v3ext.c openssl-3.0.7/test/v3ext.c --- openssl-3.0.5/test/v3ext.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/test/v3ext.c 2022-11-01 14:14:36.000000000 +0000 @@ -8,6 +8,7 @@ */ #include +#include #include #include #include @@ -224,6 +225,104 @@ ASN1_OCTET_STRING_free(ip2); return testresult; } + +static struct extvalues_st { + const char *value; + int pass; +} extvalues[] = { + /* No prefix is ok */ + { "sbgp-ipAddrBlock = IPv4:192.0.0.1\n", 1 }, + { "sbgp-ipAddrBlock = IPv4:192.0.0.0/0\n", 1 }, + { "sbgp-ipAddrBlock = IPv4:192.0.0.0/1\n", 1 }, + { "sbgp-ipAddrBlock = IPv4:192.0.0.0/32\n", 1 }, + /* Prefix is too long */ + { "sbgp-ipAddrBlock = IPv4:192.0.0.0/33\n", 0 }, + /* Unreasonably large prefix */ + { "sbgp-ipAddrBlock = IPv4:192.0.0.0/12341234\n", 0 }, + /* Invalid IP addresses */ + { "sbgp-ipAddrBlock = IPv4:192.0.0\n", 0 }, + { "sbgp-ipAddrBlock = IPv4:256.0.0.0\n", 0 }, + { "sbgp-ipAddrBlock = IPv4:-1.0.0.0\n", 0 }, + { "sbgp-ipAddrBlock = IPv4:192.0.0.0.0\n", 0 }, + { "sbgp-ipAddrBlock = IPv3:192.0.0.0\n", 0 }, + + /* IPv6 */ + /* No prefix is ok */ + { "sbgp-ipAddrBlock = IPv6:2001:db8::\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001::db8\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:db8::/0\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:db8::/1\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:db8::/32\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000/32\n", 1 }, + { "sbgp-ipAddrBlock = IPv6:2001:db8::/128\n", 1 }, + /* Prefix is too long */ + { "sbgp-ipAddrBlock = IPv6:2001:db8::/129\n", 0 }, + /* Unreasonably large prefix */ + { "sbgp-ipAddrBlock = IPv6:2001:db8::/12341234\n", 0 }, + /* Invalid IP addresses */ + /* Not enough blocks of numbers */ + { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000\n", 0 }, + /* Too many blocks of numbers */ + { "sbgp-ipAddrBlock = IPv6:2001:0db8:0000:0000:0000:0000:0000:0000:0000\n", 0 }, + /* First value too large */ + { "sbgp-ipAddrBlock = IPv6:1ffff:0db8:0000:0000:0000:0000:0000:0000\n", 0 }, + /* First value with invalid characters */ + { "sbgp-ipAddrBlock = IPv6:fffg:0db8:0000:0000:0000:0000:0000:0000\n", 0 }, + /* First value is negative */ + { "sbgp-ipAddrBlock = IPv6:-1:0db8:0000:0000:0000:0000:0000:0000\n", 0 } +}; + +static int test_ext_syntax(void) +{ + size_t i; + int testresult = 1; + + for (i = 0; i < OSSL_NELEM(extvalues); i++) { + X509V3_CTX ctx; + BIO *extbio = BIO_new_mem_buf(extvalues[i].value, + strlen(extvalues[i].value)); + CONF *conf; + long eline; + + if (!TEST_ptr(extbio)) + return 0 ; + + conf = NCONF_new_ex(NULL, NULL); + if (!TEST_ptr(conf)) { + BIO_free(extbio); + return 0; + } + if (!TEST_long_gt(NCONF_load_bio(conf, extbio, &eline), 0)) { + testresult = 0; + } else { + X509V3_set_ctx_test(&ctx); + X509V3_set_nconf(&ctx, conf); + + if (extvalues[i].pass) { + if (!TEST_true(X509V3_EXT_add_nconf(conf, &ctx, "default", + NULL))) { + TEST_info("Value: %s", extvalues[i].value); + testresult = 0; + } + } else { + ERR_set_mark(); + if (!TEST_false(X509V3_EXT_add_nconf(conf, &ctx, "default", + NULL))) { + testresult = 0; + TEST_info("Value: %s", extvalues[i].value); + ERR_clear_last_mark(); + } else { + ERR_pop_to_mark(); + } + } + } + BIO_free(extbio); + NCONF_free(conf); + } + + return testresult; +} #endif /* OPENSSL_NO_RFC3779 */ OPT_TEST_DECLARE_USAGE("cert.pem\n") @@ -242,6 +341,7 @@ #ifndef OPENSSL_NO_RFC3779 ADD_TEST(test_asid); ADD_TEST(test_addr_ranges); + ADD_TEST(test_ext_syntax); #endif /* OPENSSL_NO_RFC3779 */ return 1; } diff -Nru openssl-3.0.5/util/check-format.pl openssl-3.0.7/util/check-format.pl --- openssl-3.0.5/util/check-format.pl 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/check-format.pl 2022-11-01 14:14:36.000000000 +0000 @@ -1,7 +1,7 @@ #! /usr/bin/env perl # -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. -# Copyright Siemens AG 2019-2020 +# Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright Siemens AG 2019-2022 # # Licensed under the Apache License 2.0 (the "License"). # You may not use this file except in compliance with the License. @@ -62,9 +62,9 @@ # except within if ... else constructs where some branch contains more than one # statement. Since the exception is hard to recognize when such branches occur # after the current position (such that false positives would be reported) -# the tool by checks for this rule by defaul only for do/while/for bodies. +# the tool by checks for this rule by default only for do/while/for bodies. # Yet with the --1-stmt option false positives are preferred over negatives. -# False negatives occur if the braces are more than two non-empty lines apart. +# False negatives occur if the braces are more than two non-blank lines apart. # # * The presence of multiple consecutive spaces is regarded a coding style nit # except when this is before end-of-line comments (unless the --eol-comment is given) and @@ -73,7 +73,7 @@ # # define CDE 22 # # define F 3333 # This pattern is recognized - and consequently extra space not reported - -# for a given line if in the nonempty line before or after (if existing) +# for a given line if in the non-blank line before or after (if existing) # for each occurrence of " \S" (where \S means non-space) in the given line # there is " \S" in the other line in the respective column position. # This may lead to both false negatives (in case of coincidental " \S") @@ -134,10 +134,11 @@ # status variables my $self_test; # whether the current input file is regarded to contain (positive/negative) self-tests my $line; # current line number -my $line_before; # number of previous not essentially empty line (containing at most whitespace and '\') -my $line_before2; # number of not essentially empty line before previous not essentially empty line +my $line_before; # number of previous not essentially blank line (containing at most whitespace and '\') +my $line_before2; # number of not essentially blank line before previous not essentially blank line my $contents; # contents of current line (without blinding) # $_ # current line, where comments etc. get blinded +my $code_contents_before; # contents of previous non-comment non-directive line (without blinding), initially "" my $contents_before; # contents of $line_before (without blinding), if $line_before > 0 my $contents_before_; # contents of $line_before after blinding comments etc., if $line_before > 0 my $contents_before2; # contents of $line_before2 (without blinding), if $line_before2 > 0 @@ -168,6 +169,7 @@ my @nested_conds_indents; # stack of hanging indents due to conditionals ('?' ... ':') my $expr_indent; # resulting hanging indent within (multi-line) expressions including type exprs, else 0 my $hanging_symbol; # character ('(', '{', '[', not: '?') responsible for $expr_indent, if $expr_indent != 0 +my $in_block_decls; # number of local declaration lines after block opening before normal statements, or -1 if no block opening my $in_expr; # in expression after if/while/for/switch/return/enum/LHS of assignment my $in_paren_expr; # in parenthesized if/while/for condition and switch expression, if $expr_indent != 0 my $in_typedecl; # nesting level of typedef/struct/union/enum @@ -191,6 +193,7 @@ $line = 0; $line_before = 0; $line_before2 = 0; + $code_contents_before = ""; @nested_block_indents = (); @nested_hanging_offsets = (); @nested_in_typedecl = (); @@ -198,8 +201,9 @@ @nested_indents = (); @nested_conds_indents = (); $expr_indent = 0; - $in_paren_expr = 0; + $in_block_decls = -1; $in_expr = 0; + $in_paren_expr = 0; $hanging_offset = 0; @in_do_hanging_offsets = (); @in_if_hanging_offsets = (); @@ -316,7 +320,7 @@ $contents_before) if !$sloppy_cmt && $count_before != $count; } # ... but allow normal indentation for the current line, else above check will be done for the line before - if (($in_comment == 0 || $in_comment < 0) # (no commment,) intra-line comment or end of multi-line comment + if (($in_comment == 0 || $in_comment < 0) # (no comment,) intra-line comment or end of multi-line comment && m/^(\s*)@[\s@]*$/) { # line begins with '@', no code follows (except '\') if ($count == $ref_indent) { # indentation is like for (normal) code in this line s/^(\s*)@/$1*/; # blind first '@' as '*' to prevent above delayed check for the line before @@ -377,6 +381,7 @@ my $in_stmt = $in_expr || @nested_symbols != 0; # not: || $in_typedecl != 0 if ($c =~ m/[{([?]/) { # $c is '{', '(', '[', or '?' if ($c eq "{") { # '{' in any context + $in_block_decls = 0 if !$in_expr && $in_typedecl == 0; # cancel newly hanging_offset if opening brace '{' is after non-whitespace non-comment: $hanging_offset -= INDENT_LEVEL if $hanging_offset > 0 && $head =~ m/[^\s\@]/; push @nested_block_indents, $block_indent; @@ -458,6 +463,7 @@ while (<>) { # loop over all lines of all input files $self_test = $ARGV =~ m/check-format-test/; + $_ = "" if $self_test && m/ blank line within local decls /; $line++; s/\r$//; # strip any trailing CR '\r' (which are typical on Windows systems) $contents = $_; @@ -511,12 +517,12 @@ # do/prepare checks within multi-line comments my $self_test_exception = $self_test ? "@" : ""; - if ($in_comment > 0) { # this still includes the last line of multi-line commment + if ($in_comment > 0) { # this still includes the last line of multi-line comment my ($head, $any_symbol, $cmt_text) = m/^(\s*)(.?)(.*)$/; if ($any_symbol eq "*") { - report("no space after leading '*' in multi-line comment") if $cmt_text =~ m|^[^/\s$self_test_exception]|; + report("missing space or '*' after leading '*' in multi-line comment") if $cmt_text =~ m|^[^*\s/$self_test_exception]|; } else { - report("no leading '*' in multi-line comment"); + report("missing leading '*' in multi-line comment"); } $in_comment++; } @@ -524,13 +530,13 @@ # detect end of comment, must be within multi-line comment, check if it is preceded by non-whitespace text if ((my ($head, $tail) = m|^(.*?)\*/(.*)$|) && $1 ne '/') { # ending comment: '*/' report("neither space nor '*' before '*/'") if $head =~ m/[^*\s]$/; - report("no space after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/' + report("missing space after '*/'") if $tail =~ m/^[^\s,;)}\]]/; # no space or ,;)}] after '*/' if (!($head =~ m|/\*|)) { # not begin of comment '/*', which is is handled below if ($in_comment == 0) { report("unexpected '*/' outside comment"); $_ = "$head@@".$tail; # blind the "*/" } else { - report("text before '*/' in multi-line comment") if ($head =~ m/\S/); # non-SPC before '*/' + report("text before '*/' in multi-line comment") if ($head =~ m/[^*\s]/); # non-SPC before '*/' $in_comment = -1; # indicate that multi-line comment ends on current line if ($count > 0) { # make indentation of end of multi-line comment appear like of leading intra-line comment @@ -547,9 +553,9 @@ # detect begin of comment, check if it is followed by non-space text MATCH_COMMENT: if (my ($head, $opt_minus, $tail) = m|^(.*?)/\*(-?)(.*)$|) { # begin of comment: '/*' - report("no space before '/*'") + report("missing space before '/*'") if $head =~ m/[^\s(\*]$/; # not space, '(', or or '*' (needed to allow '*/') before comment delimiter - report("neither space nor '*' after '/*' or '/*-'") if $tail =~ m/^[^\s*$self_test_exception]/; + report("missing space, '*' or '!' after '/*' or '/*-'") if $tail =~ m/^[^*\s!$self_test_exception]/; my $cmt_text = $opt_minus.$tail; # preliminary if ($in_comment > 0) { report("unexpected '/*' inside multi-line comment"); @@ -562,8 +568,8 @@ } else { # begin of multi-line comment my $self_test_exception = $self_test ? "(@\d?)?" : ""; report("text after '/*' in multi-line comment") - unless $tail =~ m/^$self_test_exception.?\s*$/; - # tail not essentially empty, first char already checked + unless $tail =~ m/^$self_test_exception.?[*\s]*$/; + # tail not essentially blank, first char already checked # adapt to actual indentation of first line $comment_indent = length($head) + 1; $_ = "$head@@".blind_nonspace($cmt_text); @@ -571,6 +577,7 @@ $leading_comment = $head =~ m/^\s*$/; # there is code before beginning delimiter $formatted_comment = $opt_minus eq "-"; } + } elsif (($head, $tail) = m|^\{-(.*)$|) { # begin of Perl pragma: '{-' } if ($in_comment > 1) { # still inside multi-line comment (not at its begin or end) @@ -605,7 +612,7 @@ # at this point all non-space portions of any types of comments have been blinded as @ - goto LINE_FINISHED if m/^\s*$/; # essentially empty line: just whitespace (and maybe a trailing '\') + goto LINE_FINISHED if m/^\s*$/; # essentially blank line: just whitespace (and maybe a trailing '\') # intra-line whitespace nits @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ -670,6 +677,7 @@ $intra_line =~ s/\s+$//; # strip any (resulting) space at EOL $intra_line =~ s/(for\s*\([^;]*);;(\))/"$1$2"/eg; # strip trailing ';;' in for (;;) $intra_line =~ s/(for\s*\([^;]+;[^;]+);(\))/"$1$2"/eg; # strip trailing ';' in for (;;) + $intra_line =~ s/(for\s*\();(;)/"$1$2"/eg; # replace leading ';;' in for (;;) by ';' $intra_line =~ s/(=\s*)\{ /"$1@ "/eg; # do not report {SPC in initializers such as ' = { 0, };' $intra_line =~ s/, \};/, @;/g; # do not report SPC} in initializers such as ' = { 0, };' report("space before '$1'") if $intra_line =~ m/[\w)\]]\s+(\+\+|--)/; # postfix ++/-- with preceding space @@ -678,35 +686,35 @@ report("space before '$1'") if $intra_line =~ m/\s(\.|->)/; # '.' or '->' with preceding space report("space after '$1'") if $intra_line =~ m/(\.|->)\s/; # '.' or '->' with following space $intra_line =~ s/\-\>|\+\+|\-\-/@/g; # blind '->,', '++', and '--' - report("space before '$2'") if $intra_line =~ m/[^:]\s+(;)/; # space before ';' but not after ':' + report("space before '$1'") if $intra_line =~ m/[^:)]\s+(;)/; # space before ';' but not after ':' or ')' report("space before '$1'") if $intra_line =~ m/\s([,)\]])/; # space before ,)] report("space after '$1'") if $intra_line =~ m/([(\[~!])\s/; # space after ([~! report("space after '$1'") if $intra_line =~ m/(defined)\s/; # space after 'defined' - report("no space before '=' or '='") if $intra_line =~ m/\S(=)/; # '=' etc. without preceding space - report("no space before '$1'") if $intra_line =~ m/\S([|\/%<>^\?])/; # |/%<>^? without preceding space + report("missing space before '=' or '='") if $intra_line =~ m/\S(=)/; # '=' etc. without preceding space + report("missing space before '$1'") if $intra_line =~ m/\S([|\/%<>^\?])/; # |/%<>^? without preceding space # TODO ternary ':' without preceding SPC, while allowing no SPC before ':' after 'case' - report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([+\-])/;# +/- without preceding space or {()[ - # or ')' (which is used f type casts) - report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[*!]([*])/; # '*' without preceding space or {()[*! - report("no space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([&])/; # '&' without preceding space or {()[ - report("no space after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit - report("no space after '$1'") if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space - report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after + report("missing space before binary '$2'") if $intra_line =~ m/([^\s{()\[e])([+\-])/; # '+'/'-' without preceding space or {()[e + # ')' may be used for type casts or before "->", 'e' may be used for numerical literals such as "1e-6" + report("missing space before binary '$1'") if $intra_line =~ m/[^\s{()\[*!]([*])/; # '*' without preceding space or {()[*! + report("missing space before binary '$1'") if $intra_line =~ m/[^\s{()\[]([&])/; # '&' without preceding space or {()[ + report("missing space after ternary '$1'") if $intra_line =~ m/(:)[^\s\d]/; # ':' without following space or digit + report("missing space after '$1'") if $intra_line =~ m/([,;=|\/%<>^\?])\S/; # ,;=|/%<>^? without following space + report("missing space after binary '$1'") if $intra_line=~m/[^{(\[]([*])[^\sa-zA-Z_(),*]/;# '*' w/o space or \w(),* after # TODO unary '*' must not be followed by SPC - report("no space after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/; # '&' w/o following space or \w( + report("missing space after binary '$1'") if $intra_line=~m/([&])[^\sa-zA-Z_(]/; # '&' w/o following space or \w( # TODO unary '&' must not be followed by SPC - report("no space after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/; # +/- w/o following space or \d( + report("missing space after binary '$1'") if $intra_line=~m/[^{(\[]([+\-])[^\s\d(]/; # +/- w/o following space or \d( # TODO unary '+' and '-' must not be followed by SPC - report("no space after '$2'") if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC - report("no space after '$2'") if $intra_line =~ m/(^|\W)(return)[^\w\s;]/; # return w/o SPC or ';' + report("missing space after '$2'") if $intra_line =~ m/(^|\W)(if|while|for|switch|case)[^\w\s]/; # kw w/o SPC + report("missing space after '$2'") if $intra_line =~ m/(^|\W)(return)[^\w\s;]/; # return w/o SPC or ';' report("space after function/macro name") if $intra_line =~ m/(\w+)\s+\(/ # fn/macro name with space before '(' - && !($1 =~ m/^(if|while|for|switch|return|typedef|void|char|unsigned|int|long|float|double)$/) # not keyword + && !($1 =~ m/^(sizeof|if|else|while|do|for|switch|case|default|break|continue|goto|return|void|char|signed|unsigned|int|short|long|float|double|typedef|enum|struct|union|auto|extern|static|const|volatile|register)$/) # not keyword && !(m/^\s*#\s*define\s/); # we skip macro definitions here because macros # without parameters but with body beginning with '(', e.g., '#define X (1)', # would lead to false positives - TODO also check for macros with parameters - report("no space before '{'") if $intra_line =~ m/[^\s{(\[]\{/; # '{' without preceding space or {([ - report("no space after '}'") if $intra_line =~ m/\}[^\s,;\])}]/; # '}' without following space or ,;])} + report("missing space before '{'") if $intra_line =~ m/[^\s{(\[]\{/; # '{' without preceding space or {([ + report("missing space after '}'") if $intra_line =~ m/\}[^\s,;\])}]/; # '}' without following space or ,;])} } # preprocessor directives @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ -738,7 +746,8 @@ # update indents according to leading closing brace(s) '}' or label or switch case my $in_stmt = $in_expr || @nested_symbols != 0 || $in_typedecl != 0; if ($in_stmt) { # expr/stmt/type decl/var def/fn hdr, i.e., not at block level - if (m/^([\s@]*\})/) { # leading '}', any preceding blinded comment must not be matched + if (m/^([\s@]*\})/) { # leading '}' within stmt, any preceding blinded comment must not be matched + $in_block_decls = -1; my $head = $1; update_nested_indents($head); $nested_indents_position = length($head); @@ -785,7 +794,8 @@ } if ($before ne "") { # non-whitespace non-'{' before '}' report("code before '}'"); - } else { # leading '}', any preceding blinded comment must not be matched + } else { # leading '}' outside stmt, any preceding blinded comment must not be matched + $in_block_decls = -1; $local_offset = $block_indent + $hanging_offset - INDENT_LEVEL; update_nested_indents($head); $nested_indents_position = length($head); @@ -832,6 +842,27 @@ check_indent() if $count >= 0; # not for #define and not if multi-line string literal is continued + # check for blank lines within/after local decls @@@@@@@@@@@@@@@@@@@@@@@@@@@ + + if ($in_block_decls >= 0 && + $in_comment == 0 && !m/^\s*\*?@/ && # not in multi-line comment nor an intra-line comment + !$in_expr && $expr_indent == 0 && $in_typedecl == 0) { + my $blank_line_before = $line > 1 + && $code_contents_before =~ m/^\s*(\\\s*)?$/; # essentially blank line: just whitespace (and maybe a trailing '\') + if (m/^[\s(]*(char|signed|unsigned|int|short|long|float|double|enum|struct|union|auto|extern|static|const|volatile|register)(\W|$)/ # clear start of local decl + || (m/^(\s*(\w+|\[\]|[\*()]))+?\s+[\*\(]*\w+(\s*(\)|\[[^\]]*\]))*\s*[;,=]/ # weak check for decl involving user-defined type + && !m/^\s*(\}|sizeof|if|else|while|do|for|switch|case|default|break|continue|goto|return)(\W|$)/)) { + $in_block_decls++; + report_flexibly($line - 1, "blank line within local decls, before", $contents) if $blank_line_before; + } else { + report_flexibly($line, "missing blank line after local decls", "\n$contents_before$contents") + if $in_block_decls > 0 && !$blank_line_before; + $in_block_decls = -1 unless + m/^\s*(\\\s*)?$/ # essentially blank line: just whitespace (and maybe a trailing '\') + || $in_comment != 0 || m/^\s*\*?@/; # in multi-line comment or an intra-line comment + } + } + $in_comment = 0 if $in_comment < 0; # multi-line comment has ended # do some further checks @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ -851,22 +882,19 @@ $line_opening_brace == $line_before) && $contents_before =~ m/;/) { # there is at least one terminator ';', so there is some stmt # TODO do not report cases where a further else branch - # follows with a block containg more than one line/statement + # follows with a block containing more than one line/statement report_flexibly($line_before, "'$keyword_opening_brace' { 1 stmt }", $contents_before); } } report("single-letter name '$2'") if (m/(^|.*\W)([IO])(\W.*|$)/); # single-letter name 'I' or 'O' # maybe re-add 'l'? # constant on LHS of comparison or assignment, e.g., NULL != x or 'a' < c, but not a + 1 == b - report("constant on LHS of '$2'") - if (m/(['"]|([\+\-\*\/\/%\&\|\^<>]\s*)?\W[0-9]+L?|NULL)\s*([\!<>=]=|[<=>][^<>])/ && $2 eq ""); + report("constant on LHS of '$3'") + if (m/(['"]|([\+\-\*\/\/%\&\|\^<>]\s*)?\W[0-9]+L?|\WNULL)\s*([\!<>=]=|[<=>])([<>]?)/ && + $2 eq "" && (($3 ne "<" && $3 ne "='" && $3 ne ">") || $4 eq "")); # TODO report #if 0 and #if 1 - # TODO report empty line within local variable definitions - - # TODO report missing empty line after local variable definitions - # TODO report needless use of parentheses, while # macro parameters should always be in parens (except when passed on), e.g., '#define ID(x) (x)' @@ -934,7 +962,7 @@ # set $in_typedecl and potentially $hanging_offset for type declaration if (!$in_expr && @nested_indents == 0 # not in expression - && m/(^|^.*\W)(typedef|struct|union|enum)(\W.*|$)$/ + && m/(^|^.*\W)(typedef|enum|struct|union)(\W.*|$)$/ && parens_balance($1) == 0 # not in newly started expression or function arg list && ($2 eq "typedef" || !($3 =~ m/\s*\w++\s*(.)/ && $1 ne "{")) # 'struct'/'union'/'enum' not followed by '{' # not needed: && $keyword_opening_brace = $2 if $3 =~ m/\{/; @@ -1018,12 +1046,12 @@ !($keyword_opening_brace eq "else" && $line_opening_brace < $line_before2); } report("code after '{'") if $tail=~ m/[^\s\@]/ && # trailing non-whitespace non-comment (non-'\') - !($tail=~ m/\}/); # no '}' after last '{' + !($tail=~ m/\}/); # missing '}' after last '{' } } # check for opening brace after if/while/for/switch/do not on same line - # note that "no '{' on same line after '} else'" is handled further below + # note that "missing '{' on same line after '} else'" is handled further below if (/^[\s@]*{/ && # leading '{' $line_before > 0 && !($contents_before_ =~ m/^\s*#/) && # not preprocessor directive '#if (my ($head, $mid, $tail) = ($contents_before_ =~ m/(^|^.*\W)(if|while|for|switch|do)(\W.*$|$)/))) { @@ -1033,10 +1061,10 @@ # check for closing brace on line before 'else' not followed by leading '{' elsif (my ($head, $tail) = m/(^|^.*\W)else(\W.*$|$)/) { if (parens_balance($tail) == 0 && # avoid false positive due to unfinished expr on current line - !($tail =~ m/{/) && # after 'else' no '{' on same line + !($tail =~ m/{/) && # after 'else' missing '{' on same line !($head =~ m/}[\s@]*$/) && # not: '}' then any whitespace or comments before 'else' $line_before > 0 && $contents_before_ =~ /}[\s@]*$/) { # trailing '}' on line before - report("no '{' after '} else'"); + report("missing '{' on same line after '} else'"); } } @@ -1063,10 +1091,10 @@ if ($line_before > 0 && $contents_before_ =~ /}[\s@]*$/) { report("'else' not on same line as preceding '}'"); } elsif (parens_balance($tail) == 0) { # avoid false positive due to unfinished expr on current line - report("no '}' on same line before 'else ... {'") if $brace_after; + report("missing '}' on same line before 'else ... {'") if $brace_after; } } elsif (parens_balance($tail) == 0) { # avoid false positive due to unfinished expr on current line - report("no '{' on same line after '} else'") if $brace_before && !$brace_after; + report("missing '{' on same line after '} else'") if $brace_before && !$brace_after; } } @@ -1086,6 +1114,10 @@ # post-processing at end of line @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ LINE_FINISHED: + $code_contents_before = $contents if + !m/^\s*#(\s*)(\w+)/ && # not single-line directive + $in_comment == 0 && !m/^\s*\*?@/; # not in multi-line comment nor an intra-line comment + # on end of multi-line preprocessor directive, adapt indent if ($in_directive > 0 && # need to use original line contents because trailing \ may have been stripped @@ -1096,12 +1128,12 @@ $hanging_offset = 0; # compensate for this in case macro ends, e.g., as 'while (0)' } - if (m/^\s*$/) { # at begin of file essentially empty line: just whitespace (and maybe a '\') - report("leading ".($1 eq "" ? "empty" :"whitespace")." line") if $line == 1 && !$sloppy_SPC; + if (m/^\s*$/) { # at begin of file essentially blank line: just whitespace (and maybe a '\') + report("leading ".($1 eq "" ? "blank" :"whitespace")." line") if $line == 1 && !$sloppy_SPC; } else { if ($line_before > 0) { my $linediff = $line - $line_before - 1; - report("$linediff empty lines before") if $linediff > 1 && !$sloppy_SPC; + report("$linediff blank lines before") if $linediff > 1 && !$sloppy_SPC; } $line_before2 = $line_before; $contents_before2 = $contents_before; @@ -1123,8 +1155,8 @@ # post-processing at end of file @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ if (eof) { - # check for essentially empty line (which may include a '\') just before EOF - report(($1 eq "\n" ? "empty line" : $2 ne "" ? "'\\'" : "whitespace")." at EOF") + # check for essentially blank line (which may include a '\') just before EOF + report(($1 eq "\n" ? "blank line" : $2 ne "" ? "'\\'" : "whitespace")." at EOF") if $contents =~ m/^(\s*(\\?)\s*)$/ && !$sloppy_SPC; # report unclosed expression-level nesting diff -Nru openssl-3.0.5/util/check-format-test-negatives.c openssl-3.0.7/util/check-format-test-negatives.c --- openssl-3.0.5/util/check-format-test-negatives.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/check-format-test-negatives.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,7 +1,6 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Siemens AG 2015-2022 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,6 +13,15 @@ * There are some known false positives, though, which are marked below. */ +#define F \ + void f() \ + { \ + int i; \ + int j; \ + \ + return; \ + } + /*- * allow extra SPC in format-tagged multi-line comment */ @@ -21,6 +29,79 @@ * trailing multi-line comment */ { + typedef int INT; + void v; + short b; + char c; + signed s; + unsigned u; + int i; + long l; + float f; + double d; + enum {} enu; + struct {} stru; + union {} un; + auto a; + extern e; + static int stat; + const int con; + volatile int vola; + register int reg; + OSSL_x y, *p = params; + int params[]; + OSSL_PARAM * (* params []) [MAX + 1]; + XY *(* fn)(int a, char b); + /* + * multi-line comment should not disturb detection of local decls + */ + BIO1 ***b; + /* intra-line comment should not disturb detection of local decls */ + unsigned k; + + /* intra-line comment should not disturb detection of end of local decls */ + + { + int x; /* just decls in block */ + } + if (p != (unsigned char *) + &(ctx->tmp[0])) { + i -= (p - (unsigned char *) /* do not confuse with var decl */ + &(ctx->tmp[0])); + } + { + ctx->buf_off = 0; /* do not confuse with var decl */ + return 0; + } + { + ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf, + (unsigned char *)ctx->tmp, /* no decl */ + ctx->tmp_len); + } + { + EVP_EncodeFinal(ctx->base64, + (unsigned char *)ctx->buf, &(ctx->len)); /* no decl */ + /* push out the bytes */ + goto again; + } + { + f(1, (unsigned long)2); /* no decl */ + x; + } + { + char *pass_str = get_passwd(opt_srv_secret, "x"); + + if (pass_str != NULL) { + cleanse(opt_srv_secret); + res = OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)pass_str, + strlen(pass_str)); + clear_free(pass_str); + } + } +} + +int g(void) +{ if (ctx == NULL) { /* non-leading end-of-line comment */ if (/* comment after '(' */ pem_name != NULL /* comment before ')' */) /* entire-line comment indent usually like for the following line */ @@ -35,6 +116,12 @@ ; for (i = 0; i < 1;) ; + for (;;) + for (; i < n; i++) + for (;; p++) + ; + for (;;) ; /* should not trigger: space before ';' */ + lab: ; /* should not trigger: space before ';' */ #if X if (1) /* bad style: just part of control structure depends on #if */ @@ -153,6 +240,12 @@ /* should not trigger: constant on LHS of comparison or assignment operator */ X509 *x509 = NULL; int y = a + 1 < b; +int ret, was_NULL = *certs == NULL; + +/* should not trigger: no space before binary ... operator */ +float z = 1e-6 * (-1) * b[+6] * 1e+1 * (a)->f * (long)+1 + - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9); +struct st = {-1, 0}; const OPTIONS passwd_options[] = { {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"}, @@ -175,6 +268,7 @@ typedef OSSL_CMP_MSG *(*cmp_srv_process_cb_t) (OSSL_CMP_SRV_CTX *ctx, OSSL_CMP_MSG *msg) xx; + int f() { c; diff -Nru openssl-3.0.5/util/check-format-test-positives.c openssl-3.0.7/util/check-format-test-positives.c --- openssl-3.0.5/util/check-format-test-positives.c 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/check-format-test-positives.c 2022-11-01 14:14:36.000000000 +0000 @@ -1,7 +1,6 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. - * Copyright Nokia 2007-2019 - * Copyright Siemens AG 2015-2019 + * Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright Siemens AG 2015-2022 * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -73,8 +72,8 @@ int f (int a, /*@ space after fn before '(', reported unless sloppy-spc */ int b, /*@ hanging expr indent off by -1 */ long I) /*@ single-letter name 'I' */ -{ int /*@ code after '{' opening a block */ - xx = 1) + /*@ unexpected closing parenthesis */ +{ int x; /*@ code after '{' opening a block */ + int xx = 1) + /*@ unexpected closing parenthesis */ 0L < /*@ constant on LHS of comparison operator */ a] - /*@ unexpected closing bracket */ 3: * /*@ unexpected ':' (without preceding '?') within expr */ @@ -85,8 +84,11 @@ (xx /*@0 unclosed parenthesis in expression */ ? y /*@0 unclosed '? (conditional expression) */ [0; /*@4 unclosed bracket in expression */ - s_type s; /*@ local variable declaration indent off by -1 */ - somefunc(a, /*@ statement indent off by -1 */ + /*@ blank line within local decls */ + s_type s; /*@2 local variable declaration indent off by -1 */ + t_type t; /*@ local variable declaration indent again off by -1 */ + /* */ /*@0 missing blank line after local decls */ + somefunc(a, /*@2 statement indent off by -1 */ "aligned" /*@ expr indent off by -2 accepted if sloppy-hang */ "right" , b, /*@ expr indent off by -1 */ b, /*@ expr indent as on line above, accepted if sloppy-hang */ @@ -338,11 +340,11 @@ ; - ; /*@ 2 essentially empty lines before, if !sloppy-spc */ + ; /*@ 2 essentially blank lines before, if !sloppy-spc */ } /*@ function body length > 200 lines */ #if 0 /*@0 unclosed #if */ struct t { /*@0 unclosed brace at decl/block level */ enum { /*@0 unclosed brace at enum/expression level */ v = (1 /*@0 unclosed parenthesis */ - etyp /*@0 empty line follows just before EOF, if !sloppy-spc: */ + etyp /*@0 blank line follows just before EOF, if !sloppy-spc: */ diff -Nru openssl-3.0.5/util/missingcrypto.txt openssl-3.0.7/util/missingcrypto.txt --- openssl-3.0.5/util/missingcrypto.txt 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/missingcrypto.txt 2022-11-01 14:14:36.000000000 +0000 @@ -635,8 +635,6 @@ EVP_CIPHER_set_asn1_iv(3) EVP_MD_do_all(3) EVP_MD_do_all_sorted(3) -EVP_PBE_alg_add(3) -EVP_PBE_alg_add_type(3) EVP_PBE_cleanup(3) EVP_PBE_get(3) EVP_PKEY_CTX_get0_peerkey(3) @@ -811,9 +809,6 @@ OPENSSL_LH_strhash(3) OPENSSL_asc2uni(3) OPENSSL_die(3) -OPENSSL_gmtime(3) -OPENSSL_gmtime_adj(3) -OPENSSL_gmtime_diff(3) OPENSSL_init(3) OPENSSL_isservice(3) OPENSSL_issetugid(3) @@ -888,8 +883,6 @@ PKCS7_add_attrib_content_type(3) PKCS7_add_attrib_smimecap(3) PKCS7_add_attribute(3) -PKCS7_add_certificate(3) -PKCS7_add_crl(3) PKCS7_add_recipient(3) PKCS7_add_recipient_info(3) PKCS7_add_signature(3) @@ -1327,7 +1320,6 @@ X509_get_default_private_dir(3) X509_get_pubkey_parameters(3) X509_get_signature_type(3) -X509_gmtime_adj(3) X509_issuer_and_serial_hash(3) X509_issuer_name_hash(3) X509_issuer_name_hash_old(3) diff -Nru openssl-3.0.5/util/perl/OpenSSL/config.pm openssl-3.0.7/util/perl/OpenSSL/config.pm --- openssl-3.0.5/util/perl/OpenSSL/config.pm 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/perl/OpenSSL/config.pm 2022-11-01 14:14:36.000000000 +0000 @@ -15,8 +15,10 @@ use warnings; use Getopt::Std; use File::Basename; +use File::Spec; use IPC::Cmd; use POSIX; +use Config; use Carp; # These control our behavior. @@ -32,6 +34,7 @@ my $VERSION; my $CCVENDOR; my $CCVER; +my $CL_ARCH; my $GCC_BITS; my $GCC_ARCH; @@ -49,12 +52,15 @@ my @cc_version = ( clang => sub { + return undef unless IPC::Cmd::can_run("$CROSS_COMPILE$CC"); my $v = `$CROSS_COMPILE$CC -v 2>&1`; $v =~ m/(?:(?:clang|LLVM) version|.*based on LLVM)\s+([0-9]+\.[0-9]+)/; return $1; }, gnu => sub { - my $v = `$CROSS_COMPILE$CC -dumpversion 2>/dev/null`; + return undef unless IPC::Cmd::can_run("$CROSS_COMPILE$CC"); + my $nul = File::Spec->devnull(); + my $v = `$CROSS_COMPILE$CC -dumpversion 2> $nul`; # Strip off whatever prefix egcs prepends the number with. # Hopefully, this will work for any future prefixes as well. $v =~ s/^[a-zA-Z]*\-//; @@ -159,6 +165,12 @@ [ 'CYGWIN.*', '${MACHINE}-pc-cygwin' ], [ 'vxworks.*', '${MACHINE}-whatever-vxworks' ], + # The MACHINE part of the array POSIX::uname() returns on VMS isn't + # worth the bits wasted on it. It's better, then, to rely on perl's + # %Config, which has a trustworthy item 'archname', especially since + # VMS installation aren't multiarch (yet) + [ 'OpenVMS:.*', "$Config{archname}-whatever-OpenVMS" ], + # Note: there's also NEO and NSR, but they are old and unsupported [ 'NONSTOP_KERNEL:.*:NSE-.*?', 'nse-tandem-nsk${RELEASE}' ], [ 'NONSTOP_KERNEL:.*:NSV-.*?', 'nsv-tandem-nsk${RELEASE}' ], @@ -378,6 +390,22 @@ $CCVER = $v; } } + + # 'Windows NT' is the system name according to POSIX::uname()! + if ( $SYSTEM eq "Windows NT" ) { + # favor vendor cl over gcc + if (IPC::Cmd::can_run('cl')) { + $CC = 'cl'; + $CCVENDOR = ''; # Determine later + $CCVER = 0; + + my $v = `cl 2>&1`; + if ( $v =~ /Microsoft .* Version ([0-9\.]+) for (x86|x64|ARM|ia64)/ ) { + $CCVER = $1; + $CL_ARCH = $2; + } + } + } } # If no C compiler has been determined at this point, we die. Hard. @@ -876,22 +904,43 @@ } else { $config{disable} = [ 'asm' ]; } - return %config; + return { %config }; } ], # Windows values found by looking at Perl 5's win32/win32.c - [ 'amd64-.*?-Windows NT', { target => 'VC-WIN64A' } ], - [ 'ia64-.*?-Windows NT', { target => 'VC-WIN64I' } ], - [ 'x86-.*?-Windows NT', { target => 'VC-WIN32' } ], + [ '(amd64|ia64|x86|ARM)-.*?-Windows NT', + sub { + # If we determined the arch by asking cl, take that value, + # otherwise the SYSTEM we got from from POSIX::uname(). + my $arch = $CL_ARCH // $1; + my $config; + + if ($arch) { + $config = { 'amd64' => { target => 'VC-WIN64A' }, + 'ia64' => { target => 'VC-WIN64I' }, + 'x86' => { target => 'VC-WIN32' }, + 'x64' => { target => 'VC-WIN64A' }, + 'ARM' => { target => 'VC-WIN64-ARM' }, + } -> {$arch}; + die <<_____ unless defined $config; +ERROR +I do not know how to handle ${arch}. +_____ + } + die <<_____ unless defined $config; +ERROR +Could not figure out the architecture. +_____ + + return $config; + } + ], # VMS values found by observation on existing machinery. - # Unfortunately, the machine part is a bit... overdone. It seems, - # though, that 'Alpha' exists in that part for Alphas, making it - # distinguishable from Itanium. It will be interesting to see what - # we'll get in the upcoming x86_64 port... - [ '.*Alpha.*?-.*?-OpenVMS', { target => 'vms-alpha' } ], - [ '.*?-.*?-OpenVMS', { target => 'vms-ia64' } ], + [ 'VMS_AXP-.*?-OpenVMS', { target => 'vms-alpha' } ], + [ 'VMS_IA64-.*?-OpenVMS', { target => 'vms-ia64' } ], + [ 'VMS_x86_64-.*?-OpenVMS', { target => 'vms-x86_64' } ], # TODO: There are a few more choices among OpenSSL config targets, but # reaching them involves a bit more than just a host tripet. Select diff -Nru openssl-3.0.5/util/wrap.pl.in openssl-3.0.7/util/wrap.pl.in --- openssl-3.0.5/util/wrap.pl.in 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/util/wrap.pl.in 2022-11-01 14:14:36.000000000 +0000 @@ -68,7 +68,10 @@ die "wrap.pl: Failed to execute '", join(' ', @cmd), "': $!\n" if $waitcode == -1; -# When the subprocess aborted on a signal, mimic what Unix shells do, by +# When the subprocess aborted on a signal, we simply raise the same signal. +kill(($? & 255) => $$) if ($? & 255) != 0; + +# If that didn't stop this script, mimic what Unix shells do, by # converting the signal code to an exit code by setting the high bit. # This only happens on Unix flavored operating systems, the others don't # have this sort of signaling to date, and simply leave the low byte zero. diff -Nru openssl-3.0.5/VERSION.dat openssl-3.0.7/VERSION.dat --- openssl-3.0.5/VERSION.dat 2022-07-05 08:57:04.000000000 +0000 +++ openssl-3.0.7/VERSION.dat 2022-11-01 14:14:36.000000000 +0000 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=5 +PATCH=7 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="5 Jul 2022" +RELEASE_DATE="1 Nov 2022" SHLIB_VERSION=3