diff -Nru openssl-3.0.7/apps/cmp.c openssl-3.0.8/apps/cmp.c --- openssl-3.0.7/apps/cmp.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/cmp.c 2023-02-07 14:43:33.000000000 +0100 @@ -2689,8 +2689,8 @@ (void)OSSL_CMP_CTX_set1_senderNonce(srv_cmp_ctx, NULL); } if (!ret || !keep_alive - || OSSL_CMP_CTX_get_status(srv_cmp_ctx) == -1 - /* transaction closed by OSSL_CMP_CTX_server_perform() */) { + || OSSL_CMP_CTX_get_status(srv_cmp_ctx) != OSSL_CMP_PKISTATUS_trans + /* transaction closed by OSSL_CMP_CTX_server_perform() */) { BIO_free_all(cbio); cbio = NULL; } @@ -2702,6 +2702,35 @@ } #endif +static void print_status(void) +{ + /* print PKIStatusInfo */ + int status = OSSL_CMP_CTX_get_status(cmp_ctx); + char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); + const char *string = + OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, OSSL_CMP_PKISI_BUFLEN); + const char *from = "", *server = ""; + +#ifndef OPENSSL_NO_SOCK + if (opt_server != NULL) { + from = " from "; + server = opt_server; + } +#endif + CMP_print(bio_err, + status == OSSL_CMP_PKISTATUS_accepted + ? OSSL_CMP_LOG_INFO : + status == OSSL_CMP_PKISTATUS_rejection + || status == OSSL_CMP_PKISTATUS_waiting + ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING, + status == OSSL_CMP_PKISTATUS_accepted ? "info" : + status == OSSL_CMP_PKISTATUS_rejection ? "server error" : + status == OSSL_CMP_PKISTATUS_waiting ? "internal error" + : "warning", "received%s%s %s", from, server, + string != NULL ? string : ""); + OPENSSL_free(buf); +} + int cmp_main(int argc, char **argv) { char *configfile = NULL; @@ -2924,39 +2953,10 @@ default: break; } - if (OSSL_CMP_CTX_get_status(cmp_ctx) < 0) + if (OSSL_CMP_CTX_get_status(cmp_ctx) < OSSL_CMP_PKISTATUS_accepted) goto err; /* we got no response, maybe even did not send request */ - { - /* print PKIStatusInfo */ - int status = OSSL_CMP_CTX_get_status(cmp_ctx); - char *buf = app_malloc(OSSL_CMP_PKISI_BUFLEN, "PKIStatusInfo buf"); - const char *string = - OSSL_CMP_CTX_snprint_PKIStatus(cmp_ctx, buf, - OSSL_CMP_PKISI_BUFLEN); - const char *from = "", *server = ""; - -#ifndef OPENSSL_NO_SOCK - if (opt_server != NULL) { - from = " from "; - server = opt_server; - } -#endif - CMP_print(bio_err, - status == OSSL_CMP_PKISTATUS_accepted - ? OSSL_CMP_LOG_INFO : - status == OSSL_CMP_PKISTATUS_rejection - || status == OSSL_CMP_PKISTATUS_waiting - ? OSSL_CMP_LOG_ERR : OSSL_CMP_LOG_WARNING, - status == OSSL_CMP_PKISTATUS_accepted ? "info" : - status == OSSL_CMP_PKISTATUS_rejection ? "server error" : - status == OSSL_CMP_PKISTATUS_waiting ? "internal error" - : "warning", - "received%s%s %s", from, server, - string != NULL ? string : ""); - OPENSSL_free(buf); - } - + print_status(); if (save_free_certs(cmp_ctx, OSSL_CMP_CTX_get1_extraCertsIn(cmp_ctx), opt_extracertsout, "extra") < 0) ret = 0; diff -Nru openssl-3.0.7/apps/dgst.c openssl-3.0.8/apps/dgst.c --- openssl-3.0.7/apps/dgst.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/dgst.c 2023-02-07 14:43:33.000000000 +0100 @@ -114,6 +114,8 @@ buf = app_malloc(BUFSIZE, "I/O buffer"); md = (EVP_MD *)EVP_get_digestbyname(argv[0]); + if (md != NULL) + digestname = argv[0]; prog = opt_init(argc, argv, dgst_options); while ((o = opt_next()) != OPT_EOF) { diff -Nru openssl-3.0.7/apps/lib/apps.c openssl-3.0.8/apps/lib/apps.c --- openssl-3.0.7/apps/lib/apps.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/lib/apps.c 2023-02-07 14:43:33.000000000 +0100 @@ -308,6 +308,7 @@ pwdbio = BIO_push(btmp, pwdbio); #endif } else if (strcmp(arg, "stdin") == 0) { + unbuffer(stdin); pwdbio = dup_bio_in(FORMAT_TEXT); if (pwdbio == NULL) { BIO_printf(bio_err, "Can't open BIO for stdin\n"); @@ -3378,14 +3379,6 @@ { int provider_options = opt_provider_option_given(); int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL; -#ifndef OPENSSL_NO_ENGINE - ENGINE *e = ENGINE_get_first(); - - if (e != NULL) { - ENGINE_free(e); - return 1; - } -#endif /* * Having a provider option specified or a custom library context or * property query, is a sure sign we're not using legacy. diff -Nru openssl-3.0.7/apps/lib/cmp_mock_srv.c openssl-3.0.8/apps/lib/cmp_mock_srv.c --- openssl-3.0.7/apps/lib/cmp_mock_srv.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/lib/cmp_mock_srv.c 2023-02-07 14:43:33.000000000 +0100 @@ -301,7 +301,7 @@ ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); return 0; } - if (ctx->sendError) { + if (sk_OSSL_CMP_ITAV_num(in) > 1 || ctx->sendError) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); return 0; } diff -Nru openssl-3.0.7/apps/ocsp.c openssl-3.0.8/apps/ocsp.c --- openssl-3.0.7/apps/ocsp.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/ocsp.c 2023-02-07 14:43:33.000000000 +0100 @@ -724,6 +724,8 @@ make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey, rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig, resp_certid_md); + if (resp == NULL) + goto end; if (cbio != NULL) send_ocsp_response(cbio, resp); } else if (host != NULL) { diff -Nru openssl-3.0.7/apps/pkey.c openssl-3.0.8/apps/pkey.c --- openssl-3.0.7/apps/pkey.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/pkey.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -250,7 +250,7 @@ goto end; } - if (check) + if (check && !pubin) r = EVP_PKEY_check(ctx); else r = EVP_PKEY_public_check(ctx); diff -Nru openssl-3.0.7/apps/rsautl.c openssl-3.0.8/apps/rsautl.c --- openssl-3.0.7/apps/rsautl.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/rsautl.c 2023-02-07 14:43:33.000000000 +0100 @@ -243,25 +243,25 @@ switch (rsa_mode) { case RSA_VERIFY: - rv = EVP_PKEY_verify_recover_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) + rv = EVP_PKEY_verify_recover_init(ctx) > 0 + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0 && EVP_PKEY_verify_recover(ctx, rsa_out, &rsa_outlen, - rsa_in, rsa_inlen); + rsa_in, rsa_inlen) > 0; break; case RSA_SIGN: - rv = EVP_PKEY_sign_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); + rv = EVP_PKEY_sign_init(ctx) > 0 + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0 + && EVP_PKEY_sign(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0; break; case RSA_ENCRYPT: - rv = EVP_PKEY_encrypt_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); + rv = EVP_PKEY_encrypt_init(ctx) > 0 + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0 + && EVP_PKEY_encrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0; break; case RSA_DECRYPT: - rv = EVP_PKEY_decrypt_init(ctx) - && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) - && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen); + rv = EVP_PKEY_decrypt_init(ctx) > 0 + && EVP_PKEY_CTX_set_rsa_padding(ctx, pad) > 0 + && EVP_PKEY_decrypt(ctx, rsa_out, &rsa_outlen, rsa_in, rsa_inlen) > 0; break; } diff -Nru openssl-3.0.7/apps/speed.c openssl-3.0.8/apps/speed.c --- openssl-3.0.7/apps/speed.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/speed.c 2023-02-07 14:43:33.000000000 +0100 @@ -2624,11 +2624,11 @@ * code, for maximum performance. */ if ((test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) == NULL /* test ctx from skeyB */ - || !EVP_PKEY_derive_init(test_ctx) /* init derivation test_ctx */ - || !EVP_PKEY_derive_set_peer(test_ctx, key_A) /* set peer pubkey in test_ctx */ - || !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) /* determine max length */ - || !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) /* compute a*B */ - || !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) /* compute b*A */ + || EVP_PKEY_derive_init(test_ctx) <= 0 /* init derivation test_ctx */ + || EVP_PKEY_derive_set_peer(test_ctx, key_A) <= 0 /* set peer pubkey in test_ctx */ + || EVP_PKEY_derive(test_ctx, NULL, &test_outlen) <= 0 /* determine max length */ + || EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) <= 0 /* compute a*B */ + || EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) <= 0 /* compute b*A */ || test_outlen != outlen /* compare output length */) { ecdh_checks = 0; BIO_printf(bio_err, "ECDH computation failure.\n"); @@ -3059,10 +3059,10 @@ ffdh_checks = 0; break; } - if (!EVP_PKEY_derive_init(test_ctx) || - !EVP_PKEY_derive_set_peer(test_ctx, pkey_A) || - !EVP_PKEY_derive(test_ctx, NULL, &test_out) || - !EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) || + if (EVP_PKEY_derive_init(test_ctx) <= 0 || + EVP_PKEY_derive_set_peer(test_ctx, pkey_A) <= 0 || + EVP_PKEY_derive(test_ctx, NULL, &test_out) <= 0 || + EVP_PKEY_derive(test_ctx, loopargs[i].secret_ff_b, &test_out) <= 0 || test_out != secret_size) { BIO_printf(bio_err, "FFDH computation failure.\n"); op_count = 1; @@ -3456,7 +3456,12 @@ char buf[1024]; char *p; - f = fdopen(fds[n], "r"); + if ((f = fdopen(fds[n], "r")) == NULL) { + BIO_printf(bio_err, "fdopen failure with 0x%x\n", + errno); + OPENSSL_free(fds); + return 1; + } while (fgets(buf, sizeof(buf), f)) { p = strchr(buf, '\n'); if (p) diff -Nru openssl-3.0.7/apps/s_server.c openssl-3.0.8/apps/s_server.c --- openssl-3.0.7/apps/s_server.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/s_server.c 2023-02-07 14:43:33.000000000 +0100 @@ -3069,7 +3069,7 @@ } /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io, bufsize)) + if (BIO_set_write_buffer_size(io, bufsize) <= 0) goto err; if ((con = SSL_new(ctx)) == NULL) @@ -3505,7 +3505,7 @@ goto err; /* lets make the output buffer a reasonable size */ - if (!BIO_set_write_buffer_size(io, bufsize)) + if (BIO_set_write_buffer_size(io, bufsize) <= 0) goto err; if ((con = SSL_new(ctx)) == NULL) diff -Nru openssl-3.0.7/apps/storeutl.c openssl-3.0.8/apps/storeutl.c --- openssl-3.0.7/apps/storeutl.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/apps/storeutl.c 2023-02-07 14:43:33.000000000 +0100 @@ -163,8 +163,7 @@ break; case OPT_CRITERION_ISSUER: if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - && issuer != NULL)) { + && criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) { BIO_printf(bio_err, "%s: criterion already given.\n", prog); goto end; @@ -181,8 +180,7 @@ break; case OPT_CRITERION_SERIAL: if (criterion != 0 - || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL - && serial != NULL)) { + && criterion != OSSL_STORE_SEARCH_BY_ISSUER_SERIAL) { BIO_printf(bio_err, "%s: criterion already given.\n", prog); goto end; diff -Nru openssl-3.0.7/CHANGES.md openssl-3.0.8/CHANGES.md --- openssl-3.0.7/CHANGES.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/CHANGES.md 2023-02-07 14:43:33.000000000 +0100 @@ -28,6 +28,169 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod +### Changes between 3.0.7 and 3.0.8 [7 Feb 2023] + + * Fixed NULL dereference during PKCS7 data verification. + + A NULL pointer can be dereferenced when signatures are being + verified on PKCS7 signed or signedAndEnveloped data. In case the hash + algorithm used for the signature is known to the OpenSSL library but + the implementation of the hash algorithm is not available the digest + initialization will fail. There is a missing check for the return + value from the initialization function which later leads to invalid + usage of the digest API most likely leading to a crash. + ([CVE-2023-0401]) + + PKCS7 data is processed by the SMIME library calls and also by the + time stamp (TS) library calls. The TLS implementation in OpenSSL does + not call these functions however third party applications would be + affected if they call these functions to verify signatures on untrusted + data. + + *Tomáš Mráz* + + * Fixed X.400 address type confusion in X.509 GeneralName. + + There is a type confusion vulnerability relating to X.400 address processing + inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING + but the public structure definition for GENERAL_NAME incorrectly specified + the type of the x400Address field as ASN1_TYPE. This field is subsequently + interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather + than an ASN1_STRING. + + When CRL checking is enabled (i.e. the application sets the + X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to + pass arbitrary pointers to a memcmp call, enabling them to read memory + contents or enact a denial of service. + ([CVE-2023-0286]) + + *Hugo Landau* + + * Fixed NULL dereference validating DSA public key. + + An invalid pointer dereference on read can be triggered when an + application tries to check a malformed DSA public key by the + EVP_PKEY_public_check() function. This will most likely lead + to an application crash. This function can be called on public + keys supplied from untrusted sources which could allow an attacker + to cause a denial of service attack. + + The TLS implementation in OpenSSL does not call this function + but applications might call the function if there are additional + security requirements imposed by standards such as FIPS 140-3. + ([CVE-2023-0217]) + + *Shane Lontis, Tomáš Mráz* + + * Fixed Invalid pointer dereference in d2i_PKCS7 functions. + + An invalid pointer dereference on read can be triggered when an + application tries to load malformed PKCS7 data with the + d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. + + The result of the dereference is an application crash which could + lead to a denial of service attack. The TLS implementation in OpenSSL + does not call this function however third party applications might + call these functions on untrusted data. + ([CVE-2023-0216]) + + *Tomáš Mráz* + + * Fixed Use-after-free following BIO_new_NDEF. + + The public API function BIO_new_NDEF is a helper function used for + streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL + to support the SMIME, CMS and PKCS7 streaming capabilities, but may also + be called directly by end user applications. + + The function receives a BIO from the caller, prepends a new BIO_f_asn1 + filter BIO onto the front of it to form a BIO chain, and then returns + the new head of the BIO chain to the caller. Under certain conditions, + for example if a CMS recipient public key is invalid, the new filter BIO + is freed and the function returns a NULL result indicating a failure. + However, in this case, the BIO chain is not properly cleaned up and the + BIO passed by the caller still retains internal pointers to the previously + freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO + then a use-after-free will occur. This will most likely result in a crash. + ([CVE-2023-0215]) + + *Viktor Dukhovni, Matt Caswell* + + * Fixed Double free after calling PEM_read_bio_ex. + + The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and + decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload + data. If the function succeeds then the "name_out", "header" and "data" + arguments are populated with pointers to buffers containing the relevant + decoded data. The caller is responsible for freeing those buffers. It is + possible to construct a PEM file that results in 0 bytes of payload data. + In this case PEM_read_bio_ex() will return a failure code but will populate + the header argument with a pointer to a buffer that has already been freed. + If the caller also frees this buffer then a double free will occur. This + will most likely lead to a crash. + + The functions PEM_read_bio() and PEM_read() are simple wrappers around + PEM_read_bio_ex() and therefore these functions are also directly affected. + + These functions are also called indirectly by a number of other OpenSSL + functions including PEM_X509_INFO_read_bio_ex() and + SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL + internal uses of these functions are not vulnerable because the caller does + not free the header argument if PEM_read_bio_ex() returns a failure code. + ([CVE-2022-4450]) + + *Kurt Roeckx, Matt Caswell* + + * Fixed Timing Oracle in RSA Decryption. + + A timing based side channel exists in the OpenSSL RSA Decryption + implementation which could be sufficient to recover a plaintext across + a network in a Bleichenbacher style attack. To achieve a successful + decryption an attacker would have to be able to send a very large number + of trial messages for decryption. The vulnerability affects all RSA padding + modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. + ([CVE-2022-4304]) + + *Dmitry Belyavsky, Hubert Kario* + + * Fixed X.509 Name Constraints Read Buffer Overflow. + + A read buffer overrun can be triggered in X.509 certificate verification, + specifically in name constraint checking. The read buffer overrun might + result in a crash which could lead to a denial of service attack. + In a TLS client, this can be triggered by connecting to a malicious + server. In a TLS server, this can be triggered if the server requests + client authentication and a malicious client connects. + ([CVE-2022-4203]) + + *Viktor Dukhovni* + + * Fixed X.509 Policy Constraints Double Locking security issue. + + If an X.509 certificate contains a malformed policy constraint and + policy processing is enabled, then a write lock will be taken twice + recursively. On some operating systems (most widely: Windows) this + results in a denial of service when the affected process hangs. Policy + processing being enabled on a publicly facing server is not considered + to be a common setup. + ([CVE-2022-3996]) + + *Paul Dale* + + * Our provider implementations of `OSSL_FUNC_KEYMGMT_EXPORT` and + `OSSL_FUNC_KEYMGMT_GET_PARAMS` for EC and SM2 keys now honor + `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` as set (and + default to `POINT_CONVERSION_UNCOMPRESSED`) when exporting + `OSSL_PKEY_PARAM_PUB_KEY`, instead of unconditionally using + `POINT_CONVERSION_COMPRESSED` as in previous 3.x releases. + For symmetry, our implementation of `EVP_PKEY_ASN1_METHOD->export_to` + for legacy EC and SM2 keys is also changed similarly to honor the + equivalent conversion format flag as specified in the underlying + `EC_KEY` object being exported to a provider, when this function is + called through `EVP_PKEY_export()`. + + *Nicola Tuveri* + ### Changes between 3.0.6 and 3.0.7 [1 Nov 2022] * Fixed two buffer overflows in punycode decoding functions. @@ -19226,7 +19389,7 @@ *Ralf S. Engelschall* * Incorporated the popular no-RSA/DSA-only patches - which allow to compile a RSA-free SSLeay. + which allow to compile an RSA-free SSLeay. *Andrew Cooke / Interrader Ldt., Ralf S. Engelschall* @@ -19415,6 +19578,15 @@ +[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 +[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 +[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 +[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 +[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 +[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 +[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 +[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 +[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 diff -Nru openssl-3.0.7/configdata.pm.in openssl-3.0.8/configdata.pm.in --- openssl-3.0.7/configdata.pm.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/configdata.pm.in 2023-02-07 14:43:33.000000000 +0100 @@ -91,7 +91,7 @@ # We do that in two steps, where the first step emits perl # snipets. - my $buildfile = $target{build_file}; + my $buildfile = $config{build_file}; my $buildfile_template = "$buildfile.in"; my @autowarntext = ( 'WARNING: do not edit!', diff -Nru openssl-3.0.7/Configurations/descrip.mms.tmpl openssl-3.0.8/Configurations/descrip.mms.tmpl --- openssl-3.0.7/Configurations/descrip.mms.tmpl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/Configurations/descrip.mms.tmpl 2023-02-07 14:43:33.000000000 +0100 @@ -984,7 +984,8 @@ $target : $gen0 $deps $mkdef \$(PERL) $mkdef$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name "--OS" "VMS"$case_insensitive > $target EOF - } elsif (platform->isasm($args{src})) { + } elsif (platform->isasm($args{src}) + || platform->iscppasm($args{src})) { # # Assembler generator # @@ -994,7 +995,9 @@ dso => "$dso_cflags $dso_cppflags", bin => "$bin_cflags $bin_cppflags" } -> {$args{intent}}; my $defs = join("", map { ",".$_ } @{$args{defs}}); - my $target = platform->asm($args{src}); + my $target = platform->isasm($args{src}) + ? platform->asm($args{src}) + : $args{src}; my $generator; if ($gen0 =~ /\.pl$/) { @@ -1007,21 +1010,6 @@ } if (defined($generator)) { - # If the target is named foo.S in build.info, we want to - # end up generating foo.s in two steps. - if ($args{src} =~ /\.S$/) { - return <<"EOF"; -$target : $gen0 $deps - $generator \$\@-S - \@ extradefines = "$defs" - PIPE \$(CPP) $cppflags \$\@-S | - - \$(PERL) -ne "/^#(\\s*line)?\\s*[0-9]+\\s+""/ or print" > \$\@-i - \@ DELETE/SYMBOL/LOCAL extradefines - RENAME \$\@-i \$\@ - DELETE \$\@-S; -EOF - } - # Otherwise.... return <<"EOF"; $target : $gen0 $deps \@ extradefines = "$defs" diff -Nru openssl-3.0.7/Configurations/platform/BASE.pm openssl-3.0.8/Configurations/platform/BASE.pm --- openssl-3.0.7/Configurations/platform/BASE.pm 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/Configurations/platform/BASE.pm 2023-02-07 14:43:33.000000000 +0100 @@ -42,7 +42,7 @@ sub obj { return __base($_[1], '.o') . $_[0]->objext() } sub res { return __base($_[1], '.res') . $_[0]->resext() } sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname -sub asm { return __base($_[1], '.S', '.s') . $_[0]->asmext() } +sub asm { return __base($_[1], '.s') . $_[0]->asmext() } # Another set of convenience functions for standard checks of certain # internal extensions and conversion from internal to platform specific @@ -51,7 +51,8 @@ sub isdef { return $_[1] =~ m|\.ld$|; } sub isobj { return $_[1] =~ m|\.o$|; } sub isres { return $_[1] =~ m|\.res$|; } -sub isasm { return $_[1] =~ m|\.[Ss]$|; } +sub isasm { return $_[1] =~ m|\.s$|; } +sub iscppasm { return $_[1] =~ m|\.S$|; } sub isstaticlib { return $_[1] =~ m|\.a$|; } sub convertext { if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); } diff -Nru openssl-3.0.7/Configurations/unix-Makefile.tmpl openssl-3.0.8/Configurations/unix-Makefile.tmpl --- openssl-3.0.7/Configurations/unix-Makefile.tmpl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/Configurations/unix-Makefile.tmpl 2023-02-07 14:43:33.000000000 +0100 @@ -1552,7 +1552,8 @@ $target: $gen0 $deps \$(SRCDIR)/util/mkdef.pl \$(PERL) \$(SRCDIR)/util/mkdef.pl$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS $mkdef_os > $target EOF - } elsif (platform->isasm($args{src})) { + } elsif (platform->isasm($args{src}) + || platform->iscppasm($args{src})) { # # Assembler generator # diff -Nru openssl-3.0.7/Configurations/windows-makefile.tmpl openssl-3.0.8/Configurations/windows-makefile.tmpl --- openssl-3.0.7/Configurations/windows-makefile.tmpl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/Configurations/windows-makefile.tmpl 2023-02-07 14:43:33.000000000 +0100 @@ -747,7 +747,8 @@ $target: $gen0 $deps $mkdef "\$(PERL)" "$mkdef"$ord_ver --type $args{intent} --ordinals $gen0 --name $ord_name --OS windows > $target EOF - } elsif (platform->isasm($args{src})) { + } elsif (platform->isasm($args{src}) + || platform->iscppasm($args{src})) { # # Assembler generator # @@ -757,7 +758,9 @@ dso => '$(DSO_CFLAGS) $(DSO_CPPFLAGS)', bin => '$(BIN_CFLAGS) $(BIN_CPPFLAGS)' } -> {$args{intent}}; - my $target = platform->asm($args{src}); + my $target = platform->isasm($args{src}) + ? platform->asm($args{src}) + : $args{src}; my $generator; if ($gen0 =~ /\.pl$/) { @@ -770,18 +773,6 @@ } if (defined($generator)) { - # If the target is named foo.S in build.info, we want to - # end up generating foo.s in two steps. - if ($args{src} =~ /\.S$/) { - return <<"EOF"; -$target: "$gen0" $deps - cmd /C "set "ASM=\$(AS)" & $generator \$@.S" - \$(CPP) $incs $cppflags $defs \$@.S > \$@.i - move /Y \$@.i \$@ - del /Q \$@.S -EOF - } - # Otherwise.... return <<"EOF"; $target: "$gen0" $deps cmd /C "set "ASM=\$(AS)" & $generator \$@" diff -Nru openssl-3.0.7/Configure openssl-3.0.8/Configure --- openssl-3.0.7/Configure 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/Configure 2023-02-07 14:43:33.000000000 +0100 @@ -1,6 +1,6 @@ #! /usr/bin/env perl # -*- mode: perl; -*- -# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -1394,7 +1394,7 @@ my ($builder, $builder_platform, @builder_opts) = @{$target{build_scheme}}; -foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", +foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm", $builder_platform."-checker.pm")) { my $checker_path = catfile($srcdir, "Configurations", $checker); if (-f $checker_path) { @@ -1867,8 +1867,8 @@ # Store the name of the template file we will build the build file from # in %config. This may be useful for the build file itself. my @build_file_template_names = - ( $builder_platform."-".$target{build_file}.".tmpl", - $target{build_file}.".tmpl" ); + ( $builder_platform."-".$config{build_file}.".tmpl", + $config{build_file}.".tmpl" ); my @build_file_templates = (); # First, look in the user provided directory, if given @@ -2885,7 +2885,7 @@ # sub death_handler { die @_ if $^S; # To prevent the added message in eval blocks - my $build_file = $target{build_file} // "build file"; + my $build_file = $config{build_file} // "build file"; my @message = ( <<"_____", @_ ); Failure! $build_file wasn't produced. diff -Nru openssl-3.0.7/crypto/asn1/asn_mime.c openssl-3.0.8/crypto/asn1/asn_mime.c --- openssl-3.0.7/crypto/asn1/asn_mime.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/asn1/asn_mime.c 2023-02-07 14:43:33.000000000 +0100 @@ -515,6 +515,7 @@ char eol; int len; char linebuf[MAX_SMLEN]; + int ret; /* * Buffer output so we don't write one line at a time. This is useful * when streaming as we don't end up with one OCTET STRING per line. @@ -552,9 +553,12 @@ } } } - (void)BIO_flush(out); + ret = BIO_flush(out); BIO_pop(out); BIO_free(bf); + if (ret <= 0) + return 0; + return 1; } diff -Nru openssl-3.0.7/crypto/asn1/bio_asn1.c openssl-3.0.8/crypto/asn1/bio_asn1.c --- openssl-3.0.7/crypto/asn1/bio_asn1.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/asn1/bio_asn1.c 2023-02-07 14:43:33.000000000 +0100 @@ -172,7 +172,7 @@ case ASN1_STATE_START: if (!asn1_bio_setup_ex(b, ctx, ctx->prefix, ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER)) - return 0; + return -1; break; /* Copy any pre data first */ @@ -189,7 +189,7 @@ case ASN1_STATE_HEADER: ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl; if (!ossl_assert(ctx->buflen <= ctx->bufsize)) - return 0; + return -1; p = ctx->buf; ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class); ctx->copylen = inl; diff -Nru openssl-3.0.7/crypto/asn1/bio_ndef.c openssl-3.0.8/crypto/asn1/bio_ndef.c --- openssl-3.0.7/crypto/asn1/bio_ndef.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/asn1/bio_ndef.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,13 +49,19 @@ static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg); -/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */ +/* + * On success, the returned BIO owns the input BIO as part of its BIO chain. + * On failure, NULL is returned and the input BIO is owned by the caller. + * + * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() + */ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) { NDEF_SUPPORT *ndef_aux = NULL; BIO *asn_bio = NULL; const ASN1_AUX *aux = it->funcs; ASN1_STREAM_ARG sarg; + BIO *pop_bio = NULL; if (!aux || !aux->asn1_cb) { ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); @@ -70,21 +76,39 @@ out = BIO_push(asn_bio, out); if (out == NULL) goto err; + pop_bio = asn_bio; - BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free); - BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free); + if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0 + || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0 + || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) + goto err; /* - * Now let callback prepends any digest, cipher etc BIOs ASN1 structure - * needs. + * Now let the callback prepend any digest, cipher, etc., that the BIO's + * ASN1 structure needs. */ sarg.out = out; sarg.ndef_bio = NULL; sarg.boundary = NULL; - if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) + /* + * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the + * middle of some partially built, but not returned BIO chain. + */ + if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) { + /* + * ndef_aux is now owned by asn_bio so we must not free it in the err + * clean up block + */ + ndef_aux = NULL; goto err; + } + + /* + * We must not fail now because the callback has prepended additional + * BIOs to the chain + */ ndef_aux->val = val; ndef_aux->it = it; @@ -92,11 +116,11 @@ ndef_aux->boundary = sarg.boundary; ndef_aux->out = out; - BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux); - return sarg.ndef_bio; err: + /* BIO_pop() is NULL safe */ + (void)BIO_pop(pop_bio); BIO_free(asn_bio); OPENSSL_free(ndef_aux); return NULL; diff -Nru openssl-3.0.7/crypto/bf/build.info openssl-3.0.8/crypto/bf/build.info --- openssl-3.0.7/crypto/bf/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bf/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -17,7 +17,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # blowfish functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/bio/bf_buff.c openssl-3.0.8/crypto/bio/bf_buff.c --- openssl-3.0.7/crypto/bio/bf_buff.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bio/bf_buff.c 2023-02-07 14:43:33.000000000 +0100 @@ -383,8 +383,8 @@ break; case BIO_CTRL_DUP: dbio = (BIO *)ptr; - if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) || - !BIO_set_write_buffer_size(dbio, ctx->obuf_size)) + if (BIO_set_read_buffer_size(dbio, ctx->ibuf_size) <= 0 || + BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0) ret = 0; break; case BIO_CTRL_PEEK: diff -Nru openssl-3.0.7/crypto/bio/bf_lbuf.c openssl-3.0.8/crypto/bio/bf_lbuf.c --- openssl-3.0.7/crypto/bio/bf_lbuf.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bio/bf_lbuf.c 2023-02-07 14:43:33.000000000 +0100 @@ -284,7 +284,7 @@ break; case BIO_CTRL_DUP: dbio = (BIO *)ptr; - if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size)) + if (BIO_set_write_buffer_size(dbio, ctx->obuf_size) <= 0) ret = 0; break; default: diff -Nru openssl-3.0.7/crypto/bn/bn_blind.c openssl-3.0.8/crypto/bn/bn_blind.c --- openssl-3.0.7/crypto/bn/bn_blind.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/bn_blind.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -13,20 +13,6 @@ #define BN_BLINDING_COUNTER 32 -struct bn_blinding_st { - BIGNUM *A; - BIGNUM *Ai; - BIGNUM *e; - BIGNUM *mod; /* just a reference */ - CRYPTO_THREAD_ID tid; - int counter; - unsigned long flags; - BN_MONT_CTX *m_ctx; - int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); - CRYPTO_RWLOCK *lock; -}; - BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret = NULL; diff -Nru openssl-3.0.7/crypto/bn/bn_exp.c openssl-3.0.8/crypto/bn/bn_exp.c --- openssl-3.0.7/crypto/bn/bn_exp.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/bn_exp.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -36,6 +36,15 @@ /* maximum precomputation table size for *variable* sliding windows */ #define TABLE_SIZE 32 +/* + * Beyond this limit the constant time code is disabled due to + * the possible overflow in the computation of powerbufLen in + * BN_mod_exp_mont_consttime. + * When this limit is exceeded, the computation will be done using + * non-constant time code, but it will take very long. + */ +#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256) + /* this one works - simple but works */ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) { @@ -303,12 +312,6 @@ BIGNUM *val[TABLE_SIZE]; BN_MONT_CTX *mont = NULL; - if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 - || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) { - return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); - } - bn_check_top(a); bn_check_top(p); bn_check_top(m); @@ -317,6 +320,14 @@ ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS); return 0; } + + if (m->top <= BN_CONSTTIME_SIZE_LIMIT + && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(a, BN_FLG_CONSTTIME) != 0 + || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) { + return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); + } + bits = BN_num_bits(p); if (bits == 0) { /* x**0 mod 1, or x**0 mod -1 is still zero. */ @@ -615,6 +626,11 @@ top = m->top; + if (top > BN_CONSTTIME_SIZE_LIMIT) { + /* Prevent overflowing the powerbufLen computation below */ + return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont); + } + /* * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak * whether the top bits are zero. @@ -694,7 +710,7 @@ else #endif #if defined(OPENSSL_BN_ASM_MONT5) - if (window >= 5) { + if (window >= 5 && top <= BN_SOFT_LIMIT) { window = 5; /* ~5% improvement for RSA2048 sign, and even * for RSA4096 */ /* reserve space for mont->N.d[] copy */ @@ -755,6 +771,9 @@ if (!bn_to_mont_fixed_top(&am, a, mont, ctx)) goto err; + if (top > BN_SOFT_LIMIT) + goto fallback; + #if defined(SPARC_T4_MONT) if (t4) { typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np, @@ -1026,6 +1045,7 @@ } else #endif { + fallback: if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window)) goto err; if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window)) diff -Nru openssl-3.0.7/crypto/bn/bn_local.h openssl-3.0.8/crypto/bn/bn_local.h --- openssl-3.0.7/crypto/bn/bn_local.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/bn_local.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,6 +42,26 @@ # include # endif +/* + * This should limit the stack usage due to alloca to about 4K. + * BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS. + * Beyond that size bn_mul_mont is no longer used, and the constant time + * assembler code is disabled, due to the blatant alloca and bn_mul_mont usage. + * Note that bn_mul_mont does an alloca that is hidden away in assembly. + * It is not recommended to do computations with numbers exceeding this limit, + * since the result will be highly version dependent: + * While the current OpenSSL version will use non-optimized, but safe code, + * previous versions will use optimized code, that may crash due to unexpected + * stack overflow, and future versions may very well turn this into a hard + * limit. + * Note however, that it is possible to override the size limit using + * "./config -DBN_SOFT_LIMIT=" if necessary, and the O/S specific + * stack limit is known and taken into consideration. + */ +# ifndef BN_SOFT_LIMIT +# define BN_SOFT_LIMIT (4096 / BN_BYTES) +# endif + # ifndef OPENSSL_SMALL_FOOTPRINT # define BN_MUL_COMBA # define BN_SQR_COMBA @@ -270,6 +290,20 @@ } cb; }; +struct bn_blinding_st { + BIGNUM *A; + BIGNUM *Ai; + BIGNUM *e; + BIGNUM *mod; /* just a reference */ + CRYPTO_THREAD_ID tid; + int counter; + unsigned long flags; + BN_MONT_CTX *m_ctx; + int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + CRYPTO_RWLOCK *lock; +}; + /*- * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions * diff -Nru openssl-3.0.7/crypto/bn/bn_mont.c openssl-3.0.8/crypto/bn/bn_mont.c --- openssl-3.0.7/crypto/bn/bn_mont.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/bn_mont.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -42,7 +42,7 @@ int num = mont->N.top; #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD) - if (num > 1 && a->top == num && b->top == num) { + if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) { if (bn_wexpand(r, num) == NULL) return 0; if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) { diff -Nru openssl-3.0.7/crypto/bn/bn_rand.c openssl-3.0.8/crypto/bn/bn_rand.c --- openssl-3.0.7/crypto/bn/bn_rand.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/bn_rand.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -320,7 +320,9 @@ err: EVP_MD_CTX_free(mdctx); EVP_MD_free(md); - OPENSSL_free(k_bytes); + OPENSSL_clear_free(k_bytes, num_k_bytes); + OPENSSL_cleanse(digest, sizeof(digest)); + OPENSSL_cleanse(random_bytes, sizeof(random_bytes)); OPENSSL_cleanse(private_bytes, sizeof(private_bytes)); return ret; } diff -Nru openssl-3.0.7/crypto/bn/build.info openssl-3.0.8/crypto/bn/build.info --- openssl-3.0.7/crypto/bn/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -105,7 +105,7 @@ bn_mod.c bn_conv.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \ bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_sqr.c \ bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \ - bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c + bn_intern.c bn_dh.c bn_rsa_fips186_4.c bn_const.c rsa_sup_mul.c SOURCE[../../libcrypto]=$COMMON $BNASM bn_print.c bn_err.c bn_srp.c DEFINE[../../libcrypto]=$BNDEF IF[{- !$disabled{'deprecated-0.9.8'} -}] @@ -116,11 +116,6 @@ ENDIF SOURCE[../../providers/libfips.a]=$COMMON $BNASM DEFINE[../../providers/libfips.a]=$BNDEF -# Because some CPUID implementations use some BN assembler (!!!), we -# must include assembler code into the legacy provider under the same -# conditions as CPUID code is included. See ../build.info -SOURCE[../../providers/liblegacy.a]=$BNASM -DEFINE[../../providers/liblegacy.a]=$BNDEF # Implementations are now spread across several libraries, so the defines # need to be applied to all affected libraries and modules. DEFINE[../../providers/libcommon.a]=$BNDEF diff -Nru openssl-3.0.7/crypto/bn/rsa_sup_mul.c openssl-3.0.8/crypto/bn/rsa_sup_mul.c --- openssl-3.0.7/crypto/bn/rsa_sup_mul.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/crypto/bn/rsa_sup_mul.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,604 @@ +#include +#include +#include +#include +#include +#include +#include +#include "internal/endian.h" +#include "internal/numbers.h" +#include "internal/constant_time.h" +#include "bn_local.h" + +# if BN_BYTES == 8 +typedef uint64_t limb_t; +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 +typedef uint128_t limb2_t; +# define HAVE_LIMB2_T +# endif +# define LIMB_BIT_SIZE 64 +# define LIMB_BYTE_SIZE 8 +# elif BN_BYTES == 4 +typedef uint32_t limb_t; +typedef uint64_t limb2_t; +# define LIMB_BIT_SIZE 32 +# define LIMB_BYTE_SIZE 4 +# define HAVE_LIMB2_T +# else +# error "Not supported" +# endif + +/* + * For multiplication we're using schoolbook multiplication, + * so if we have two numbers, each with 6 "digits" (words) + * the multiplication is calculated as follows: + * A B C D E F + * x I J K L M N + * -------------- + * N*F + * N*E + * N*D + * N*C + * N*B + * N*A + * M*F + * M*E + * M*D + * M*C + * M*B + * M*A + * L*F + * L*E + * L*D + * L*C + * L*B + * L*A + * K*F + * K*E + * K*D + * K*C + * K*B + * K*A + * J*F + * J*E + * J*D + * J*C + * J*B + * J*A + * I*F + * I*E + * I*D + * I*C + * I*B + * + I*A + * ========================== + * N*B N*D N*F + * + N*A N*C N*E + * + M*B M*D M*F + * + M*A M*C M*E + * + L*B L*D L*F + * + L*A L*C L*E + * + K*B K*D K*F + * + K*A K*C K*E + * + J*B J*D J*F + * + J*A J*C J*E + * + I*B I*D I*F + * + I*A I*C I*E + * + * 1+1 1+3 1+5 + * 1+0 1+2 1+4 + * 0+1 0+3 0+5 + * 0+0 0+2 0+4 + * + * 0 1 2 3 4 5 6 + * which requires n^2 multiplications and 2n full length additions + * as we can keep every other result of limb multiplication in two separate + * limbs + */ + +#if defined HAVE_LIMB2_T +static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) +{ + limb2_t t; + /* + * this is idiomatic code to tell compiler to use the native mul + * those three lines will actually compile to single instruction + */ + + t = (limb2_t)a * b; + *hi = t >> LIMB_BIT_SIZE; + *lo = (limb_t)t; +} +#elif (BN_BYTES == 8) && (defined _MSC_VER) +/* https://learn.microsoft.com/en-us/cpp/intrinsics/umul128?view=msvc-170 */ +#pragma intrinsic(_umul128) +static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) +{ + *lo = _umul128(a, b, hi); +} +#else +/* + * if the compiler doesn't have either a 128bit data type nor a "return + * high 64 bits of multiplication" + */ +static ossl_inline void _mul_limb(limb_t *hi, limb_t *lo, limb_t a, limb_t b) +{ + limb_t a_low = (limb_t)(uint32_t)a; + limb_t a_hi = a >> 32; + limb_t b_low = (limb_t)(uint32_t)b; + limb_t b_hi = b >> 32; + + limb_t p0 = a_low * b_low; + limb_t p1 = a_low * b_hi; + limb_t p2 = a_hi * b_low; + limb_t p3 = a_hi * b_hi; + + uint32_t cy = (uint32_t)(((p0 >> 32) + (uint32_t)p1 + (uint32_t)p2) >> 32); + + *lo = p0 + (p1 << 32) + (p2 << 32); + *hi = p3 + (p1 >> 32) + (p2 >> 32) + cy; +} +#endif + +/* add two limbs with carry in, return carry out */ +static ossl_inline limb_t _add_limb(limb_t *ret, limb_t a, limb_t b, limb_t carry) +{ + limb_t carry1, carry2, t; + /* + * `c = a + b; if (c < a)` is idiomatic code that makes compilers + * use add with carry on assembly level + */ + + *ret = a + carry; + if (*ret < a) + carry1 = 1; + else + carry1 = 0; + + t = *ret; + *ret = t + b; + if (*ret < t) + carry2 = 1; + else + carry2 = 0; + + return carry1 + carry2; +} + +/* + * add two numbers of the same size, return overflow + * + * add a to b, place result in ret; all arrays need to be n limbs long + * return overflow from addition (0 or 1) + */ +static ossl_inline limb_t add(limb_t *ret, limb_t *a, limb_t *b, size_t n) +{ + limb_t c = 0; + ossl_ssize_t i; + + for(i = n - 1; i > -1; i--) + c = _add_limb(&ret[i], a[i], b[i], c); + + return c; +} + +/* + * return number of limbs necessary for temporary values + * when multiplying numbers n limbs large + */ +static ossl_inline size_t mul_limb_numb(size_t n) +{ + return 2 * n * 2; +} + +/* + * multiply two numbers of the same size + * + * multiply a by b, place result in ret; a and b need to be n limbs long + * ret needs to be 2*n limbs long, tmp needs to be mul_limb_numb(n) limbs + * long + */ +static void limb_mul(limb_t *ret, limb_t *a, limb_t *b, size_t n, limb_t *tmp) +{ + limb_t *r_odd, *r_even; + size_t i, j, k; + + r_odd = tmp; + r_even = &tmp[2 * n]; + + memset(ret, 0, 2 * n * sizeof(limb_t)); + + for (i = 0; i < n; i++) { + for (k = 0; k < i + n + 1; k++) { + r_even[k] = 0; + r_odd[k] = 0; + } + for (j = 0; j < n; j++) { + /* + * place results from even and odd limbs in separate arrays so that + * we don't have to calculate overflow every time we get individual + * limb multiplication result + */ + if (j % 2 == 0) + _mul_limb(&r_even[i + j], &r_even[i + j + 1], a[i], b[j]); + else + _mul_limb(&r_odd[i + j], &r_odd[i + j + 1], a[i], b[j]); + } + /* + * skip the least significant limbs when adding multiples of + * more significant limbs (they're zero anyway) + */ + add(ret, ret, r_even, n + i + 1); + add(ret, ret, r_odd, n + i + 1); + } +} + +/* modifies the value in place by performing a right shift by one bit */ +static ossl_inline void rshift1(limb_t *val, size_t n) +{ + limb_t shift_in = 0, shift_out = 0; + size_t i; + + for (i = 0; i < n; i++) { + shift_out = val[i] & 1; + val[i] = shift_in << (LIMB_BIT_SIZE - 1) | (val[i] >> 1); + shift_in = shift_out; + } +} + +/* extend the LSB of flag to all bits of limb */ +static ossl_inline limb_t mk_mask(limb_t flag) +{ + flag |= flag << 1; + flag |= flag << 2; + flag |= flag << 4; + flag |= flag << 8; + flag |= flag << 16; +#if (LIMB_BYTE_SIZE == 8) + flag |= flag << 32; +#endif + return flag; +} + +/* + * copy from either a or b to ret based on flag + * when flag == 0, then copies from b + * when flag == 1, then copies from a + */ +static ossl_inline void cselect(limb_t flag, limb_t *ret, limb_t *a, limb_t *b, size_t n) +{ + /* + * would be more efficient with non volatile mask, but then gcc + * generates code with jumps + */ + volatile limb_t mask; + size_t i; + + mask = mk_mask(flag); + for (i = 0; i < n; i++) { +#if (LIMB_BYTE_SIZE == 8) + ret[i] = constant_time_select_64(mask, a[i], b[i]); +#else + ret[i] = constant_time_select_32(mask, a[i], b[i]); +#endif + } +} + +static limb_t _sub_limb(limb_t *ret, limb_t a, limb_t b, limb_t borrow) +{ + limb_t borrow1, borrow2, t; + /* + * while it doesn't look constant-time, this is idiomatic code + * to tell compilers to use the carry bit from subtraction + */ + + *ret = a - borrow; + if (*ret > a) + borrow1 = 1; + else + borrow1 = 0; + + t = *ret; + *ret = t - b; + if (*ret > t) + borrow2 = 1; + else + borrow2 = 0; + + return borrow1 + borrow2; +} + +/* + * place the result of a - b into ret, return the borrow bit. + * All arrays need to be n limbs long + */ +static limb_t sub(limb_t *ret, limb_t *a, limb_t *b, size_t n) +{ + limb_t borrow = 0; + ossl_ssize_t i; + + for (i = n - 1; i > -1; i--) + borrow = _sub_limb(&ret[i], a[i], b[i], borrow); + + return borrow; +} + +/* return the number of limbs necessary to allocate for the mod() tmp operand */ +static ossl_inline size_t mod_limb_numb(size_t anum, size_t modnum) +{ + return (anum + modnum) * 3; +} + +/* + * calculate a % mod, place the result in ret + * size of a is defined by anum, size of ret and mod is modnum, + * size of tmp is returned by mod_limb_numb() + */ +static void mod(limb_t *ret, limb_t *a, size_t anum, limb_t *mod, + size_t modnum, limb_t *tmp) +{ + limb_t *atmp, *modtmp, *rettmp; + limb_t res; + size_t i; + + memset(tmp, 0, mod_limb_numb(anum, modnum) * LIMB_BYTE_SIZE); + + atmp = tmp; + modtmp = &tmp[anum + modnum]; + rettmp = &tmp[(anum + modnum) * 2]; + + for (i = modnum; i 0; i--, rp--) { + v = _mul_add_limb(rp, mod, modnum, rp[modnum-1] * ni0, tmp2); + v = v + carry + rp[-1]; + carry |= (v != rp[-1]); + carry &= (v <= rp[-1]); + rp[-1] = v; + } + + /* perform the final reduction by mod... */ + carry -= sub(ret, rp, mod, modnum); + + /* ...conditionally */ + cselect(carry, ret, rp, ret, modnum); +} + +/* allocated buffer should be freed afterwards */ +static void BN_to_limb(const BIGNUM *bn, limb_t *buf, size_t limbs) +{ + int i; + int real_limbs = (BN_num_bytes(bn) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; + limb_t *ptr = buf + (limbs - real_limbs); + + for (i = 0; i < real_limbs; i++) + ptr[i] = bn->d[real_limbs - i - 1]; +} + +#if LIMB_BYTE_SIZE == 8 +static ossl_inline uint64_t be64(uint64_t host) +{ + uint64_t big = 0; + DECLARE_IS_ENDIAN; + + if (!IS_LITTLE_ENDIAN) + return host; + + big |= (host & 0xff00000000000000) >> 56; + big |= (host & 0x00ff000000000000) >> 40; + big |= (host & 0x0000ff0000000000) >> 24; + big |= (host & 0x000000ff00000000) >> 8; + big |= (host & 0x00000000ff000000) << 8; + big |= (host & 0x0000000000ff0000) << 24; + big |= (host & 0x000000000000ff00) << 40; + big |= (host & 0x00000000000000ff) << 56; + return big; +} + +#else +/* Not all platforms have htobe32(). */ +static ossl_inline uint32_t be32(uint32_t host) +{ + uint32_t big = 0; + DECLARE_IS_ENDIAN; + + if (!IS_LITTLE_ENDIAN) + return host; + + big |= (host & 0xff000000) >> 24; + big |= (host & 0x00ff0000) >> 8; + big |= (host & 0x0000ff00) << 8; + big |= (host & 0x000000ff) << 24; + return big; +} +#endif + +/* + * We assume that intermediate, possible_arg2, blinding, and ctx are used + * similar to BN_BLINDING_invert_ex() arguments. + * to_mod is RSA modulus. + * buf and num is the serialization buffer and its length. + * + * Here we use classic/Montgomery multiplication and modulo. After the calculation finished + * we serialize the new structure instead of BIGNUMs taking endianness into account. + */ +int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, + const BN_BLINDING *blinding, + const BIGNUM *possible_arg2, + const BIGNUM *to_mod, BN_CTX *ctx, + unsigned char *buf, int num) +{ + limb_t *l_im = NULL, *l_mul = NULL, *l_mod = NULL; + limb_t *l_ret = NULL, *l_tmp = NULL, l_buf; + size_t l_im_count = 0, l_mul_count = 0, l_size = 0, l_mod_count = 0; + size_t l_tmp_count = 0; + int ret = 0; + size_t i; + unsigned char *tmp; + const BIGNUM *arg1 = intermediate; + const BIGNUM *arg2 = (possible_arg2 == NULL) ? blinding->Ai : possible_arg2; + + l_im_count = (BN_num_bytes(arg1) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; + l_mul_count = (BN_num_bytes(arg2) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; + l_mod_count = (BN_num_bytes(to_mod) + LIMB_BYTE_SIZE - 1) / LIMB_BYTE_SIZE; + + l_size = l_im_count > l_mul_count ? l_im_count : l_mul_count; + l_im = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); + l_mul = OPENSSL_zalloc(l_size * LIMB_BYTE_SIZE); + l_mod = OPENSSL_zalloc(l_mod_count * LIMB_BYTE_SIZE); + + if ((l_im == NULL) || (l_mul == NULL) || (l_mod == NULL)) + goto err; + + BN_to_limb(arg1, l_im, l_size); + BN_to_limb(arg2, l_mul, l_size); + BN_to_limb(to_mod, l_mod, l_mod_count); + + l_ret = OPENSSL_malloc(2 * l_size * LIMB_BYTE_SIZE); + + if (blinding->m_ctx != NULL) { + l_tmp_count = mul_limb_numb(l_size) > mod_montgomery_limb_numb(l_mod_count) ? + mul_limb_numb(l_size) : mod_montgomery_limb_numb(l_mod_count); + l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); + } else { + l_tmp_count = mul_limb_numb(l_size) > mod_limb_numb(2 * l_size, l_mod_count) ? + mul_limb_numb(l_size) : mod_limb_numb(2 * l_size, l_mod_count); + l_tmp = OPENSSL_malloc(l_tmp_count * LIMB_BYTE_SIZE); + } + + if ((l_ret == NULL) || (l_tmp == NULL)) + goto err; + + if (blinding->m_ctx != NULL) { + limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); + mod_montgomery(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, + blinding->m_ctx->n0[0], l_tmp); + } else { + limb_mul(l_ret, l_im, l_mul, l_size, l_tmp); + mod(l_ret, l_ret, 2 * l_size, l_mod, l_mod_count, l_tmp); + } + + /* modulus size in bytes can be equal to num but after limbs conversion it becomes bigger */ + if (num < BN_num_bytes(to_mod)) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + goto err; + } + + memset(buf, 0, num); + tmp = buf + num - BN_num_bytes(to_mod); + for (i = 0; i < l_mod_count; i++) { +#if LIMB_BYTE_SIZE == 8 + l_buf = be64(l_ret[i]); +#else + l_buf = be32(l_ret[i]); +#endif + if (i == 0) { + int delta = LIMB_BYTE_SIZE - ((l_mod_count * LIMB_BYTE_SIZE) - num); + + memcpy(tmp, ((char *)&l_buf) + LIMB_BYTE_SIZE - delta, delta); + tmp += delta; + } else { + memcpy(tmp, &l_buf, LIMB_BYTE_SIZE); + tmp += LIMB_BYTE_SIZE; + } + } + ret = num; + + err: + OPENSSL_free(l_im); + OPENSSL_free(l_mul); + OPENSSL_free(l_mod); + OPENSSL_free(l_tmp); + OPENSSL_free(l_ret); + + return ret; +} diff -Nru openssl-3.0.7/crypto/bn/rsaz_exp_x2.c openssl-3.0.8/crypto/bn/rsaz_exp_x2.c --- openssl-3.0.7/crypto/bn/rsaz_exp_x2.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/bn/rsaz_exp_x2.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2020, Intel Corporation. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -31,14 +31,6 @@ # define ALIGN64 # endif -# if defined(__GNUC__) -# define ALIGN1 __attribute__((aligned(1))) -# elif defined(_MSC_VER) -# define ALIGN1 __declspec(align(1)) -# else -# define ALIGN1 -# endif - # define ALIGN_OF(ptr, boundary) \ ((unsigned char *)(ptr) + (boundary - (((size_t)(ptr)) & (boundary - 1)))) @@ -50,8 +42,6 @@ # define BITS2WORD8_SIZE(x) (((x) + 7) >> 3) # define BITS2WORD64_SIZE(x) (((x) + 63) >> 6) -typedef uint64_t ALIGN1 uint64_t_align1; - static ossl_inline uint64_t get_digit52(const uint8_t *in, int in_len); static ossl_inline void put_digit52(uint8_t *out, int out_len, uint64_t digit); static void to_words52(BN_ULONG *out, int out_len, const BN_ULONG *in, @@ -478,9 +468,13 @@ in_str = (uint8_t *)in; for (; in_bitsize >= (2 * DIGIT_SIZE); in_bitsize -= (2 * DIGIT_SIZE), out += 2) { - out[0] = (*(uint64_t_align1 *)in_str) & DIGIT_MASK; + uint64_t digit; + + memcpy(&digit, in_str, sizeof(digit)); + out[0] = digit & DIGIT_MASK; in_str += 6; - out[1] = ((*(uint64_t_align1 *)in_str) >> 4) & DIGIT_MASK; + memcpy(&digit, in_str, sizeof(digit)); + out[1] = (digit >> 4) & DIGIT_MASK; in_str += 7; out_len -= 2; } @@ -536,10 +530,15 @@ { uint8_t *out_str = (uint8_t *)out; - for (; out_bitsize >= (2 * DIGIT_SIZE); out_bitsize -= (2 * DIGIT_SIZE), in += 2) { - (*(uint64_t_align1 *)out_str) = in[0]; + for (; out_bitsize >= (2 * DIGIT_SIZE); + out_bitsize -= (2 * DIGIT_SIZE), in += 2) { + uint64_t digit; + + digit = in[0]; + memcpy(out_str, &digit, sizeof(digit)); out_str += 6; - (*(uint64_t_align1 *)out_str) ^= in[1] << 4; + digit = digit >> 48 | in[1] << 4; + memcpy(out_str, &digit, sizeof(digit)); out_str += 7; } diff -Nru openssl-3.0.7/crypto/build.info openssl-3.0.8/crypto/build.info --- openssl-3.0.7/crypto/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -97,6 +97,10 @@ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ param_build_set.c der_writer.c threads_lib.c params_dup.c +IF[{- !$disabled{shared} -}] + SOURCE[../libssl]=sparse_array.c +ENDIF + SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \ diff -Nru openssl-3.0.7/crypto/cast/build.info openssl-3.0.8/crypto/cast/build.info --- openssl-3.0.7/crypto/cast/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cast/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -18,7 +18,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # cast functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/cmp/cmp_client.c openssl-3.0.8/crypto/cmp/cmp_client.c --- openssl-3.0.7/crypto/cmp/cmp_client.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_client.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -94,16 +94,11 @@ if (!ossl_assert(ctx != NULL && si != NULL)) return 0; - if ((ctx->status = ossl_cmp_pkisi_get_status(si)) < 0) + ctx->status = ossl_cmp_pkisi_get_status(si); + if (ctx->status < OSSL_CMP_PKISTATUS_accepted) return 0; - ctx->failInfoCode = 0; - if (si->failInfo != NULL) { - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) { - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - ctx->failInfoCode |= (1 << i); - } - } + ctx->failInfoCode = ossl_cmp_pkisi_get_pkifailureinfo(si); if (!ossl_cmp_ctx_set0_statusString(ctx, sk_ASN1_UTF8STRING_new_null()) || (ctx->statusString == NULL)) @@ -128,13 +123,13 @@ static int send_receive_check(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req, OSSL_CMP_MSG **rep, int expected_type) { - int is_enrollment = IS_CREP(expected_type) - || expected_type == OSSL_CMP_PKIBODY_POLLREP - || expected_type == OSSL_CMP_PKIBODY_PKICONF; + int begin_transaction = + expected_type != OSSL_CMP_PKIBODY_POLLREP + && expected_type != OSSL_CMP_PKIBODY_PKICONF; const char *req_type_str = ossl_cmp_bodytype_to_string(OSSL_CMP_MSG_get_bodytype(req)); const char *expected_type_str = ossl_cmp_bodytype_to_string(expected_type); - int msg_timeout; + int bak_msg_timeout = ctx->msg_timeout; int bt; time_t now = time(NULL); int time_left; @@ -142,15 +137,16 @@ if (transfer_cb == NULL) transfer_cb = OSSL_CMP_MSG_http_perform; - *rep = NULL; - msg_timeout = ctx->msg_timeout; /* backup original value */ - if (is_enrollment && ctx->total_timeout > 0 /* timeout is not infinite */) { + + if (ctx->total_timeout != 0 /* not waiting indefinitely */) { + if (begin_transaction) + ctx->end_time = now + ctx->total_timeout; if (now >= ctx->end_time) { ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT); return 0; } - if (!ossl_assert(ctx->end_time - time(NULL) < INT_MAX)) { + if (!ossl_assert(ctx->end_time - now < INT_MAX)) { /* actually cannot happen due to assignment in initial_certreq() */ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); return 0; @@ -166,11 +162,11 @@ ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str); *rep = (*transfer_cb)(ctx, req); - ctx->msg_timeout = msg_timeout; /* restore original value */ + ctx->msg_timeout = bak_msg_timeout; if (*rep == NULL) { ERR_raise_data(ERR_LIB_CMP, - ctx->total_timeout > 0 && time(NULL) >= ctx->end_time ? + ctx->total_timeout != 0 && time(NULL) >= ctx->end_time ? CMP_R_TOTAL_TIMEOUT : CMP_R_TRANSFER_ERROR, "request sent: %s, expected response: %s", req_type_str, expected_type_str); @@ -242,7 +238,7 @@ * On receiving a pollRep, which includes a checkAfter value, it return this * value if sleep == 0, else it sleeps as long as indicated and retries. * - * A transaction timeout is enabled if ctx->total_timeout is > 0. + * A transaction timeout is enabled if ctx->total_timeout is != 0. * In this case polling will continue until the timeout is reached and then * polling is done a last time even if this is before the "checkAfter" time. * @@ -314,7 +310,7 @@ "received polling response%s; checkAfter = %ld seconds", str, check_after); - if (ctx->total_timeout > 0) { /* timeout is not infinite */ + if (ctx->total_timeout != 0) { /* timeout is not infinite */ const int exp = 5; /* expected max time per msg round trip */ int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL)); @@ -357,7 +353,10 @@ return 0; } -/* Send certConf for IR, CR or KUR sequences and check response */ +/* + * Send certConf for IR, CR or KUR sequences and check response, + * not modifying ctx->status during the certConf exchange + */ int ossl_cmp_exchange_certConf(OSSL_CMP_CTX *ctx, int fail_info, const char *txt) { @@ -386,6 +385,7 @@ OSSL_CMP_MSG *PKIconf = NULL; int res = 0; + /* not overwriting ctx->status on error exchange */ if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL) goto err; /* ossl_cmp_error_new() also checks if all necessary options are set */ @@ -643,17 +643,15 @@ OSSL_CMP_MSG *req; int res; - ctx->status = -1; + ctx->status = OSSL_CMP_PKISTATUS_request; if (!ossl_cmp_ctx_set0_newCert(ctx, NULL)) return 0; - if (ctx->total_timeout > 0) /* else ctx->end_time is not used */ - ctx->end_time = time(NULL) + ctx->total_timeout; - /* also checks if all necessary options are set */ if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL) return 0; + ctx->status = OSSL_CMP_PKISTATUS_trans; res = send_receive_check(ctx, req, p_rep, rep_type); OSSL_CMP_MSG_free(req); return res; @@ -743,16 +741,17 @@ ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); return 0; } + ctx->status = OSSL_CMP_PKISTATUS_request; if (ctx->oldCert == NULL && ctx->p10CSR == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_REFERENCE_CERT); return 0; } - ctx->status = -1; /* OSSL_CMP_rr_new() also checks if all necessary options are set */ if ((rr = ossl_cmp_rr_new(ctx)) == NULL) goto end; + ctx->status = OSSL_CMP_PKISTATUS_trans; if (!send_receive_check(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP)) goto end; @@ -861,27 +860,31 @@ { OSSL_CMP_MSG *genm; OSSL_CMP_MSG *genp = NULL; - STACK_OF(OSSL_CMP_ITAV) *rcvd_itavs = NULL; + STACK_OF(OSSL_CMP_ITAV) *itavs = NULL; if (ctx == NULL) { ERR_raise(ERR_LIB_CMP, CMP_R_INVALID_ARGS); - return 0; + return NULL; } - ctx->status = -1; + ctx->status = OSSL_CMP_PKISTATUS_request; if ((genm = ossl_cmp_genm_new(ctx)) == NULL) goto err; + ctx->status = OSSL_CMP_PKISTATUS_trans; if (!send_receive_check(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP)) goto err; + ctx->status = OSSL_CMP_PKISTATUS_accepted; + itavs = genp->body->value.genp; + if (itavs == NULL) + itavs = sk_OSSL_CMP_ITAV_new_null(); /* received stack of itavs not to be freed with the genp */ - rcvd_itavs = genp->body->value.genp; genp->body->value.genp = NULL; err: OSSL_CMP_MSG_free(genm); OSSL_CMP_MSG_free(genp); - return rcvd_itavs; /* recv_itavs == NULL indicates an error */ + return itavs; /* NULL indicates error case */ } diff -Nru openssl-3.0.7/crypto/cmp/cmp_ctx.c openssl-3.0.8/crypto/cmp/cmp_ctx.c --- openssl-3.0.7/crypto/cmp/cmp_ctx.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_ctx.c 2023-02-07 14:43:33.000000000 +0100 @@ -112,7 +112,7 @@ ctx->log_verbosity = OSSL_CMP_LOG_INFO; - ctx->status = -1; + ctx->status = OSSL_CMP_PKISTATUS_unspecified; ctx->failInfoCode = -1; ctx->keep_alive = 1; @@ -142,6 +142,13 @@ return NULL; } +#define OSSL_CMP_ITAVs_free(itavs) \ + sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); +#define X509_EXTENSIONS_free(exts) \ + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free) +#define OSSL_CMP_PKIFREETEXT_free(text) \ + sk_ASN1_UTF8STRING_pop_free(text, ASN1_UTF8STRING_free) + /* Prepare the OSSL_CMP_CTX for next use, partly re-initializing OSSL_CMP_CTX */ int OSSL_CMP_CTX_reinit(OSSL_CMP_CTX *ctx) { @@ -155,9 +162,12 @@ ossl_cmp_debug(ctx, "disconnected from CMP server"); ctx->http_ctx = NULL; } - ctx->status = -1; + ctx->status = OSSL_CMP_PKISTATUS_unspecified; ctx->failInfoCode = -1; + OSSL_CMP_ITAVs_free(ctx->genm_ITAVs); + ctx->genm_ITAVs = NULL; + return ossl_cmp_ctx_set0_statusString(ctx, NULL) && ossl_cmp_ctx_set0_newCert(ctx, NULL) && ossl_cmp_ctx_set1_newChain(ctx, NULL) @@ -562,6 +572,17 @@ return OSSL_CMP_ITAV_push0_stack_item(&ctx->geninfo_ITAVs, itav); } +int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx) +{ + if (ctx == NULL) { + ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT); + return 0; + } + OSSL_CMP_ITAVs_free(ctx->geninfo_ITAVs); + ctx->geninfo_ITAVs = NULL; + return 1; +} + /* Add an itav for the body of outgoing general messages */ int OSSL_CMP_CTX_push0_genm_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav) { diff -Nru openssl-3.0.7/crypto/cmp/cmp_err.c openssl-3.0.8/crypto/cmp/cmp_err.c --- openssl-3.0.7/crypto/cmp/cmp_err.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_err.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,8 +98,11 @@ {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_PROTECTION), "missing protection"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_REFERENCE_CERT), "missing reference cert"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SECRET), "missing secret"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_SENDER_IDENTIFICATION), "missing sender identification"}, + {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_ANCHOR), + "missing trust anchor"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MISSING_TRUST_STORE), "missing trust store"}, {ERR_PACK(ERR_LIB_CMP, 0, CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED), diff -Nru openssl-3.0.7/crypto/cmp/cmp_msg.c openssl-3.0.8/crypto/cmp/cmp_msg.c --- openssl-3.0.7/crypto/cmp/cmp_msg.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_msg.c 2023-02-07 14:43:33.000000000 +0100 @@ -463,7 +463,7 @@ OSSL_CMP_MSG *msg = NULL; OSSL_CMP_CERTREPMESSAGE *repMsg = NULL; OSSL_CMP_CERTRESPONSE *resp = NULL; - int status = -1; + int status = OSSL_CMP_PKISTATUS_unspecified; if (!ossl_assert(ctx != NULL && si != NULL)) return NULL; @@ -700,8 +700,7 @@ if ((msg = ossl_cmp_msg_create(ctx, body_type)) == NULL) return NULL; - if (ctx->genm_ITAVs != NULL - && !ossl_cmp_msg_gen_push1_ITAVs(msg, itavs)) + if (itavs != NULL && !ossl_cmp_msg_gen_push1_ITAVs(msg, itavs)) goto err; if (!ossl_cmp_msg_protect(ctx, msg)) diff -Nru openssl-3.0.7/crypto/cmp/cmp_server.c openssl-3.0.8/crypto/cmp/cmp_server.c --- openssl-3.0.7/crypto/cmp/cmp_server.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_server.c 2023-02-07 14:43:33.000000000 +0100 @@ -338,7 +338,7 @@ num = sk_OSSL_CMP_CERTSTATUS_num(ccc); if (OSSL_CMP_CTX_get_option(ctx, OSSL_CMP_OPT_IMPLICIT_CONFIRM) == 1 - || ctx->status != -2 /* transaction not open */) { + || ctx->status != OSSL_CMP_PKISTATUS_trans) { ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_UNEXPECTED_CERTCONF); return NULL; } @@ -359,8 +359,8 @@ if (!srv_ctx->process_certConf(srv_ctx, req, certReqId, certHash, si)) return NULL; /* reason code may be: CMP_R_CERTHASH_UNMATCHED */ - if (si != NULL && ossl_cmp_pkisi_get_status(si) - != OSSL_CMP_PKISTATUS_accepted) { + if (si != NULL + && ossl_cmp_pkisi_get_status(si) != OSSL_CMP_PKISTATUS_accepted) { int pki_status = ossl_cmp_pkisi_get_status(si); const char *str = ossl_cmp_PKIStatus_to_string(pki_status); @@ -595,8 +595,8 @@ else ossl_cmp_log(ERR, ctx, "cannot send proper CMP response"); - /* possibly close the transaction */ - ctx->status = -2; /* this indicates transaction is open */ + /* determine whether to keep the transaction open or not */ + ctx->status = OSSL_CMP_PKISTATUS_trans; switch (rsp_type) { case OSSL_CMP_PKIBODY_IP: case OSSL_CMP_PKIBODY_CP: @@ -611,7 +611,7 @@ case OSSL_CMP_PKIBODY_ERROR: (void)OSSL_CMP_CTX_set1_transactionID(ctx, NULL); (void)OSSL_CMP_CTX_set1_senderNonce(ctx, NULL); - ctx->status = -1; /* transaction closed */ + ctx->status = OSSL_CMP_PKISTATUS_unspecified; /* transaction closed */ default: /* not closing transaction in other cases */ break; diff -Nru openssl-3.0.7/crypto/cmp/cmp_status.c openssl-3.0.8/crypto/cmp/cmp_status.c --- openssl-3.0.7/crypto/cmp/cmp_status.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_status.c 2023-02-07 14:43:33.000000000 +0100 @@ -73,9 +73,10 @@ if (!ossl_assert(si != NULL)) return -1; - for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) - if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) - res |= 1 << i; + if (si->failInfo != NULL) + for (i = 0; i <= OSSL_CMP_PKIFAILUREINFO_MAX; i++) + if (ASN1_BIT_STRING_get_bit(si->failInfo, i)) + res |= 1 << i; return res; } @@ -189,8 +190,11 @@ printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string); ADVANCE_BUFFER; - /* failInfo is optional and may be empty */ - if (fail_info != 0) { + /* + * failInfo is optional and may be empty; + * if present, print failInfo before statusString because it is more concise + */ + if (fail_info != -1 && fail_info != 0) { printed_chars = BIO_snprintf(write_ptr, bufsize, "; PKIFailureInfo: "); ADVANCE_BUFFER; for (failure = 0; failure <= OSSL_CMP_PKIFAILUREINFO_MAX; failure++) { diff -Nru openssl-3.0.7/crypto/cmp/cmp_vfy.c openssl-3.0.8/crypto/cmp/cmp_vfy.c --- openssl-3.0.7/crypto/cmp/cmp_vfy.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cmp/cmp_vfy.c 2023-02-07 14:43:33.000000000 +0100 @@ -568,8 +568,9 @@ /* 5.1.3.1. Shared Secret Information */ case NID_id_PasswordBasedMAC: if (ctx->secretValue == NULL) { - ossl_cmp_warn(ctx, "no secret available for verifying PBM-based CMP message protection"); - return 1; + ossl_cmp_info(ctx, "no secret available for verifying PBM-based CMP message protection"); + ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_SECRET); + return 0; } if (verify_PBMAC(ctx, msg)) { /* @@ -619,8 +620,9 @@ scrt = ctx->srvCert; if (scrt == NULL) { if (ctx->trusted == NULL) { - ossl_cmp_warn(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); - return 1; + ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection"); + ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR); + return 0; } if (check_msg_find_cert(ctx, msg)) return 1; diff -Nru openssl-3.0.7/crypto/cms/cms_enc.c openssl-3.0.8/crypto/cms/cms_enc.c --- openssl-3.0.7/crypto/cms/cms_enc.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cms/cms_enc.c 2023-02-07 14:43:33.000000000 +0100 @@ -81,6 +81,10 @@ if (enc) { calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx)); + if (calg->algorithm == NULL) { + ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM); + goto err; + } /* Generate a random IV if we need one */ ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); if (ivlen < 0) { diff -Nru openssl-3.0.7/crypto/cms/cms_err.c openssl-3.0.8/crypto/cms/cms_err.c --- openssl-3.0.7/crypto/cms/cms_err.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cms/cms_err.c 2023-02-07 14:43:33.000000000 +0100 @@ -138,6 +138,8 @@ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"}, + {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM), + "unsupported content encryption algorithm"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"}, {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_ENCRYPTION_TYPE), diff -Nru openssl-3.0.7/crypto/cms/cms_rsa.c openssl-3.0.8/crypto/cms/cms_rsa.c --- openssl-3.0.7/crypto/cms/cms_rsa.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/cms/cms_rsa.c 2023-02-07 14:43:33.000000000 +0100 @@ -10,6 +10,7 @@ #include #include #include +#include #include "crypto/asn1.h" #include "crypto/rsa.h" #include "cms_local.h" @@ -191,7 +192,10 @@ int pad_mode = RSA_PKCS1_PADDING; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si); - ASN1_STRING *os = NULL; + unsigned char aid[128]; + const unsigned char *pp = aid; + size_t aid_len = 0; + OSSL_PARAM params[2]; CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg); if (pkctx != NULL) { @@ -205,10 +209,17 @@ /* We don't support it */ if (pad_mode != RSA_PKCS1_PSS_PADDING) return 0; - os = ossl_rsa_ctx_to_pss_string(pkctx); - if (os == NULL) + + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); + params[1] = OSSL_PARAM_construct_end(); + + if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) + return 0; + if ((aid_len = params[0].return_size) == 0) + return 0; + if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL) return 0; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os); return 1; } diff -Nru openssl-3.0.7/crypto/context.c openssl-3.0.8/crypto/context.c --- openssl-3.0.7/crypto/context.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/context.c 2023-02-07 14:43:33.000000000 +0100 @@ -15,6 +15,7 @@ #include "internal/bio.h" #include "internal/provider.h" #include "crypto/ctype.h" +#include "crypto/rand.h" struct ossl_lib_ctx_onfree_list_st { ossl_lib_ctx_onfree_fn *fn; @@ -271,6 +272,20 @@ return NULL; } + +void ossl_release_default_drbg_ctx(void) +{ + int dynidx = default_context_int.dyn_indexes[OSSL_LIB_CTX_DRBG_INDEX]; + + /* early release of the DRBG in global default libctx, no locking */ + if (dynidx != -1) { + void *data; + + data = CRYPTO_get_ex_data(&default_context_int.data, dynidx); + ossl_rand_ctx_free(data); + CRYPTO_set_ex_data(&default_context_int.data, dynidx, NULL); + } +} #endif OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx) diff -Nru openssl-3.0.7/crypto/crmf/crmf_lib.c openssl-3.0.8/crypto/crmf/crmf_lib.c --- openssl-3.0.7/crypto/crmf/crmf_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/crmf/crmf_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -648,7 +648,7 @@ cikeysize = EVP_CIPHER_get_key_length(cipher); /* first the symmetric key needs to be decrypted */ pkctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); - if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx)) { + if (pkctx != NULL && EVP_PKEY_decrypt_init(pkctx) > 0) { ASN1_BIT_STRING *encKey = ecert->encSymmKey; size_t failure; int retval; diff -Nru openssl-3.0.7/crypto/des/build.info openssl-3.0.8/crypto/des/build.info --- openssl-3.0.7/crypto/des/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/des/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -23,11 +23,12 @@ SOURCE[../../libcrypto]=$ALL $DESASM SOURCE[../../providers/libfips.a]=$COMMON $DESASM -SOURCE[../../providers/liblegacy.a]=$DESASM +IF[{- !$disabled{module} && !$disabled{shared} -}] + SOURCE[../../providers/liblegacy.a]=$DESASM +ENDIF DEFINE[../../libcrypto]=$DESDEF DEFINE[../../providers/libfips.a]=$DESDEF -DEFINE[../../providers/liblegacy.a]=$DESDEF # When all deprecated symbols are removed, libcrypto doesn't export the # DES functions, so we must include them directly in liblegacy.a diff -Nru openssl-3.0.7/crypto/dh/dh_check.c openssl-3.0.8/crypto/dh/dh_check.c --- openssl-3.0.7/crypto/dh/dh_check.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/dh/dh_check.c 2023-02-07 14:43:33.000000000 +0100 @@ -73,7 +73,7 @@ BN_CTX *ctx = NULL; *ret = 0; - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -155,7 +155,7 @@ if (!DH_check_params(dh, ret)) return 0; - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(dh->libctx); if (ctx == NULL) goto err; BN_CTX_start(ctx); diff -Nru openssl-3.0.7/crypto/dh/dh_gen.c openssl-3.0.8/crypto/dh/dh_gen.c --- openssl-3.0.7/crypto/dh/dh_gen.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/dh/dh_gen.c 2023-02-07 14:43:33.000000000 +0100 @@ -169,7 +169,7 @@ return 0; } - ctx = BN_CTX_new(); + ctx = BN_CTX_new_ex(ret->libctx); if (ctx == NULL) goto err; BN_CTX_start(ctx); @@ -213,7 +213,7 @@ g = generator; } - if (!BN_generate_prime_ex(ret->params.p, prime_len, 1, t1, t2, cb)) + if (!BN_generate_prime_ex2(ret->params.p, prime_len, 1, t1, t2, cb, ctx)) goto err; if (!BN_GENCB_call(cb, 3, 0)) goto err; diff -Nru openssl-3.0.7/crypto/ec/ec_ameth.c openssl-3.0.8/crypto/ec/ec_ameth.c --- openssl-3.0.7/crypto/ec/ec_ameth.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/ec/ec_ameth.c 2023-02-07 14:43:33.000000000 +0100 @@ -513,8 +513,10 @@ if (pub_point != NULL) { /* convert pub_point to a octet string according to the SECG standard */ + point_conversion_form_t format = EC_KEY_get_conv_form(eckey); + if ((pub_key_buflen = EC_POINT_point2buf(ecg, pub_point, - POINT_CONVERSION_COMPRESSED, + format, &pub_key_buf, bnctx)) == 0 || !OSSL_PARAM_BLD_push_octet_string(tmpl, OSSL_PKEY_PARAM_PUB_KEY, diff -Nru openssl-3.0.7/crypto/err/openssl.txt openssl-3.0.8/crypto/err/openssl.txt --- openssl-3.0.7/crypto/err/openssl.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/err/openssl.txt 2023-02-07 14:43:33.000000000 +0100 @@ -235,7 +235,9 @@ CMP_R_MISSING_PRIVATE_KEY:131:missing private key CMP_R_MISSING_PROTECTION:143:missing protection CMP_R_MISSING_REFERENCE_CERT:168:missing reference cert +CMP_R_MISSING_SECRET:178:missing secret CMP_R_MISSING_SENDER_IDENTIFICATION:111:missing sender identification +CMP_R_MISSING_TRUST_ANCHOR:179:missing trust anchor CMP_R_MISSING_TRUST_STORE:144:missing trust store CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED:161:multiple requests not supported CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED:170:multiple responses not supported @@ -361,6 +363,8 @@ CMS_R_UNKNOWN_DIGEST_ALGORITHM:149:unknown digest algorithm CMS_R_UNKNOWN_ID:150:unknown id CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM:151:unsupported compression algorithm +CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM:194:\ + unsupported content encryption algorithm CMS_R_UNSUPPORTED_CONTENT_TYPE:152:unsupported content type CMS_R_UNSUPPORTED_ENCRYPTION_TYPE:192:unsupported encryption type CMS_R_UNSUPPORTED_KEK_ALGORITHM:153:unsupported kek algorithm @@ -1365,6 +1369,8 @@ SSL_R_INVALID_SRP_USERNAME:357:invalid srp username SSL_R_INVALID_STATUS_RESPONSE:328:invalid status response SSL_R_INVALID_TICKET_KEYS_LENGTH:325:invalid ticket keys length +SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED:333:\ + legacy sigalg disallowed or unsupported SSL_R_LENGTH_MISMATCH:159:length mismatch SSL_R_LENGTH_TOO_LONG:404:length too long SSL_R_LENGTH_TOO_SHORT:160:length too short diff -Nru openssl-3.0.7/crypto/err/README.md openssl-3.0.8/crypto/err/README.md --- openssl-3.0.7/crypto/err/README.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/err/README.md 2023-02-07 14:43:33.000000000 +0100 @@ -42,3 +42,14 @@ files `stdio.h`, `openssl/err.h` and `openssl/xxx.h` so the header file must load any additional header files containing any definitions it uses. + +Adding new error codes +====================== + +Instead of manually adding error codes into `crypto/err/openssl.txt`, +it is recommended to leverage `make update` for error code generation. +The target will process relevant sources and generate error codes for +any *used* error codes. + +If an error code is added manually into `crypto/err/openssl.txt`, +subsequent `make update` has no effect. diff -Nru openssl-3.0.7/crypto/evp/bio_enc.c openssl-3.0.8/crypto/evp/bio_enc.c --- openssl-3.0.7/crypto/evp/bio_enc.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/evp/bio_enc.c 2023-02-07 14:43:33.000000000 +0100 @@ -299,6 +299,7 @@ int i; EVP_CIPHER_CTX **c_ctx; BIO *next; + int pend; ctx = BIO_get_data(b); next = BIO_next(b); @@ -334,8 +335,14 @@ /* do a final write */ again: while (ctx->buf_len != ctx->buf_off) { + pend = ctx->buf_len - ctx->buf_off; i = enc_write(b, NULL, 0); - if (i < 0) + /* + * i should never be > 0 here because we didn't ask to write any + * new data. We stop if we get an error or we failed to make any + * progress writing pending data. + */ + if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend) return i; } diff -Nru openssl-3.0.7/crypto/evp/evp_lib.c openssl-3.0.8/crypto/evp/evp_lib.c --- openssl-3.0.7/crypto/evp/evp_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/evp/evp_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -209,7 +209,7 @@ break; default: - ret = EVP_CIPHER_get_asn1_iv(c, type); + ret = EVP_CIPHER_get_asn1_iv(c, type) >= 0 ? 1 : -1; } } else if (cipher->prov != NULL) { OSSL_PARAM params[3], *p = params; @@ -602,7 +602,7 @@ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_UPDATED_IV, buf, len); - return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); + return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0; } int EVP_CIPHER_CTX_get_original_iv(EVP_CIPHER_CTX *ctx, void *buf, size_t len) @@ -611,7 +611,7 @@ params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, buf, len); - return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params); + return evp_do_ciph_ctx_getparams(ctx->cipher, ctx->algctx, params) > 0; } unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx) @@ -1201,7 +1201,8 @@ } else if (OPENSSL_strcasecmp(type, "ED25519") != 0 && OPENSSL_strcasecmp(type, "X25519") != 0 && OPENSSL_strcasecmp(type, "ED448") != 0 - && OPENSSL_strcasecmp(type, "X448") != 0) { + && OPENSSL_strcasecmp(type, "X448") != 0 + && OPENSSL_strcasecmp(type, "SM2") != 0) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); goto end; } diff -Nru openssl-3.0.7/crypto/evp/keymgmt_lib.c openssl-3.0.8/crypto/evp/keymgmt_lib.c --- openssl-3.0.7/crypto/evp/keymgmt_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/evp/keymgmt_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -93,7 +93,8 @@ export_cb, export_cbarg); } -void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt) +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int selection) { struct evp_keymgmt_util_try_import_data_st import_data; OP_CACHE_ELEM *op; @@ -127,7 +128,7 @@ */ if (pk->dirty_cnt == pk->dirty_cnt_copy) { /* If this key is already exported to |keymgmt|, no more to do */ - op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); + op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); if (op != NULL && op->keymgmt != NULL) { void *ret = op->keydata; @@ -157,13 +158,13 @@ /* Setup for the export callback */ import_data.keydata = NULL; /* evp_keymgmt_util_try_import will create it */ import_data.keymgmt = keymgmt; - import_data.selection = OSSL_KEYMGMT_SELECT_ALL; + import_data.selection = selection; /* * The export function calls the callback (evp_keymgmt_util_try_import), * which does the import for us. If successful, we're done. */ - if (!evp_keymgmt_util_export(pk, OSSL_KEYMGMT_SELECT_ALL, + if (!evp_keymgmt_util_export(pk, selection, &evp_keymgmt_util_try_import, &import_data)) /* If there was an error, bail out */ return NULL; @@ -173,7 +174,7 @@ return NULL; } /* Check to make sure some other thread didn't get there first */ - op = evp_keymgmt_util_find_operation_cache(pk, keymgmt); + op = evp_keymgmt_util_find_operation_cache(pk, keymgmt, selection); if (op != NULL && op->keydata != NULL) { void *ret = op->keydata; @@ -196,7 +197,8 @@ evp_keymgmt_util_clear_operation_cache(pk, 0); /* Add the new export to the operation cache */ - if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata)) { + if (!evp_keymgmt_util_cache_keydata(pk, keymgmt, import_data.keydata, + selection)) { CRYPTO_THREAD_unlock(pk->lock); evp_keymgmt_freedata(keymgmt, import_data.keydata); return NULL; @@ -232,7 +234,8 @@ } OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt) + EVP_KEYMGMT *keymgmt, + int selection) { int i, end = sk_OP_CACHE_ELEM_num(pk->operation_cache); OP_CACHE_ELEM *p; @@ -243,14 +246,14 @@ */ for (i = 0; i < end; i++) { p = sk_OP_CACHE_ELEM_value(pk->operation_cache, i); - if (keymgmt == p->keymgmt) + if (keymgmt == p->keymgmt && (p->selection & selection) == selection) return p; } return NULL; } -int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, void *keydata) +int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + void *keydata, int selection) { OP_CACHE_ELEM *p = NULL; @@ -266,6 +269,7 @@ return 0; p->keydata = keydata; p->keymgmt = keymgmt; + p->selection = selection; if (!EVP_KEYMGMT_up_ref(keymgmt)) { OPENSSL_free(p); @@ -391,7 +395,8 @@ ok = 1; if (keydata1 != NULL) { tmp_keydata = - evp_keymgmt_util_export_to_provider(pk1, keymgmt2); + evp_keymgmt_util_export_to_provider(pk1, keymgmt2, + selection); ok = (tmp_keydata != NULL); } if (ok) { @@ -411,7 +416,8 @@ ok = 1; if (keydata2 != NULL) { tmp_keydata = - evp_keymgmt_util_export_to_provider(pk2, keymgmt1); + evp_keymgmt_util_export_to_provider(pk2, keymgmt1, + selection); ok = (tmp_keydata != NULL); } if (ok) { diff -Nru openssl-3.0.7/crypto/evp/p5_crpt2.c openssl-3.0.8/crypto/evp/p5_crpt2.c --- openssl-3.0.7/crypto/evp/p5_crpt2.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/evp/p5_crpt2.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -159,7 +159,7 @@ /* Fixup cipher based on AlgorithmIdentifier */ if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de)) goto err; - if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { + if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) <= 0) { ERR_raise(ERR_LIB_EVP, EVP_R_CIPHER_PARAMETER_ERROR); goto err; } diff -Nru openssl-3.0.7/crypto/evp/p_lib.c openssl-3.0.8/crypto/evp/p_lib.c --- openssl-3.0.7/crypto/evp/p_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/evp/p_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -1824,6 +1824,7 @@ { EVP_KEYMGMT *allocated_keymgmt = NULL; EVP_KEYMGMT *tmp_keymgmt = NULL; + int selection = OSSL_KEYMGMT_SELECT_ALL; void *keydata = NULL; int check; @@ -1885,7 +1886,8 @@ if (pk->ameth->dirty_cnt(pk) == pk->dirty_cnt_copy) { if (!CRYPTO_THREAD_read_lock(pk->lock)) goto end; - op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); + op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, + selection); /* * If |tmp_keymgmt| is present in the operation cache, it means @@ -1940,7 +1942,7 @@ EVP_KEYMGMT_free(tmp_keymgmt); /* refcnt-- */ /* Check to make sure some other thread didn't get there first */ - op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt); + op = evp_keymgmt_util_find_operation_cache(pk, tmp_keymgmt, selection); if (op != NULL && op->keymgmt != NULL) { void *tmp_keydata = op->keydata; @@ -1951,7 +1953,8 @@ } /* Add the new export to the operation cache */ - if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata)) { + if (!evp_keymgmt_util_cache_keydata(pk, tmp_keymgmt, keydata, + selection)) { CRYPTO_THREAD_unlock(pk->lock); evp_keymgmt_freedata(tmp_keymgmt, keydata); keydata = NULL; @@ -1966,7 +1969,7 @@ } #endif /* FIPS_MODULE */ - keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt); + keydata = evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, selection); end: /* diff -Nru openssl-3.0.7/crypto/ffc/ffc_key_validate.c openssl-3.0.8/crypto/ffc/ffc_key_validate.c --- openssl-3.0.7/crypto/ffc/ffc_key_validate.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/ffc/ffc_key_validate.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -24,6 +24,11 @@ BN_CTX *ctx = NULL; *ret = 0; + if (params == NULL || pub_key == NULL || params->p == NULL) { + *ret = FFC_ERROR_PASSED_NULL_PARAM; + return 0; + } + ctx = BN_CTX_new_ex(NULL); if (ctx == NULL) goto err; @@ -107,6 +112,10 @@ *ret = 0; + if (priv == NULL || upper == NULL) { + *ret = FFC_ERROR_PASSED_NULL_PARAM; + goto err; + } if (BN_cmp(priv, BN_value_one()) < 0) { *ret |= FFC_ERROR_PRIVKEY_TOO_SMALL; goto err; diff -Nru openssl-3.0.7/crypto/ffc/ffc_params_generate.c openssl-3.0.8/crypto/ffc/ffc_params_generate.c --- openssl-3.0.7/crypto/ffc/ffc_params_generate.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/ffc/ffc_params_generate.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -329,7 +329,7 @@ /* A.1.1.2 Step (5) : generate seed with size seed_len */ if (generate_seed - && RAND_bytes_ex(libctx, seed, seedlen, 0) < 0) + && RAND_bytes_ex(libctx, seed, seedlen, 0) <= 0) goto err; /* * A.1.1.2 Step (6) AND diff -Nru openssl-3.0.7/crypto/idea/build.info openssl-3.0.8/crypto/idea/build.info --- openssl-3.0.7/crypto/idea/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/idea/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -5,6 +5,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # idea functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/info.c openssl-3.0.8/crypto/info.c --- openssl-3.0.7/crypto/info.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/info.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -45,10 +45,10 @@ BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str), CPUINFO_PREFIX "OPENSSL_ia32cap=0x%llx:0x%llx", - (long long)OPENSSL_ia32cap_P[0] | - (long long)OPENSSL_ia32cap_P[1] << 32, - (long long)OPENSSL_ia32cap_P[2] | - (long long)OPENSSL_ia32cap_P[3] << 32); + (unsigned long long)OPENSSL_ia32cap_P[0] | + (unsigned long long)OPENSSL_ia32cap_P[1] << 32, + (unsigned long long)OPENSSL_ia32cap_P[2] | + (unsigned long long)OPENSSL_ia32cap_P[3] << 32); if ((env = getenv("OPENSSL_ia32cap")) != NULL) BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str), sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str), @@ -131,8 +131,8 @@ #ifdef OPENSSL_RAND_SEED_NONE add_seeds_string("none"); #endif -#ifdef OPENSSL_RAND_SEED_RTDSC - add_seeds_string("stdsc"); +#ifdef OPENSSL_RAND_SEED_RDTSC + add_seeds_string("rdtsc"); #endif #ifdef OPENSSL_RAND_SEED_RDCPU add_seeds_string("rdrand ( rdseed rdrand )"); diff -Nru openssl-3.0.7/crypto/md2/build.info openssl-3.0.8/crypto/md2/build.info --- openssl-3.0.7/crypto/md2/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/md2/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -4,6 +4,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # MD2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=md2_dgst.c md2_one.c ENDIF diff -Nru openssl-3.0.7/crypto/md4/build.info openssl-3.0.8/crypto/md4/build.info --- openssl-3.0.7/crypto/md4/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/md4/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -4,6 +4,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # MD4 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=md4_dgst.c md4_one.c ENDIF diff -Nru openssl-3.0.7/crypto/md5/build.info openssl-3.0.8/crypto/md5/build.info --- openssl-3.0.7/crypto/md5/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/md5/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -23,7 +23,7 @@ # default provider. A no-deprecated build removes the external definition from # libcrypto and this means that the code needs to be in liblegacy. However, # when building without 'dso', liblegacy is included in libcrypto. -IF[{- !$disabled{dso} -}] +IF[{- !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$COMMON ENDIF diff -Nru openssl-3.0.7/crypto/mdc2/build.info openssl-3.0.8/crypto/mdc2/build.info --- openssl-3.0.7/crypto/mdc2/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/mdc2/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -4,6 +4,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # MDC2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=mdc2dgst.c mdc2_one.c ENDIF diff -Nru openssl-3.0.7/crypto/mem_sec.c openssl-3.0.8/crypto/mem_sec.c --- openssl-3.0.7/crypto/mem_sec.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/mem_sec.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2004-2014, Akamai Technologies. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -23,8 +23,8 @@ #ifndef OPENSSL_NO_SECURE_MEMORY # if defined(_WIN32) # include -# if defined(WINAPI_FAMILY_PARTITION) \ - && !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) +# if defined(WINAPI_FAMILY_PARTITION) +# if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP | WINAPI_PARTITION_SYSTEM) /* * While VirtualLock is available under the app partition (e.g. UWP), * the headers do not define the API. Define it ourselves instead. @@ -36,6 +36,7 @@ _In_ LPVOID lpAddress, _In_ SIZE_T dwSize ); +# endif # endif # endif # include diff -Nru openssl-3.0.7/crypto/ocsp/ocsp_ext.c openssl-3.0.8/crypto/ocsp/ocsp_ext.c --- openssl-3.0.7/crypto/ocsp/ocsp_ext.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/ocsp/ocsp_ext.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -268,8 +268,8 @@ memcpy(tmpval, val, len); else if (RAND_bytes(tmpval, len) <= 0) goto err; - if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, - &os, 0, X509V3_ADD_REPLACE)) + if (X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, + &os, 0, X509V3_ADD_REPLACE) <= 0) goto err; ret = 1; err: diff -Nru openssl-3.0.7/crypto/param_build.c openssl-3.0.8/crypto/param_build.c --- openssl-3.0.7/crypto/param_build.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/param_build.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -221,6 +221,10 @@ } if (BN_get_flags(bn, BN_FLG_SECURE) == BN_FLG_SECURE) secure = 1; + + /* The BIGNUM is zero, we must transfer at least one byte */ + if (sz == 0) + sz++; } pd = param_push(bld, key, sz, sz, OSSL_PARAM_UNSIGNED_INTEGER, secure); if (pd == NULL) diff -Nru openssl-3.0.7/crypto/params.c openssl-3.0.8/crypto/params.c --- openssl-3.0.7/crypto/params.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/params.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -932,6 +932,10 @@ return 0; bytes = (size_t)BN_num_bytes(val); + /* We make sure that at least one byte is used, so zero is properly set */ + if (bytes == 0) + bytes++; + p->return_size = bytes; if (p->data == NULL) return 1; diff -Nru openssl-3.0.7/crypto/pem/pem_lib.c openssl-3.0.8/crypto/pem/pem_lib.c --- openssl-3.0.7/crypto/pem/pem_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/pem/pem_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -989,7 +989,9 @@ out_free: pem_free(*header, flags, 0); + *header = NULL; pem_free(*data, flags, 0); + *data = NULL; end: EVP_ENCODE_CTX_free(ctx); pem_free(name, flags, 0); diff -Nru openssl-3.0.7/crypto/pem/pem_pkey.c openssl-3.0.8/crypto/pem/pem_pkey.c --- openssl-3.0.7/crypto/pem/pem_pkey.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/pem/pem_pkey.c 2023-02-07 14:43:33.000000000 +0100 @@ -75,6 +75,10 @@ } ERR_pop_to_mark(); + /* if we were asked for private key, the public key is optional */ + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) + selection = selection & ~OSSL_KEYMGMT_SELECT_PUBLIC_KEY; + if (!evp_keymgmt_util_has(pkey, selection)) { EVP_PKEY_free(pkey); pkey = NULL; @@ -106,7 +110,7 @@ EVP_PKEY *ret = NULL; ERR_set_mark(); /* not interested in PEM read errors */ - if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) { + if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u)) { @@ -116,7 +120,7 @@ } else { const char *pem_string = PEM_STRING_PARAMETERS; - if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) pem_string = PEM_STRING_PUBLIC; if (!PEM_bytes_read_bio(&data, &len, &nm, pem_string, @@ -174,9 +178,13 @@ goto p8err; ret = ossl_d2i_PrivateKey_legacy(ameth->pkey_id, x, &p, len, libctx, propq); - } else if (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) { + } else if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) == 0 + && (selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { + /* Trying legacy PUBKEY decoding only if we do not want private key. */ ret = ossl_d2i_PUBKEY_legacy(x, &p, len); - } else if ((slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { + } else if ((selection & EVP_PKEY_KEYPAIR) == 0 + && (slen = ossl_pem_check_suffix(nm, "PARAMETERS")) > 0) { + /* Trying legacy params decoding only if we do not want a key. */ ret = EVP_PKEY_new(); if (ret == NULL) goto err; @@ -294,6 +302,7 @@ OSSL_LIB_CTX *libctx, const char *propq) { return pem_read_bio_key(bp, x, cb, u, libctx, propq, + /* we also want the public key, if available */ EVP_PKEY_KEYPAIR); } @@ -311,7 +320,7 @@ IMPLEMENT_PEM_provided_write_body_main(pkey, bio); legacy: - if (x->ameth == NULL || x->ameth->priv_encode != NULL) + if (x != NULL && (x->ameth == NULL || x->ameth->priv_encode != NULL)) return PEM_write_bio_PKCS8PrivateKey(out, x, enc, (const char *)kstr, klen, cb, u); return PEM_write_bio_PrivateKey_traditional(out, x, enc, kstr, klen, cb, u); @@ -336,6 +345,9 @@ EVP_PKEY *copy = NULL; int ret; + if (x == NULL) + return 0; + if (evp_pkey_is_assigned(x) && evp_pkey_is_provided(x) && evp_pkey_copy_downgraded(©, x)) @@ -343,6 +355,7 @@ if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) { ERR_raise(ERR_LIB_PEM, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + EVP_PKEY_free(copy); return 0; } BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str); diff -Nru openssl-3.0.7/crypto/pkcs7/pk7_doit.c openssl-3.0.8/crypto/pkcs7/pk7_doit.c --- openssl-3.0.7/crypto/pkcs7/pk7_doit.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/pkcs7/pk7_doit.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -84,7 +84,11 @@ } (void)ERR_pop_to_mark(); - BIO_set_md(btmp, md); + if (BIO_set_md(btmp, md) <= 0) { + ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); + EVP_MD_free(fetched); + goto err; + } EVP_MD_free(fetched); if (*pbio == NULL) *pbio = btmp; @@ -330,7 +334,7 @@ if (xalg->parameter == NULL) goto err; } - if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) + if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) goto err; } @@ -522,7 +526,11 @@ } (void)ERR_pop_to_mark(); - BIO_set_md(btmp, md); + if (BIO_set_md(btmp, md) <= 0) { + EVP_MD_free(evp_md); + ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); + goto err; + } EVP_MD_free(evp_md); if (out == NULL) out = btmp; @@ -588,7 +596,7 @@ BIO_get_cipher_ctx(etmp, &evp_ctx); if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0) goto err; - if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) + if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0) goto err; /* Generate random key as MMA defence */ len = EVP_CIPHER_CTX_get_key_length(evp_ctx); diff -Nru openssl-3.0.7/crypto/pkcs7/pk7_lib.c openssl-3.0.8/crypto/pkcs7/pk7_lib.c --- openssl-3.0.7/crypto/pkcs7/pk7_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/pkcs7/pk7_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -414,6 +414,8 @@ static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7) { + if (p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signed(p7)) return p7->d.sign->cert; if (PKCS7_type_is_signedAndEnveloped(p7)) @@ -423,6 +425,8 @@ static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7) { + if (p7->d.ptr == NULL) + return NULL; if (PKCS7_type_is_signedAndEnveloped(p7)) return p7->d.signed_and_enveloped->recipientinfo; if (PKCS7_type_is_enveloped(p7)) @@ -440,13 +444,17 @@ const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); - STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7); - STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7); - STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7); + STACK_OF(PKCS7_RECIP_INFO) *rinfos; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + STACK_OF(X509) *certs; - if (ctx == NULL) + if (ctx == NULL || p7->d.ptr == NULL) return; + rinfos = pkcs7_get_recipient_info(p7); + sinfos = PKCS7_get_signer_info(p7); + certs = pkcs7_get_signer_certs(p7); + for (i = 0; i < sk_X509_num(certs); i++) ossl_x509_set0_libctx(sk_X509_value(certs, i), libctx, propq); diff -Nru openssl-3.0.7/crypto/property/defn_cache.c openssl-3.0.8/crypto/property/defn_cache.c --- openssl-3.0.7/crypto/property/defn_cache.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/property/defn_cache.c 2023-02-07 14:43:33.000000000 +0100 @@ -82,16 +82,18 @@ elem.prop = prop; r = lh_PROPERTY_DEFN_ELEM_retrieve(property_defns, &elem); ossl_lib_ctx_unlock(ctx); - return r != NULL ? r->defn : NULL; + if (r == NULL || !ossl_assert(r->defn != NULL)) + return NULL; + return r->defn; } /* - * Cache the property list for a given property string. Callers of this function - * should call ossl_prop_defn_get first to ensure that there is no existing - * cache entry for this property string. + * Cache the property list for a given property string *pl. + * If an entry already exists in the cache *pl is freed and + * overwritten with the existing entry from the cache. */ int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST *pl) + OSSL_PROPERTY_LIST **pl) { PROPERTY_DEFN_ELEM elem, *old, *p = NULL; size_t len; @@ -109,28 +111,27 @@ if (!ossl_lib_ctx_write_lock(ctx)) return 0; + elem.prop = prop; if (pl == NULL) { - elem.prop = prop; lh_PROPERTY_DEFN_ELEM_delete(property_defns, &elem); goto end; } + /* check if property definition is in the cache already */ + if ((p = lh_PROPERTY_DEFN_ELEM_retrieve(property_defns, &elem)) != NULL) { + ossl_property_free(*pl); + *pl = p->defn; + goto end; + } len = strlen(prop); p = OPENSSL_malloc(sizeof(*p) + len); if (p != NULL) { p->prop = p->body; - p->defn = pl; + p->defn = *pl; memcpy(p->body, prop, len + 1); old = lh_PROPERTY_DEFN_ELEM_insert(property_defns, p); - if (!ossl_assert(old == NULL)) { - /* - * This should not happen. Any caller of ossl_prop_defn_set should - * have called ossl_prop_defn_get first - so we should know that - * there is no existing entry. If we get here we have a bug. We - * deliberately leak the |old| reference in order to avoid a crash - * if there are any existing users of it. - */ + if (!ossl_assert(old == NULL)) + /* This should not happen. An existing entry is handled above. */ goto end; - } if (!lh_PROPERTY_DEFN_ELEM_error(property_defns)) goto end; } diff -Nru openssl-3.0.7/crypto/property/properties.ebnf openssl-3.0.8/crypto/property/properties.ebnf --- openssl-3.0.7/crypto/property/properties.ebnf 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/property/properties.ebnf 1970-01-01 01:00:00.000000000 +0100 @@ -1,18 +0,0 @@ -(* https://bottlecaps.de/rr/ui *) - -Definition - ::= PropertyName ( '=' Value )? ( ',' PropertyName ( '=' Value )? )* -Query ::= PropertyQuery ( ',' PropertyQuery )* -PropertyQuery ::= '-' PropertyName - | '?'? ( PropertyName (( '=' | '!=' ) Value)?) -Value ::= NumberLiteral - | StringLiteral -StringLiteral ::= QuotedString | UnquotedString -QuotedString ::= '"' [^"]* '"' - | "'" [^']* "'" -UnquotedString ::= [^{space},]+ -NumberLiteral - ::= '0' ( [0-7]* | 'x' [0-9A-Fa-f]+ ) - | '-'? [1-9] [0-9]+ -PropertyName - ::= [A-Z] [A-Z0-9_]* ( '.' [A-Z] [A-Z0-9_]* )* diff -Nru openssl-3.0.7/crypto/property/property.c openssl-3.0.8/crypto/property/property.c --- openssl-3.0.7/crypto/property/property.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/property/property.c 2023-02-07 14:43:33.000000000 +0100 @@ -335,7 +335,7 @@ impl->properties = ossl_parse_property(store->ctx, properties); if (impl->properties == NULL) goto err; - if (!ossl_prop_defn_set(store->ctx, properties, impl->properties)) { + if (!ossl_prop_defn_set(store->ctx, properties, &impl->properties)) { ossl_property_free(impl->properties); impl->properties = NULL; goto err; diff -Nru openssl-3.0.7/crypto/property/property_local.h openssl-3.0.8/crypto/property/property_local.h --- openssl-3.0.7/crypto/property/property_local.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/property/property_local.h 2023-02-07 14:43:33.000000000 +0100 @@ -52,4 +52,4 @@ /* Property definition cache functions */ OSSL_PROPERTY_LIST *ossl_prop_defn_get(OSSL_LIB_CTX *ctx, const char *prop); int ossl_prop_defn_set(OSSL_LIB_CTX *ctx, const char *prop, - OSSL_PROPERTY_LIST *pl); + OSSL_PROPERTY_LIST **pl); diff -Nru openssl-3.0.7/crypto/provider_child.c openssl-3.0.8/crypto/provider_child.c --- openssl-3.0.7/crypto/provider_child.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/provider_child.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -142,8 +142,10 @@ 1)) == NULL) goto err; - if (!ossl_provider_activate(cprov, 0, 0)) + if (!ossl_provider_activate(cprov, 0, 0)) { + ossl_provider_free(cprov); goto err; + } if (!ossl_provider_set_child(cprov, prov) || !ossl_provider_add_to_store(cprov, NULL, 0)) { diff -Nru openssl-3.0.7/crypto/rand/rand_lib.c openssl-3.0.8/crypto/rand/rand_lib.c --- openssl-3.0.7/crypto/rand/rand_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rand/rand_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -96,6 +96,7 @@ CRYPTO_THREAD_lock_free(rand_meth_lock); rand_meth_lock = NULL; # endif + ossl_release_default_drbg_ctx(); rand_inited = 0; } @@ -469,7 +470,7 @@ return NULL; } -static void rand_ossl_ctx_free(void *vdgbl) +void ossl_rand_ctx_free(void *vdgbl) { RAND_GLOBAL *dgbl = vdgbl; @@ -494,7 +495,7 @@ static const OSSL_LIB_CTX_METHOD rand_drbg_ossl_ctx_method = { OSSL_LIB_CTX_METHOD_PRIORITY_2, rand_ossl_ctx_new, - rand_ossl_ctx_free, + ossl_rand_ctx_free, }; static RAND_GLOBAL *rand_get_global(OSSL_LIB_CTX *libctx) diff -Nru openssl-3.0.7/crypto/rc2/build.info openssl-3.0.8/crypto/rc2/build.info --- openssl-3.0.7/crypto/rc2/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rc2/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -6,6 +6,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # rc2 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/rc4/build.info openssl-3.0.8/crypto/rc4/build.info --- openssl-3.0.7/crypto/rc4/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rc4/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -21,7 +21,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # rc4 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$RC4ASM ENDIF diff -Nru openssl-3.0.7/crypto/rc5/build.info openssl-3.0.8/crypto/rc5/build.info --- openssl-3.0.7/crypto/rc5/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rc5/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -18,7 +18,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # rc5 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/ripemd/build.info openssl-3.0.8/crypto/ripemd/build.info --- openssl-3.0.7/crypto/ripemd/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/ripemd/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -20,7 +20,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # RIPEMD160 functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} && !$disabled{'module'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=rmd_dgst.c rmd_one.c $RMD160ASM DEFINE[../../providers/liblegacy.a]=$RMD160DEF ENDIF diff -Nru openssl-3.0.7/crypto/rsa/rsa_ameth.c openssl-3.0.8/crypto/rsa/rsa_ameth.c --- openssl-3.0.7/crypto/rsa/rsa_ameth.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rsa/rsa_ameth.c 2023-02-07 14:43:33.000000000 +0100 @@ -637,22 +637,30 @@ if (pad_mode == RSA_PKCS1_PADDING) return 2; if (pad_mode == RSA_PKCS1_PSS_PADDING) { - ASN1_STRING *os1 = NULL; - os1 = ossl_rsa_ctx_to_pss_string(pkctx); - if (!os1) + unsigned char aid[128]; + size_t aid_len = 0; + OSSL_PARAM params[2]; + + params[0] = OSSL_PARAM_construct_octet_string( + OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid)); + params[1] = OSSL_PARAM_construct_end(); + + if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0) return 0; - /* Duplicate parameters if we have to */ - if (alg2) { - ASN1_STRING *os2 = ASN1_STRING_dup(os1); - if (!os2) { - ASN1_STRING_free(os1); + if ((aid_len = params[0].return_size) == 0) + return 0; + + if (alg1 != NULL) { + const unsigned char *pp = aid; + if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL) + return 0; + } + if (alg2 != NULL) { + const unsigned char *pp = aid; + if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL) return 0; - } - X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os2); } - X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS), - V_ASN1_SEQUENCE, os1); + return 3; } return 2; diff -Nru openssl-3.0.7/crypto/rsa/rsa_mp.c openssl-3.0.8/crypto/rsa/rsa_mp.c --- openssl-3.0.7/crypto/rsa/rsa_mp.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rsa/rsa_mp.c 2023-02-07 14:43:33.000000000 +0100 @@ -21,7 +21,7 @@ void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo) { - /* free a RSA_PRIME_INFO structure */ + /* free an RSA_PRIME_INFO structure */ BN_clear_free(pinfo->r); BN_clear_free(pinfo->d); BN_clear_free(pinfo->t); @@ -32,7 +32,7 @@ { RSA_PRIME_INFO *pinfo; - /* create a RSA_PRIME_INFO structure */ + /* create an RSA_PRIME_INFO structure */ if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) { ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); return NULL; diff -Nru openssl-3.0.7/crypto/rsa/rsa_ossl.c openssl-3.0.8/crypto/rsa/rsa_ossl.c --- openssl-3.0.7/crypto/rsa/rsa_ossl.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rsa/rsa_ossl.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -469,13 +469,20 @@ BN_free(d); } - if (blinding) - if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) + if (blinding) { + /* + * ossl_bn_rsa_do_unblind() combines blinding inversion and + * 0-padded BN BE serialization + */ + j = ossl_bn_rsa_do_unblind(ret, blinding, unblind, rsa->n, ctx, + buf, num); + if (j == 0) goto err; - - j = BN_bn2binpad(ret, buf, num); - if (j < 0) - goto err; + } else { + j = BN_bn2binpad(ret, buf, num); + if (j < 0) + goto err; + } switch (padding) { case RSA_PKCS1_PADDING: diff -Nru openssl-3.0.7/crypto/rsa/rsa_sign.c openssl-3.0.8/crypto/rsa/rsa_sign.c --- openssl-3.0.7/crypto/rsa/rsa_sign.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/rsa/rsa_sign.c 2023-02-07 14:43:33.000000000 +0100 @@ -280,7 +280,7 @@ #ifndef FIPS_MODULE if (rsa->meth->rsa_sign != NULL) - return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa); + return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa) > 0; #endif /* FIPS_MODULE */ /* Compute the encoded digest. */ diff -Nru openssl-3.0.7/crypto/seed/build.info openssl-3.0.8/crypto/seed/build.info --- openssl-3.0.7/crypto/seed/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/seed/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -5,6 +5,6 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # seed functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=$ALL ENDIF diff -Nru openssl-3.0.7/crypto/sha/asm/sha512-ia64.pl openssl-3.0.8/crypto/sha/asm/sha512-ia64.pl --- openssl-3.0.7/crypto/sha/asm/sha512-ia64.pl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/sha/asm/sha512-ia64.pl 2023-02-07 14:43:33.000000000 +0100 @@ -78,7 +78,7 @@ # $output is the last argument if it looks like a file (it has an extension) $output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef; -if ($output =~ /512.*\.[s|asm]/) { +if ($output =~ /512.*\.[s|asm]/i) { $SZ=8; $BITS=8*$SZ; $LDW="ld8"; @@ -92,7 +92,7 @@ @sigma0=(1, 8, 7); @sigma1=(19,61, 6); $rounds=80; -} elsif ($output =~ /256.*\.[s|asm]/) { +} elsif ($output =~ /256.*\.[s|asm]/i) { $SZ=4; $BITS=8*$SZ; $LDW="ld4"; diff -Nru openssl-3.0.7/crypto/trace.c openssl-3.0.8/crypto/trace.c --- openssl-3.0.7/crypto/trace.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/trace.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -118,17 +118,16 @@ }; #define TRACE_CATEGORY_(name) { #name, OSSL_TRACE_CATEGORY_##name } -static const struct trace_category_st trace_categories[] = { +static const struct trace_category_st + trace_categories[OSSL_TRACE_CATEGORY_NUM] = { TRACE_CATEGORY_(ALL), TRACE_CATEGORY_(TRACE), TRACE_CATEGORY_(INIT), TRACE_CATEGORY_(TLS), TRACE_CATEGORY_(TLS_CIPHER), TRACE_CATEGORY_(CONF), -#ifndef OPENSSL_NO_ENGINE TRACE_CATEGORY_(ENGINE_TABLE), TRACE_CATEGORY_(ENGINE_REF_COUNT), -#endif TRACE_CATEGORY_(PKCS5V2), TRACE_CATEGORY_(PKCS12_KEYGEN), TRACE_CATEGORY_(PKCS12_DECRYPT), @@ -143,21 +142,29 @@ const char *OSSL_trace_get_category_name(int num) { - size_t i; - - for (i = 0; i < OSSL_NELEM(trace_categories); i++) - if (trace_categories[i].num == num) - return trace_categories[i].name; - return NULL; /* not found */ + if (num < 0 || (size_t)num >= OSSL_NELEM(trace_categories)) + return NULL; + /* + * Partial check that OSSL_TRACE_CATEGORY_... macros + * are synced with trace_categories array + */ + if (!ossl_assert(trace_categories[num].name != NULL) + || !ossl_assert(trace_categories[num].num == num)) + return NULL; + return trace_categories[num].name; } int OSSL_trace_get_category_num(const char *name) { size_t i; + if (name == NULL) + return -1; + for (i = 0; i < OSSL_NELEM(trace_categories); i++) if (OPENSSL_strcasecmp(name, trace_categories[i].name) == 0) return trace_categories[i].num; + return -1; /* not found */ } @@ -280,11 +287,6 @@ } /* Before running callbacks are done, set new data where appropriate */ - if (channel != NULL && *channel != NULL) { - trace_channels[category].type = type; - trace_channels[category].bio = *channel; - } - if (prefix != NULL && *prefix != NULL) { if ((curr_prefix = OPENSSL_strdup(*prefix)) == NULL) return 0; @@ -297,6 +299,15 @@ trace_channels[category].suffix = curr_suffix; } + if (channel != NULL && *channel != NULL) { + trace_channels[category].type = type; + trace_channels[category].bio = *channel; + /* + * This must not be done before setting prefix/suffix, + * as those may fail, and then the caller is mislead to free *channel. + */ + } + /* Finally, run the attach callback on the new data */ if (channel != NULL && *channel != NULL) { attach_cb(category, CHANNEL, *channel); diff -Nru openssl-3.0.7/crypto/whrlpool/build.info openssl-3.0.8/crypto/whrlpool/build.info --- openssl-3.0.7/crypto/whrlpool/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/whrlpool/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -22,7 +22,7 @@ # When all deprecated symbols are removed, libcrypto doesn't export the # WHIRLPOOL functions, so we must include them directly in liblegacy.a -IF[{- $disabled{'deprecated-3.0'} -}] +IF[{- $disabled{'deprecated-3.0'} && !$disabled{module} && !$disabled{shared} -}] SOURCE[../../providers/liblegacy.a]=wp_dgst.c $WPASM DEFINE[../../providers/liblegacy.a]=$WPDEF ENDIF diff -Nru openssl-3.0.7/crypto/x509/by_dir.c openssl-3.0.8/crypto/x509/by_dir.c --- openssl-3.0.7/crypto/x509/by_dir.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/by_dir.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -353,9 +353,13 @@ tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j); X509_STORE_unlock(xl->store_ctx); - /* If a CRL, update the last file suffix added for this */ - - if (type == X509_LU_CRL) { + /* + * If a CRL, update the last file suffix added for this. + * We don't need to add an entry if k is 0 as this is the initial value. + * This avoids the need for a write lock and sort operation in the + * simple case where no CRL is present for a hash. + */ + if (type == X509_LU_CRL && k > 0) { if (!CRYPTO_THREAD_write_lock(ctx->lock)) goto finish; /* @@ -384,6 +388,12 @@ ok = 0; goto finish; } + + /* + * Ensure stack is sorted so that subsequent sk_BY_DIR_HASH_find + * will not mutate the stack and therefore require a write lock. + */ + sk_BY_DIR_HASH_sort(ent->hashes); } else if (hent->suffix < k) { hent->suffix = k; } diff -Nru openssl-3.0.7/crypto/x509/pcy_map.c openssl-3.0.8/crypto/x509/pcy_map.c --- openssl-3.0.7/crypto/x509/pcy_map.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/pcy_map.c 2023-02-07 14:43:33.000000000 +0100 @@ -73,10 +73,6 @@ ret = 1; bad_mapping: - if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { - x->ex_flags |= EXFLAG_INVALID_POLICY; - CRYPTO_THREAD_unlock(x->lock); - } sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); return ret; diff -Nru openssl-3.0.7/crypto/x509/v3_addr.c openssl-3.0.8/crypto/x509/v3_addr.c --- openssl-3.0.7/crypto/x509/v3_addr.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/v3_addr.c 2023-02-07 14:43:33.000000000 +0100 @@ -691,6 +691,14 @@ return cmp ? cmp : a->length - b->length; } +static int IPAddressFamily_check_len(const IPAddressFamily *f) +{ + if (f->addressFamily->length < 2 || f->addressFamily->length > 3) + return 0; + else + return 1; +} + /* * Check whether an IPAddrBLocks is in canonical form. */ @@ -713,6 +721,10 @@ for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) { const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i); const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1); + + if (!IPAddressFamily_check_len(a) || !IPAddressFamily_check_len(b)) + return 0; + if (IPAddressFamily_cmp(&a, &b) >= 0) return 0; } @@ -739,6 +751,9 @@ return 0; } + if (!IPAddressFamily_check_len(f)) + return 0; + /* * It's an IPAddressOrRanges sequence, check it. */ @@ -883,6 +898,10 @@ int i; for (i = 0; i < sk_IPAddressFamily_num(addr); i++) { IPAddressFamily *f = sk_IPAddressFamily_value(addr, i); + + if (!IPAddressFamily_check_len(f)) + return 0; + if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges && !IPAddressOrRanges_canonize(f->ipAddressChoice-> u.addressesOrRanges, @@ -1148,10 +1167,12 @@ for (i = 0; i < sk_IPAddressFamily_num(a); i++) { IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); int j = sk_IPAddressFamily_find(b, fa); - IPAddressFamily *fb; - fb = sk_IPAddressFamily_value(b, j); + IPAddressFamily *fb = sk_IPAddressFamily_value(b, j); + if (fb == NULL) return 0; + if (!IPAddressFamily_check_len(fa) || !IPAddressFamily_check_len(fb)) + return 0; if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, fa->ipAddressChoice->u.addressesOrRanges, length_from_afi(X509v3_addr_get_afi(fb)))) @@ -1163,19 +1184,19 @@ /* * Validation error handling via callback. */ -#define validation_err(_err_) \ - do { \ - if (ctx != NULL) { \ - ctx->error = _err_; \ - ctx->error_depth = i; \ - ctx->current_cert = x; \ - ret = ctx->verify_cb(0, ctx); \ - } else { \ - ret = 0; \ - } \ - if (!ret) \ - goto done; \ - } while (0) +# define validation_err(_err_) \ + do { \ + if (ctx != NULL) { \ + ctx->error = _err_; \ + ctx->error_depth = i; \ + ctx->current_cert = x; \ + rv = ctx->verify_cb(0, ctx); \ + } else { \ + rv = 0; \ + } \ + if (rv == 0) \ + goto done; \ + } while (0) /* * Core code for RFC 3779 2.3 path validation. @@ -1190,7 +1211,7 @@ IPAddrBlocks *ext) { IPAddrBlocks *child = NULL; - int i, j, ret = 1; + int i, j, ret = 0, rv; X509 *x; if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0) @@ -1213,7 +1234,7 @@ i = 0; x = sk_X509_value(chain, i); if ((ext = x->rfc3779_addr) == NULL) - goto done; + return 1; /* Return success */ } if (!X509v3_addr_is_canonical(ext)) validation_err(X509_V_ERR_INVALID_EXTENSION); @@ -1222,7 +1243,6 @@ ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); if (ctx != NULL) ctx->error = X509_V_ERR_OUT_OF_MEM; - ret = 0; goto done; } @@ -1237,6 +1257,10 @@ if (x->rfc3779_addr == NULL) { for (j = 0; j < sk_IPAddressFamily_num(child); j++) { IPAddressFamily *fc = sk_IPAddressFamily_value(child, j); + + if (!IPAddressFamily_check_len(fc)) + goto done; + if (fc->ipAddressChoice->type != IPAddressChoice_inherit) { validation_err(X509_V_ERR_UNNESTED_RESOURCE); break; @@ -1251,6 +1275,7 @@ int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc); IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k); + if (fp == NULL) { if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { @@ -1259,6 +1284,10 @@ } continue; } + + if (!IPAddressFamily_check_len(fc) || !IPAddressFamily_check_len(fp)) + goto done; + if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) { if (fc->ipAddressChoice->type == IPAddressChoice_inherit @@ -1277,14 +1306,17 @@ */ if (x->rfc3779_addr != NULL) { for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) { - IPAddressFamily *fp = - sk_IPAddressFamily_value(x->rfc3779_addr, j); + IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j); + + if (!IPAddressFamily_check_len(fp)) + goto done; + if (fp->ipAddressChoice->type == IPAddressChoice_inherit && sk_IPAddressFamily_find(child, fp) >= 0) validation_err(X509_V_ERR_UNNESTED_RESOURCE); } } - + ret = 1; done: sk_IPAddressFamily_free(child); return ret; diff -Nru openssl-3.0.7/crypto/x509/v3_admis.c openssl-3.0.8/crypto/x509/v3_admis.c --- openssl-3.0.7/crypto/x509/v3_admis.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/v3_admis.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,7 +199,7 @@ return 1; err: - return -1; + return 0; } const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n) diff -Nru openssl-3.0.7/crypto/x509/v3_genn.c openssl-3.0.8/crypto/x509/v3_genn.c --- openssl-3.0.7/crypto/x509/v3_genn.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/v3_genn.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,7 +98,7 @@ return -1; switch (a->type) { case GEN_X400: - result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); + result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address); break; case GEN_EDIPARTY: diff -Nru openssl-3.0.7/crypto/x509/v3_ncons.c openssl-3.0.8/crypto/x509/v3_ncons.c --- openssl-3.0.7/crypto/x509/v3_ncons.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/v3_ncons.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2003-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -31,7 +31,8 @@ static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip); static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc); -static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen); +static int nc_match_single(int effective_type, GENERAL_NAME *sub, + GENERAL_NAME *gen); static int nc_dn(const X509_NAME *sub, const X509_NAME *nm); static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns); static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml); @@ -472,14 +473,17 @@ { GENERAL_SUBTREE *sub; int i, r, match = 0; + int effective_type = gen->type; + /* * We need to compare not gen->type field but an "effective" type because * the otherName field may contain EAI email address treated specially * according to RFC 8398, section 6 */ - int effective_type = ((gen->type == GEN_OTHERNAME) && - (OBJ_obj2nid(gen->d.otherName->type_id) == - NID_id_on_SmtpUTF8Mailbox)) ? GEN_EMAIL : gen->type; + if (effective_type == GEN_OTHERNAME && + (OBJ_obj2nid(gen->d.otherName->type_id) == NID_id_on_SmtpUTF8Mailbox)) { + effective_type = GEN_EMAIL; + } /* * Permitted subtrees: if any subtrees exist of matching the type at @@ -488,7 +492,10 @@ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); - if (effective_type != sub->base->type) + if (effective_type != sub->base->type + || (effective_type == GEN_OTHERNAME && + OBJ_cmp(gen->d.otherName->type_id, + sub->base->d.otherName->type_id) != 0)) continue; if (!nc_minmax_valid(sub)) return X509_V_ERR_SUBTREE_MINMAX; @@ -497,7 +504,7 @@ continue; if (match == 0) match = 1; - r = nc_match_single(gen, sub->base); + r = nc_match_single(effective_type, gen, sub->base); if (r == X509_V_OK) match = 2; else if (r != X509_V_ERR_PERMITTED_VIOLATION) @@ -511,12 +518,15 @@ for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) { sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); - if (effective_type != sub->base->type) + if (effective_type != sub->base->type + || (effective_type == GEN_OTHERNAME && + OBJ_cmp(gen->d.otherName->type_id, + sub->base->d.otherName->type_id) != 0)) continue; if (!nc_minmax_valid(sub)) return X509_V_ERR_SUBTREE_MINMAX; - r = nc_match_single(gen, sub->base); + r = nc_match_single(effective_type, gen, sub->base); if (r == X509_V_OK) return X509_V_ERR_EXCLUDED_VIOLATION; else if (r != X509_V_ERR_PERMITTED_VIOLATION) @@ -528,15 +538,22 @@ } -static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base) +static int nc_match_single(int effective_type, GENERAL_NAME *gen, + GENERAL_NAME *base) { switch (gen->type) { case GEN_OTHERNAME: - /* - * We are here only when we have SmtpUTF8 name, - * so we match the value of othername with base->d.rfc822Name - */ - return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); + switch (effective_type) { + case GEN_EMAIL: + /* + * We are here only when we have SmtpUTF8 name, + * so we match the value of othername with base->d.rfc822Name + */ + return nc_email_eai(gen->d.otherName->value, base->d.rfc822Name); + + default: + return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE; + } case GEN_DIRNAME: return nc_dn(gen->d.directoryName, base->d.directoryName); diff -Nru openssl-3.0.7/crypto/x509/x509name.c openssl-3.0.8/crypto/x509/x509name.c --- openssl-3.0.7/crypto/x509/x509name.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/x509name.c 2023-02-07 14:43:33.000000000 +0100 @@ -49,9 +49,12 @@ int X509_NAME_entry_count(const X509_NAME *name) { + int ret; + if (name == NULL) return 0; - return sk_X509_NAME_ENTRY_num(name->entries); + ret = sk_X509_NAME_ENTRY_num(name->entries); + return ret > 0 ? ret : 0; } int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos) diff -Nru openssl-3.0.7/crypto/x509/x509_txt.c openssl-3.0.8/crypto/x509/x509_txt.c --- openssl-3.0.7/crypto/x509/x509_txt.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/x509_txt.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -74,7 +74,7 @@ case X509_V_ERR_PATH_LENGTH_EXCEEDED: return "path length constraint exceeded"; case X509_V_ERR_INVALID_PURPOSE: - return "unsupported certificate purpose"; + return "unsuitable certificate purpose"; case X509_V_ERR_CERT_UNTRUSTED: return "certificate not trusted"; case X509_V_ERR_CERT_REJECTED: diff -Nru openssl-3.0.7/crypto/x509/x509_v3.c openssl-3.0.8/crypto/x509/x509_v3.c --- openssl-3.0.7/crypto/x509/x509_v3.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/x509_v3.c 2023-02-07 14:43:33.000000000 +0100 @@ -19,9 +19,12 @@ int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) { + int ret; + if (x == NULL) return 0; - return sk_X509_EXTENSION_num(x); + ret = sk_X509_EXTENSION_num(x); + return ret > 0 ? ret : 0; } int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, diff -Nru openssl-3.0.7/crypto/x509/x_pubkey.c openssl-3.0.8/crypto/x509/x_pubkey.c --- openssl-3.0.7/crypto/x509/x_pubkey.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/crypto/x509/x_pubkey.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -741,6 +741,30 @@ if (a != NULL) { DSA_free(*a); *a = key; + } + return key; +} + +/* Called from decoders; disallows provided DSA keys without parameters. */ +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length) +{ + DSA *key = NULL; + const unsigned char *data; + const BIGNUM *p, *q, *g; + + data = *pp; + key = d2i_DSA_PUBKEY(NULL, &data, length); + if (key == NULL) + return NULL; + DSA_get0_pqg(key, &p, &q, &g); + if (p == NULL || q == NULL || g == NULL) { + DSA_free(key); + return NULL; + } + *pp = data; + if (a != NULL) { + DSA_free(*a); + *a = key; } return key; } diff -Nru openssl-3.0.7/debian/changelog openssl-3.0.8/debian/changelog --- openssl-3.0.7/debian/changelog 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/changelog 2023-02-20 16:10:19.000000000 +0100 @@ -1,3 +1,54 @@ +openssl (3.0.8-1ubuntu1) lunar; urgency=medium + + * Merge 3.0.8 from Debian testing (LP: #2006954) + - Remaining changes: + + Symlink changelog{,.Debian}.gz and copyright.gz from libssl-dev to + openssl + + d/libssl3.postinst: Revert Debian deletion + - Skip services restart & reboot notification if needrestart is in-use. + - Bump version check to 1.1.1 (bug opened as LP: #1999139) + - Use a different priority for libssl1.1/restart-services depending + on whether a desktop, or server dist-upgrade is being performed. + - Import libraries/restart-without-asking template as used by above. + + Add support for building with noudeb build profile. + + Use perl:native in the autopkgtest for installability on i386. + + -- Adrien Nader Mon, 20 Feb 2023 16:10:19 +0100 + +openssl (3.0.8-1) unstable; urgency=medium + + * Import 3.0.7 + - CVE-2023-0401 (NULL dereference during PKCS7 data verification). + - CVE-2023-0286 (X.400 address type confusion in X.509 GeneralName). + - CVE-2023-0217 (NULL dereference validating DSA public key). + - CVE-2023-0216 (Invalid pointer dereference in d2i_PKCS7 functions). + - CVE-2023-0215 (Use-after-free following BIO_new_NDEF). + - CVE-2022-4450 (Double free after calling PEM_read_bio_ex). + - CVE-2022-4304 (Timing Oracle in RSA Decryption). + - CVE-2022-4203 (X.509 Name Constraints Read Buffer Overflow). + - Padlock: fix byte swapping assembly for AES-192 and 256 + (Closes: #1029259). + - Add new symbol. + * Make loongarch64 little endian (Closes: #1029281). + * Drop conflict against libssl1.0-dev. + * Update Standards-Version to 4.6.1. No changes required. + + -- Sebastian Andrzej Siewior Tue, 07 Feb 2023 21:42:42 +0100 + +openssl (3.0.7-2) unstable; urgency=medium + + [ Sebastian Andrzej Siewior ] + * CVE-2022-3996 (X.509 Policy Constraints Double Locking) (Closes: #1027102). + * Add loongarch64 target (Closes: #1024414). + * Avoid SIGSEGV with engines, reported by ValdikSS (Closes: #1028898). + * Set digestname from argv[0] if it is a builtin hash name + (Closes:# 1025461). + + [ Helmut Grohne ] + * Support the noudeb build profile (Closes: #1024929). + + -- Sebastian Andrzej Siewior Thu, 19 Jan 2023 21:31:42 +0100 + openssl (3.0.7-1ubuntu1) lunar; urgency=medium * Merge 3.0.7 from Debian unstable (LP: #1998942) diff -Nru openssl-3.0.7/debian/control openssl-3.0.8/debian/control --- openssl-3.0.7/debian/control 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/control 2023-02-17 15:09:36.000000000 +0100 @@ -5,7 +5,7 @@ Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian OpenSSL Team Uploaders: Christoph Martin , Kurt Roeckx , Sebastian Andrzej Siewior -Standards-Version: 4.6.1 +Standards-Version: 4.6.2 Vcs-Browser: https://salsa.debian.org/debian/openssl Vcs-Git: https://salsa.debian.org/debian/openssl.git Homepage: https://www.openssl.org/ @@ -74,7 +74,6 @@ Multi-Arch: same Suggests: libssl-doc Depends: libssl3 (= ${binary:Version}), ${misc:Depends} -Conflicts: libssl1.0-dev Description: Secure Sockets Layer toolkit - development files This package is part of the OpenSSL project's implementation of the SSL and TLS cryptographic protocols for secure communication over the diff -Nru openssl-3.0.7/debian/libssl3.symbols openssl-3.0.8/debian/libssl3.symbols --- openssl-3.0.7/debian/libssl3.symbols 2022-11-04 00:48:16.000000000 +0100 +++ openssl-3.0.8/debian/libssl3.symbols 2023-02-17 15:09:36.000000000 +0100 @@ -2,6 +2,7 @@ * Build-Depends-Package: libssl-dev *@OPENSSL_3.0.0 3.0.0 *@OPENSSL_3.0.3 3.0.3 + *@OPENSSL_3.0.8 3.0.8 libssl.so.3 libssl3 #MINVER# * Build-Depends-Package: libssl-dev *@OPENSSL_3.0.0 3.0.0 diff -Nru openssl-3.0.7/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.0.8/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch --- openssl-3.0.7/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch 2023-02-17 15:09:36.000000000 +0100 @@ -36,7 +36,7 @@ "linux-latomic" => { inherit_from => [ "linux-generic32" ], diff --git a/Configure b/Configure -index a558e5ab1a8b..9653f3d0bf10 100755 +index 5ac4b5222e4f..978414d914ea 100755 --- a/Configure +++ b/Configure @@ -1715,7 +1715,7 @@ unless ($disabled{devcryptoeng}) { diff -Nru openssl-3.0.7/debian/patches/debian-targets.patch openssl-3.0.8/debian/patches/debian-targets.patch --- openssl-3.0.7/debian/patches/debian-targets.patch 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/patches/debian-targets.patch 2023-02-17 15:09:36.000000000 +0100 @@ -3,16 +3,16 @@ Subject: debian-targets --- - Configurations/20-debian.conf | 166 ++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 166 insertions(+) + Configurations/20-debian.conf | 169 ++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 169 insertions(+) create mode 100644 Configurations/20-debian.conf diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf new file mode 100644 -index 000000000000..c04d2b38dbd5 +index 000000000000..c6860ed4b7d7 --- /dev/null +++ b/Configurations/20-debian.conf -@@ -0,0 +1,166 @@ +@@ -0,0 +1,169 @@ +my %targets = ( + "debian" => { + cflags => add("-Wa,--noexecstack -Wall -fzero-call-used-regs=used-gpr -DOPENSSL_TLS_SECURITY_LEVEL=2"), @@ -71,6 +71,9 @@ + inherit_from => [ "linux-ia64", "debian" ], + cflags => add("-fzero-call-used-regs=skip"), + }, ++ "debian-loong64" => { ++ inherit_from => [ "linux64-loongarch64", "debian" ], ++ }, + "debian-m68k" => { + inherit_from => [ "linux-latomic", "debian" ], + cflags => add("-DB_ENDIAN"), diff -Nru openssl-3.0.7/debian/patches/Fix-tests-for-new-default-security-level.patch openssl-3.0.8/debian/patches/Fix-tests-for-new-default-security-level.patch --- openssl-3.0.7/debian/patches/Fix-tests-for-new-default-security-level.patch 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/patches/Fix-tests-for-new-default-security-level.patch 2023-02-17 15:09:36.000000000 +0100 @@ -1327,10 +1327,10 @@ }, test => { diff --git a/test/sslapitest.c b/test/sslapitest.c -index 19adc96b73d4..6573dbf46bad 100644 +index 1f63212f9015..4150e462c1c9 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c -@@ -9344,7 +9344,8 @@ static int test_set_tmp_dh(int idx) +@@ -9507,7 +9507,8 @@ static int test_set_tmp_dh(int idx) */ static int test_dh_auto(int idx) { @@ -1340,7 +1340,7 @@ SSL *clientssl = NULL, *serverssl = NULL; int testresult = 0; EVP_PKEY *tmpkey = NULL; -@@ -9352,14 +9353,21 @@ static int test_dh_auto(int idx) +@@ -9515,14 +9516,21 @@ static int test_dh_auto(int idx) size_t expdhsize = 0; const char *ciphersuite = "DHE-RSA-AES128-SHA"; @@ -1364,7 +1364,7 @@ break; case 1: /* 2048 bit prime */ -@@ -9385,8 +9393,10 @@ static int test_dh_auto(int idx) +@@ -9548,8 +9556,10 @@ static int test_dh_auto(int idx) /* No certificate cases */ case 5: /* The FIPS provider doesn't support this DH size - so we ignore it */ @@ -1377,7 +1377,7 @@ ciphersuite = "ADH-AES128-SHA256:@SECLEVEL=0"; expdhsize = 1024; break; -@@ -9399,8 +9409,8 @@ static int test_dh_auto(int idx) +@@ -9562,8 +9572,8 @@ static int test_dh_auto(int idx) goto end; } diff -Nru openssl-3.0.7/debian/patches/man-section.patch openssl-3.0.8/debian/patches/man-section.patch --- openssl-3.0.7/debian/patches/man-section.patch 2022-11-04 00:48:16.000000000 +0100 +++ openssl-3.0.8/debian/patches/man-section.patch 2023-02-17 15:09:36.000000000 +0100 @@ -7,7 +7,7 @@ 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl -index 110ba0687d80..17a710e17be9 100644 +index ebf20965b7a9..5b7e317b51d1 100644 --- a/Configurations/unix-Makefile.tmpl +++ b/Configurations/unix-Makefile.tmpl @@ -318,7 +318,8 @@ HTMLDIR=$(DOCDIR)/html diff -Nru openssl-3.0.7/debian/patches/series openssl-3.0.8/debian/patches/series --- openssl-3.0.7/debian/patches/series 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/patches/series 2023-02-17 15:49:28.000000000 +0100 @@ -7,7 +7,6 @@ Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch conf-Serialize-allocation-free-of-ssl_names.patch Fix-tests-for-new-default-security-level.patch -x509-fix-double-locking-problem.patch # Ubuntu patches tests-use-seclevel-1.patch diff -Nru openssl-3.0.7/debian/patches/x509-fix-double-locking-problem.patch openssl-3.0.8/debian/patches/x509-fix-double-locking-problem.patch --- openssl-3.0.7/debian/patches/x509-fix-double-locking-problem.patch 2022-12-06 15:11:40.000000000 +0100 +++ openssl-3.0.8/debian/patches/x509-fix-double-locking-problem.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,35 +0,0 @@ -From: Pauli -Date: Fri, 11 Nov 2022 09:40:19 +1100 -Subject: x509: fix double locking problem - -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the -redundant flag setting. - -Fixes #19643 - -Fixes LOW CVE-2022-3996 - -Reviewed-by: Dmitry Belyavskiy -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/19652) - -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) ---- - crypto/x509/pcy_map.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c -index 05406c6493fc..60dfd1e3203b 100644 ---- a/crypto/x509/pcy_map.c -+++ b/crypto/x509/pcy_map.c -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - - ret = 1; - bad_mapping: -- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- CRYPTO_THREAD_unlock(x->lock); -- } - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); - return ret; - diff -Nru openssl-3.0.7/demos/encode/rsa_encode.c openssl-3.0.8/demos/encode/rsa_encode.c --- openssl-3.0.7/demos/encode/rsa_encode.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/encode/rsa_encode.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,202 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +#include +#include +#include +#include + +/* + * Example showing the encoding and decoding of RSA public and private keys. A + * PEM-encoded RSA key is read in from stdin, decoded, and then re-encoded and + * output for demonstration purposes. Both public and private keys are accepted. + * + * This can be used to load RSA keys from a file or save RSA keys to a file. + */ + +/* A property query used for selecting algorithm implementations. */ +static const char *propq = NULL; + +/* + * Load a PEM-encoded RSA key from a file, optionally decrypting it with a + * supplied passphrase. + */ +static EVP_PKEY *load_key(OSSL_LIB_CTX *libctx, FILE *f, const char *passphrase) +{ + int rv = 0; + EVP_PKEY *pkey = NULL; + OSSL_DECODER_CTX *dctx = NULL; + int selection = 0; + + /* + * Create PEM decoder context expecting an RSA key. + * + * For raw (non-PEM-encoded) keys, change "PEM" to "DER". + * + * The selection argument here specifies whether we are willing to accept a + * public key, private key, or either. If it is set to zero, either will be + * accepted. If set to EVP_PKEY_KEYPAIR, a private key will be required, and + * if set to EVP_PKEY_PUBLIC_KEY, a public key will be required. + */ + dctx = OSSL_DECODER_CTX_new_for_pkey(&pkey, "PEM", NULL, "RSA", + selection, + libctx, propq); + if (dctx == NULL) { + fprintf(stderr, "OSSL_DECODER_CTX_new_for_pkey() failed\n"); + goto cleanup; + } + + /* + * Set passphrase if provided; needed to decrypt encrypted PEM files. + * If the input is not encrypted, any passphrase provided is ignored. + * + * Alternative methods for specifying passphrases exist, such as a callback + * (see OSSL_DECODER_CTX_set_passphrase_cb(3)), which may be more useful for + * interactive applications which do not know if a passphrase should be + * prompted for in advance, or for GUI applications. + */ + if (passphrase != NULL) { + if (OSSL_DECODER_CTX_set_passphrase(dctx, + (const unsigned char *)passphrase, + strlen(passphrase)) == 0) { + fprintf(stderr, "OSSL_DECODER_CTX_set_passphrase() failed\n"); + goto cleanup; + } + } + + /* Do the decode, reading from file. */ + if (OSSL_DECODER_from_fp(dctx, f) == 0) { + fprintf(stderr, "OSSL_DECODER_from_fp() failed\n"); + goto cleanup; + } + + rv = 1; +cleanup: + OSSL_DECODER_CTX_free(dctx); + + /* + * pkey is created by OSSL_DECODER_CTX_new_for_pkey, but we + * might fail subsequently, so ensure it's properly freed + * in this case. + */ + if (rv == 0) { + EVP_PKEY_free(pkey); + pkey = NULL; + } + + return pkey; +} + +/* + * Store an RSA public or private key to a file using PEM encoding. + * + * If a passphrase is supplied, the file is encrypted, otherwise + * it is unencrypted. + */ +static int store_key(EVP_PKEY *pkey, FILE *f, const char *passphrase) +{ + int rv = 0; + int selection; + OSSL_ENCODER_CTX *ectx = NULL; + + /* + * Create a PEM encoder context. + * + * For raw (non-PEM-encoded) output, change "PEM" to "DER". + * + * The selection argument controls whether the private key is exported + * (EVP_PKEY_KEYPAIR), or only the public key (EVP_PKEY_PUBLIC_KEY). The + * former will fail if we only have a public key. + * + * Note that unlike the decode API, you cannot specify zero here. + * + * Purely for the sake of demonstration, here we choose to export the whole + * key if a passphrase is provided and the public key otherwise. + */ + selection = (passphrase != NULL) + ? EVP_PKEY_KEYPAIR + : EVP_PKEY_PUBLIC_KEY; + + ectx = OSSL_ENCODER_CTX_new_for_pkey(pkey, selection, "PEM", NULL, propq); + if (ectx == NULL) { + fprintf(stderr, "OSSL_ENCODER_CTX_new_for_pkey() failed\n"); + goto cleanup; + } + + /* + * Set passphrase if provided; the encoded output will then be encrypted + * using the passphrase. + * + * Alternative methods for specifying passphrases exist, such as a callback + * (see OSSL_ENCODER_CTX_set_passphrase_cb(3), just as for OSSL_DECODER_CTX; + * however you are less likely to need them as you presumably know whether + * encryption is desired in advance. + * + * Note that specifying a passphrase alone is not enough to cause the + * key to be encrypted. You must set both a cipher and a passphrase. + */ + if (passphrase != NULL) { + /* Set cipher. AES-128-CBC is a reasonable default. */ + if (OSSL_ENCODER_CTX_set_cipher(ectx, "AES-128-CBC", propq) == 0) { + fprintf(stderr, "OSSL_ENCODER_CTX_set_cipher() failed\n"); + goto cleanup; + } + + /* Set passphrase. */ + if (OSSL_ENCODER_CTX_set_passphrase(ectx, + (const unsigned char *)passphrase, + strlen(passphrase)) == 0) { + fprintf(stderr, "OSSL_ENCODER_CTX_set_passphrase() failed\n"); + goto cleanup; + } + } + + /* Do the encode, writing to the given file. */ + if (OSSL_ENCODER_to_fp(ectx, f) == 0) { + fprintf(stderr, "OSSL_ENCODER_to_fp() failed\n"); + goto cleanup; + } + + rv = 1; +cleanup: + OSSL_ENCODER_CTX_free(ectx); + return rv; +} + +int main(int argc, char **argv) +{ + int rv = 1; + OSSL_LIB_CTX *libctx = NULL; + EVP_PKEY *pkey = NULL; + const char *passphrase_in = NULL, *passphrase_out = NULL; + + /* usage: rsa_encode */ + if (argc > 1 && argv[1][0]) + passphrase_in = argv[1]; + + if (argc > 2 && argv[2][0]) + passphrase_out = argv[2]; + + /* Decode PEM key from stdin and then PEM encode it to stdout. */ + pkey = load_key(libctx, stdin, passphrase_in); + if (pkey == NULL) { + fprintf(stderr, "Failed to decode key\n"); + goto cleanup; + } + + if (store_key(pkey, stdout, passphrase_out) == 0) { + fprintf(stderr, "Failed to encode key\n"); + goto cleanup; + } + + rv = 0; +cleanup: + EVP_PKEY_free(pkey); + OSSL_LIB_CTX_free(libctx); + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/dsa.inc openssl-3.0.8/demos/pkey/dsa.inc --- openssl-3.0.7/demos/pkey/dsa.inc 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/pkey/dsa.inc 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,172 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include + +/* Raw DSA params for P, Q and G */ +static const unsigned char dsa_p[] = { + 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23, + 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e, + 0x03, 0xe9, 0xe6, 0xb8, 0xa2, 0x58, 0xdc, 0x16, + 0x61, 0x1b, 0xa0, 0x98, 0xab, 0x54, 0x34, 0x15, + 0xe4, 0x15, 0xf1, 0x56, 0x99, 0x7a, 0x3e, 0xe2, + 0x36, 0x65, 0x8f, 0xa0, 0x93, 0x26, 0x0d, 0xe3, + 0xad, 0x42, 0x2e, 0x05, 0xe0, 0x46, 0xf9, 0xec, + 0x29, 0x16, 0x1a, 0x37, 0x5f, 0x0e, 0xb4, 0xef, + 0xfc, 0xef, 0x58, 0x28, 0x5c, 0x5d, 0x39, 0xed, + 0x42, 0x5d, 0x7a, 0x62, 0xca, 0x12, 0x89, 0x6c, + 0x4a, 0x92, 0xcb, 0x19, 0x46, 0xf2, 0x95, 0x2a, + 0x48, 0x13, 0x3f, 0x07, 0xda, 0x36, 0x4d, 0x1b, + 0xdf, 0x6b, 0x0f, 0x71, 0x39, 0x98, 0x3e, 0x69, + 0x3c, 0x80, 0x05, 0x9b, 0x0e, 0xac, 0xd1, 0x47, + 0x9b, 0xa9, 0xf2, 0x85, 0x77, 0x54, 0xed, 0xe7, + 0x5f, 0x11, 0x2b, 0x07, 0xeb, 0xbf, 0x35, 0x34, + 0x8b, 0xbf, 0x3e, 0x01, 0xe0, 0x2f, 0x2d, 0x47, + 0x3d, 0xe3, 0x94, 0x53, 0xf9, 0x9d, 0xd2, 0x36, + 0x75, 0x41, 0xca, 0xca, 0x3b, 0xa0, 0x11, 0x66, + 0x34, 0x3d, 0x7b, 0x5b, 0x58, 0xa3, 0x7b, 0xd1, + 0xb7, 0x52, 0x1d, 0xb2, 0xf1, 0x3b, 0x86, 0x70, + 0x71, 0x32, 0xfe, 0x09, 0xf4, 0xcd, 0x09, 0xdc, + 0x16, 0x18, 0xfa, 0x34, 0x01, 0xeb, 0xf9, 0xcc, + 0x7b, 0x19, 0xfa, 0x94, 0xaa, 0x47, 0x20, 0x88, + 0x13, 0x3d, 0x6c, 0xb2, 0xd3, 0x5c, 0x11, 0x79, + 0xc8, 0xc8, 0xff, 0x36, 0x87, 0x58, 0xd5, 0x07, + 0xd9, 0xf9, 0xa1, 0x7d, 0x46, 0xc1, 0x10, 0xfe, + 0x31, 0x44, 0xce, 0x9b, 0x02, 0x2b, 0x42, 0xe4, + 0x19, 0xeb, 0x4f, 0x53, 0x88, 0x61, 0x3b, 0xfc, + 0x3e, 0x26, 0x24, 0x1a, 0x43, 0x2e, 0x87, 0x06, + 0xbc, 0x58, 0xef, 0x76, 0x11, 0x72, 0x78, 0xde, + 0xab, 0x6c, 0xf6, 0x92, 0x61, 0x82, 0x91, 0xb7 +}; + +static const unsigned char dsa_q[] = { + 0xa3, 0xbf, 0xd9, 0xab, 0x78, 0x84, 0x79, 0x4e, + 0x38, 0x34, 0x50, 0xd5, 0x89, 0x1d, 0xc1, 0x8b, + 0x65, 0x15, 0x7b, 0xdc, 0xfc, 0xda, 0xc5, 0x15, + 0x18, 0x90, 0x28, 0x67 +}; + +static const unsigned char dsa_g[] = { + 0x68, 0x19, 0x27, 0x88, 0x69, 0xc7, 0xfd, 0x3d, + 0x2d, 0x7b, 0x77, 0xf7, 0x7e, 0x81, 0x50, 0xd9, + 0xad, 0x43, 0x3b, 0xea, 0x3b, 0xa8, 0x5e, 0xfc, + 0x80, 0x41, 0x5a, 0xa3, 0x54, 0x5f, 0x78, 0xf7, + 0x22, 0x96, 0xf0, 0x6c, 0xb1, 0x9c, 0xed, 0xa0, + 0x6c, 0x94, 0xb0, 0x55, 0x1c, 0xfe, 0x6e, 0x6f, + 0x86, 0x3e, 0x31, 0xd1, 0xde, 0x6e, 0xed, 0x7d, + 0xab, 0x8b, 0x0c, 0x9d, 0xf2, 0x31, 0xe0, 0x84, + 0x34, 0xd1, 0x18, 0x4f, 0x91, 0xd0, 0x33, 0x69, + 0x6b, 0xb3, 0x82, 0xf8, 0x45, 0x5e, 0x98, 0x88, + 0xf5, 0xd3, 0x1d, 0x47, 0x84, 0xec, 0x40, 0x12, + 0x02, 0x46, 0xf4, 0xbe, 0xa6, 0x17, 0x94, 0xbb, + 0xa5, 0x86, 0x6f, 0x09, 0x74, 0x64, 0x63, 0xbd, + 0xf8, 0xe9, 0xe1, 0x08, 0xcd, 0x95, 0x29, 0xc3, + 0xd0, 0xf6, 0xdf, 0x80, 0x31, 0x6e, 0x2e, 0x70, + 0xaa, 0xeb, 0x1b, 0x26, 0xcd, 0xb8, 0xad, 0x97, + 0xbc, 0x3d, 0x28, 0x7e, 0x0b, 0x8d, 0x61, 0x6c, + 0x42, 0xe6, 0x5b, 0x87, 0xdb, 0x20, 0xde, 0xb7, + 0x00, 0x5b, 0xc4, 0x16, 0x74, 0x7a, 0x64, 0x70, + 0x14, 0x7a, 0x68, 0xa7, 0x82, 0x03, 0x88, 0xeb, + 0xf4, 0x4d, 0x52, 0xe0, 0x62, 0x8a, 0xf9, 0xcf, + 0x1b, 0x71, 0x66, 0xd0, 0x34, 0x65, 0xf3, 0x5a, + 0xcc, 0x31, 0xb6, 0x11, 0x0c, 0x43, 0xda, 0xbc, + 0x7c, 0x5d, 0x59, 0x1e, 0x67, 0x1e, 0xaf, 0x7c, + 0x25, 0x2c, 0x1c, 0x14, 0x53, 0x36, 0xa1, 0xa4, + 0xdd, 0xf1, 0x32, 0x44, 0xd5, 0x5e, 0x83, 0x56, + 0x80, 0xca, 0xb2, 0x53, 0x3b, 0x82, 0xdf, 0x2e, + 0xfe, 0x55, 0xec, 0x18, 0xc1, 0xe6, 0xcd, 0x00, + 0x7b, 0xb0, 0x89, 0x75, 0x8b, 0xb1, 0x7c, 0x2c, + 0xbe, 0x14, 0x44, 0x1b, 0xd0, 0x93, 0xae, 0x66, + 0xe5, 0x97, 0x6d, 0x53, 0x73, 0x3f, 0x4f, 0xa3, + 0x26, 0x97, 0x01, 0xd3, 0x1d, 0x23, 0xd4, 0x67 +}; + +/* Helper function to retrieve and print a key BIGNUM field */ +static void print_bn(BIO *bio, const EVP_PKEY *pkey, const char *name) +{ + BIGNUM *bn = NULL; + + if (EVP_PKEY_get_bn_param(pkey, name, &bn) == 0) + return; + + BIO_printf(bio, " %s = 0x", name); + BN_print(bio, bn); + BIO_printf(bio, "\n"); + BN_clear_free(bn); +} + +/* + * Print DSA key info + * + * This method shows how to extract DSA data from an EVP_PKEY. + * There are simpler ways to print using EVP_PKEY_print_XXXX(). + */ +static int dsa_print_key(const EVP_PKEY *pkey, int keypair, + OSSL_LIB_CTX *libctx, const char *propq) +{ + + int rv = 0, gindex, counter; + BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE); + unsigned char seed[2048]; + size_t seedlen; + + if (bio == NULL) + return 0; + + /* Output hexadecimal representations of the BIGNUM objects. */ + BIO_printf(bio, "\nPublic values:\n"); + print_bn(bio, pkey, OSSL_PKEY_PARAM_FFC_P); + print_bn(bio, pkey, OSSL_PKEY_PARAM_FFC_Q); + print_bn(bio, pkey, OSSL_PKEY_PARAM_FFC_G); + + if (EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_FFC_SEED, seed, + sizeof(seed), &seedlen) > 0) { + BIO_printf(bio, " %s\n", OSSL_PKEY_PARAM_FFC_SEED); + BIO_dump(bio, seed, seedlen); + } + if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_FFC_GINDEX, &gindex) > 0) { + if (gindex != -1) + BIO_printf(bio, " %s = %d\n", OSSL_PKEY_PARAM_FFC_GINDEX, gindex); + } + if (EVP_PKEY_get_int_param(pkey, OSSL_PKEY_PARAM_FFC_PCOUNTER, &counter) > 0) { + if (counter != -1) + BIO_printf(bio, " %s = %d\n", OSSL_PKEY_PARAM_FFC_PCOUNTER, counter); + } + + if (keypair) { + fprintf(stdout, "\nPrivate value:\n"); + print_bn(bio, pkey, OSSL_PKEY_PARAM_PRIV_KEY); + + /* Output a PEM encoding of the public key. */ + if (PEM_write_bio_PUBKEY_ex(bio, pkey, libctx, propq) == 0) { + fprintf(stderr, "Failed to output PEM-encoded public key\n"); + goto cleanup; + } + + /* + * Output a PEM encoding of the private key. Please note that this output is + * not encrypted. You may wish to use the arguments to specify encryption of + * the key if you are storing it on disk. See PEM_write_bio_PrivateKey_ex(3). + */ + if (PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, libctx, propq) == 0) { + fprintf(stderr, "Failed to output PEM-encoded private key\n"); + goto cleanup; + } + } else { + if (PEM_write_bio_Parameters(bio, pkey) == 0) { + fprintf(stderr, "Failed to output PEM-encoded params\n"); + goto cleanup; + } + } + rv = 1; +cleanup: + BIO_free(bio); + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_keygen.c openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_keygen.c --- openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_keygen.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_keygen.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,83 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example showing how to generate an DSA key pair. + */ + +#include +#include "dsa.inc" + +/* + * Generate dsa params using default values. + * See the EVP_PKEY_DSA_param_fromdata demo if you need + * to load DSA params from raw values. + * See the EVP_PKEY_DSA_paramgen demo if you need to + * use non default parameters. + */ +EVP_PKEY *dsa_genparams(OSSL_LIB_CTX *libctx, const char *propq) +{ + EVP_PKEY *dsaparamkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + + /* Use the dsa params in a EVP_PKEY ctx */ + ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); + return NULL; + } + + if (EVP_PKEY_paramgen_init(ctx) <= 0 + || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { + fprintf(stderr, "DSA paramgen failed\n"); + goto cleanup; + } +cleanup: + EVP_PKEY_CTX_free(ctx); + return dsaparamkey; +} + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + EVP_PKEY *dsaparamskey = NULL; + EVP_PKEY *dsakey = NULL; + EVP_PKEY_CTX *ctx = NULL; + + /* Generate random dsa params */ + dsaparamskey = dsa_genparams(libctx, propq); + if (dsaparamskey == NULL) + goto cleanup; + + /* Use the dsa params in a EVP_PKEY ctx */ + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, dsaparamskey, propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n"); + goto cleanup; + } + + /* Generate a key using the dsa params */ + if (EVP_PKEY_keygen_init(ctx) <= 0 + || EVP_PKEY_keygen(ctx, &dsakey) <= 0) { + fprintf(stderr, "DSA keygen failed\n"); + goto cleanup; + } + + if (!dsa_print_key(dsakey, 1, libctx, propq)) + goto cleanup; + + rv = EXIT_SUCCESS; +cleanup: + EVP_PKEY_free(dsakey); + EVP_PKEY_free(dsaparamskey); + EVP_PKEY_CTX_free(ctx); + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramfromdata.c openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramfromdata.c --- openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramfromdata.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramfromdata.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,75 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example showing how to load DSA params from raw data + * using EVP_PKEY_fromdata() + */ + +#include +#include +#include +#include "dsa.inc" + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *dsaparamkey = NULL; + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + + p = BN_bin2bn(dsa_p, sizeof(dsa_p), NULL); + q = BN_bin2bn(dsa_q, sizeof(dsa_q), NULL); + g = BN_bin2bn(dsa_g, sizeof(dsa_g), NULL); + if (p == NULL || q == NULL || g == NULL) + goto cleanup; + + /* Use OSSL_PARAM_BLD if you need to handle BIGNUM Parameters */ + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL) + goto cleanup; + if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) + goto cleanup; + params = OSSL_PARAM_BLD_to_param(bld); + if (params == NULL) + goto cleanup; + + ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); + goto cleanup; + } + + if (EVP_PKEY_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &dsaparamkey, EVP_PKEY_KEY_PARAMETERS, params) <= 0) { + fprintf(stderr, "EVP_PKEY_fromdata() failed\n"); + goto cleanup; + } + + if (!dsa_print_key(dsaparamkey, 0, libctx, propq)) + goto cleanup; + + rv = EXIT_SUCCESS; +cleanup: + EVP_PKEY_free(dsaparamkey); + EVP_PKEY_CTX_free(ctx); + OSSL_PARAM_free(params); + OSSL_PARAM_BLD_free(bld); + BN_free(g); + BN_free(q); + BN_free(p); + + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramgen.c openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramgen.c --- openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramgen.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramgen.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,66 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example showing how to generate DSA params using + * FIPS 186-4 DSA FFC parameter generation. + */ + +#include +#include "dsa.inc" + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *dsaparamkey = NULL; + OSSL_PARAM params[7]; + unsigned int pbits = 2048; + unsigned int qbits = 256; + int gindex = 42; + + ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq); + if (ctx == NULL) + goto cleanup; + + /* + * Demonstrate how to set optional DSA fields as params. + * See doc/man7/EVP_PKEY-FFC.pod and doc/man7/EVP_PKEY-DSA.pod + * for more information. + */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, + "fips186_4", 0); + params[1] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits); + params[2] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_QBITS, &qbits); + params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, &gindex); + params[4] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, + "SHA384", 0); + params[5] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST_PROPS, + "provider=default", 0); + params[6] = OSSL_PARAM_construct_end(); + + /* Generate a dsa param key using optional params */ + if (EVP_PKEY_paramgen_init(ctx) <= 0 + || EVP_PKEY_CTX_set_params(ctx, params) <= 0 + || EVP_PKEY_paramgen(ctx, &dsaparamkey) <= 0) { + fprintf(stderr, "DSA paramgen failed\n"); + goto cleanup; + } + + if (!dsa_print_key(dsaparamkey, 0, libctx, propq)) + goto cleanup; + + rv = EXIT_SUCCESS; +cleanup: + EVP_PKEY_free(dsaparamkey); + EVP_PKEY_CTX_free(ctx); + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramvalidate.c openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramvalidate.c --- openssl-3.0.7/demos/pkey/EVP_PKEY_DSA_paramvalidate.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/demos/pkey/EVP_PKEY_DSA_paramvalidate.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,202 @@ +/*- + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Example showing how to validate DSA parameters. + * + * Proper FIPS 186-4 DSA (FFC) parameter validation requires that all + * the parameters used during parameter generation are supplied + * when doing the validation. Unfortunately saving DSA parameters as + * a PEM or DER file does not write out all required fields. Because + * of this the default provider normally only does a partial + * validation. The FIPS provider will however try to do a full + * validation. To force the default provider to use full + * validation the 'seed' that is output during generation must be + * added to the key. See doc/man7/EVP_PKEY-FFC for more information. + */ + +#include +#include +#include +#include "dsa.inc" + +/* The following values were output from the EVP_PKEY_DSA_paramgen demo */ +static const char dsapem[] = + "-----BEGIN DSA PARAMETERS-----\n" + "MIICLAKCAQEA1pobSR1FJ3+Tvi0J6Tk1PSV2owZey1Nuo847hGw/59VCS6RPQEqr\n" + "vp5fhbvBjupBeVGA/AMH6rI4i4h6jlhurrqH1CqUHVcDhJzxV668bMLiP3mIxg5o\n" + "9Yq8x6BnSOtH5Je0tpeE0/fEvvLjCwBUbwnwWxzjANcvDUEt9XYeRrtB2v52fr56\n" + "hVYz3wMMNog4CEDOLTvx7/84eVPuUeWDRQFH1EaHMdulP34KBcatEEpEZapkepng\n" + "nohm9sFSPQhq2utpkH7pNXdG0EILBtRDCvUpF5720a48LYofdggh2VEZfgElAGFk\n" + "dW/CkvyBDmGIzil5aTz4MMsdudaVYgzt6wIhAPsSGC42Qa+X0AFGvonb5nmfUVm/\n" + "8aC+tHk7Nb2AYLHXAoIBADx5C0H1+QHsmGKvuOaY+WKUt7aWUrEivD1zBMJAQ6bL\n" + "Wv9lbCq1CFHvVzojeOVpn872NqDEpkx4HTpvqhxWL5CkbN/HaGItsQzkD59AQg3v\n" + "4YsLlkesq9Jq6x/aWetJXWO36fszFv1gpD3NY3wliBvMYHx62jfc5suh9D3ZZvu7\n" + "PLGH4X4kcfzK/R2b0oVbEBjVTe5GMRYZRqnvfSW2f2fA7BzI1OL83UxDDe58cL2M\n" + "GcAoUYXOBAfZ37qLMm2juf+o5gCrT4CXfRPu6kbapt7V/YIc1nsNgeAOKKoFBHBQ\n" + "gc5u5G6G/j79FVoSDq9DYwTJcHPsU+eHj1uWHso1AjQ=\n" + "-----END DSA PARAMETERS-----\n"; + +static const char hexseed[] = + "cba30ccd905aa7675a0b81769704bf3c" + "ccf2ca1892b2eaf6b9e2b38d9bf6affc" + "42ada55986d8a1772b442770954d0b65"; +const int gindex = 42; +const int pcounter = 363; +static const char digest[] = "SHA384"; + +/* + * Create a new dsa param key that is the combination of an existing param key + * plus extra parameters. + */ +EVP_PKEY_CTX *create_merged_key(EVP_PKEY *dsaparams, const OSSL_PARAM *newparams, + OSSL_LIB_CTX *libctx, const char *propq) +{ + EVP_PKEY_CTX *out = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY *pkey = NULL; + OSSL_PARAM *mergedparams = NULL; + OSSL_PARAM *loadedparams = NULL; + + /* Specify EVP_PKEY_KEY_PUBLIC here if you have a public key */ + if (EVP_PKEY_todata(dsaparams, EVP_PKEY_KEY_PARAMETERS, &loadedparams) <= 0) { + fprintf(stderr, "EVP_PKEY_todata() failed\n"); + goto cleanup; + } + mergedparams = OSSL_PARAM_merge(loadedparams, newparams); + if (mergedparams == NULL) { + fprintf(stderr, "OSSL_PARAM_merge() failed\n"); + goto cleanup; + } + + ctx = EVP_PKEY_CTX_new_from_name(libctx, "DSA", propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_name() failed\n"); + goto cleanup; + } + if (EVP_PKEY_fromdata_init(ctx) <= 0 + || EVP_PKEY_fromdata(ctx, &pkey, + EVP_PKEY_KEY_PARAMETERS, mergedparams) <= 0) { + fprintf(stderr, "EVP_PKEY_fromdata() failed\n"); + goto cleanup; + } + out = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); + if (out == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n"); + goto cleanup; + } + +cleanup: + EVP_PKEY_free(pkey); + OSSL_PARAM_free(loadedparams); + OSSL_PARAM_free(mergedparams); + EVP_PKEY_CTX_free(ctx); + return out; +} + +int main(int argc, char **argv) +{ + int rv = EXIT_FAILURE; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; + EVP_PKEY *dsaparamskey = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY_CTX *ctx1 = NULL; + EVP_PKEY_CTX *ctx2 = NULL; + BIO *in = NULL; + OSSL_PARAM params[6]; + unsigned char seed[64]; + size_t seedlen; + + if (!OPENSSL_hexstr2buf_ex(seed, sizeof(seed), &seedlen, hexseed, '\0')) + goto cleanup; + /* + * This example loads the PEM data from a memory buffer + * Use BIO_new_fp() to load a PEM file instead + */ + in = BIO_new_mem_buf(dsapem, strlen(dsapem)); + if (in == NULL) { + fprintf(stderr, "BIO_new_mem_buf() failed\n"); + goto cleanup; + } + + /* Load DSA params from pem data */ + dsaparamskey = PEM_read_bio_Parameters_ex(in, NULL, libctx, propq); + if (dsaparamskey == NULL) { + fprintf(stderr, "Failed to load dsa params\n"); + goto cleanup; + } + + ctx = EVP_PKEY_CTX_new_from_pkey(libctx, dsaparamskey, propq); + if (ctx == NULL) { + fprintf(stderr, "EVP_PKEY_CTX_new_from_pkey() failed\n"); + goto cleanup; + } + /* + * When using the default provider this only does a partial check to + * make sure that the values of p, q and g are ok. + * This will fail however if the FIPS provider is used since it does + * a proper FIPS 186-4 key validation which requires extra parameters + */ + if (EVP_PKEY_param_check(ctx) <= 0) { + fprintf(stderr, "Simple EVP_PKEY_param_check() failed \n"); + goto cleanup; + } + + /* + * Setup parameters that we want to add. + * For illustration purposes it deliberately omits a required parameter. + */ + params[0] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, + "fips186_4", 0); + /* Force it to do a proper validation by setting the seed */ + params[1] = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_FFC_SEED, + (void *)seed, seedlen); + params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_GINDEX, (int *)&gindex); + params[3] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_FFC_PCOUNTER, (int *)&pcounter); + params[4] = OSSL_PARAM_construct_end(); + + /* generate a new key that is the combination of the existing key and the new params */ + ctx1 = create_merged_key(dsaparamskey, params, libctx, propq); + if (ctx1 == NULL) + goto cleanup; + /* This will fail since not all the parameters used for key generation are added */ + if (EVP_PKEY_param_check(ctx1) > 0) { + fprintf(stderr, "EVP_PKEY_param_check() should fail\n"); + goto cleanup; + } + + /* + * Add the missing parameters onto the end of the existing list of params + * If the default was used for the generation then this parameter is not + * needed + */ + params[4] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_DIGEST, + (char *)digest, 0); + params[5] = OSSL_PARAM_construct_end(); + ctx2 = create_merged_key(dsaparamskey, params, libctx, propq); + if (ctx2 == NULL) + goto cleanup; + if (EVP_PKEY_param_check(ctx2) <= 0) { + fprintf(stderr, "EVP_PKEY_param_check() failed\n"); + goto cleanup; + } + + if (!dsa_print_key(EVP_PKEY_CTX_get0_pkey(ctx2), 0, libctx, propq)) + goto cleanup; + + rv = EXIT_SUCCESS; +cleanup: + EVP_PKEY_free(dsaparamskey); + EVP_PKEY_CTX_free(ctx2); + EVP_PKEY_CTX_free(ctx1); + EVP_PKEY_CTX_free(ctx); + BIO_free(in); + return rv; +} diff -Nru openssl-3.0.7/demos/pkey/Makefile openssl-3.0.8/demos/pkey/Makefile --- openssl-3.0.7/demos/pkey/Makefile 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/demos/pkey/Makefile 2023-02-07 14:43:33.000000000 +0100 @@ -3,21 +3,35 @@ # # LD_LIBRARY_PATH=../.. ./EVP_PKEY_EC_keygen # LD_LIBRARY_PATH=../.. ./EVP_PKEY_RSA_keygen +# LD_LIBRARY_PATH=../.. ./EVP_PKEY_DSA_keygen +# LD_LIBRARY_PATH=../.. ./EVP_PKEY_DSA_paramgen +# LD_LIBRARY_PATH=../.. ./EVP_PKEY_DSA_paramvalidate +# LD_LIBRARY_PATH=../.. ./EVP_PKEY_DSA_paramfromdata CFLAGS = -I../../include -g -Wall LDFLAGS = -L../.. LDLIBS = -lcrypto -all: EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen +all: EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen EVP_PKEY_DSA_keygen \ + EVP_PKEY_DSA_paramgen EVP_PKEY_DSA_paramvalidate EVP_PKEY_DSA_paramfromdata \ -%.o: %.c +%.o: %.c dsa.inc $(CC) $(CFLAGS) -c $< EVP_PKEY_EC_keygen: EVP_PKEY_EC_keygen.o EVP_PKEY_RSA_keygen: EVP_PKEY_RSA_keygen.o +EVP_PKEY_DSA_keygen: EVP_PKEY_DSA_keygen.o + +EVP_PKEY_DSA_paramgen: EVP_PKEY_DSA_paramgen.o + +EVP_PKEY_DSA_paramvalidate: EVP_PKEY_DSA_paramvalidate.o + +EVP_PKEY_DSA_paramfromdata: EVP_PKEY_DSA_paramfromdata.o + test: ; clean: - $(RM) *.o EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen + $(RM) *.o EVP_PKEY_EC_keygen EVP_PKEY_RSA_keygen EVP_PKEY_DSA_keygen \ + EVP_PKEY_DSA_paramgen EVP_PKEY_DSA_paramfromdata EVP_PKEY_DSA_paramvalidate diff -Nru openssl-3.0.7/demos/README.txt openssl-3.0.8/demos/README.txt --- openssl-3.0.7/demos/README.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/demos/README.txt 2023-02-07 14:43:33.000000000 +0100 @@ -31,8 +31,12 @@ siphash.c Demonstration of SIPHASH message authentication pkey: -EVP_PKEY_EC_keygen.c Generate an EC key. -EVP_PKEY_RSA_keygen.c Generate an RSA key. +EVP_PKEY_EC_keygen.c Generate an EC key. +EVP_PKEY_RSA_keygen.c Generate an RSA key. +EVP_PKEY_DSA_keygen.c Generate a DSA key. +EVP_PKEY_DSA_paramgen.c Generate a DSA param key. +EVP_PKEY_DSA_paramvalidate.c Validate a DSA param key. +EVP_PKEY_DSA_paramfromdata.c Load a DSA param key using raw data. smime: diff -Nru openssl-3.0.7/doc/build.info openssl-3.0.8/doc/build.info --- openssl-3.0.7/doc/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -651,6 +651,10 @@ GENERATE[html/man3/BIO_s_core.html]=man3/BIO_s_core.pod DEPEND[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod GENERATE[man/man3/BIO_s_core.3]=man3/BIO_s_core.pod +DEPEND[html/man3/BIO_s_datagram.html]=man3/BIO_s_datagram.pod +GENERATE[html/man3/BIO_s_datagram.html]=man3/BIO_s_datagram.pod +DEPEND[man/man3/BIO_s_datagram.3]=man3/BIO_s_datagram.pod +GENERATE[man/man3/BIO_s_datagram.3]=man3/BIO_s_datagram.pod DEPEND[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod GENERATE[html/man3/BIO_s_fd.html]=man3/BIO_s_fd.pod DEPEND[man/man3/BIO_s_fd.3]=man3/BIO_s_fd.pod @@ -991,6 +995,10 @@ GENERATE[html/man3/ECDSA_SIG_new.html]=man3/ECDSA_SIG_new.pod DEPEND[man/man3/ECDSA_SIG_new.3]=man3/ECDSA_SIG_new.pod GENERATE[man/man3/ECDSA_SIG_new.3]=man3/ECDSA_SIG_new.pod +DEPEND[html/man3/ECDSA_sign.html]=man3/ECDSA_sign.pod +GENERATE[html/man3/ECDSA_sign.html]=man3/ECDSA_sign.pod +DEPEND[man/man3/ECDSA_sign.3]=man3/ECDSA_sign.pod +GENERATE[man/man3/ECDSA_sign.3]=man3/ECDSA_sign.pod DEPEND[html/man3/ECPKParameters_print.html]=man3/ECPKParameters_print.pod GENERATE[html/man3/ECPKParameters_print.html]=man3/ECPKParameters_print.pod DEPEND[man/man3/ECPKParameters_print.3]=man3/ECPKParameters_print.pod @@ -1159,6 +1167,10 @@ GENERATE[html/man3/EVP_PKEY_CTX_get0_libctx.html]=man3/EVP_PKEY_CTX_get0_libctx.pod DEPEND[man/man3/EVP_PKEY_CTX_get0_libctx.3]=man3/EVP_PKEY_CTX_get0_libctx.pod GENERATE[man/man3/EVP_PKEY_CTX_get0_libctx.3]=man3/EVP_PKEY_CTX_get0_libctx.pod +DEPEND[html/man3/EVP_PKEY_CTX_get0_pkey.html]=man3/EVP_PKEY_CTX_get0_pkey.pod +GENERATE[html/man3/EVP_PKEY_CTX_get0_pkey.html]=man3/EVP_PKEY_CTX_get0_pkey.pod +DEPEND[man/man3/EVP_PKEY_CTX_get0_pkey.3]=man3/EVP_PKEY_CTX_get0_pkey.pod +GENERATE[man/man3/EVP_PKEY_CTX_get0_pkey.3]=man3/EVP_PKEY_CTX_get0_pkey.pod DEPEND[html/man3/EVP_PKEY_CTX_new.html]=man3/EVP_PKEY_CTX_new.pod GENERATE[html/man3/EVP_PKEY_CTX_new.html]=man3/EVP_PKEY_CTX_new.pod DEPEND[man/man3/EVP_PKEY_CTX_new.3]=man3/EVP_PKEY_CTX_new.pod @@ -1539,6 +1551,14 @@ GENERATE[html/man3/OPENSSL_strcasecmp.html]=man3/OPENSSL_strcasecmp.pod DEPEND[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod GENERATE[man/man3/OPENSSL_strcasecmp.3]=man3/OPENSSL_strcasecmp.pod +DEPEND[html/man3/OSSL_ALGORITHM.html]=man3/OSSL_ALGORITHM.pod +GENERATE[html/man3/OSSL_ALGORITHM.html]=man3/OSSL_ALGORITHM.pod +DEPEND[man/man3/OSSL_ALGORITHM.3]=man3/OSSL_ALGORITHM.pod +GENERATE[man/man3/OSSL_ALGORITHM.3]=man3/OSSL_ALGORITHM.pod +DEPEND[html/man3/OSSL_CALLBACK.html]=man3/OSSL_CALLBACK.pod +GENERATE[html/man3/OSSL_CALLBACK.html]=man3/OSSL_CALLBACK.pod +DEPEND[man/man3/OSSL_CALLBACK.3]=man3/OSSL_CALLBACK.pod +GENERATE[man/man3/OSSL_CALLBACK.3]=man3/OSSL_CALLBACK.pod DEPEND[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod GENERATE[html/man3/OSSL_CMP_CTX_new.html]=man3/OSSL_CMP_CTX_new.pod DEPEND[man/man3/OSSL_CMP_CTX_new.3]=man3/OSSL_CMP_CTX_new.pod @@ -1619,6 +1639,10 @@ GENERATE[html/man3/OSSL_DECODER_from_bio.html]=man3/OSSL_DECODER_from_bio.pod DEPEND[man/man3/OSSL_DECODER_from_bio.3]=man3/OSSL_DECODER_from_bio.pod GENERATE[man/man3/OSSL_DECODER_from_bio.3]=man3/OSSL_DECODER_from_bio.pod +DEPEND[html/man3/OSSL_DISPATCH.html]=man3/OSSL_DISPATCH.pod +GENERATE[html/man3/OSSL_DISPATCH.html]=man3/OSSL_DISPATCH.pod +DEPEND[man/man3/OSSL_DISPATCH.3]=man3/OSSL_DISPATCH.pod +GENERATE[man/man3/OSSL_DISPATCH.3]=man3/OSSL_DISPATCH.pod DEPEND[html/man3/OSSL_ENCODER.html]=man3/OSSL_ENCODER.pod GENERATE[html/man3/OSSL_ENCODER.html]=man3/OSSL_ENCODER.pod DEPEND[man/man3/OSSL_ENCODER.3]=man3/OSSL_ENCODER.pod @@ -1651,6 +1675,10 @@ GENERATE[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod DEPEND[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod GENERATE[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod +DEPEND[html/man3/OSSL_ITEM.html]=man3/OSSL_ITEM.pod +GENERATE[html/man3/OSSL_ITEM.html]=man3/OSSL_ITEM.pod +DEPEND[man/man3/OSSL_ITEM.3]=man3/OSSL_ITEM.pod +GENERATE[man/man3/OSSL_ITEM.3]=man3/OSSL_ITEM.pod DEPEND[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod GENERATE[html/man3/OSSL_LIB_CTX.html]=man3/OSSL_LIB_CTX.pod DEPEND[man/man3/OSSL_LIB_CTX.3]=man3/OSSL_LIB_CTX.pod @@ -2898,6 +2926,7 @@ html/man3/BIO_s_bio.html \ html/man3/BIO_s_connect.html \ html/man3/BIO_s_core.html \ +html/man3/BIO_s_datagram.html \ html/man3/BIO_s_fd.html \ html/man3/BIO_s_file.html \ html/man3/BIO_s_mem.html \ @@ -2983,6 +3012,7 @@ html/man3/DTLS_set_timer_cb.html \ html/man3/DTLSv1_listen.html \ html/man3/ECDSA_SIG_new.html \ +html/man3/ECDSA_sign.html \ html/man3/ECPKParameters_print.html \ html/man3/EC_GFp_simple_method.html \ html/man3/EC_GROUP_copy.html \ @@ -3025,6 +3055,7 @@ html/man3/EVP_PKEY_ASN1_METHOD.html \ html/man3/EVP_PKEY_CTX_ctrl.html \ html/man3/EVP_PKEY_CTX_get0_libctx.html \ +html/man3/EVP_PKEY_CTX_get0_pkey.html \ html/man3/EVP_PKEY_CTX_new.html \ html/man3/EVP_PKEY_CTX_set1_pbe_pass.html \ html/man3/EVP_PKEY_CTX_set_hkdf_md.html \ @@ -3120,6 +3151,8 @@ html/man3/OPENSSL_s390xcap.html \ html/man3/OPENSSL_secure_malloc.html \ html/man3/OPENSSL_strcasecmp.html \ +html/man3/OSSL_ALGORITHM.html \ +html/man3/OSSL_CALLBACK.html \ html/man3/OSSL_CMP_CTX_new.html \ html/man3/OSSL_CMP_HDR_get0_transactionID.html \ html/man3/OSSL_CMP_ITAV_set0.html \ @@ -3140,6 +3173,7 @@ html/man3/OSSL_DECODER_CTX.html \ html/man3/OSSL_DECODER_CTX_new_for_pkey.html \ html/man3/OSSL_DECODER_from_bio.html \ +html/man3/OSSL_DISPATCH.html \ html/man3/OSSL_ENCODER.html \ html/man3/OSSL_ENCODER_CTX.html \ html/man3/OSSL_ENCODER_CTX_new_for_pkey.html \ @@ -3148,6 +3182,7 @@ html/man3/OSSL_HTTP_REQ_CTX.html \ html/man3/OSSL_HTTP_parse_url.html \ html/man3/OSSL_HTTP_transfer.html \ +html/man3/OSSL_ITEM.html \ html/man3/OSSL_LIB_CTX.html \ html/man3/OSSL_PARAM.html \ html/man3/OSSL_PARAM_BLD.html \ @@ -3494,6 +3529,7 @@ man/man3/BIO_s_bio.3 \ man/man3/BIO_s_connect.3 \ man/man3/BIO_s_core.3 \ +man/man3/BIO_s_datagram.3 \ man/man3/BIO_s_fd.3 \ man/man3/BIO_s_file.3 \ man/man3/BIO_s_mem.3 \ @@ -3579,6 +3615,7 @@ man/man3/DTLS_set_timer_cb.3 \ man/man3/DTLSv1_listen.3 \ man/man3/ECDSA_SIG_new.3 \ +man/man3/ECDSA_sign.3 \ man/man3/ECPKParameters_print.3 \ man/man3/EC_GFp_simple_method.3 \ man/man3/EC_GROUP_copy.3 \ @@ -3621,6 +3658,7 @@ man/man3/EVP_PKEY_ASN1_METHOD.3 \ man/man3/EVP_PKEY_CTX_ctrl.3 \ man/man3/EVP_PKEY_CTX_get0_libctx.3 \ +man/man3/EVP_PKEY_CTX_get0_pkey.3 \ man/man3/EVP_PKEY_CTX_new.3 \ man/man3/EVP_PKEY_CTX_set1_pbe_pass.3 \ man/man3/EVP_PKEY_CTX_set_hkdf_md.3 \ @@ -3716,6 +3754,8 @@ man/man3/OPENSSL_s390xcap.3 \ man/man3/OPENSSL_secure_malloc.3 \ man/man3/OPENSSL_strcasecmp.3 \ +man/man3/OSSL_ALGORITHM.3 \ +man/man3/OSSL_CALLBACK.3 \ man/man3/OSSL_CMP_CTX_new.3 \ man/man3/OSSL_CMP_HDR_get0_transactionID.3 \ man/man3/OSSL_CMP_ITAV_set0.3 \ @@ -3736,6 +3776,7 @@ man/man3/OSSL_DECODER_CTX.3 \ man/man3/OSSL_DECODER_CTX_new_for_pkey.3 \ man/man3/OSSL_DECODER_from_bio.3 \ +man/man3/OSSL_DISPATCH.3 \ man/man3/OSSL_ENCODER.3 \ man/man3/OSSL_ENCODER_CTX.3 \ man/man3/OSSL_ENCODER_CTX_new_for_pkey.3 \ @@ -3744,6 +3785,7 @@ man/man3/OSSL_HTTP_REQ_CTX.3 \ man/man3/OSSL_HTTP_parse_url.3 \ man/man3/OSSL_HTTP_transfer.3 \ +man/man3/OSSL_ITEM.3 \ man/man3/OSSL_LIB_CTX.3 \ man/man3/OSSL_PARAM.3 \ man/man3/OSSL_PARAM_BLD.3 \ @@ -4063,6 +4105,10 @@ MANDOCS[man5]=man/man5/config.5 \ man/man5/fips_config.5 \ man/man5/x509v3_config.5 +DEPEND[html/man7/EVP_ASYM_CIPHER-RSA.html]=man7/EVP_ASYM_CIPHER-RSA.pod +GENERATE[html/man7/EVP_ASYM_CIPHER-RSA.html]=man7/EVP_ASYM_CIPHER-RSA.pod +DEPEND[man/man7/EVP_ASYM_CIPHER-RSA.7]=man7/EVP_ASYM_CIPHER-RSA.pod +GENERATE[man/man7/EVP_ASYM_CIPHER-RSA.7]=man7/EVP_ASYM_CIPHER-RSA.pod DEPEND[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod GENERATE[html/man7/EVP_ASYM_CIPHER-SM2.html]=man7/EVP_ASYM_CIPHER-SM2.pod DEPEND[man/man7/EVP_ASYM_CIPHER-SM2.7]=man7/EVP_ASYM_CIPHER-SM2.pod @@ -4563,7 +4609,8 @@ man7/img/mac.png \ man7/img/pkey.png \ man7/img/rand.png -HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-SM2.html \ +HTMLDOCS[man7]=html/man7/EVP_ASYM_CIPHER-RSA.html \ +html/man7/EVP_ASYM_CIPHER-SM2.html \ html/man7/EVP_CIPHER-AES.html \ html/man7/EVP_CIPHER-ARIA.html \ html/man7/EVP_CIPHER-BLOWFISH.html \ @@ -4686,7 +4733,8 @@ html/man7/proxy-certificates.html \ html/man7/ssl.html \ html/man7/x509.html -MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-SM2.7 \ +MANDOCS[man7]=man/man7/EVP_ASYM_CIPHER-RSA.7 \ +man/man7/EVP_ASYM_CIPHER-SM2.7 \ man/man7/EVP_CIPHER-AES.7 \ man/man7/EVP_CIPHER-ARIA.7 \ man/man7/EVP_CIPHER-BLOWFISH.7 \ diff -Nru openssl-3.0.7/doc/HOWTO/certificates.txt openssl-3.0.8/doc/HOWTO/certificates.txt --- openssl-3.0.7/doc/HOWTO/certificates.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/HOWTO/certificates.txt 2023-02-07 14:43:33.000000000 +0100 @@ -30,7 +30,7 @@ need to create a private key. Private keys are generated with 'openssl genrsa -out privkey.pem' if -you want a RSA private key, or if you want a DSA private key: +you want an RSA private key, or if you want a DSA private key: 'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'. The private keys created by these commands are not passphrase protected; diff -Nru openssl-3.0.7/doc/HOWTO/keys.txt openssl-3.0.8/doc/HOWTO/keys.txt --- openssl-3.0.7/doc/HOWTO/keys.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/HOWTO/keys.txt 2023-02-07 14:43:33.000000000 +0100 @@ -14,9 +14,9 @@ RSA and DSA, and this HOWTO will show how to generate each of them. -2. To generate a RSA key +2. To generate an RSA key -A RSA key can be used both for encryption and for signing. +An RSA key can be used both for encryption and for signing. Generating a key for the RSA algorithm is quite easy, all you have to do is the following: diff -Nru openssl-3.0.7/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod openssl-3.0.8/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod --- openssl-3.0.7/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/internal/man3/evp_keymgmt_util_export_to_provider.pod 2023-02-07 14:43:33.000000000 +0100 @@ -20,12 +20,14 @@ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, OSSL_CALLBACK *export_cb, void *export_cbarg); - void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); + void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int selection); OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt); + EVP_KEYMGMT *keymgmt, + int selection); int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); - int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, void *keydata); + int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + void *keydata, int selection); void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, int selection, const OSSL_PARAM params[]); @@ -65,6 +67,11 @@ given key I via a B interface. This is used as a helper for L. +In all functions that take a I argument, the selection is used to +constraint the information requested on export. It is also used in the cache +so that key data is guaranteed to contain all the information requested in +the selection. + =head1 RETURN VALUES evp_keymgmt_export_to_provider() and evp_keymgmt_util_fromdata() diff -Nru openssl-3.0.7/doc/internal/man3/ossl_provider_new.pod openssl-3.0.8/doc/internal/man3/ossl_provider_new.pod --- openssl-3.0.7/doc/internal/man3/ossl_provider_new.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/internal/man3/ossl_provider_new.pod 2023-02-07 14:43:33.000000000 +0100 @@ -301,7 +301,7 @@ ossl_provider_init_as_child() stores in the library context I references to the necessary upcalls for managing child providers. The I and I -parameters are the B and B pointers that were +parameters are the B and L pointers that were passed to the provider's B function. ossl_provider_deinit_child() deregisters callbacks from the parent library diff -Nru openssl-3.0.7/doc/man1/openssl-cmp.pod.in openssl-3.0.8/doc/man1/openssl-cmp.pod.in --- openssl-3.0.7/doc/man1/openssl-cmp.pod.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man1/openssl-cmp.pod.in 2023-02-07 14:43:33.000000000 +0100 @@ -503,15 +503,17 @@ =item B<-msg_timeout> I -Number of seconds (or 0 for infinite) a CMP request-response message round trip +Number of seconds a CMP request-response message round trip is allowed to take before a timeout error is returned. +A value <= 0 means no limitation (waiting indefinitely). Default is to use the B<-total_timeout> setting. =item B<-total_timeout> I -Maximum number seconds an overall enrollment transaction may take, -including attempts polling for certificates on C PKIStatus. -Default is 0 (infinite). +Maximum total number of seconds a transaction may take, +including polling etc. +A value <= 0 means no limitation (waiting indefinitely). +Default is 0. =back @@ -1232,7 +1234,7 @@ =head1 COPYRIGHT -Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man1/openssl-enc.pod.in openssl-3.0.8/doc/man1/openssl-enc.pod.in --- openssl-3.0.7/doc/man1/openssl-enc.pod.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man1/openssl-enc.pod.in 2023-02-07 14:43:33.000000000 +0100 @@ -256,6 +256,19 @@ Blowfish and RC5 algorithms use a 128 bit key. +Please note that OpenSSL 3.0 changed the effect of the B<-S> option. +Any explicit salt value specified via this option is no longer prepended to the +ciphertext when encrypting, and must again be explicitly provided when decrypting. +Conversely, when the B<-S> option is used during decryption, the ciphertext +is expected to not have a prepended salt value. + +When using OpenSSL 3.0 or later to decrypt data that was encrypted with an +explicit salt under OpenSSL 1.1.1 do not use the B<-S> option, the salt will +then be read from the ciphertext. +To generate ciphertext that can be decrypted with OpenSSL 1.1.1 do not use +the B<-S> option, the salt will be then be generated randomly and prepended +to the output. + =head1 SUPPORTED CIPHERS Note that some of these ciphers can be disabled at compile time @@ -435,7 +448,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man1/openssl-gendsa.pod.in openssl-3.0.8/doc/man1/openssl-gendsa.pod.in --- openssl-3.0.7/doc/man1/openssl-gendsa.pod.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man1/openssl-gendsa.pod.in 2023-02-07 14:43:33.000000000 +0100 @@ -57,6 +57,9 @@ cipher before outputting it. A pass phrase is prompted for. If none of these options is specified no encryption is used. +Note that all options must be given before the I argument. +Otherwise they are ignored. + =item B<-verbose> Print extra details about the operations being performed. @@ -95,7 +98,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man1/openssl-storeutl.pod.in openssl-3.0.8/doc/man1/openssl-storeutl.pod.in --- openssl-3.0.7/doc/man1/openssl-storeutl.pod.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man1/openssl-storeutl.pod.in 2023-02-07 14:43:33.000000000 +0100 @@ -28,12 +28,12 @@ [B<-fingerprint> I] [B<-I>] {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} -I ... +I =head1 DESCRIPTION This command can be used to display the contents (after -decryption as the case may be) fetched from the given URIs. +decryption as the case may be) fetched from the given URI. =head1 OPTIONS @@ -76,6 +76,9 @@ However, if this URI would return a set of names (URIs), those are always returned. +Note that all options must be given before the I argument. +Otherwise they are ignored. + =item B<-subject> I Search for an object having the subject name I. @@ -134,7 +137,7 @@ =head1 COPYRIGHT -Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man1/openssl-x509.pod.in openssl-3.0.8/doc/man1/openssl-x509.pod.in --- openssl-3.0.7/doc/man1/openssl-x509.pod.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man1/openssl-x509.pod.in 2023-02-07 14:43:33.000000000 +0100 @@ -411,7 +411,7 @@ This option is useful for creating self-issued certificates that are not self-signed, for instance when the key cannot be used for signing, such as DH. -It can also be used in conjunction with b<-new> and B<-subj> to directly +It can also be used in conjunction with B<-new> and B<-subj> to directly generate a certificate containing any desired public key. =item B<-clrext> diff -Nru openssl-3.0.7/doc/man3/BIO_read.pod openssl-3.0.8/doc/man3/BIO_read.pod --- openssl-3.0.7/doc/man3/BIO_read.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/BIO_read.pod 2023-02-07 14:43:33.000000000 +0100 @@ -42,7 +42,7 @@ On binary input there may be NUL characters within the string; in this case the return value (if nonnegative) may give an incorrect length. -BIO_get_line() attempts to read from BIO a line of data up to the next '\n' +BIO_get_line() attempts to read from BIO I a line of data up to the next '\n' or the maximum length I is reached and places the data in I. The returned string is always NUL-terminated and the '\n' is preserved if present in the input data. @@ -119,7 +119,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/BIO_s_connect.pod openssl-3.0.8/doc/man3/BIO_s_connect.pod --- openssl-3.0.7/doc/man3/BIO_s_connect.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/BIO_s_connect.pod 2023-02-07 14:43:33.000000000 +0100 @@ -28,7 +28,7 @@ long BIO_set_nbio(BIO *b, long n); - int BIO_do_connect(BIO *b); + long BIO_do_connect(BIO *b); =head1 DESCRIPTION @@ -201,7 +201,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/BIO_s_datagram.pod openssl-3.0.8/doc/man3/BIO_s_datagram.pod --- openssl-3.0.7/doc/man3/BIO_s_datagram.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/BIO_s_datagram.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,234 @@ +=pod + +=head1 NAME + +BIO_s_datagram, BIO_new_dgram, +BIO_ctrl_dgram_connect, +BIO_ctrl_set_connected, +BIO_dgram_recv_timedout, +BIO_dgram_send_timedout, +BIO_dgram_get_peer, +BIO_dgram_set_peer, +BIO_dgram_get_mtu_overhead - Network BIO with datagram semantics + +=head1 SYNOPSIS + + #include + + BIO_METHOD *BIO_s_datagram(void); + BIO *BIO_new_dgram(int fd, int close_flag); + + int BIO_ctrl_dgram_connect(BIO *bio, const BIO_ADDR *peer); + int BIO_ctrl_set_connected(BIO *bio, const BIO_ADDR *peer); + int BIO_dgram_recv_timedout(BIO *bio); + int BIO_dgram_send_timedout(BIO *bio); + int BIO_dgram_get_peer(BIO *bio, BIO_ADDR *peer); + int BIO_dgram_set_peer(BIO *bio, const BIO_ADDR *peer); + int BIO_dgram_get_mtu_overhead(BIO *bio); + +=head1 DESCRIPTION + +BIO_s_datagram() is a BIO implementation designed for use with network sockets +which provide datagram semantics, such as UDP sockets. It is suitable for use +with DTLSv1. + +Because BIO_s_datagram() has datagram semantics, a single BIO_write() call sends +a single datagram and a single BIO_read() call receives a single datagram. If +the size of the buffer passed to BIO_read() is inadequate, the datagram is +silently truncated. + +When using BIO_s_datagram(), it is important to note that: + +=over 4 + +=item + +This BIO can be used with either a connected or unconnected network socket. A +connected socket is a network socket which has had L or a +similar OS-specific function called on it. Such a socket can only receive +datagrams from the specified peer. Any other socket is an unconnected socket and +can receive datagrams from any host. + +=item + +Despite their naming, +neither BIO_ctrl_dgram_connect() nor BIO_ctrl_set_connected() cause a socket +to become connected. These controls are provided to indicate to the BIO how +the underlying socket is configured and how it is to be used; see below. + +=item + +Use of BIO_s_datagram() with an unconnected network socket is hazardous hecause +any successful call to BIO_read() results in the peer address used for any +subsequent call to BIO_write() being set to the source address of the datagram +received by that call to BIO_read(). Thus, unless the caller calls +BIO_dgram_set_peer() immediately prior to every call to BIO_write(), or never +calls BIO_read(), any host on the network may cause future datagrams written to +be redirected to that host. Therefore, it is recommended that users use +BIO_s_dgram() only with a connected socket. An exception is where +L must be used; see L for further +discussion. + +=back + +Various controls are available for configuring the BIO_s_datagram() using +L: + +=over 4 + +=item BIO_ctrl_dgram_connect (BIO_CTRL_DGRAM_CONNECT) + +This is equivalent to calling L. + +Despite its name, this function does not cause the underlying socket to become +connected. + +=item BIO_ctrl_set_connected (BIO_CTRL_SET_CONNECTED) + +This informs the BIO_s_datagram() whether the underlying socket has been +connected, and therefore how the BIO_s_datagram() should attempt to use the +socket. + +If the I argument is non-NULL, BIO_s_datagram() assumes that the +underlying socket has been connected and will attempt to use the socket using OS +APIs which do not specify peer addresses (for example, send(3) and recv(3) or +similar). The I argument should specify the peer address to which the socket +is connected. + +If the I argument is NULL, BIO_s_datagram() assumes that the underlying +socket is not connected and will attempt to use the socket using an OS APIs +which specify peer addresses (for example, sendto(3) and recvfrom(3)). + +=item BIO_dgram_get_peer (BIO_CTRL_DGRAM_GET_PEER) + +This outputs a B which specifies one of the following values, +whichever happened most recently: + +=over 4 + +=item + +The peer address last passed to BIO_dgram_set_peer(), BIO_ctrl_dgram_connect() +or BIO_ctrl_set_connected(). + +=item + +The peer address of the datagram last received by a call to BIO_read(). + +=back + +=item BIO_dgram_set_peer (BIO_CTRL_DGRAM_SET_PEER) + +Sets the peer address to be used for subsequent writes to this BIO. + +Warning: When used with an unconnected network socket, the value set may be +modified by future calls to L, making use of BIO_s_datagram() +hazardous when used with unconnected network sockets; see above. + +=item BIO_dgram_recv_timeout (BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP) + +Returns 1 if the last I/O operation performed on the BIO (for example, via a +call to L) may have been caused by a receive timeout. + +=item BIO_dgram_send_timedout (BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP) + +Returns 1 if the last I/O operation performed on the BIO (for example, via a +call to L) may have been caused by a send timeout. + +=item BIO_dgram_get_mtu_overhead (BIO_CTRL_DGRAM_GET_MTU_OVERHEAD) + +Returns a quantity in bytes which is a rough estimate of the number of bytes of +overhead which should typically be added to a datagram payload size in order to +estimate the final size of the Layer 3 (e.g. IP) packet which will contain the +datagram. In most cases, the maximum datagram payload size which can be +transmitted can be determined by determining the link MTU in bytes and +subtracting the value returned by this call. + +The value returned by this call depends on the network layer protocol being +used. + +The value returned is not fully reliable because datagram overheads can be +higher in atypical network configurations, for example where IPv6 extension +headers or IPv4 options are used. + +=item BIO_CTRL_DGRAM_SET_DONT_FRAG + +If I is nonzero, configures the underlying network socket to enable Don't +Fragment mode, in which datagrams will be set with the IP Don't Fragment (DF) +bit set. If I is zero, Don't Fragment mode is disabled. + +=item BIO_CTRL_DGRAM_QUERY_MTU + +Queries the OS for its assessment of the Path MTU for the destination to which +the underlying network socket, and returns that Path MTU in bytes. This control +can only be used with a connected socket. + +This is not supported on all platforms and depends on OS support being +available. Returns 0 on failure. + +=item BIO_CTRL_DGRAM_MTU_DISCOVER + +This control requests that Path MTU discovery be enabled on the underlying +network socket. + +=item BIO_CTRL_DGRAM_GET_FALLBACK_MTU + +Returns the estimated minimum size of datagram payload which should always be +supported on the BIO. This size is determined by the minimum MTU required to be +supported by the applicable underlying network layer. Use of datagrams of this +size may lead to suboptimal performance, but should be routable in all +circumstances. The value returned is the datagram payload size in bytes and does +not include the size of layer 3 or layer 4 protocol headers. + +=item BIO_CTRL_DGRAM_MTU_EXCEEDED + +Returns 1 if the last attempted write to the BIO failed due to the size of the +attempted write exceeding the applicable MTU. + +=item BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT + +Accepts a pointer to a B. If the time specified is zero, +disables receive timeouts. Otherwise, configures the specified time interval as +the receive timeout for the socket for the purposes of future L +calls. + +=item BIO_CTRL_DGRAM_SET_PEEK_MODE + +If B is nonzero, enables peek mode; otherwise, disables peek mode. Where +peek mode is enabled, calls to L read datagrams from the underlying +network socket in peek mode, meaning that a future call to L will +yield the same datagram until peek mode is disabled. + +=back + +BIO_new_dgram() is a helper function which instantiates a BIO_s_datagram() and +sets the BIO to use the socket given in I by calling BIO_set_fd(). + +=head1 RETURN VALUES + +BIO_s_datagram() returns a BIO method. + +BIO_new_dgram() returns a BIO on success and NULL on failure. + +BIO_ctrl_dgram_connect(), BIO_ctrl_set_connected(), +BIO_dgram_get_peer(), BIO_dgram_set_peer() return 1 on success and 0 on failure. + +BIO_dgram_recv_timedout() and BIO_dgram_send_timedout() return 0 or 1 depending +on the circumstance; see discussion above. + +BIO_dgram_get_mtu_overhead() returns a value in bytes. + +=head1 SEE ALSO + +L, L + +=head1 COPYRIGHT + +Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/d2i_PrivateKey.pod openssl-3.0.8/doc/man3/d2i_PrivateKey.pod --- openssl-3.0.7/doc/man3/d2i_PrivateKey.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/d2i_PrivateKey.pod 2023-02-07 14:43:33.000000000 +0100 @@ -103,14 +103,15 @@ The d2i_PrivateKey_ex(), d2i_PrivateKey(), d2i_AutoPrivateKey_ex(), d2i_AutoPrivateKey(), d2i_PrivateKey_ex_bio(), d2i_PrivateKey_bio(), d2i_PrivateKey_ex_fp(), d2i_PrivateKey_fp(), d2i_PublicKey(), d2i_KeyParams() -and d2i_KeyParams_bio() functions return a valid B structure or NULL -if an error occurs. The error code can be obtained by calling -L. +and d2i_KeyParams_bio() functions return a valid B structure or NULL if +an error occurs. The error code can be obtained by calling L. -i2d_PrivateKey(), i2d_PrivateKey_bio(), i2d_PrivateKey_fp(), i2d_PublicKey(), -i2d_KeyParams() i2d_KeyParams_bio() return the number of bytes successfully -encoded or a negative value if an error occurs. The error code can be obtained -by calling L. +i2d_PrivateKey(), i2d_PublicKey() and i2d_KeyParams() return the number of +bytes successfully encoded or a negative value if an error occurs. The error +code can be obtained by calling L. + +i2d_PrivateKey_bio(), i2d_PrivateKey_fp() and i2d_KeyParams_bio() return 1 if +successfully encoded or zero if an error occurs. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/d2i_X509.pod openssl-3.0.8/doc/man3/d2i_X509.pod --- openssl-3.0.7/doc/man3/d2i_X509.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/d2i_X509.pod 2023-02-07 14:43:33.000000000 +0100 @@ -469,7 +469,7 @@ Represents an B structure as used in IETF RFC 6960 and elsewhere. -=item B +=item B Represents a B type as used for subject and issuer names in IETF RFC 6960 and elsewhere. @@ -588,14 +588,14 @@ always succeed. Any function which encodes a structure (B>(), -B>() or B>()) may return a stale encoding if the +B_bio>() or B_fp>()) may return a stale encoding if the structure has been modified after deserialization or previous serialization. This is because some objects cache the encoding for efficiency reasons. =head1 COPYRIGHT -Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/DES_random_key.pod openssl-3.0.8/doc/man3/DES_random_key.pod --- openssl-3.0.7/doc/man3/DES_random_key.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/DES_random_key.pod 2023-02-07 14:43:33.000000000 +0100 @@ -294,9 +294,12 @@ =head1 RETURN VALUES -DES_set_key(), DES_key_sched(), DES_set_key_checked() and DES_is_weak_key() +DES_set_key(), DES_key_sched(), and DES_set_key_checked() return 0 on success or negative values on error. +DES_is_weak_key() returns 1 if the passed key is a weak key, 0 if it +is ok. + DES_cbc_cksum() and DES_quad_cksum() return 4-byte integer representing the last 4 bytes of the checksum of the input. diff -Nru openssl-3.0.7/doc/man3/DTLSv1_listen.pod openssl-3.0.8/doc/man3/DTLSv1_listen.pod --- openssl-3.0.7/doc/man3/DTLSv1_listen.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/DTLSv1_listen.pod 2023-02-07 14:43:33.000000000 +0100 @@ -64,6 +64,23 @@ AF_UNSPEC. Typically user code is expected to "connect" the underlying socket to the peer and continue the handshake in a connected state. +Warning: It is essential that the calling code connects the underlying socket to +the peer after making use of DTLSv1_listen(). In the typical case where +L is used, the peer address is updated when receiving a +datagram on an unconnected socket. If the socket is not connected, it can +receive datagrams from any host on the network, which will cause subsequent +outgoing datagrams transmitted by DTLS to be transmitted to that host. In other +words, failing to call BIO_connect() or a similar OS-specific function on a +socket means that any host on the network can cause outgoing DTLS traffic to be +redirected to it by sending a datagram to the socket in question. This does not +break the cryptographic protections of DTLS but may facilitate a +denial-of-service attack or allow unencrypted information in the DTLS handshake +to be learned by an attacker. This is due to the historical design of +L; see L for details on this issue. + +Once a socket has been connected, L should be used to +inform the BIO that the socket is to be used in connected mode. + Prior to calling DTLSv1_listen() user code must ensure that cookie generation and verification callbacks have been set up using L and L @@ -126,7 +143,7 @@ =head1 COPYRIGHT -Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/ECDSA_SIG_new.pod openssl-3.0.8/doc/man3/ECDSA_SIG_new.pod --- openssl-3.0.7/doc/man3/ECDSA_SIG_new.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/ECDSA_SIG_new.pod 2023-02-07 14:43:33.000000000 +0100 @@ -2,11 +2,9 @@ =head1 NAME -ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0, -ECDSA_SIG_new, ECDSA_SIG_free, ECDSA_size, ECDSA_sign, ECDSA_do_sign, -ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, -ECDSA_do_sign_ex - low-level elliptic curve digital signature algorithm (ECDSA) -functions +ECDSA_SIG_new, ECDSA_SIG_free, +ECDSA_SIG_get0, ECDSA_SIG_get0_r, ECDSA_SIG_get0_s, ECDSA_SIG_set0 +- Functions for creating, destroying and manipulating ECDSA_SIG objects =head1 SYNOPSIS @@ -19,37 +17,18 @@ const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig); int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -The following functions have been deprecated since OpenSSL 3.0, and can be -hidden entirely by defining B with a suitable version value, -see L: - - int ECDSA_size(const EC_KEY *eckey); - - int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); - ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, - EC_KEY *eckey); - - int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, - const unsigned char *sig, int siglen, EC_KEY *eckey); - int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, - const ECDSA_SIG *sig, EC_KEY* eckey); - - ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, - const BIGNUM *kinv, const BIGNUM *rp, - EC_KEY *eckey); - int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); - int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, - unsigned char *sig, unsigned int *siglen, - const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); - =head1 DESCRIPTION B is an opaque structure consisting of two BIGNUMs for the -I and I value of an ECDSA signature (see X9.62 or FIPS186-2). +I and I value of an Elliptic Curve Digital Signature Algorithm (ECDSA) signature +(see FIPS186-4 or X9.62). +The B object was mainly used by the deprecated low level functions described in +L, it is still required in order to be able to set or get the values of +I and I into or from a signature. This is mainly used for testing purposes as shown +in the L. -ECDSA_SIG_new() allocates an empty B structure. Note: before -OpenSSL 1.1.0 the: the I and I components were initialised. +ECDSA_SIG_new() allocates an empty B structure. +Note: before OpenSSL 1.1.0, the I and I components were initialised. ECDSA_SIG_free() frees the B structure I. @@ -69,52 +48,6 @@ See L and L for information about encoding and decoding ECDSA signatures to/from DER. -All of the functions described below are deprecated. Applications should -use the higher level B interface such as L -or L instead. - -ECDSA_size() returns the maximum length of a DER encoded ECDSA signature -created with the private EC key I. To obtain the actual signature -size use L with a NULL I parameter. - -ECDSA_sign() computes a digital signature of the I bytes hash value -I using the private EC key I. The DER encoded signatures is -stored in I and its length is returned in I. Note: I must -point to ECDSA_size(eckey) bytes of memory. The parameter I is currently -ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I -and I set to NULL. - -ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned -as a newly allocated B structure (or NULL on error). ECDSA_do_sign() -is a wrapper function for ECDSA_do_sign_ex() with I and I set to -NULL. - -ECDSA_verify() verifies that the signature in I of size I is a -valid ECDSA signature of the hash value I of size I using the -public key I. The parameter I is ignored. - -ECDSA_do_verify() is similar to ECDSA_verify() except the signature is -presented in the form of a pointer to an B structure. - -The remaining functions utilise the internal I and I values used -during signature computation. Most applications will never need to call these -and some external ECDSA ENGINE implementations may not support them at all if -either I or I is not NULL. - -ECDSA_sign_setup() may be used to precompute parts of the signing operation. -I is the private EC key and I is a pointer to B structure -(or NULL). The precomputed values or returned in I and I and can be -used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex(). - -ECDSA_sign_ex() computes a digital signature of the I bytes hash value -I using the private EC key I and the optional pre-computed values -I and I. The DER encoded signature is stored in I and its -length is returned in I. Note: I must point to ECDSA_size(eckey) -bytes of memory. The parameter I is ignored. - -ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is -returned as a newly allocated B structure (or NULL on error). - =head1 RETURN VALUES ECDSA_SIG_new() returns NULL if the allocation fails. @@ -124,74 +57,71 @@ ECDSA_SIG_get0_r() and ECDSA_SIG_get0_s() return the corresponding value, or NULL if it is unset. -ECDSA_size() returns the maximum length signature or 0 on error. - -ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful -or 0 on error. - -ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated -B structure or NULL on error. - -ECDSA_verify() and ECDSA_do_verify() return 1 for a valid -signature, 0 for an invalid signature and -1 on error. -The error codes can be obtained by L. - =head1 EXAMPLES -Creating an ECDSA signature of a given SHA-256 hash value using the -named curve prime256v1 (aka P-256). - -First step: create an EC_KEY object (note: this part is B ECDSA -specific) +Extract signature I and I values from a ECDSA I +of size I: - int ret; - ECDSA_SIG *sig; - EC_KEY *eckey; + ECDSA_SIG *obj; + const BIGNUM *r, *s; - eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - if (eckey == NULL) + /* Load a signature into the ECDSA_SIG object */ + obj = d2i_ECDSA_SIG(NULL, &signature, signaturelen); + if (obj == NULL) /* error */ - if (EC_KEY_generate_key(eckey) == 0) - /* error */ - -Second step: compute the ECDSA signature of a SHA-256 hash value -using ECDSA_do_sign(): - sig = ECDSA_do_sign(digest, 32, eckey); - if (sig == NULL) + r = ECDSA_SIG_get0_r(obj); + s = ECDSA_SIG_get0_s(obj); + if (r == NULL || s == NULL) /* error */ -or using ECDSA_sign(): + /* Use BN_bn2binpad() here to convert to r and s into byte arrays */ - unsigned char *buffer, *pp; - int buf_len; + /* + * Do not try to access I or I after calling ECDSA_SIG_free(), + * as they are both freed by this call. + */ + ECDSA_SIG_free(obj); + +Convert I and I byte arrays into an ECDSA_SIG I of +size I: + + ECDSA_SIG *obj = NULL; + unsigned char *signature = NULL; + size_t signaturelen; + BIGNUM *rbn = NULL, *sbn = NULL; - buf_len = ECDSA_size(eckey); - buffer = OPENSSL_malloc(buf_len); - pp = buffer; - if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) + obj = ECDSA_SIG_new(); + if (obj == NULL) + /* error */ + rbn = BN_bin2bn(r, rlen, NULL); + sbn = BN_bin2bn(s, slen, NULL); + if (rbn == NULL || sbn == NULL) /* error */ -Third step: verify the created ECDSA signature using ECDSA_do_verify(): - - ret = ECDSA_do_verify(digest, 32, sig, eckey); - -or using ECDSA_verify(): - - ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); - -and finally evaluate the return value: + if (!ECDSA_SIG_set0(obj, rbn, sbn)) + /* error */ + /* Set these to NULL since they are now owned by obj */ + rbn = sbn = NULL; - if (ret == 1) - /* signature ok */ - else if (ret == 0) - /* incorrect signature */ - else + signaturelen = i2d_ECDSA_SIG(obj, &signature); + if (signaturelen <= 0) /* error */ + /* + * This signature could now be passed to L + * or L + */ + + BN_free(rbn); + BN_free(sbn); + OPENSSL_free(signature); + ECDSA_SIG_free(obj); + =head1 CONFORMING TO -ANSI X9.62, US Federal Information Processing Standard FIPS186-2 +ANSI X9.62, +US Federal Information Processing Standard FIPS186-4 (Digital Signature Standard, DSS) =head1 SEE ALSO @@ -201,13 +131,8 @@ L, L L, -L - -=head1 HISTORY - -The ECDSA_size(), ECDSA_sign(), ECDSA_do_sign(), ECDSA_verify(), -ECDSA_do_verify(), ECDSA_sign_setup(), ECDSA_sign_ex() and ECDSA_do_sign_ex() -functions were deprecated in OpenSSL 3.0. +L, +L =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man3/ECDSA_sign.pod openssl-3.0.8/doc/man3/ECDSA_sign.pod --- openssl-3.0.7/doc/man3/ECDSA_sign.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/ECDSA_sign.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,186 @@ +=pod + +=head1 NAME + +ECDSA_size, ECDSA_sign, ECDSA_do_sign, +ECDSA_verify, ECDSA_do_verify, ECDSA_sign_setup, ECDSA_sign_ex, +ECDSA_do_sign_ex - deprecated low-level elliptic curve digital signature algorithm +(ECDSA) functions + +=head1 SYNOPSIS + + #include + +The following functions have been deprecated since OpenSSL 3.0, and can be +hidden entirely by defining B with a suitable version value, +see L: + + int ECDSA_size(const EC_KEY *eckey); + + int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, EC_KEY *eckey); + ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len, + EC_KEY *eckey); + + int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen, + const unsigned char *sig, int siglen, EC_KEY *eckey); + int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, + const ECDSA_SIG *sig, EC_KEY* eckey); + + ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen, + const BIGNUM *kinv, const BIGNUM *rp, + EC_KEY *eckey); + int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp); + int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen, + unsigned char *sig, unsigned int *siglen, + const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey); + +=head1 DESCRIPTION + +See L for a description of the B object. + +See L and L for information about encoding +and decoding ECDSA signatures to/from DER. + +All of the functions described below are deprecated. Applications should +use the higher level B interface such as L +or L instead. + +ECDSA_size() returns the maximum length of a DER encoded ECDSA signature +created with the private EC key I. To obtain the actual signature +size use L with a NULL I parameter. + +ECDSA_sign() computes a digital signature of the I bytes hash value +I using the private EC key I. The DER encoded signatures is +stored in I and its length is returned in I. Note: I must +point to ECDSA_size(eckey) bytes of memory. The parameter I is currently +ignored. ECDSA_sign() is wrapper function for ECDSA_sign_ex() with I +and I set to NULL. + +ECDSA_do_sign() is similar to ECDSA_sign() except the signature is returned +as a newly allocated B structure (or NULL on error). ECDSA_do_sign() +is a wrapper function for ECDSA_do_sign_ex() with I and I set to +NULL. + +ECDSA_verify() verifies that the signature in I of size I is a +valid ECDSA signature of the hash value I of size I using the +public key I. The parameter I is ignored. + +ECDSA_do_verify() is similar to ECDSA_verify() except the signature is +presented in the form of a pointer to an B structure. + +The remaining functions utilise the internal I and I values used +during signature computation. Most applications will never need to call these +and some external ECDSA ENGINE implementations may not support them at all if +either I or I is not NULL. + +ECDSA_sign_setup() may be used to precompute parts of the signing operation. +I is the private EC key and I is a pointer to B structure +(or NULL). The precomputed values or returned in I and I and can be +used in a later call to ECDSA_sign_ex() or ECDSA_do_sign_ex(). + +ECDSA_sign_ex() computes a digital signature of the I bytes hash value +I using the private EC key I and the optional pre-computed values +I and I. The DER encoded signature is stored in I and its +length is returned in I. Note: I must point to ECDSA_size(eckey) +bytes of memory. The parameter I is ignored. + +ECDSA_do_sign_ex() is similar to ECDSA_sign_ex() except the signature is +returned as a newly allocated B structure (or NULL on error). + +=head1 RETURN VALUES + +ECDSA_size() returns the maximum length signature or 0 on error. + +ECDSA_sign(), ECDSA_sign_ex() and ECDSA_sign_setup() return 1 if successful +or 0 on error. + +ECDSA_do_sign() and ECDSA_do_sign_ex() return a pointer to an allocated +B structure or NULL on error. + +ECDSA_verify() and ECDSA_do_verify() return 1 for a valid +signature, 0 for an invalid signature and -1 on error. +The error codes can be obtained by L. + +=head1 EXAMPLES + +Creating an ECDSA signature of a given SHA-256 hash value using the +named curve prime256v1 (aka P-256). +This example uses deprecated functionality. See L. + +First step: create an EC_KEY object (note: this part is B ECDSA +specific) + + int ret; + ECDSA_SIG *sig; + EC_KEY *eckey; + + eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + if (eckey == NULL) + /* error */ + if (EC_KEY_generate_key(eckey) == 0) + /* error */ + +Second step: compute the ECDSA signature of a SHA-256 hash value +using ECDSA_do_sign(): + + sig = ECDSA_do_sign(digest, 32, eckey); + if (sig == NULL) + /* error */ + +or using ECDSA_sign(): + + unsigned char *buffer, *pp; + int buf_len; + + buf_len = ECDSA_size(eckey); + buffer = OPENSSL_malloc(buf_len); + pp = buffer; + if (ECDSA_sign(0, dgst, dgstlen, pp, &buf_len, eckey) == 0) + /* error */ + +Third step: verify the created ECDSA signature using ECDSA_do_verify(): + + ret = ECDSA_do_verify(digest, 32, sig, eckey); + +or using ECDSA_verify(): + + ret = ECDSA_verify(0, digest, 32, buffer, buf_len, eckey); + +and finally evaluate the return value: + + if (ret == 1) + /* signature ok */ + else if (ret == 0) + /* incorrect signature */ + else + /* error */ + +=head1 CONFORMING TO + +ANSI X9.62, US Federal Information Processing Standard FIPS186-2 +(Digital Signature Standard, DSS) + +=head1 SEE ALSO + +L, +L, +L, +L +L, +L + +=head1 HISTORY + +All functionality described here was deprecated in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/EC_GROUP_copy.pod openssl-3.0.8/doc/man3/EC_GROUP_copy.pod --- openssl-3.0.7/doc/man3/EC_GROUP_copy.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EC_GROUP_copy.pod 2023-02-07 14:43:33.000000000 +0100 @@ -247,12 +247,12 @@ =head1 HISTORY EC_GROUP_method_of() was deprecated in OpenSSL 3.0. - -EC_GROUP_check_named_curve() and EC_GROUP_get_field_type() were added in OpenSSL 3.0. +EC_GROUP_get0_field(), EC_GROUP_check_named_curve() and EC_GROUP_get_field_type() were added in OpenSSL 3.0. +EC_GROUP_get0_order(), EC_GROUP_order_bits() and EC_GROUP_get0_cofactor() were added in OpenSSL 1.1.0. =head1 COPYRIGHT -Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2013-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/ERR_GET_LIB.pod openssl-3.0.8/doc/man3/ERR_GET_LIB.pod --- openssl-3.0.7/doc/man3/ERR_GET_LIB.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/ERR_GET_LIB.pod 2023-02-07 14:43:33.000000000 +0100 @@ -42,6 +42,14 @@ is fatal, respectively. Starting with OpenSSL 3.0.0, the function code is always set to zero. +=head1 NOTES + +Applications should not make control flow decisions based on specific error +codes. Error codes are subject to change at any time (even in patch releases of +OpenSSL). A particular error code can only be considered meaningful for control +flow decisions if it is explicitly documented as such. New failure codes may +still appear at any time. + =head1 SEE ALSO L @@ -54,7 +62,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/EVP_ASYM_CIPHER_free.pod openssl-3.0.8/doc/man3/EVP_ASYM_CIPHER_free.pod --- openssl-3.0.7/doc/man3/EVP_ASYM_CIPHER_free.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_ASYM_CIPHER_free.pod 2023-02-07 14:43:33.000000000 +0100 @@ -75,7 +75,7 @@ discretion of the I implementation. EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() -return a constant B array that describes the names and types of key +return a constant L array that describes the names and types of key parameters that can be retrieved or set by a key encryption algorithm using L and L. @@ -90,7 +90,7 @@ names. A return value of 0 means that the callback was not called for any names. EVP_ASYM_CIPHER_gettable_ctx_params() and EVP_ASYM_CIPHER_settable_ctx_params() -return a constant B array or NULL on error. +return a constant L array or NULL on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_DigestInit.pod openssl-3.0.8/doc/man3/EVP_DigestInit.pod --- openssl-3.0.7/doc/man3/EVP_DigestInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_DigestInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -207,27 +207,24 @@ =item EVP_MD_gettable_params() -Get a constant B array that describes the retrievable parameters -that can be used with EVP_MD_get_params(). See L for the -use of B as a parameter descriptor. +Get a constant L array that describes the retrievable parameters +that can be used with EVP_MD_get_params(). =item EVP_MD_gettable_ctx_params(), EVP_MD_CTX_gettable_params() -Get a constant B array that describes the retrievable parameters +Get a constant L array that describes the retrievable parameters that can be used with EVP_MD_CTX_get_params(). EVP_MD_gettable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_MD_CTX_gettable_params() returns the parameters that can be retrieved -in the context's current state. See L for the use of -B as a parameter descriptor. +in the context's current state. =item EVP_MD_settable_ctx_params(), EVP_MD_CTX_settable_params() -Get a constant B array that describes the settable parameters +Get a constant L array that describes the settable parameters that can be used with EVP_MD_CTX_set_params(). EVP_MD_settable_ctx_params() returns the parameters that can be set from the algorithm, whereas EVP_MD_CTX_settable_params() returns the parameters that can be set in the -context's current state. See L for the use of B -as a parameter descriptor. +context's current state. =item EVP_MD_CTX_set_flags(), EVP_MD_CTX_clear_flags(), EVP_MD_CTX_test_flags() @@ -569,6 +566,7 @@ EVP_Digest(), EVP_DigestInit_ex2(), EVP_DigestInit_ex(), +EVP_DigestInit(), EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_DigestFinalXOF(), and @@ -589,7 +587,7 @@ =item EVP_MD_CTX_settable_params(), EVP_MD_CTX_gettable_params() -Return an array of constant Bs, or NULL if there is none +Return an array of constant Ls, or NULL if there is none to get. =item EVP_MD_CTX_copy_ex() @@ -607,7 +605,7 @@ EVP_MD_CTX_get_size(), EVP_MD_CTX_get_block_size() -Returns the digest or block size in bytes. +Returns the digest or block size in bytes or -1 for failure. =item EVP_md_null() @@ -643,6 +641,13 @@ For most applications the I parameter to EVP_DigestInit_ex() will be set to NULL to use the default digest implementation. +Ignoring failure returns of EVP_DigestInit_ex(), EVP_DigestInit_ex2(), or +EVP_DigestInit() can lead to undefined behavior on subsequent calls +updating or finalizing the B such as the EVP_DigestUpdate() or +EVP_DigestFinal() functions. The only valid calls on the B +when initialization fails are calls that attempt another initialization of +the context or release the context. + The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are obsolete but are retained to maintain compatibility with existing code. New applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and @@ -690,10 +695,26 @@ } mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex2(mdctx, md, NULL); - EVP_DigestUpdate(mdctx, mess1, strlen(mess1)); - EVP_DigestUpdate(mdctx, mess2, strlen(mess2)); - EVP_DigestFinal_ex(mdctx, md_value, &md_len); + if (!EVP_DigestInit_ex2(mdctx, md, NULL)) { + printf("Message digest initialization failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + if (!EVP_DigestUpdate(mdctx, mess1, strlen(mess1))) { + printf("Message digest update failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + if (!EVP_DigestUpdate(mdctx, mess2, strlen(mess2))) { + printf("Message digest update failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) { + printf("Message digest finalization failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } EVP_MD_CTX_free(mdctx); printf("Digest is: "); @@ -763,7 +784,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/EVP_DigestSignInit.pod openssl-3.0.8/doc/man3/EVP_DigestSignInit.pod --- openssl-3.0.7/doc/man3/EVP_DigestSignInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_DigestSignInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -172,6 +172,10 @@ preserved if the I parameter is NULL. The call then just resets the state of the I. +Ignoring failure returns of EVP_DigestSignInit() and EVP_DigestSignInit_ex() +functions can lead to subsequent undefined behavior when calling +EVP_DigestSignUpdate(), EVP_DigestSignFinal(), or EVP_DigestSign(). + The use of EVP_PKEY_get_size() with these functions is discouraged because some signature operations may have a signature length which depends on the parameters set. As a result EVP_PKEY_get_size() would have to return a value @@ -197,7 +201,7 @@ =head1 COPYRIGHT -Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/EVP_DigestVerifyInit.pod openssl-3.0.8/doc/man3/EVP_DigestVerifyInit.pod --- openssl-3.0.7/doc/man3/EVP_DigestVerifyInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_DigestVerifyInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -161,6 +161,10 @@ preserved if the I parameter is NULL. The call then just resets the state of the I. +Ignoring failure returns of EVP_DigestVerifyInit() and EVP_DigestVerifyInit_ex() +functions can lead to subsequent undefined behavior when calling +EVP_DigestVerifyUpdate(), EVP_DigestVerifyFinal(), or EVP_DigestVerify(). + =head1 SEE ALSO L, @@ -182,7 +186,7 @@ =head1 COPYRIGHT -Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/EVP_EncryptInit.pod openssl-3.0.8/doc/man3/EVP_EncryptInit.pod --- openssl-3.0.7/doc/man3/EVP_EncryptInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_EncryptInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -316,27 +316,24 @@ =item EVP_CIPHER_gettable_params() -Get a constant B array that describes the retrievable parameters -that can be used with EVP_CIPHER_get_params(). See L for the -use of B as a parameter descriptor. +Get a constant L array that describes the retrievable parameters +that can be used with EVP_CIPHER_get_params(). =item EVP_CIPHER_gettable_ctx_params() and EVP_CIPHER_CTX_gettable_params() -Get a constant B array that describes the retrievable parameters +Get a constant L array that describes the retrievable parameters that can be used with EVP_CIPHER_CTX_get_params(). EVP_CIPHER_gettable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_CIPHER_CTX_gettable_params() returns the parameters that can be retrieved in the context's current state. -See L for the use of B as a parameter descriptor. =item EVP_CIPHER_settable_ctx_params() and EVP_CIPHER_CTX_settable_params() -Get a constant B array that describes the settable parameters +Get a constant L array that describes the settable parameters that can be used with EVP_CIPHER_CTX_set_params(). EVP_CIPHER_settable_ctx_params() returns the parameters that can be set from the algorithm, whereas EVP_CIPHER_CTX_settable_params() returns the parameters that can be set in the context's current state. -See L for the use of B as a parameter descriptor. =item EVP_EncryptInit_ex2() @@ -640,7 +637,7 @@ When EVP_CIPHER_fetch() is called it internally calls EVP_CIPHER_get_params() and caches the results. -EVP_CIPHER_get_params() can be used with the following B keys: +EVP_CIPHER_get_params() can be used with the following L keys: =over 4 @@ -711,7 +708,7 @@ =head2 Gettable and Settable EVP_CIPHER_CTX parameters -The following B keys can be used with both EVP_CIPHER_CTX_get_params() +The following L keys can be used with both EVP_CIPHER_CTX_get_params() and EVP_CIPHER_CTX_set_params(). =over 4 @@ -802,7 +799,7 @@ =head2 Gettable EVP_CIPHER_CTX parameters -The following B keys can be used with EVP_CIPHER_CTX_get_params(): +The following L keys can be used with EVP_CIPHER_CTX_get_params(): =over 4 @@ -871,7 +868,7 @@ =head2 Settable EVP_CIPHER_CTX parameters -The following B keys can be used with EVP_CIPHER_CTX_set_params(): +The following L keys can be used with EVP_CIPHER_CTX_set_params(): =over 4 @@ -1240,7 +1237,8 @@ EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return greater than zero for success and zero or a negative number on failure. -EVP_CIPHER_CTX_rand_key() returns 1 for success. +EVP_CIPHER_CTX_rand_key() returns 1 for success and zero or a negative number +for failure. EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names. A return value of 0 means that the callback was not called for any names. @@ -1417,11 +1415,10 @@ =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) -Sets the nonce length. This call can only be made before specifying the nonce. -If not called a default nonce length of 12 (i.e. 96 bits) is used. The maximum -nonce length is 12 bytes (i.e. 96-bits). If a nonce of less than 12 bytes is set -then the nonce is automatically padded with leading 0 bytes to make it 12 bytes -in length. +Sets the nonce length. This call is now redundant since the only valid value +is the default length of 12 (i.e. 96 bits). +Prior to OpenSSL 3.0 a nonce of less than 12 bytes could be used to automatically +pad the iv with leading 0 bytes to make it 12 bytes in length. =item EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag) @@ -1484,6 +1481,12 @@ B flag treated specially in EVP_CipherInit_ex(). +Ignoring failure returns of the B initialization functions can +lead to subsequent undefined behavior when calling the functions that update or +finalize the context. The only valid calls on the B when +initialization fails are calls that attempt another initialization of the +context or release the context. + EVP_get_cipherbynid(), and EVP_get_cipherbyobj() are implemented as macros. =head1 BUGS @@ -1516,7 +1519,11 @@ FILE *out; ctx = EVP_CIPHER_CTX_new(); - EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL); + if (!EVP_EncryptInit_ex2(ctx, EVP_idea_cbc(), key, iv, NULL)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, intext, strlen(intext))) { /* Error */ @@ -1574,13 +1581,21 @@ /* Don't set key or IV right away; we want to check lengths */ ctx = EVP_CIPHER_CTX_new(); - EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, - do_encrypt, NULL); + if (!EVP_CipherInit_ex2(ctx, EVP_aes_128_cbc(), NULL, NULL, + do_encrypt, NULL)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } OPENSSL_assert(EVP_CIPHER_CTX_get_key_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_get_iv_length(ctx) == 16); /* Now we can set key and IV */ - EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL); + if (!EVP_CipherInit_ex2(ctx, NULL, key, iv, do_encrypt, NULL)) { + /* Error */ + EVP_CIPHER_CTX_free(ctx); + return 0; + } for (;;) { inlen = fread(inbuf, 1, 1024, in); @@ -1637,9 +1652,9 @@ goto err; /* NOTE: CTS mode does not support multiple calls to EVP_CipherUpdate() */ - if (!EVP_CipherUpdate(ctx, encrypted, &outlen, msg, msglen)) + if (!EVP_CipherUpdate(ctx, out, &outlen, msg, msg_len)) goto err; - if (!EVP_CipherFinal_ex(ctx, encrypted + outlen, &len)) + if (!EVP_CipherFinal_ex(ctx, out + outlen, &len)) goto err; ret = 1; err: @@ -1712,7 +1727,7 @@ =head1 COPYRIGHT -Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/EVP_KDF.pod openssl-3.0.8/doc/man3/EVP_KDF.pod --- openssl-3.0.7/doc/man3/EVP_KDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_KDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -131,26 +131,23 @@ Also, what happens when a needed parameter isn't passed down is defined by the implementation. -EVP_KDF_gettable_params() returns an B array that describes +EVP_KDF_gettable_params() returns an L array that describes the retrievable and settable parameters. EVP_KDF_gettable_params() returns parameters that can be used with EVP_KDF_get_params(). -See L for the use of B as a parameter descriptor. EVP_KDF_gettable_ctx_params() and EVP_KDF_CTX_gettable_params() -return constant B arrays that describe the retrievable +return constant L arrays that describe the retrievable parameters that can be used with EVP_KDF_CTX_get_params(). EVP_KDF_gettable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_KDF_CTX_gettable_params() returns the parameters that can be retrieved in the context's current state. -See L for the use of B as a parameter descriptor. EVP_KDF_settable_ctx_params() and EVP_KDF_CTX_settable_params() return -constant B arrays that describe the settable parameters that +constant L arrays that describe the settable parameters that can be used with EVP_KDF_CTX_set_params(). EVP_KDF_settable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_KDF_CTX_settable_params() returns the parameters that can -be retrieved in the context's current state. See L -for the use of B as a parameter descriptor. +be retrieved in the context's current state. =head2 Information functions @@ -294,7 +291,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man3/EVP_KEM_free.pod openssl-3.0.8/doc/man3/EVP_KEM_free.pod --- openssl-3.0.7/doc/man3/EVP_KEM_free.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_KEM_free.pod 2023-02-07 14:43:33.000000000 +0100 @@ -68,7 +68,7 @@ the I implementation. EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return -a constant B array that describes the names and types of key +a constant L array that describes the names and types of key parameters that can be retrieved or set by a key encapsulation algorithm using L and L. @@ -83,7 +83,7 @@ return value of 0 means that the callback was not called for any names. EVP_KEM_gettable_ctx_params() and EVP_KEM_settable_ctx_params() return -a constant B array or NULL on error. +a constant L array or NULL on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_KEYEXCH_free.pod openssl-3.0.8/doc/man3/EVP_KEYEXCH_free.pod --- openssl-3.0.7/doc/man3/EVP_KEYEXCH_free.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_KEYEXCH_free.pod 2023-02-07 14:43:33.000000000 +0100 @@ -71,7 +71,7 @@ I as arguments. EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return -a constant B array that describes the names and types of key +a constant L array that describes the names and types of key parameters that can be retrieved or set by a key exchange algorithm using L and L. @@ -89,7 +89,7 @@ otherwise 0. EVP_KEYEXCH_gettable_ctx_params() and EVP_KEYEXCH_settable_ctx_params() return -a constant B array or NULL on error. +a constant L array or NULL on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_KEYMGMT.pod openssl-3.0.8/doc/man3/EVP_KEYMGMT.pod --- openssl-3.0.7/doc/man3/EVP_KEYMGMT.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_KEYMGMT.pod 2023-02-07 14:43:33.000000000 +0100 @@ -88,12 +88,11 @@ I as arguments. EVP_KEYMGMT_gettable_params() and EVP_KEYMGMT_settable_params() return a -constant B array that describes the names and types of key +constant L array that describes the names and types of key parameters that can be retrieved or set. EVP_KEYMGMT_gettable_params() is used by L. -See L for the use of B as a parameter descriptor. -EVP_KEYMGMT_gen_settable_params() returns a constant B array that +EVP_KEYMGMT_gen_settable_params() returns a constant L array that describes the names and types of key generation parameters that can be set via L. @@ -128,7 +127,7 @@ there isn't one. EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and -EVP_KEYMGMT_gen_settable_params() return a constant B array or +EVP_KEYMGMT_gen_settable_params() return a constant L array or NULL on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_MAC.pod openssl-3.0.8/doc/man3/EVP_MAC.pod --- openssl-3.0.7/doc/man3/EVP_MAC.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_MAC.pod 2023-02-07 14:43:33.000000000 +0100 @@ -187,26 +187,23 @@ Also, what happens when a needed parameter isn't passed down is defined by the implementation. -EVP_MAC_gettable_params() returns an B array that describes +EVP_MAC_gettable_params() returns an L array that describes the retrievable and settable parameters. EVP_MAC_gettable_params() returns parameters that can be used with EVP_MAC_get_params(). -See L for the use of B as a parameter descriptor. EVP_MAC_gettable_ctx_params() and EVP_MAC_CTX_gettable_params() -return constant B arrays that describe the retrievable +return constant L arrays that describe the retrievable parameters that can be used with EVP_MAC_CTX_get_params(). EVP_MAC_gettable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_MAC_CTX_gettable_params() returns the parameters that can be retrieved in the context's current state. -See L for the use of B as a parameter descriptor. EVP_MAC_settable_ctx_params() and EVP_MAC_CTX_settable_params() return -constant B arrays that describe the settable parameters that +constant L arrays that describe the settable parameters that can be used with EVP_MAC_CTX_set_params(). EVP_MAC_settable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_MAC_CTX_settable_params() returns the parameters that can -be retrieved in the context's current state. See L -for the use of B as a parameter descriptor. +be retrieved in the context's current state. =head2 Information functions diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_CTX_get0_pkey.pod openssl-3.0.8/doc/man3/EVP_PKEY_CTX_get0_pkey.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_CTX_get0_pkey.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_CTX_get0_pkey.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +EVP_PKEY_CTX_get0_pkey, +EVP_PKEY_CTX_get0_peerkey +- functions for accessing the EVP_PKEY associated with an EVP_PKEY_CTX + +=head1 SYNOPSIS + + #include + + EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx); + EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx); + +=head1 DESCRIPTION + +EVP_PKEY_CTX_get0_pkey() is used to access the B +associated with the given B I. +The B obtained is the one used for creating the B +using either L or L. + +EVP_PKEY_CTX_get0_peerkey() is used to access the peer B +associated with the given B I. +The peer B obtained is the one set using +either L or L. + +=head1 RETURN VALUES + +EVP_PKEY_CTX_get0_pkey() returns the B associated with the +EVP_PKEY_CTX or NULL if it is not set. + +EVP_PKEY_CTX_get0_peerkey() returns the peer B associated with the +EVP_PKEY_CTX or NULL if it is not set. + +The returned EVP_PKEY objects are owned by the EVP_PKEY_CTX, +and therefore should not explicitly be freed by the caller. + +These functions do not affect the EVP_PKEY reference count. +They merely act as getter functions, and should be treated as such. + +=head1 SEE ALSO + +L, L, +L, L + +=head1 COPYRIGHT + +Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). +You may not use this file except in compliance with the License. +You can obtain a copy in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_CTX_set_params.pod openssl-3.0.8/doc/man3/EVP_PKEY_CTX_set_params.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_CTX_set_params.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_CTX_set_params.pod 2023-02-07 14:43:33.000000000 +0100 @@ -30,11 +30,10 @@ calls these methods internally to interact with providers). EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() get a -constant B array that describes the gettable and +constant L array that describes the gettable and settable parameters for the current algorithm implementation, i.e. parameters that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params() respectively. -See L for the use of B as parameter descriptor. These functions must only be called after the EVP_PKEY_CTX has been initialised for use in an operation. diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_decrypt.pod openssl-3.0.8/doc/man3/EVP_PKEY_decrypt.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_decrypt.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_decrypt.pod 2023-02-07 14:43:33.000000000 +0100 @@ -18,19 +18,21 @@ =head1 DESCRIPTION The EVP_PKEY_decrypt_init() function initializes a public key algorithm -context using key B for a decryption operation. +context using key I for a decryption operation. The EVP_PKEY_decrypt_init_ex() function initializes a public key algorithm -context using key B for a decryption operation and sets the -algorithm specific B. +context using key I for a decryption operation and sets the +algorithm specific I. The EVP_PKEY_decrypt() function performs a public key decryption operation -using B. The data to be decrypted is specified using the B and -B parameters. If B is B then the maximum size of the output -buffer is written to the B parameter. If B is not B then -before the call the B parameter should contain the length of the -B buffer, if the call is successful the decrypted data is written to -B and the amount of data written to B. +using I. The data to be decrypted is specified using the I and +I parameters. If I is NULL then the minimum required size of +the output buffer is written to the I<*outlen> parameter. + +If I is not NULL then before the call the I<*outlen> parameter must +contain the length of the I buffer. If the call is successful the +decrypted data is written to I and the amount of the decrypted data +written to I<*outlen>, otherwise an error is returned. =head1 NOTES diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_fromdata.pod openssl-3.0.8/doc/man3/EVP_PKEY_fromdata.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_fromdata.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_fromdata.pod 2023-02-07 14:43:33.000000000 +0100 @@ -48,10 +48,9 @@ =for comment the awful list of links above is made this way so we get nice rendering as a man-page while still getting proper links in HTML -EVP_PKEY_fromdata_settable() gets a constant B array that describes +EVP_PKEY_fromdata_settable() gets a constant L array that describes the settable parameters that can be used with EVP_PKEY_fromdata(). I is described in L. -See L for the use of B as parameter descriptor. Parameters in the I array that are not among the settable parameters for the given I are ignored. diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_gettable_params.pod openssl-3.0.8/doc/man3/EVP_PKEY_gettable_params.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_gettable_params.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_gettable_params.pod 2023-02-07 14:43:33.000000000 +0100 @@ -29,15 +29,15 @@ =head1 DESCRIPTION +See L for information about parameters. + EVP_PKEY_get_params() retrieves parameters from the key I, according to the contents of I. -See L for information about parameters. EVP_PKEY_gettable_params() returns a constant list of I indicating the names and types of key parameters that can be retrieved. -See L for information about parameters. -An B of type B or +An L of type B or B is of arbitrary length. Such a parameter can be obtained using any of the functions EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or EVP_PKEY_get_bn_param(). Attempting to diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_keygen.pod openssl-3.0.8/doc/man3/EVP_PKEY_keygen.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_keygen.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_keygen.pod 2023-02-07 14:43:33.000000000 +0100 @@ -100,7 +100,7 @@ a B parameter must be given to specify the size of the RSA key. If I is C, a string parameter must be given to specify the name of the EC curve. -If I is C, C, C, or C +If I is C, C, C, C, or C no further parameter is needed. =head1 RETURN VALUES diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_set1_encoded_public_key.pod openssl-3.0.8/doc/man3/EVP_PKEY_set1_encoded_public_key.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_set1_encoded_public_key.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_set1_encoded_public_key.pod 2023-02-07 14:43:33.000000000 +0100 @@ -64,7 +64,7 @@ EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative value for failure. -EVP_PKEY_get1_encoded_public_key() return 1 +EVP_PKEY_get1_encoded_public_key() returns the length of the encoded key or 0 for failure. =head1 EXAMPLES diff -Nru openssl-3.0.7/doc/man3/EVP_PKEY_todata.pod openssl-3.0.8/doc/man3/EVP_PKEY_todata.pod --- openssl-3.0.7/doc/man3/EVP_PKEY_todata.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_PKEY_todata.pod 2023-02-07 14:43:33.000000000 +0100 @@ -16,7 +16,7 @@ =head1 DESCRIPTION The functions described here are used to extract B key values as an -array of B. +array of L. EVP_PKEY_todata() extracts values from a key I using the I. I is described in L. @@ -26,7 +26,7 @@ EVP_PKEY_export() is similiar to EVP_PKEY_todata() but uses a callback I that gets passed the value of I. See L for more information about the callback. Note that the -B array that is passed to the callback is not persistent after the +L array that is passed to the callback is not persistent after the callback returns. The user must preserve the items of interest, or use EVP_PKEY_todata() if persistence is required. diff -Nru openssl-3.0.7/doc/man3/EVP_RAND.pod openssl-3.0.8/doc/man3/EVP_RAND.pod --- openssl-3.0.7/doc/man3/EVP_RAND.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_RAND.pod 2023-02-07 14:43:33.000000000 +0100 @@ -186,26 +186,23 @@ Also, what happens when a needed parameter isn't passed down is defined by the implementation. -EVP_RAND_gettable_params() returns an B array that describes +EVP_RAND_gettable_params() returns an L array that describes the retrievable and settable parameters. EVP_RAND_gettable_params() returns -parameters that can be used with EVP_RAND_get_params(). See L -for the use of B as a parameter descriptor. +parameters that can be used with EVP_RAND_get_params(). EVP_RAND_gettable_ctx_params() and EVP_RAND_CTX_gettable_params() return -constant B arrays that describe the retrievable parameters that +constant L arrays that describe the retrievable parameters that can be used with EVP_RAND_CTX_get_params(). EVP_RAND_gettable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_RAND_CTX_gettable_params() returns the parameters that can be retrieved -in the context's current state. See L for the use of -B as a parameter descriptor. +in the context's current state. EVP_RAND_settable_ctx_params() and EVP_RAND_CTX_settable_params() return -constant B arrays that describe the settable parameters that +constant L arrays that describe the settable parameters that can be used with EVP_RAND_CTX_set_params(). EVP_RAND_settable_ctx_params() returns the parameters that can be retrieved from the algorithm, whereas EVP_RAND_CTX_settable_params() returns the parameters that can be retrieved -in the context's current state. See L for the use of -B as a parameter descriptor. +in the context's current state. =head2 Information functions diff -Nru openssl-3.0.7/doc/man3/EVP_SIGNATURE.pod openssl-3.0.8/doc/man3/EVP_SIGNATURE.pod --- openssl-3.0.7/doc/man3/EVP_SIGNATURE.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_SIGNATURE.pod 2023-02-07 14:43:33.000000000 +0100 @@ -79,7 +79,7 @@ discretion of the I implementation. EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params() -return a constant B array that describes the names and types of key +return a constant L array that describes the names and types of key parameters that can be retrieved or set by a signature algorithm using L and L. @@ -94,7 +94,7 @@ A return value of 0 means that the callback was not called for any names. EVP_SIGNATURE_gettable_ctx_params() and EVP_SIGNATURE_settable_ctx_params() -return a constant B array or NULL on error. +return a constant L array or NULL on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_SignInit.pod openssl-3.0.8/doc/man3/EVP_SignInit.pod --- openssl-3.0.7/doc/man3/EVP_SignInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_SignInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -60,10 +60,9 @@ preference to the low-level interfaces. This is because the code then becomes transparent to the algorithm used and much more flexible. -When signing with DSA private keys the random number generator must be seeded. -If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to -external circumstances (see L), the operation will fail. -This requirement does not hold for RSA signatures. +When signing with some private key types the random number generator must +be seeded. If the automatic seeding or reseeding of the OpenSSL CSPRNG fails +due to external circumstances (see L), the operation will fail. The call to EVP_SignFinal() internally finalizes a copy of the digest context. This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called @@ -85,7 +84,7 @@ It is not possible to change the signing parameters using these function. -The previous two bugs are fixed in the newer EVP_SignDigest*() function. +The previous two bugs are fixed in the newer EVP_DigestSign*() functions. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/EVP_VerifyInit.pod openssl-3.0.8/doc/man3/EVP_VerifyInit.pod --- openssl-3.0.7/doc/man3/EVP_VerifyInit.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/EVP_VerifyInit.pod 2023-02-07 14:43:33.000000000 +0100 @@ -50,7 +50,7 @@ failure. EVP_VerifyFinal_ex() and EVP_VerifyFinal() return 1 for a correct -signature, 0 for failure and -1 if some other error occurred. +signature, 0 for failure and a negative value if some other error occurred. The error codes can be obtained by L. diff -Nru openssl-3.0.7/doc/man3/HMAC.pod openssl-3.0.8/doc/man3/HMAC.pod --- openssl-3.0.7/doc/man3/HMAC.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/HMAC.pod 2023-02-07 14:43:33.000000000 +0100 @@ -71,6 +71,9 @@ HMAC does not support variable output length digests such as EVP_shake128() and EVP_shake256(). +HMAC() uses the default B. +Use L instead if a library context is required. + All of the functions described below are deprecated. Applications should instead use L, L, L, L and L diff -Nru openssl-3.0.7/doc/man3/i2d_re_X509_tbs.pod openssl-3.0.8/doc/man3/i2d_re_X509_tbs.pod --- openssl-3.0.7/doc/man3/i2d_re_X509_tbs.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/i2d_re_X509_tbs.pod 2023-02-07 14:43:33.000000000 +0100 @@ -55,7 +55,7 @@ i2d_X509_AUX() returns the length of encoded data or -1 on error. i2d_re_X509_tbs(), i2d_re_X509_CRL_tbs() and i2d_re_X509_REQ_tbs() return the -length of encoded data or 0 on error. +length of encoded data or <=0 on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/MD5.pod openssl-3.0.8/doc/man3/MD5.pod --- openssl-3.0.7/doc/man3/MD5.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/MD5.pod 2023-02-07 14:43:33.000000000 +0100 @@ -80,8 +80,8 @@ =head1 NOTE MD2, MD4, and MD5 are recommended only for compatibility with existing -applications. In new applications, SHA-1 or RIPEMD-160 should be -preferred. +applications. In new applications, hashes from the SHA-2 or SHA-3 family +should be preferred. =head1 RETURN VALUES @@ -97,7 +97,7 @@ =head1 SEE ALSO -L +L, L, L =head1 HISTORY @@ -105,7 +105,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/OCSP_REQUEST_new.pod openssl-3.0.8/doc/man3/OCSP_REQUEST_new.pod --- openssl-3.0.7/doc/man3/OCSP_REQUEST_new.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OCSP_REQUEST_new.pod 2023-02-07 14:43:33.000000000 +0100 @@ -62,7 +62,7 @@ for failure. OCSP_request_onereq_count() returns the total number of B -structures in B. +structures in B and -1 on error. OCSP_request_onereq_get0() returns a pointer to an B structure or B if the index value is out or range. diff -Nru openssl-3.0.7/doc/man3/OPENSSL_ia32cap.pod openssl-3.0.8/doc/man3/OPENSSL_ia32cap.pod --- openssl-3.0.7/doc/man3/OPENSSL_ia32cap.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OPENSSL_ia32cap.pod 2023-02-07 14:43:33.000000000 +0100 @@ -97,6 +97,8 @@ =item bit #64+16 denoting availability of AVX512F extension; +=item bit #64+17 denoting availability of AVX512DQ extension; + =item bit #64+18 denoting availability of RDSEED instruction; =item bit #64+19 denoting availability of ADCX and ADOX instructions; diff -Nru openssl-3.0.7/doc/man3/OSSL_ALGORITHM.pod openssl-3.0.8/doc/man3/OSSL_ALGORITHM.pod --- openssl-3.0.7/doc/man3/OSSL_ALGORITHM.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_ALGORITHM.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,151 @@ +=pod + +=head1 NAME + +OSSL_ALGORITHM - OpenSSL Core type to define a fetchable algorithm + +=head1 SYNOPSIS + + #include + + typedef struct ossl_algorithm_st OSSL_ALGORITHM; + struct ossl_algorithm_st { + const char *algorithm_names; /* key */ + const char *property_definition; /* key */ + const OSSL_DISPATCH *implementation; + const char *algorithm_description; + }; + +=head1 DESCRIPTION + +The B type is a I that describes an +algorithm that a L provides. Arrays of this type are returned +by providers on demand from the OpenSSL libraries to describe what +algorithms the providers provide implementations of, and with what +properties. + +Arrays of this type must be terminated with a tuple where I +is NULL. + +This type of array is typically returned by the provider's operation querying +function, further described in L. + +=head2 B fields + +=over 4 + +=item I + +This string is a colon separated set of names / identities, and is used by +the appropriate fetching functionality (such as L, +L, etc) to find the desired algorithm. + +Multiple names / identities allow a specific algorithm implementation to be +fetched multiple ways. For example, the RSA algorithm has the following +known identities: + +=over 4 + +=item * + +C + +=item * + +C + +This is the name of the algorithm's OBJECT IDENTIFIER (OID), as given by the +L + +=item * + +C<1.2.840.113549.1.1.1> + +This is the OID itself for C, in canonical decimal text form. + +=back + +The resulting I string would look like this: + + "RSA:rsaEncryption:1.2.840.113549.1.1.1" + +The OpenSSL libraries use the first of the algorithm names as the main +or canonical name, on a per algorithm implementation basis. + +See the notes L below for a more in +depth discussion on I and how that may interact with +applications and libraries, including OpenSSL's. + +=item I + +This string defines a set of properties associated with a particular +algorithm implementation, and is used by the appropriate fetching +functionality (such as L, L, etc) for +a finer grained lookup of an algorithm implementation, which is useful in +case multiple implementations of the same algorithm are available. + +See L for a further description of the contents of this +string. + +=item I + +Pointer to an L array, containing pointers to the +functions of a particular algorithm implementation. + +=item I + +A string with a short human-readable description of the algorithm. + +=back + +=head1 NOTES + +=head2 On the subject of algorithm names + +Providers may find the need to register ASN.1 OIDs for algorithms using +L (via the B upcall described in +L, because some application or library -- possibly still +the OpenSSL libraries, even -- use NIDs to look up algorithms. + +In that scenario, you must make sure that the corresponding B's +I includes both the short and the long name. + +Most of the time, registering ASN.1 OIDs like this shouldn't be necessary, +and applications and libraries are encouraged to use L to +get a text representation of the OID, which may be a long or short name for +OIDs that are registered, or the OID itself in canonical decimal text form +if not (or if L is called with I = 1). + +It's recommended to make sure that the corresponding B's +I include known names as well as the OID itself in +canonical decimal text form. That should cover all scenarios. + +=begin comment RETURN VALUES doesn't make sense for a manual that only +describes a type, but document checkers still want that section, and +to have more than just the section title. + +=head1 RETURN VALUES + +txt + +=end comment + +=head1 SEE ALSO + +L, L, L, +L, L + +=head1 HISTORY + +B was added in OpenSSL 3.0 + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/OSSL_CALLBACK.pod openssl-3.0.8/doc/man3/OSSL_CALLBACK.pod --- openssl-3.0.7/doc/man3/OSSL_CALLBACK.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_CALLBACK.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,77 @@ +=pod + +=head1 NAME + +OSSL_CALLBACK, OSSL_PASSPHRASE_CALLBACK - OpenSSL Core type to define callbacks + +=head1 SYNOPSIS + + #include + typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); + typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, + size_t *pass_len, + const OSSL_PARAM params[], + void *arg); + +=head1 DESCRIPTION + +For certain events or activities, provider functionality may need help from +the application or the calling OpenSSL libraries themselves. For example, +user input or direct (possibly optional) user output could be implemented +this way. + +Callback functions themselves are always provided by or through the calling +OpenSSL libraries, along with a generic pointer to data I. As far as +the function receiving the pointer to the function pointer and I is +concerned, the data that I points at is opaque, and the pointer should +simply be passed back to the callback function when it's called. + +=over 4 + +=item B + +This is a generic callback function. When calling this callback function, +the caller is expected to build an L array of data it wants or +is expected to pass back, and pass that as I, as well as the opaque +data pointer it received, as I. + +=item B + +This is a specialised callback function, used specifically to prompt the +user for a passphrase. When calling this callback function, a buffer to +store the pass phrase needs to be given with I, and its size with +I. The length of the prompted pass phrase will be given back in +I<*pass_len>. + +Additional parameters can be passed with the L array I, + +=back + +=begin comment RETURN VALUES doesn't make sense for a manual that only +describes a type, but document checkers still want that section, and +to have more than just the section title. + +=head1 RETURN VALUES + +txt + +=end comment + +=head1 SEE ALSO + +L + +=head1 HISTORY + +The types described here were added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/OSSL_CMP_CTX_new.pod openssl-3.0.8/doc/man3/OSSL_CMP_CTX_new.pod --- openssl-3.0.7/doc/man3/OSSL_CMP_CTX_new.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_CMP_CTX_new.pod 2023-02-07 14:43:33.000000000 +0100 @@ -35,6 +35,7 @@ OSSL_CMP_CTX_set1_secretValue, OSSL_CMP_CTX_set1_recipient, OSSL_CMP_CTX_push0_geninfo_ITAV, +OSSL_CMP_CTX_reset_geninfo_ITAVs, OSSL_CMP_CTX_set1_extraCertsOut, OSSL_CMP_CTX_set0_newPkey, OSSL_CMP_CTX_get0_newPkey, @@ -116,6 +117,7 @@ /* CMP message header and extra certificates: */ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); + int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, STACK_OF(X509) *extraCertsOut); @@ -179,6 +181,7 @@ clearing the internal CMP transaction (aka session) status, PKIStatusInfo, and any previous results (newCert, newChain, caPubs, and extraCertsIn) from the last executed transaction. +It also clears any ITAVs that were added by OSSL_CMP_CTX_push0_genm_ITAV(). All other field values (i.e., CMP options) are retained for potential re-use. OSSL_CMP_CTX_set_option() sets the given value for the given option @@ -205,14 +208,17 @@ =item B - Number of seconds (or 0 for infinite) a CMP message round trip is - allowed to take before a timeout error is returned. - Default is to use the B setting. + Number of seconds a CMP request-response message round trip + is allowed to take before a timeout error is returned. + A value <= 0 means no limitation (waiting indefinitely). + Default is to use the B setting. =item B - Maximum total number of seconds an enrollment (including polling) - may take. Default is 0 (infinite). + Maximum total number of seconds a transaction may take, + including polling etc. + A value <= 0 means no limitation (waiting indefinitely). + Default is 0. =item B @@ -509,6 +515,9 @@ added to the GeneralInfo field of the CMP PKIMessage header of a request message sent with this context. +OSSL_CMP_CTX_reset_geninfo_ITAVs() +clears any ITAVs that were added by OSSL_CMP_CTX_push0_geninfo_ITAV(). + OSSL_CMP_CTX_set1_extraCertsOut() sets the stack of extraCerts that will be sent to remote. @@ -612,15 +621,36 @@ to a structure containing arguments, previously set by OSSL_CMP_CTX_set_certConf_cb_arg(), or NULL if unset. -OSSL_CMP_CTX_get_status() returns the PKIstatus from the last received -CertRepMessage or Revocation Response or error message, or -1 if unset. -For server contexts it returns -2 if a transaction is open, else -1. +OSSL_CMP_CTX_get_status() returns for client contexts the PKIstatus from +the last received CertRepMessage or Revocation Response or error message: +=item B on sucessful receipt of a GENP message: + +=over 4 + +=item B + +if an IR/CR/KUR/RR/GENM request message could not be produced, + +=item B + +on a transmission error or transaction error for this type of request, and + +=item B + +if no such request was attempted or OSSL_CMP_CTX_reinit() has been called. + +=back + +For server contexts it returns +B if a transaction is open, +otherwise B. OSSL_CMP_CTX_get0_statusString() returns the statusString from the last received CertRepMessage or Revocation Response or error message, or NULL if unset. OSSL_CMP_CTX_get_failInfoCode() returns the error code from the failInfo field -of the last received CertRepMessage or Revocation Response or error message. +of the last received CertRepMessage or Revocation Response or error message, +or -1 if no such response was received or OSSL_CMP_CTX_reinit() has been called. This is a bit field and the flags for it are specified in the header file F<< >>. The flags start with OSSL_CMP_CTX_FAILINFO, for example: @@ -681,7 +711,9 @@ else 0 on successful validation, or else a bit field with the B bit set. -All other functions return 1 on success, 0 on error. +All other functions, including OSSL_CMP_CTX_reinit() +and OSSL_CMP_CTX_reset_geninfo_ITAVs(), +return 1 on success, 0 on error. =head1 EXAMPLES @@ -737,7 +769,7 @@ OSSL_CMP_CTX_reinit(cmp_ctx); ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); - OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new(type, NULL); + OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); OSSL_CMP_CTX_push0_genm_ITAV(cmp_ctx, itav); STACK_OF(OSSL_CMP_ITAV) *itavs; @@ -756,9 +788,11 @@ The OpenSSL CMP support was added in OpenSSL 3.0. +OSSL_CMP_CTX_reset_geninfo_ITAVs() was added in OpenSSL 3.0.8. + =head1 COPYRIGHT -Copyright 2007-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/OSSL_CMP_exec_certreq.pod openssl-3.0.8/doc/man3/OSSL_CMP_exec_certreq.pod --- openssl-3.0.7/doc/man3/OSSL_CMP_exec_certreq.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_CMP_exec_certreq.pod 2023-02-07 14:43:33.000000000 +0100 @@ -109,8 +109,9 @@ OSSL_CMP_exec_GENM_ses() sends a general message containing the sequence of infoType and infoValue pairs (InfoTypeAndValue; short: B) -provided in the I using L. -It returns the list of Bs received in the GenRep. +optionally provided in the I using L. +On success it records in I the status B +and returns the list of Bs received in the GENP message. This can be used, for instance, to poll for CRLs or CA Key Updates. See RFC 4210 section 5.3.19 and appendix E.5 for details. @@ -139,8 +140,8 @@ OSSL_CMP_exec_RR_ses() returns 1 on success, 0 on error. -OSSL_CMP_exec_GENM_ses() returns a -pointer to the received B sequence on success, NULL on error. +OSSL_CMP_exec_GENM_ses() returns NULL on error, +otherwise a pointer to the sequence of B received, which may be empty. This pointer must be freed by the caller. =head1 EXAMPLES diff -Nru openssl-3.0.7/doc/man3/OSSL_CMP_MSG_get0_header.pod openssl-3.0.8/doc/man3/OSSL_CMP_MSG_get0_header.pod --- openssl-3.0.7/doc/man3/OSSL_CMP_MSG_get0_header.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_CMP_MSG_get0_header.pod 2023-02-07 14:43:33.000000000 +0100 @@ -118,10 +118,11 @@ OSSL_CMP_MSG_read() and d2i_OSSL_CMP_MSG_bio() return the parsed CMP message or NULL on error. -OSSL_CMP_MSG_write() and i2d_OSSL_CMP_MSG_bio() return -the number of bytes successfully encoded or a negative value if an error occurs. +OSSL_CMP_MSG_write() returns the number of bytes successfully encoded or a +negative value if an error occurs. -OSSL_CMP_MSG_update_transactionID() returns 1 on success, 0 on error. +i2d_OSSL_CMP_MSG_bio() and OSSL_CMP_MSG_update_transactionID() return 1 on +success, 0 on error. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/OSSL_CMP_validate_msg.pod openssl-3.0.8/doc/man3/OSSL_CMP_validate_msg.pod --- openssl-3.0.7/doc/man3/OSSL_CMP_validate_msg.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_CMP_validate_msg.pod 2023-02-07 14:43:33.000000000 +0100 @@ -19,8 +19,11 @@ which includes validating CMP message sender certificates and their paths while optionally checking the revocation status of the certificates(s). -OSSL_CMP_validate_msg() validates the protection of the given I -using either password-based mac (PBM) or a signature algorithm. +OSSL_CMP_validate_msg() validates the protection of the given I, +which must be signature-based or using password-based MAC (PBM). +In the former case a suitable trust anchor must be given in the CMP context +I, and in the latter case the matching secret must have been set there +using L. In case of signature algorithm, the certificate to use for the signature check is preferably the one provided by a call to L. @@ -61,7 +64,9 @@ =head1 SEE ALSO -L, L +L, L, +L, L, +L, L =head1 HISTORY diff -Nru openssl-3.0.7/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod openssl-3.0.8/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod --- openssl-3.0.7/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod 2023-02-07 14:43:33.000000000 +0100 @@ -78,10 +78,10 @@ OSSL_DECODER_CTX_set_pem_password_cb(), OSSL_DECODER_CTX_set_passphrase_ui() and OSSL_DECODER_CTX_set_passphrase_cb() set up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the -choice of prefered pass phrase callback form. These are called indirectly, -through an internal B function. +choice of preferred pass phrase callback form. These are called indirectly, +through an internal L function. -The internal B function caches the pass phrase, to +The internal L function caches the pass phrase, to be re-used in all decodings that are performed in the same decoding run (for example, within one L call). diff -Nru openssl-3.0.7/doc/man3/OSSL_DISPATCH.pod openssl-3.0.8/doc/man3/OSSL_DISPATCH.pod --- openssl-3.0.7/doc/man3/OSSL_DISPATCH.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_DISPATCH.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,81 @@ +=pod + +=head1 NAME + +OSSL_DISPATCH - OpenSSL Core type to define a dispatchable function table + +=head1 SYNOPSIS + + #include + + typedef struct ossl_dispatch_st OSSL_DISPATCH; + struct ossl_dispatch_st { + int function_id; + void (*function)(void); + }; + +=head1 DESCRIPTION + +This type is a tuple of function identity and function pointer. +Arrays of this type are passed between the OpenSSL libraries and the +providers to describe what functionality one side provides to the other. + +Arrays of this type must be terminated with a tuple having function identity +zero and function pointer NULL. + +=head2 B fields + +=over 4 + +=item I + +OpenSSL defined function identity of the implemented function. + +=item I + +Pointer to the implemented function itself. Despite the generic definition +of this field, the implemented function it points to must have a function +signature that corresponds to the I + +=back + +Available function identities and corresponding function signatures are +defined in L. +Furthermore, the chosen function identities and associated function +signature must be chosen specifically for the operation that it's intended +for, as determined by the intended L array. + +Any function identity not recognised by the recipient of this type +will be ignored. +This ensures that providers built with one OpenSSL version in mind +will work together with any other OpenSSL version that supports this +mechanism. + +=begin comment RETURN VALUES doesn't make sense for a manual that only +describes a type, but document checkers still want that section, and +to have more than just the section title. + +=head1 RETURN VALUES + +txt + +=end comment + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +B was added in OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod openssl-3.0.8/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod --- openssl-3.0.7/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod 2023-02-07 14:43:33.000000000 +0100 @@ -78,8 +78,8 @@ OSSL_ENCODER_CTX_set_pem_password_cb(), OSSL_ENCODER_CTX_set_passphrase_ui() and OSSL_ENCODER_CTX_set_passphrase_cb() sets up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the -choice of prefered pass phrase callback form. These are called indirectly, -through an internal B function. +choice of preferred pass phrase callback form. These are called indirectly, +through an internal L function. =head2 Output types diff -Nru openssl-3.0.7/doc/man3/OSSL_ITEM.pod openssl-3.0.8/doc/man3/OSSL_ITEM.pod --- openssl-3.0.7/doc/man3/OSSL_ITEM.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_ITEM.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,56 @@ +=pod + +=head1 NAME + +OSSL_ITEM - OpenSSL Core type for generic itemized data + +=head1 SYNOPSIS + + #include + + typedef struct ossl_item_st OSSL_ITEM; + struct ossl_item_st { + unsigned int id; + void *ptr; + }; + +=head1 DESCRIPTION + +This type is a tuple of integer and pointer. +It's a generic type used as a generic descriptor, its exact meaning +being defined by how it's used. +Arrays of this type are passed between the OpenSSL libraries and the +providers, and must be terminated with a tuple where the integer is +zero and the pointer NULL. + +This is currently mainly used for the return value of the provider's error +reason strings array, see L. + +=begin comment RETURN VALUES doesn't make sense for a manual that only +describes a type, but document checkers still want that section, and +to have more than just the section title. + +=head1 RETURN VALUES + +txt + +=end comment + +=head1 SEE ALSO + +L, L, L + +=head1 HISTORY + +B was added in OpenSSL 3.0 + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man3/OSSL_PARAM_allocate_from_text.pod openssl-3.0.8/doc/man3/OSSL_PARAM_allocate_from_text.pod --- openssl-3.0.7/doc/man3/OSSL_PARAM_allocate_from_text.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_PARAM_allocate_from_text.pod 2023-02-07 14:43:33.000000000 +0100 @@ -102,7 +102,7 @@ The parameter descriptor array comes from functions dedicated to return them. -The following B attributes are used: +The following L attributes are used: =over 4 diff -Nru openssl-3.0.7/doc/man3/OSSL_PARAM_dup.pod openssl-3.0.8/doc/man3/OSSL_PARAM_dup.pod --- openssl-3.0.7/doc/man3/OSSL_PARAM_dup.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_PARAM_dup.pod 2023-02-07 14:43:33.000000000 +0100 @@ -16,8 +16,8 @@ =head1 DESCRIPTION Algorithm parameters can be exported/imported from/to providers using arrays of -B. The following utility functions allow the parameters to be -duplicated and merged with other B to assist in this process. +L. The following utility functions allow the parameters to be +duplicated and merged with other L to assist in this process. OSSL_PARAM_dup() duplicates the parameter array I. This function does a deep copy of the data. @@ -36,7 +36,7 @@ =head1 RETURN VALUES The functions OSSL_PARAM_dup() and OSSL_PARAM_merge() return a newly allocated -B array, or NULL if there was an error. If both parameters are NULL +L array, or NULL if there was an error. If both parameters are NULL then NULL is returned. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man3/OSSL_PARAM_int.pod openssl-3.0.8/doc/man3/OSSL_PARAM_int.pod --- openssl-3.0.7/doc/man3/OSSL_PARAM_int.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_PARAM_int.pod 2023-02-07 14:43:33.000000000 +0100 @@ -110,7 +110,7 @@ =head1 DESCRIPTION A collection of utility functions that simplify and add type safety to the -B arrays. The following B> names are supported: +L arrays. The following B> names are supported: =over 1 @@ -161,7 +161,7 @@ =back OSSL_PARAM_TYPE() are a series of macros designed to assist initialising an -array of B structures. +array of L structures. Each of these macros defines a parameter of the specified B> with the provided I and parameter variable I
. @@ -172,46 +172,46 @@ The storage for this parameter is at I
and is of I bytes. OSSL_PARAM_END provides an end of parameter list marker. -This should terminate all B arrays. +This should terminate all L arrays. The OSSL_PARAM_DEFN() macro provides the ability to construct a single -B (typically used in the construction of B arrays). The +L (typically used in the construction of B arrays). The I, I, I and I arguments correspond to the I, -I, I and I fields of the B structure as +I, I and I fields of the L structure as described on the L page. -OSSL_PARAM_construct_TYPE() are a series of functions that create B +OSSL_PARAM_construct_TYPE() are a series of functions that create L records dynamically. A parameter with name I is created. The parameter will use storage pointed to by I and return size of I. OSSL_PARAM_construct_BN() is a function that constructs a large integer -B structure. +L structure. A parameter with name I, storage I, size I and return size I is created. OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8 -string B structure. +string L structure. A parameter with name I, storage I and size I is created. If I is zero, the string length is determined using strlen(3). Generally pass zero for I instead of calling strlen(3) yourself. OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET -string B structure. +string L structure. A parameter with name I, storage I and size I is created. OSSL_PARAM_construct_utf8_ptr() is a function that constructs a UTF8 string -pointer B structure. +pointer L structure. A parameter with name I, storage pointer I<*buf> and size I is created. OSSL_PARAM_construct_octet_ptr() is a function that constructs an OCTET string -pointer B structure. +pointer L structure. A parameter with name I, storage pointer I<*buf> and size I is created. OSSL_PARAM_construct_end() is a function that constructs the terminating -B structure. +L structure. OSSL_PARAM_locate() is a function that searches an I of parameters for the one matching the I name. @@ -314,10 +314,10 @@ OSSL_PARAM_construct_TYPE(), OSSL_PARAM_construct_BN(), OSSL_PARAM_construct_utf8_string(), OSSL_PARAM_construct_octet_string(), OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_construct_octet_ptr() -return a populated B structure. +return a populated L structure. OSSL_PARAM_locate() and OSSL_PARAM_locate_const() return a pointer to -the matching B object. They return NULL on error or when +the matching L object. They return NULL on error or when no object matching I exists in the I. OSSL_PARAM_modified() returns 1 if the parameter was set and 0 otherwise. @@ -334,11 +334,11 @@ OSSL_PARAM_get_BN() and OSSL_PARAM_set_BN() currently only support nonnegative Bs, and by consequence, only B. OSSL_PARAM_construct_BN() currently -constructs an B structure with the data type +constructs an L structure with the data type B. For OSSL_PARAM_construct_utf8_ptr() and OSSL_PARAM_consstruct_octet_ptr(), -I is not relevant if the purpose is to send the B array +I is not relevant if the purpose is to send the L array to a I, i.e. to get parameter data back. In that case, I can safely be given zero. See L for further information on the @@ -347,7 +347,7 @@ =head1 EXAMPLES Reusing the examples from L to just show how -B arrays can be handled using the macros and functions +L arrays can be handled using the macros and functions defined herein. =head2 Example 1 diff -Nru openssl-3.0.7/doc/man3/OSSL_PROVIDER.pod openssl-3.0.8/doc/man3/OSSL_PROVIDER.pod --- openssl-3.0.7/doc/man3/OSSL_PROVIDER.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_PROVIDER.pod 2023-02-07 14:43:33.000000000 +0100 @@ -110,11 +110,10 @@ behaviour. OSSL_PROVIDER_gettable_params() is used to get a provider parameter -descriptor set as a constant B array. -See L for more information. +descriptor set as a constant L array. OSSL_PROVIDER_get_params() is used to get provider parameter values. -The caller must prepare the B array before calling this +The caller must prepare the L array before calling this function, and the variables acting as buffers for this parameter array should be filled with data when it returns successfully. @@ -150,7 +149,7 @@ OSSL_PROVIDER_get_capabilities() provides information about the capabilities supported by the provider specified in I with the capability name I. For each capability of that name supported by the provider it -will call the callback I and supply a set of Bs describing the +will call the callback I and supply a set of Ls describing the capability. It will also pass back the argument I. For more details about capabilities and what they can be used for please see L. @@ -173,7 +172,7 @@ otherwise 0. OSSL_PROVIDER_gettable_params() returns a pointer to an array -of constant B, or NULL if none is provided. +of constant L, or NULL if none is provided. OSSL_PROVIDER_get_params() and returns 1 on success, or 0 on error. diff -Nru openssl-3.0.7/doc/man3/OSSL_SELF_TEST_new.pod openssl-3.0.8/doc/man3/OSSL_SELF_TEST_new.pod --- openssl-3.0.7/doc/man3/OSSL_SELF_TEST_new.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_SELF_TEST_new.pod 2023-02-07 14:43:33.000000000 +0100 @@ -36,7 +36,7 @@ OSSL_SELF_TEST_onbegin() may be inserted at the start of a block of self test code. It can be used for diagnostic purposes. If this method is called the callback I will receive the following -B object. +L object. =over 4 @@ -53,7 +53,7 @@ The I and I can be used to identify an individual self test to target for failure testing. If this method is called the callback I will receive the following -B object. +L object. =over 4 @@ -67,7 +67,7 @@ just before cleanup to indicate if the test passed or failed. It can be used for diagnostic purposes. If this method is called the callback I will receive the following -B object. +L object. =over 4 @@ -82,7 +82,7 @@ OSSL_SELF_TEST_onbegin() for I and I are set to the value "None". If OSSL_SELF_TEST_onbegin(), OSSL_SELF_TEST_oncorrupt_byte() or -OSSL_SELF_TEST_onend() is called the following additional B are +OSSL_SELF_TEST_onend() is called the following additional L are passed to the callback. =over 4 diff -Nru openssl-3.0.7/doc/man3/OSSL_SELF_TEST_set_callback.pod openssl-3.0.8/doc/man3/OSSL_SELF_TEST_set_callback.pod --- openssl-3.0.7/doc/man3/OSSL_SELF_TEST_set_callback.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_SELF_TEST_set_callback.pod 2023-02-07 14:43:33.000000000 +0100 @@ -16,7 +16,7 @@ Set or gets the optional application callback (and the callback argument) that is called during self testing. -The application callback B is associated with a B. +The application callback L is associated with a B. The application callback function receives information about a running self test, and may return a result to the calling self test. See L for further information on the callback. diff -Nru openssl-3.0.7/doc/man3/OSSL_STORE_open.pod openssl-3.0.8/doc/man3/OSSL_STORE_open.pod --- openssl-3.0.7/doc/man3/OSSL_STORE_open.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_STORE_open.pod 2023-02-07 14:43:33.000000000 +0100 @@ -69,7 +69,7 @@ The given I and I will be reused by all functions that use B when interaction is needed, for instance to provide a password. -The auxiliary B parameters in I can be set to further +The auxiliary L parameters in I can be set to further modify the store operation. The given I and I will be reused by OSSL_STORE_load() to manipulate or drop the value to be returned. diff -Nru openssl-3.0.7/doc/man3/OSSL_trace_set_channel.pod openssl-3.0.8/doc/man3/OSSL_trace_set_channel.pod --- openssl-3.0.7/doc/man3/OSSL_trace_set_channel.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/OSSL_trace_set_channel.pod 2023-02-07 14:43:33.000000000 +0100 @@ -42,6 +42,8 @@ OSSL_trace_set_channel() is used to enable the given trace C by attaching the B I object as (simple) trace channel. +On success the ownership of the BIO is transferred to the channel, +so the caller must not free it directly. OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add an extra line for each channel, to be output before and after group of @@ -320,7 +322,7 @@ =head1 COPYRIGHT -Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/RSA_sign.pod openssl-3.0.8/doc/man3/RSA_sign.pod --- openssl-3.0.7/doc/man3/RSA_sign.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/RSA_sign.pod 2023-02-07 14:43:33.000000000 +0100 @@ -46,8 +46,8 @@ =head1 RETURN VALUES -RSA_sign() returns 1 on success. -RSA_verify() returns 1 on successful verification. +RSA_sign() returns 1 on success and 0 for failure. +RSA_verify() returns 1 on successful verification and 0 for failure. The error codes can be obtained by L. diff -Nru openssl-3.0.7/doc/man3/SSL_CTX_set_cipher_list.pod openssl-3.0.8/doc/man3/SSL_CTX_set_cipher_list.pod --- openssl-3.0.7/doc/man3/SSL_CTX_set_cipher_list.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/SSL_CTX_set_cipher_list.pod 2023-02-07 14:43:33.000000000 +0100 @@ -80,7 +80,7 @@ ADH ciphers don't need a certificate, but DH-parameters must have been set. All other ciphers need a corresponding certificate and key. -A RSA cipher can only be chosen, when a RSA certificate is available. +An RSA cipher can only be chosen, when an RSA certificate is available. RSA ciphers using DHE need a certificate and key and additional DH-parameters (see L). diff -Nru openssl-3.0.7/doc/man3/SSL_CTX_set_generate_session_id.pod openssl-3.0.8/doc/man3/SSL_CTX_set_generate_session_id.pod --- openssl-3.0.7/doc/man3/SSL_CTX_set_generate_session_id.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/SSL_CTX_set_generate_session_id.pod 2023-02-07 14:43:33.000000000 +0100 @@ -85,10 +85,10 @@ =head1 RETURN VALUES SSL_CTX_set_generate_session_id() and SSL_set_generate_session_id() -always return 1. +return 1 on success and 0 for failure. SSL_has_matching_session_id() returns 1 if another session with the -same id is already in the cache. +same id is already in the cache, or 0 otherwise. =head1 EXAMPLES diff -Nru openssl-3.0.7/doc/man3/SSL_CTX_use_certificate.pod openssl-3.0.8/doc/man3/SSL_CTX_use_certificate.pod --- openssl-3.0.7/doc/man3/SSL_CTX_use_certificate.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/SSL_CTX_use_certificate.pod 2023-02-07 14:43:33.000000000 +0100 @@ -130,7 +130,7 @@ SSL_CTX_check_private_key() checks the consistency of a private key with the corresponding certificate loaded into B. If more than one key/certificate pair (RSA/DSA) is installed, the last item installed will -be checked. If e.g. the last item was a RSA certificate or key, the RSA +be checked. If e.g. the last item was an RSA certificate or key, the RSA key/certificate pair will be checked. SSL_check_private_key() performs the same check for B. If no key/certificate was explicitly added for this B, the last item added into B will be checked. diff -Nru openssl-3.0.7/doc/man3/SSL_CTX_use_serverinfo.pod openssl-3.0.8/doc/man3/SSL_CTX_use_serverinfo.pod --- openssl-3.0.7/doc/man3/SSL_CTX_use_serverinfo.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/SSL_CTX_use_serverinfo.pod 2023-02-07 14:43:33.000000000 +0100 @@ -59,7 +59,7 @@ If more than one certificate (RSA/DSA) is installed using SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the -last certificate installed. If e.g. the last item was a RSA certificate, the +last certificate installed. If e.g. the last item was an RSA certificate, the loaded serverinfo extension data will be loaded for that certificate. To use the serverinfo extension for multiple certificates, SSL_CTX_use_serverinfo() needs to be called multiple times, once B diff -Nru openssl-3.0.7/doc/man3/X509_NAME_get_index_by_NID.pod openssl-3.0.8/doc/man3/X509_NAME_get_index_by_NID.pod --- openssl-3.0.7/doc/man3/X509_NAME_get_index_by_NID.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/X509_NAME_get_index_by_NID.pod 2023-02-07 14:43:33.000000000 +0100 @@ -79,7 +79,8 @@ X509_NAME_get_index_by_NID() can also return -2 if the supplied NID is invalid. -X509_NAME_entry_count() returns the total number of entries. +X509_NAME_entry_count() returns the total number of entries, and 0 +for failure. X509_NAME_get_entry() returns an B pointer to the requested entry or B if the index is invalid. diff -Nru openssl-3.0.7/doc/man3/X509_STORE_CTX_get_error.pod openssl-3.0.8/doc/man3/X509_STORE_CTX_get_error.pod --- openssl-3.0.7/doc/man3/X509_STORE_CTX_get_error.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/X509_STORE_CTX_get_error.pod 2023-02-07 14:43:33.000000000 +0100 @@ -49,8 +49,10 @@ This can be used in combination with X509_STORE_CTX_set_error() to set the depth at which an error condition was detected. -X509_STORE_CTX_get_current_cert() returns the certificate in I which -caused the error or NULL if no certificate is relevant. +X509_STORE_CTX_get_current_cert() returns the current certificate in +I. If an error occurred, the current certificate will be the one +that is most closely related to the error, or possibly NULL if no such +certificate is relevant. X509_STORE_CTX_set_current_cert() sets the certificate I in I which caused the error. @@ -227,7 +229,7 @@ The basicConstraints path-length parameter has been exceeded. -=item B +=item B The target certificate cannot be used for the specified purpose. @@ -471,7 +473,7 @@ =head1 COPYRIGHT -Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man3/X509v3_get_ext_by_NID.pod openssl-3.0.8/doc/man3/X509v3_get_ext_by_NID.pod --- openssl-3.0.7/doc/man3/X509v3_get_ext_by_NID.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/X509v3_get_ext_by_NID.pod 2023-02-07 14:43:33.000000000 +0100 @@ -121,13 +121,15 @@ =head1 RETURN VALUES -X509v3_get_ext_count() returns the extension count. +X509v3_get_ext_count() returns the extension count or 0 for failure. X509v3_get_ext(), X509v3_delete_ext() and X509_delete_ext() return an B structure or NULL if an error occurs. -X509v3_get_ext_by_NID(), X509v3_get_ext_by_OBJ() and -X509v3_get_ext_by_critical() return the extension index or -1 if an +X509v3_get_ext_by_OBJ() and X509v3_get_ext_by_critical() return +the extension index or -1 if an error occurs. + +X509v3_get_ext_by_NID() returns the extension index or negative values if an error occurs. X509v3_add_ext() returns a STACK of extensions or NULL on error. diff -Nru openssl-3.0.7/doc/man3/X509_VERIFY_PARAM_set_flags.pod openssl-3.0.8/doc/man3/X509_VERIFY_PARAM_set_flags.pod --- openssl-3.0.7/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man3/X509_VERIFY_PARAM_set_flags.pod 2023-02-07 14:43:33.000000000 +0100 @@ -90,6 +90,7 @@ X509_VERIFY_PARAM_set_purpose() sets the verification purpose in B to B. This determines the acceptable purpose of the certificate chain, for example B. +The purpose requirement is cleared if B is 0. X509_VERIFY_PARAM_set_trust() sets the trust setting in B to B. @@ -401,7 +402,7 @@ =head1 COPYRIGHT -Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man5/fips_config.pod openssl-3.0.8/doc/man5/fips_config.pod --- openssl-3.0.7/doc/man5/fips_config.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man5/fips_config.pod 2023-02-07 14:43:33.000000000 +0100 @@ -107,6 +107,10 @@ L L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/crypto.pod openssl-3.0.8/doc/man7/crypto.pod --- openssl-3.0.7/doc/man7/crypto.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/crypto.pod 2023-02-07 14:43:33.000000000 +0100 @@ -367,7 +367,7 @@ example for a digest operation you would use an B, and for an encryption/decryption operation you would use an B. The operation is then initialised ready for use via an "init" function - optionally -passing in a set of parameters (using the B type) to configure how +passing in a set of parameters (using the L type) to configure how the operation should behave. Next data is fed into the operation in a series of "update" calls. The operation is finalised using a "final" call which will typically provide some kind of output. Finally the context is cleaned up and diff -Nru openssl-3.0.7/doc/man7/EVP_ASYM_CIPHER-RSA.pod openssl-3.0.8/doc/man7/EVP_ASYM_CIPHER-RSA.pod --- openssl-3.0.7/doc/man7/EVP_ASYM_CIPHER-RSA.pod 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_ASYM_CIPHER-RSA.pod 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,90 @@ +=pod + +=head1 NAME + +EVP_ASYM_CIPHER-RSA +- RSA Asymmetric Cipher algorithm support + +=head1 DESCRIPTION + +Asymmetric Cipher support for the B key type. + +=head2 RSA Asymmetric Cipher parameters + +=over 4 + +=item "pad-mode" (B) + +The default provider understands these RSA padding modes in string form: + +=over 4 + +=item "none" (B) + +=item "oaep" (B) + +=item "pkcs1" (B) + +=item "x931" (B) + +=back + +=item "pad-mode" (B) + +The default provider understands these RSA padding modes in integer form: + +=over 4 + +=item 1 (B) + +=item 3 (B) + +=item 4 (B) + +=item 5 (B) + +=back + +See L for further details. + +=item "digest" (B) + +=item "digest-props" (B) + +=item "mgf1-digest" (B) + +=item "mgf1-digest-props" (B) + +=item "oaep-label" (B) + +=item "tls-client-version" (B) + +See B on the page L. + +=item "tls-negotiated-version" (B) + +See B on the page L. + +See L for more information. + +=back + +=head1 SEE ALSO + +L, +L, +L, +L, +L +L + +=head1 COPYRIGHT + +Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod openssl-3.0.8/doc/man7/EVP_CIPHER-AES.pod --- openssl-3.0.7/doc/man7/EVP_CIPHER-AES.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_CIPHER-AES.pod 2023-02-07 14:43:33.000000000 +0100 @@ -29,8 +29,6 @@ =item "AES-192-OFB", "AES-128-OFB" and "AES-256-OFB" -=item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV" - =item "AES-128-XTS" and "AES-256-XTS" =item "AES-128-CCM", "AES-192-CCM" and "AES-256-CCM" @@ -54,6 +52,8 @@ =item "AES-128-OCB", "AES-192-OCB" and "AES-256-OCB" +=item "AES-128-SIV", "AES-192-SIV" and "AES-256-SIV" + =back =head2 Parameters diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-HKDF.pod openssl-3.0.8/doc/man7/EVP_KDF-HKDF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-HKDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-HKDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -140,6 +140,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-KB.pod openssl-3.0.8/doc/man7/EVP_KDF-KB.pod --- openssl-3.0.7/doc/man7/EVP_KDF-KB.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-KB.pod 2023-02-07 14:43:33.000000000 +0100 @@ -157,7 +157,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-KRB5KDF.pod openssl-3.0.8/doc/man7/EVP_KDF-KRB5KDF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-KRB5KDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-KRB5KDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -100,7 +100,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-PBKDF1.pod openssl-3.0.8/doc/man7/EVP_KDF-PBKDF1.pod --- openssl-3.0.7/doc/man7/EVP_KDF-PBKDF1.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-PBKDF1.pod 2023-02-07 14:43:33.000000000 +0100 @@ -68,7 +68,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-PBKDF2.pod openssl-3.0.8/doc/man7/EVP_KDF-PBKDF2.pod --- openssl-3.0.7/doc/man7/EVP_KDF-PBKDF2.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-PBKDF2.pod 2023-02-07 14:43:33.000000000 +0100 @@ -90,7 +90,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-PKCS12KDF.pod openssl-3.0.8/doc/man7/EVP_KDF-PKCS12KDF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-PKCS12KDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-PKCS12KDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -72,7 +72,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-SCRYPT.pod openssl-3.0.8/doc/man7/EVP_KDF-SCRYPT.pod --- openssl-3.0.7/doc/man7/EVP_KDF-SCRYPT.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-SCRYPT.pod 2023-02-07 14:43:33.000000000 +0100 @@ -134,6 +134,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-SSHKDF.pod openssl-3.0.8/doc/man7/EVP_KDF-SSHKDF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-SSHKDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-SSHKDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -144,6 +144,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-SS.pod openssl-3.0.8/doc/man7/EVP_KDF-SS.pod --- openssl-3.0.7/doc/man7/EVP_KDF-SS.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-SS.pod 2023-02-07 14:43:33.000000000 +0100 @@ -43,6 +43,8 @@ =item "digest" (B) +This parameter is ignored for KMAC. + =item "mac" (B) =item "maclen" (B) @@ -133,7 +135,7 @@ EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char out[10]; - OSSL_PARAM params[7], *p = params; + OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); kctx = EVP_KDF_CTX_new(kdf); @@ -141,8 +143,6 @@ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, SN_kmac128, strlen(SN_kmac128)); - *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - SN_sha256, strlen(SN_sha256)); *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, @@ -173,11 +173,11 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. Licensed under the Apache License 2.0 (the "License"). You may not use diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-TLS13_KDF.pod openssl-3.0.8/doc/man7/EVP_KDF-TLS13_KDF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-TLS13_KDF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-TLS13_KDF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -116,6 +116,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-TLS1_PRF.pod openssl-3.0.8/doc/man7/EVP_KDF-TLS1_PRF.pod --- openssl-3.0.7/doc/man7/EVP_KDF-TLS1_PRF.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-TLS1_PRF.pod 2023-02-07 14:43:33.000000000 +0100 @@ -98,6 +98,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-X942-ASN1.pod openssl-3.0.8/doc/man7/EVP_KDF-X942-ASN1.pod --- openssl-3.0.7/doc/man7/EVP_KDF-X942-ASN1.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-X942-ASN1.pod 2023-02-07 14:43:33.000000000 +0100 @@ -137,7 +137,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-X942-CONCAT.pod openssl-3.0.8/doc/man7/EVP_KDF-X942-CONCAT.pod --- openssl-3.0.7/doc/man7/EVP_KDF-X942-CONCAT.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-X942-CONCAT.pod 2023-02-07 14:43:33.000000000 +0100 @@ -21,7 +21,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KDF-X963.pod openssl-3.0.8/doc/man7/EVP_KDF-X963.pod --- openssl-3.0.7/doc/man7/EVP_KDF-X963.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KDF-X963.pod 2023-02-07 14:43:33.000000000 +0100 @@ -94,7 +94,7 @@ =head1 HISTORY -This functionality was added to OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/EVP_KEM-RSA.pod openssl-3.0.8/doc/man7/EVP_KEM-RSA.pod --- openssl-3.0.7/doc/man7/EVP_KEM-RSA.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_KEM-RSA.pod 2023-02-07 14:43:33.000000000 +0100 @@ -54,6 +54,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/EVP_MAC-KMAC.pod openssl-3.0.8/doc/man7/EVP_MAC-KMAC.pod --- openssl-3.0.7/doc/man7/EVP_MAC-KMAC.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_MAC-KMAC.pod 2023-02-07 14:43:33.000000000 +0100 @@ -41,11 +41,12 @@ Sets the MAC key. Setting this parameter is identical to passing a I to L. +The length of the key (in bytes) must be in the range 4...512. =item "custom" (B) Sets the custom value. -It is an optional value of at most 256 bytes, and is empty by default. +It is an optional value with a length of at most 512 bytes, and is empty by default. =item "size" (B) diff -Nru openssl-3.0.7/doc/man7/EVP_PKEY-EC.pod openssl-3.0.8/doc/man7/EVP_PKEY-EC.pod --- openssl-3.0.7/doc/man7/EVP_PKEY-EC.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_PKEY-EC.pod 2023-02-07 14:43:33.000000000 +0100 @@ -79,6 +79,10 @@ if the value is zero. The cofactor variant multiplies the shared secret by the EC curve's cofactor (note for some curves the cofactor is 1). +See also L for the related +B parameter that can be set on a +per-operation basis. + =item "encoding" (B) Set the format used for serializing the EC group parameters. @@ -104,15 +108,21 @@ Setting this value to 0 indicates that the public key should not be included when encoding the private key. The default value of 1 will include the public key. -See also L for the related -B parameter that can be set on a -per-operation basis. - =item "pub" (B) -The public key value in encoded EC point format. This parameter is used -when importing or exporting the public key value with the EVP_PKEY_fromdata() -and EVP_PKEY_todata() functions. +The public key value in encoded EC point format conforming to Sec. 2.3.3 and +2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. +This parameter is used when importing or exporting the public key value with the +EVP_PKEY_fromdata() and EVP_PKEY_todata() functions. + +Note, in particular, that the choice of point compression format used for +encoding the exported value via EVP_PKEY_todata() depends on the underlying +provider implementation. +Before OpenSSL 3.0.8, the implementation of providers included with OpenSSL always +opted for an encoding in compressed format, unconditionally. +Since OpenSSL 3.0.8, the implementation has been changed to honor the +B parameter, if set, or to default +to uncompressed format. =item "priv" (B) diff -Nru openssl-3.0.7/doc/man7/EVP_PKEY-RSA.pod openssl-3.0.8/doc/man7/EVP_PKEY-RSA.pod --- openssl-3.0.7/doc/man7/EVP_PKEY-RSA.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_PKEY-RSA.pod 2023-02-07 14:43:33.000000000 +0100 @@ -23,15 +23,18 @@ =item "n" (B) -The RSA "n" value. +The RSA modulus "n" value. =item "e" (B) -The RSA "e" value. +The RSA public exponent "e" value. +This value must always be set when creating a raw key using L. +Note that when a decryption operation is performed, that this value is used for +blinding purposes to prevent timing attacks. =item "d" (B) -The RSA "d" value. +The RSA private exponent "d" value. =item "rsa-factor1" (B) @@ -261,7 +264,7 @@ =head1 COPYRIGHT -Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man7/EVP_RAND-TEST-RAND.pod openssl-3.0.8/doc/man7/EVP_RAND-TEST-RAND.pod --- openssl-3.0.7/doc/man7/EVP_RAND-TEST-RAND.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/EVP_RAND-TEST-RAND.pod 2023-02-07 14:43:33.000000000 +0100 @@ -100,6 +100,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/fips_module.pod openssl-3.0.8/doc/man7/fips_module.pod --- openssl-3.0.7/doc/man7/fips_module.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/fips_module.pod 2023-02-07 14:43:33.000000000 +0100 @@ -460,6 +460,11 @@ L, L, L +=head1 HISTORY + +The FIPS module guide was created for use with the new FIPS provider +in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/migration_guide.pod openssl-3.0.8/doc/man7/migration_guide.pod --- openssl-3.0.7/doc/man7/migration_guide.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/migration_guide.pod 2023-02-07 14:43:33.000000000 +0100 @@ -472,6 +472,14 @@ reason the ERR_GET_FUNC() macro was removed. Applications must resolve the error codes only using the library number and the reason code. +=head4 ChaCha20-Poly1305 cipher does not allow a truncated IV length to be used + +In OpenSSL 3.0 setting the IV length to any value other than 12 will result in an +error. +Prior to OpenSSL 3.0 the ivlen could be smaller that the required 12 byte length, +using EVP_CIPHER_CTX_ctrl(ctx, EVP_CRTL_AEAD_SET_IVLEN, ivlen, NULL). This resulted +in an IV that had leading zero padding. + =head2 Installation and Compilation Please refer to the INSTALL.md file in the top of the distribution for @@ -957,7 +965,7 @@ Implicit and Explicit Fetching is described in detail here L. -=head3 Mapping EVP controls and flags to provider B parameters +=head3 Mapping EVP controls and flags to provider L parameters The existing functions for controls (such as L) and manipulating flags (such as L)internally use @@ -1074,7 +1082,8 @@ L, L, L and L for additional information. -Note that the one-shot method HMAC() is still available for compatability purposes. +Note that the one-shot method HMAC() is still available for compatibility purposes, +but this can also be replaced by using EVP_Q_MAC if a library context is required. =head4 Deprecated low-level validation functions @@ -1459,7 +1468,7 @@ ECDH_KDF_X9_62() Applications may either set this using the helper function -L or by setting an B using the +L or by setting an L using the "kdf-type" as shown in L =item * @@ -2407,9 +2416,13 @@ L +=head1 HISTORY + +The migration guide was created for OpenSSL 3.0. + =head1 COPYRIGHT -Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man7/openssl-core.h.pod openssl-3.0.8/doc/man7/openssl-core.h.pod --- openssl-3.0.7/doc/man7/openssl-core.h.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/openssl-core.h.pod 2023-02-07 14:43:33.000000000 +0100 @@ -20,95 +20,17 @@ =over 4 -=item B +=item L -This type is a tuple of function identity and function pointer. -Arrays of this type are passed between the OpenSSL libraries and the -providers to describe what functionality one side provides to the -other. -Arrays of this type must be terminated with a tuple having function -identity zero and function pointer NULL. +=item L -The available function identities and corresponding function -signatures are defined in L. +=item L -Any function identity not recognised by the recipient of this type -will be ignored. -This ensures that providers built with one OpenSSL version in mind -will work together with any other OpenSSL version that supports this -mechanism. +=item L -=item B +=item L -This type is a tuple of integer and pointer. -It's a generic type used as a generic descriptor, its exact meaning -being defined by how it's used. -Arrays of this type are passed between the OpenSSL libraries and the -providers, and must be terminated with a tuple where the integer is -zero and the pointer NULL. - -=item B - -This type is a tuple of an algorithm name (string), a property -definition (string) and a dispatch table (array of B). -Arrays of this type are passed on demand from the providers to the -OpenSSL libraries to describe what algorithms the providers provide -implementations of, and with what properties. -Arrays of this type must be terminated with a tuple having function -identity zero and function pointer NULL. - -The algorithm names and property definitions are defined by the -providers. - -The OpenSSL libraries use the first of the algorithm names as the main -or canonical name, on a per algorithm implementation basis. - -=item B - -This type is a structure that allows passing arbitrary object data -between two parties that have no or very little shared knowledge about -their respective internal structures for that object. -It's normally passed in arrays, where the array is terminated with an -element where all fields are zero (for non-pointers) or NULL (for -pointers). - -These arrays can be used to set parameters for some object, to request -parameters, and to describe parameters. - -B is further described in L - -=item B - -This is a function type for a generic feedback callback function: - - typedef int (OSSL_CALLBACK)(const OSSL_PARAM params[], void *arg); - -A function that takes a pointer of this type should also take a -pointer to caller data. When calling this callback, the function is -expected to build an B array of data it wants or is -expected to pass back, and pass that as I, as well as -the caller data pointer it received, as I. - -=item B - -This is a function type for a generic pass phrase callback function: - - typedef int (OSSL_PASSPHRASE_CALLBACK)(char *pass, size_t pass_size, - size_t *pass_len, - const OSSL_PARAM params[], - void *arg); - -This callback can be used to prompt the user for a passphrase. When -calling it, a buffer to store the pass phrase needs to be given with -I, and its size with I. The length of the prompted -pass phrase will be given back in I<*pass_len>. - -Additional parameters can be passed with the B array -I. - -A function that takes a pointer of this type should also take a -pointer to caller data, which should be passed as I to this -callback. +=item L =back diff -Nru openssl-3.0.7/doc/man7/OSSL_PROVIDER-base.pod openssl-3.0.8/doc/man7/OSSL_PROVIDER-base.pod --- openssl-3.0.7/doc/man7/OSSL_PROVIDER-base.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/OSSL_PROVIDER-base.pod 2023-02-07 14:43:33.000000000 +0100 @@ -84,6 +84,10 @@ L, L, L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod openssl-3.0.8/doc/man7/OSSL_PROVIDER-default.pod --- openssl-3.0.7/doc/man7/OSSL_PROVIDER-default.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/OSSL_PROVIDER-default.pod 2023-02-07 14:43:33.000000000 +0100 @@ -247,6 +247,8 @@ The RIPEMD160 digest was added to the default provider in OpenSSL 3.0.7. +All other functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/OSSL_PROVIDER-FIPS.pod openssl-3.0.8/doc/man7/OSSL_PROVIDER-FIPS.pod --- openssl-3.0.7/doc/man7/OSSL_PROVIDER-FIPS.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/OSSL_PROVIDER-FIPS.pod 2023-02-07 14:43:33.000000000 +0100 @@ -88,7 +88,7 @@ =item TLS13-KDF, see L -=item SSKDF, see L +=item SSKDF, see L =item PBKDF2, see L @@ -96,7 +96,7 @@ =item TLS1-PRF, see L -=item KBKDF, see L +=item KBKDF, see L =item X942KDF-ASN1, see L @@ -124,8 +124,6 @@ =over 4 -=item DSA, see L - =item RSA, see L =item X25519, see L @@ -142,7 +140,7 @@ =over 4 -=item RSA, see L +=item RSA, see L =back @@ -407,7 +405,7 @@ =head1 HISTORY -The type and functions described here were added in OpenSSL 3.0. +This functionality was added in OpenSSL 3.0. =head1 COPYRIGHT diff -Nru openssl-3.0.7/doc/man7/OSSL_PROVIDER-legacy.pod openssl-3.0.8/doc/man7/OSSL_PROVIDER-legacy.pod --- openssl-3.0.7/doc/man7/OSSL_PROVIDER-legacy.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/OSSL_PROVIDER-legacy.pod 2023-02-07 14:43:33.000000000 +0100 @@ -115,6 +115,10 @@ L, L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/OSSL_PROVIDER-null.pod openssl-3.0.8/doc/man7/OSSL_PROVIDER-null.pod --- openssl-3.0.7/doc/man7/OSSL_PROVIDER-null.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/OSSL_PROVIDER-null.pod 2023-02-07 14:43:33.000000000 +0100 @@ -23,6 +23,10 @@ L +=head1 HISTORY + +This functionality was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.7/doc/man7/property.pod openssl-3.0.8/doc/man7/property.pod --- openssl-3.0.7/doc/man7/property.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/property.pod 2023-02-07 14:43:33.000000000 +0100 @@ -154,9 +154,12 @@ Value ::= NumberLiteral | StringLiteral StringLiteral ::= QuotedString | UnquotedString QuotedString ::= '"' [^"]* '"' | "'" [^']* "'" - UnquotedString ::= [^{space},]+ + UnquotedString ::= [A-Za-z] [^{space},]+ NumberLiteral ::= '0' ( [0-7]* | 'x' [0-9A-Fa-f]+ ) | '-'? [1-9] [0-9]+ - PropertyName ::= [A-Z] [A-Z0-9_]* ( '.' [A-Z] [A-Z0-9_]* )* + PropertyName ::= [A-Za-z] [A-Za-z0-9_]* ( '.' [A-Za-z] [A-Za-z0-9_]* )* + +The flavour of EBNF being used is defined by: +L. =head1 HISTORY @@ -164,7 +167,7 @@ =head1 COPYRIGHT -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.7/doc/man7/provider-asym_cipher.pod openssl-3.0.8/doc/man7/provider-asym_cipher.pod --- openssl-3.0.7/doc/man7/provider-asym_cipher.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-asym_cipher.pod 2023-02-07 14:43:33.000000000 +0100 @@ -54,14 +54,14 @@ other related functions). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_asym_cipher_newctx() has these: @@ -69,7 +69,7 @@ static ossl_inline OSSL_FUNC_asym_cipher_newctx_fn OSSL_FUNC_asym_cipher_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_asym_cipher_newctx OSSL_FUNC_ASYM_CIPHER_NEWCTX @@ -187,14 +187,10 @@ =over 4 -=item "pad-mode" (B) +=item "pad-mode" (B) OR The type of padding to be used. The interpretation of this value will depend -on the algorithm in use. The default provider understands these RSA padding -modes: 1 (RSA_PKCS1_PADDING), 3 (RSA_NO_PADDING), -4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and -7 (RSA_PKCS1_WITH_TLS_PADDING). See L for -further details. +on the algorithm in use. =item "digest" (B) @@ -223,27 +219,28 @@ Gets or sets the properties to use when fetching the MGF1 digest algorithm. +=item "oaep-label" (B) + +Gets the OAEP label used when OAEP padding is in use. + =item "oaep-label" (B) -Gets or sets the OAEP label used when OAEP padding is in use. +Sets the OAEP label used when OAEP padding is in use. =item "tls-client-version" (B) -The TLS protocol version first requested by the client. See -B on the page L. +The TLS protocol version first requested by the client. =item "tls-negotiated-version" (B) -The negotiated TLS protocol version. See -B on the page L. +The negotiated TLS protocol version. =back OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() -get a constant B array that describes the gettable and settable +get a constant L array that describes the gettable and settable parameters, i.e. parameters that can be used with OSSL_FUNC_asym_cipherget_ctx_params() and OSSL_FUNC_asym_cipher_set_ctx_params() respectively. -See L for the use of B as parameter descriptor. =head1 RETURN VALUES diff -Nru openssl-3.0.7/doc/man7/provider-base.pod openssl-3.0.8/doc/man7/provider-base.pod --- openssl-3.0.7/doc/man7/provider-base.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-base.pod 2023-02-07 14:43:33.000000000 +0100 @@ -116,13 +116,13 @@ =head1 DESCRIPTION All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays, in the call +F and the provider in L arrays, in the call of the provider initialization function. See L for a description of the initialization function. They are known as "upcalls". All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from a B element named +function pointer from a L element named B. For example, the "function" core_gettable_params() has these: @@ -131,10 +131,10 @@ static ossl_inline OSSL_NAME_core_gettable_params_fn OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: -For I (the B array passed from F to the +For I (the L array passed from F to the provider): core_gettable_params OSSL_FUNC_CORE_GETTABLE_PARAMS @@ -182,7 +182,7 @@ provider_up_ref OSSL_FUNC_PROVIDER_UP_REF provider_free OSSL_FUNC_PROVIDER_FREE -For I<*out> (the B array passed from the provider to +For I<*out> (the L array passed from the provider to F): provider_teardown OSSL_FUNC_PROVIDER_TEARDOWN @@ -197,7 +197,7 @@ =head2 Core functions core_gettable_params() returns a constant array of descriptor -B, for parameters that core_get_params() can handle. +L, for parameters that core_get_params() can handle. core_get_params() retrieves parameters from the core for the given I. See L below for a description of currently known @@ -290,7 +290,7 @@ BIO_free(), BIO_vprintf(), BIO_vsnprintf(), BIO_gets(), BIO_puts(), BIO_ctrl(), OPENSSL_cleanse() and OPENSSL_hexstr2buf() correspond exactly to the public functions with -the same name. As a matter of fact, the pointers in the B +the same name. As a matter of fact, the pointers in the L array are typically direct pointers to those public functions. Note that the BIO functions take an B type rather than the standard B type. This is to ensure that a provider does not mix BIOs from the core @@ -372,13 +372,13 @@ It must free the passed I. provider_gettable_params() should return a constant array of -descriptor B, for parameters that provider_get_params() +descriptor L, for parameters that provider_get_params() can handle. -provider_get_params() should process the B array +provider_get_params() should process the L array I, setting the values of the parameters it understands. -provider_query_operation() should return a constant B +provider_query_operation() should return a constant L that corresponds to the given I. It should indicate if the core may store a reference to this array by setting I<*no_store> to 0 (core may store a reference) or 1 (core may @@ -389,13 +389,13 @@ pointers have been copied. The I should match that passed to provider_query_operation() and I should be its return value. -provider_get_reason_strings() should return a constant B +provider_get_reason_strings() should return a constant L array that provides reason strings for reason codes the provider may use when reporting errors using core_put_error(). The provider_get_capabilities() function should call the callback I passing -it a set of Bs and the caller supplied argument I. The -Bs should provide details about the capability with the name given +it a set of Ls and the caller supplied argument I. The +Ls should provide details about the capability with the name given in the I argument relevant for the provider context I. If a provider supports multiple capabilities with the given name then it may call the callback multiple times (one for each capability). Capabilities can be useful for diff -Nru openssl-3.0.7/doc/man7/provider-cipher.pod openssl-3.0.8/doc/man7/provider-cipher.pod --- openssl-3.0.7/doc/man7/provider-cipher.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-cipher.pod 2023-02-07 14:43:33.000000000 +0100 @@ -63,14 +63,14 @@ equivalents and other related functions). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_cipher_newctx() has these: @@ -78,7 +78,7 @@ static ossl_inline OSSL_FUNC_cipher_newctx_fn OSSL_FUNC_cipher_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_cipher_newctx OSSL_FUNC_CIPHER_NEWCTX @@ -193,7 +193,7 @@ Passing NULL for I should return true. OSSL_FUNC_cipher_gettable_params(), OSSL_FUNC_cipher_gettable_ctx_params(), -and OSSL_FUNC_cipher_settable_ctx_params() all return constant B +and OSSL_FUNC_cipher_settable_ctx_params() all return constant L arrays as descriptors of the parameters that OSSL_FUNC_cipher_get_params(), OSSL_FUNC_cipher_get_ctx_params(), and OSSL_FUNC_cipher_set_ctx_params() can handle, respectively. OSSL_FUNC_cipher_gettable_ctx_params() and @@ -217,7 +217,7 @@ success or 0 on error. OSSL_FUNC_cipher_gettable_params(), OSSL_FUNC_cipher_gettable_ctx_params() and -OSSL_FUNC_cipher_settable_ctx_params() should return a constant B +OSSL_FUNC_cipher_settable_ctx_params() should return a constant L array, or NULL if none is offered. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man7/provider-decoder.pod openssl-3.0.8/doc/man7/provider-decoder.pod --- openssl-3.0.7/doc/man7/provider-decoder.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-decoder.pod 2023-02-07 14:43:33.000000000 +0100 @@ -50,7 +50,7 @@ read from the given B. If the caller wants to decode data from memory, it should provide a L B. The decoded data or object reference is passed along with eventual metadata -to the I as B parameters. +to the I as L parameters. The decoder doesn't need to know more about the B pointer than being able to pass it to the appropriate BIO upcalls (see @@ -67,14 +67,14 @@ can be called as the final step of the decoding process. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_decoder_decode() has these: @@ -86,7 +86,7 @@ static ossl_inline OSSL_FUNC_decoder_decode_fn OSSL_FUNC_decoder_decode(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_decoder_get_params OSSL_FUNC_DECODER_GET_PARAMS @@ -202,7 +202,7 @@ ignored. Passing NULL for I should return true. -OSSL_FUNC_decoder_settable_ctx_params() returns a constant B +OSSL_FUNC_decoder_settable_ctx_params() returns a constant L array describing the parameters that OSSL_FUNC_decoder_set_ctx_params() can handle. @@ -217,18 +217,18 @@ supports the type of the object and provides an import function. OSSL_FUNC_decoder_export_object() should export the object of size I -referenced by I as an B array and pass that into the +referenced by I as an L array and pass that into the I as well as the given I. =head2 Decoding functions OSSL_FUNC_decoder_decode() should decode the data as read from the B I to produce decoded data or an object to be -passed as reference in an B array along with possible other -metadata that was decoded from the input. This B array is +passed as reference in an L array along with possible other +metadata that was decoded from the input. This L array is then passed to the I callback. The I bits, if relevant, should determine what the input data should contain. -The decoding functions also take an B function +The decoding functions also take an L function pointer along with a pointer to application data I, which should be used when a pass phrase prompt is needed. @@ -284,7 +284,7 @@ parameter was invalid or caused an error, for which 0 is returned. OSSL_FUNC_decoder_settable_ctx_params() returns a pointer to an array of -constant B elements. +constant L elements. OSSL_FUNC_decoder_does_selection() returns 1 if the decoder implementation supports any of the I bits, otherwise 0. diff -Nru openssl-3.0.7/doc/man7/provider-digest.pod openssl-3.0.8/doc/man7/provider-digest.pod --- openssl-3.0.7/doc/man7/provider-digest.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-digest.pod 2023-02-07 14:43:33.000000000 +0100 @@ -55,14 +55,14 @@ L and L (and other related functions). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_digest_newctx() has these: @@ -70,7 +70,7 @@ static ossl_inline OSSL_FUNC_digest_newctx_fn OSSL_FUNC_digest_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_digest_newctx OSSL_FUNC_DIGEST_NEWCTX @@ -158,13 +158,13 @@ the given provider side digest context I and stores them in I. Passing NULL for I should return true. -OSSL_FUNC_digest_gettable_params() returns a constant B array +OSSL_FUNC_digest_gettable_params() returns a constant L array containing descriptors of the parameters that OSSL_FUNC_digest_get_params() can handle. OSSL_FUNC_digest_gettable_ctx_params() and OSSL_FUNC_digest_settable_ctx_params() both return constant -B arrays as descriptors of the parameters that +L arrays as descriptors of the parameters that OSSL_FUNC_digest_get_ctx_params() and OSSL_FUNC_digest_set_ctx_params() can handle, respectively. The array is based on the current state of the provider side context if I is not NULL and on the provider diff -Nru openssl-3.0.7/doc/man7/provider-encoder.pod openssl-3.0.8/doc/man7/provider-encoder.pod --- openssl-3.0.7/doc/man7/provider-encoder.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-encoder.pod 2023-02-07 14:43:33.000000000 +0100 @@ -83,14 +83,14 @@ with the L provider. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_encoder_encode() has these: @@ -103,7 +103,7 @@ static ossl_inline OSSL_FUNC_encoder_encode_fn OSSL_FUNC_encoder_encode(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_encoder_get_params OSSL_FUNC_ENCODER_GET_PARAMS @@ -213,7 +213,7 @@ ignored. Passing NULL for I should return true. -OSSL_FUNC_encoder_settable_ctx_params() returns a constant B +OSSL_FUNC_encoder_settable_ctx_params() returns a constant L array describing the parameters that OSSL_FUNC_encoder_set_ctx_params() can handle. @@ -242,7 +242,7 @@ I) or an object abstraction (in I), and should output the object in encoded form to the B. The I bits, if relevant, should determine in greater detail what will be output. -The encoding functions also take an B function +The encoding functions also take an L function pointer along with a pointer to application data I, which should be used when a pass phrase prompt is needed. @@ -304,7 +304,7 @@ parameter was invalid or caused an error, for which 0 is returned. OSSL_FUNC_encoder_settable_ctx_params() returns a pointer to an array of -constant B elements. +constant L elements. OSSL_FUNC_encoder_does_selection() returns 1 if the encoder implementation supports any of the I bits, otherwise 0. diff -Nru openssl-3.0.7/doc/man7/provider-kdf.pod openssl-3.0.8/doc/man7/provider-kdf.pod --- openssl-3.0.7/doc/man7/provider-kdf.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-kdf.pod 2023-02-07 14:43:33.000000000 +0100 @@ -47,14 +47,14 @@ and L. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_kdf_newctx() has these: @@ -62,7 +62,7 @@ static ossl_inline OSSL_FUNC_kdf_newctx_fn OSSL_FUNC_kdf_newctx(const OSSL_DISPATCH *opf); -B array entries are identified by numbers that are provided as +L array entries are identified by numbers that are provided as macros in L, as follows: OSSL_FUNC_kdf_newctx OSSL_FUNC_KDF_NEWCTX @@ -134,7 +134,7 @@ Passing NULL for I should return true. OSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params(), -and OSSL_FUNC_kdf_settable_ctx_params() all return constant B +and OSSL_FUNC_kdf_settable_ctx_params() all return constant L arrays as descriptors of the parameters that OSSL_FUNC_kdf_get_params(), OSSL_FUNC_kdf_get_ctx_params(), and OSSL_FUNC_kdf_set_ctx_params() can handle, respectively. OSSL_FUNC_kdf_gettable_ctx_params() and @@ -330,7 +330,7 @@ success or 0 on error. OSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params() and -OSSL_FUNC_kdf_settable_ctx_params() should return a constant B +OSSL_FUNC_kdf_settable_ctx_params() should return a constant L array, or NULL if none is offered. =head1 NOTES diff -Nru openssl-3.0.7/doc/man7/provider-kem.pod openssl-3.0.8/doc/man7/provider-kem.pod --- openssl-3.0.7/doc/man7/provider-kem.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-kem.pod 2023-02-07 14:43:33.000000000 +0100 @@ -50,14 +50,14 @@ L and other related functions. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_kem_newctx() has these: @@ -65,7 +65,7 @@ static ossl_inline OSSL_FUNC_kem_newctx_fn OSSL_FUNC_kem_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_kem_newctx OSSL_FUNC_KEM_NEWCTX @@ -181,10 +181,9 @@ No parameters are currently recognised by built-in asymmetric kem algorithms. OSSL_FUNC_kem_gettable_ctx_params() and OSSL_FUNC_kem_settable_ctx_params() -get a constant B array that describes the gettable and settable +get a constant L array that describes the gettable and settable parameters, i.e. parameters that can be used with OSSL_FUNC_kem_get_ctx_params() and OSSL_FUNC_kem_set_ctx_params() respectively. -See L for the use of B as parameter descriptor. =head1 RETURN VALUES diff -Nru openssl-3.0.7/doc/man7/provider-keyexch.pod openssl-3.0.8/doc/man7/provider-keyexch.pod --- openssl-3.0.7/doc/man7/provider-keyexch.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-keyexch.pod 2023-02-07 14:43:33.000000000 +0100 @@ -48,14 +48,14 @@ other related functions). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_keyexch_newctx() has these: @@ -63,7 +63,7 @@ static ossl_inline OSSL_FUNC_keyexch_newctx_fn OSSL_FUNC_keyexch_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX @@ -146,17 +146,16 @@ see L. Passing NULL for I should return true. -OSSL_FUNC_keyexch_settable_ctx_params() yields a constant B array that +OSSL_FUNC_keyexch_settable_ctx_params() yields a constant L array that describes the settable parameters, i.e. parameters that can be used with OP_signature_set_ctx_params(). If OSSL_FUNC_keyexch_settable_ctx_params() is present, OSSL_FUNC_keyexch_set_ctx_params() must also be present, and vice versa. -Similarly, OSSL_FUNC_keyexch_gettable_ctx_params() yields a constant B +Similarly, OSSL_FUNC_keyexch_gettable_ctx_params() yields a constant L array that describes the gettable parameters, i.e. parameters that can be handled by OP_signature_get_ctx_params(). If OSSL_FUNC_keyexch_gettable_ctx_params() is present, OSSL_FUNC_keyexch_get_ctx_params() must also be present, and vice versa. -See L for the use of B as parameter descriptor. Notice that not all settable parameters are also gettable, and vice versa. @@ -217,7 +216,7 @@ or 0 on error. OSSL_FUNC_keyexch_settable_ctx_params() and OSSL_FUNC_keyexch_gettable_ctx_params() should -always return a constant B array. +always return a constant L array. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man7/provider-keymgmt.pod openssl-3.0.8/doc/man7/provider-keymgmt.pod --- openssl-3.0.7/doc/man7/provider-keymgmt.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-keymgmt.pod 2023-02-07 14:43:33.000000000 +0100 @@ -72,14 +72,14 @@ provider side key data for the OpenSSL library EVP_PKEY structure. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from a B element named +function pointer from a L element named B. For example, the "function" OSSL_FUNC_keymgmt_new() has these: @@ -87,7 +87,7 @@ static ossl_inline OSSL_FUNC_keymgmt_new_fn OSSL_FUNC_keymgmt_new(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_keymgmt_new OSSL_FUNC_KEYMGMT_NEW @@ -236,7 +236,7 @@ I in the key object generation context I. OSSL_FUNC_keymgmt_gen_settable_params() should return a constant array of -descriptor B, for parameters that OSSL_FUNC_keymgmt_gen_set_params() +descriptor L, for parameters that OSSL_FUNC_keymgmt_gen_set_params() can handle. OSSL_FUNC_keymgmt_gen() should perform the key object generation itself, and @@ -264,7 +264,7 @@ with the given I, see L. OSSL_FUNC_keymgmt_gettable_params() should return a constant array of -descriptor B, for parameters that OSSL_FUNC_keymgmt_get_params() +descriptor L, for parameters that OSSL_FUNC_keymgmt_get_params() can handle. If OSSL_FUNC_keymgmt_gettable_params() is present, OSSL_FUNC_keymgmt_get_params() @@ -274,7 +274,7 @@ with the given I, see L. OSSL_FUNC_keymgmt_settable_params() should return a constant array of -descriptor B, for parameters that OSSL_FUNC_keymgmt_set_params() +descriptor L, for parameters that OSSL_FUNC_keymgmt_set_params() can handle. If OSSL_FUNC_keymgmt_settable_params() is present, OSSL_FUNC_keymgmt_set_params() @@ -323,18 +323,18 @@ =head2 Key Object Import, Export and Duplication Functions OSSL_FUNC_keymgmt_import() should import data indicated by I into -I with values taken from the B array I. +I with values taken from the L array I. OSSL_FUNC_keymgmt_export() should extract values indicated by I -from I, create an B array with them and call +from I, create an L array with them and call I with that array as well as the given I. OSSL_FUNC_keymgmt_import_types() should return a constant array of descriptor -B for data indicated by I, for parameters that +L for data indicated by I, for parameters that OSSL_FUNC_keymgmt_import() can handle. OSSL_FUNC_keymgmt_export_types() should return a constant array of descriptor -B for data indicated by I, that the +L for data indicated by I, that the OSSL_FUNC_keymgmt_export() callback can expect to receive. OSSL_FUNC_keymgmt_dup() should duplicate data subsets indicated by @@ -397,7 +397,7 @@ OSSL_FUNC_keymgmt_gettable_params() and OSSL_FUNC_keymgmt_settable_params() OSSL_FUNC_keymgmt_import_types(), OSSL_FUNC_keymgmt_export_types() should -always return a constant B array. +always return a constant L array. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man7/provider-mac.pod openssl-3.0.8/doc/man7/provider-mac.pod --- openssl-3.0.7/doc/man7/provider-mac.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-mac.pod 2023-02-07 14:43:33.000000000 +0100 @@ -48,14 +48,14 @@ L and L. All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_mac_newctx() has these: @@ -63,7 +63,7 @@ static ossl_inline OSSL_FUNC_mac_newctx_fn OSSL_FUNC_mac_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_mac_newctx OSSL_FUNC_MAC_NEWCTX @@ -145,7 +145,7 @@ Passing NULL for I should return true. OSSL_FUNC_mac_gettable_params(), OSSL_FUNC_mac_gettable_ctx_params(), -and OSSL_FUNC_mac_settable_ctx_params() all return constant B +and OSSL_FUNC_mac_settable_ctx_params() all return constant L arrays as descriptors of the parameters that OSSL_FUNC_mac_get_params(), OSSL_FUNC_mac_get_ctx_params(), and OSSL_FUNC_mac_set_ctx_params() can handle, respectively. OSSL_FUNC_mac_gettable_ctx_params() and @@ -209,7 +209,7 @@ success or 0 on error. OSSL_FUNC_mac_gettable_params(), OSSL_FUNC_mac_gettable_ctx_params() and -OSSL_FUNC_mac_settable_ctx_params() should return a constant B +OSSL_FUNC_mac_settable_ctx_params() should return a constant L array, or NULL if none is offered. =head1 SEE ALSO diff -Nru openssl-3.0.7/doc/man7/provider.pod openssl-3.0.8/doc/man7/provider.pod --- openssl-3.0.7/doc/man7/provider.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider.pod 2023-02-07 14:43:33.000000000 +0100 @@ -34,8 +34,8 @@ =head2 Provider A I offers an initialization function, as a set of base -functions in the form of an B array, and by extension, -a set of Bs (see L). +functions in the form of an L array, and by extension, +a set of Ls (see L). It may be a dynamically loadable module, or may be built-in, in OpenSSL libraries or in the application. If it's a dynamically loadable module, the initialization function @@ -92,7 +92,7 @@ reference to the returned data in their internal store of implementations. -The returned B is the foundation of any OpenSSL +The returned L is the foundation of any OpenSSL library API that uses providers for their implementation, most commonly in the I type of functions (see L). diff -Nru openssl-3.0.7/doc/man7/provider-rand.pod openssl-3.0.8/doc/man7/provider-rand.pod --- openssl-3.0.7/doc/man7/provider-rand.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-rand.pod 2023-02-07 14:43:33.000000000 +0100 @@ -168,7 +168,7 @@ Passing NULL for I should return true. OSSL_FUNC_rand_gettable_params(), OSSL_FUNC_rand_gettable_ctx_params(), -and OSSL_FUNC_rand_settable_ctx_params() all return constant B +and OSSL_FUNC_rand_settable_ctx_params() all return constant L arrays as descriptors of the parameters that OSSL_FUNC_rand_get_params(), OSSL_FUNC_rand_get_ctx_params(), and OSSL_FUNC_rand_set_ctx_params() can handle, respectively. OSSL_FUNC_rand_gettable_ctx_params() @@ -262,7 +262,7 @@ provider side rand context, or NULL on failure. OSSL_FUNC_rand_gettable_params(), OSSL_FUNC_rand_gettable_ctx_params() and -OSSL_FUNC_rand_settable_ctx_params() should return a constant B +OSSL_FUNC_rand_settable_ctx_params() should return a constant L array, or NULL if none is offered. OSSL_FUNC_rand_nonce() returns the size of the generated nonce, or 0 on error. diff -Nru openssl-3.0.7/doc/man7/provider-signature.pod openssl-3.0.8/doc/man7/provider-signature.pod --- openssl-3.0.7/doc/man7/provider-signature.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-signature.pod 2023-02-07 14:43:33.000000000 +0100 @@ -93,14 +93,14 @@ as other related functions). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the -function pointer from an B element named +function pointer from an L element named B. For example, the "function" OSSL_FUNC_signature_newctx() has these: @@ -108,7 +108,7 @@ static ossl_inline OSSL_FUNC_signature_newctx_fn OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX @@ -379,10 +379,9 @@ =back OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() get a -constant B array that describes the gettable and settable parameters, +constant L array that describes the gettable and settable parameters, i.e. parameters that can be used with OSSL_FUNC_signature_get_ctx_params() and OSSL_FUNC_signature_set_ctx_params() respectively. -See L for the use of B as parameter descriptor. =head2 MD parameters @@ -404,11 +403,10 @@ L for further information. OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params() -get a constant B array that describes the gettable and settable +get a constant L array that describes the gettable and settable digest parameters, i.e. parameters that can be used with OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params() -respectively. See L for the use of B as parameter -descriptor. +respectively. =head1 RETURN VALUES @@ -417,7 +415,7 @@ OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_params(), OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(), -return the gettable or settable parameters in a constant B array. +return the gettable or settable parameters in a constant L array. All other functions should return 1 for success or 0 on error. diff -Nru openssl-3.0.7/doc/man7/provider-storemgmt.pod openssl-3.0.8/doc/man7/provider-storemgmt.pod --- openssl-3.0.7/doc/man7/provider-storemgmt.pod 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/doc/man7/provider-storemgmt.pod 2023-02-07 14:43:33.000000000 +0100 @@ -44,14 +44,14 @@ form). All "functions" mentioned here are passed as function pointers between -F and the provider in B arrays via -B arrays that are returned by the provider's +F and the provider in L arrays via +L arrays that are returned by the provider's provider_query_operation() function (see L). All these "functions" have a corresponding function type definition named B, and a helper function to retrieve the function pointer -from a B element named B. +from a L element named B. For example, the "function" OSSL_FUNC_store_attach() has these: typedef void *(OSSL_FUNC_store_attach_fn)(void *provctx, @@ -59,7 +59,7 @@ static ossl_inline OSSL_FUNC_store_attach_fn OSSL_FUNC_store_attach(const OSSL_DISPATCH *opf); -B arrays are indexed by numbers that are provided as macros +L arrays are indexed by numbers that are provided as macros in L, as follows: OSSL_FUNC_store_open OSSL_FUNC_STORE_OPEN @@ -82,7 +82,7 @@ supporting L. OSSL_FUNC_store_settable_ctx_params() should return a constant array of -descriptor B, for parameters that OSSL_FUNC_store_set_ctx_params() +descriptor L, for parameters that OSSL_FUNC_store_set_ctx_params() can handle. OSSL_FUNC_store_set_ctx_params() should set additional parameters, such as what @@ -111,7 +111,7 @@ supports the type of the object and provides an import function. OSSL_FUNC_store_export_object() should export the object of size I -referenced by I as an B array and pass that to the +referenced by I as an L array and pass that to the I as well as the given I. =head2 Load Parameters diff -Nru openssl-3.0.7/engines/asm/e_padlock-x86_64.pl openssl-3.0.8/engines/asm/e_padlock-x86_64.pl --- openssl-3.0.7/engines/asm/e_padlock-x86_64.pl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/engines/asm/e_padlock-x86_64.pl 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -94,6 +94,8 @@ .align 16 padlock_key_bswap: mov 240($arg1),%edx + inc %edx + shl \$2,%edx .Lbswap_loop: mov ($arg1),%eax bswap %eax diff -Nru openssl-3.0.7/engines/asm/e_padlock-x86.pl openssl-3.0.8/engines/asm/e_padlock-x86.pl --- openssl-3.0.7/engines/asm/e_padlock-x86.pl 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/engines/asm/e_padlock-x86.pl 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -115,6 +115,8 @@ &function_begin_B("padlock_key_bswap"); &mov ("edx",&wparam(0)); &mov ("ecx",&DWP(240,"edx")); + &inc ("ecx"); + &shl ("ecx",2); &set_label("bswap_loop"); &mov ("eax",&DWP(0,"edx")); &bswap ("eax"); diff -Nru openssl-3.0.7/engines/e_dasync.c openssl-3.0.8/engines/e_dasync.c --- openssl-3.0.7/engines/e_dasync.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/engines/e_dasync.c 2023-02-07 14:43:33.000000000 +0100 @@ -139,6 +139,14 @@ const unsigned char *in, size_t inl); static int dasync_aes128_cbc_cleanup(EVP_CIPHER_CTX *ctx); +static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr); +static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc); +static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl); +static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx); + static int dasync_aes128_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); static int dasync_aes128_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx, @@ -171,6 +179,12 @@ return _hidden_aes_128_cbc; } +static EVP_CIPHER *_hidden_aes_256_ctr = NULL; +static const EVP_CIPHER *dasync_aes_256_ctr(void) +{ + return _hidden_aes_256_ctr; +} + /* * Holds the EVP_CIPHER object for aes_128_cbc_hmac_sha1 in this engine. Set up * once only during engine bind and can then be reused many times. @@ -192,8 +206,10 @@ static void destroy_ciphers(void) { EVP_CIPHER_meth_free(_hidden_aes_128_cbc); + EVP_CIPHER_meth_free(_hidden_aes_256_ctr); EVP_CIPHER_meth_free(_hidden_aes_128_cbc_hmac_sha1); _hidden_aes_128_cbc = NULL; + _hidden_aes_256_ctr = NULL; _hidden_aes_128_cbc_hmac_sha1 = NULL; } @@ -202,6 +218,7 @@ static int dasync_cipher_nids[] = { NID_aes_128_cbc, + NID_aes_256_ctr, NID_aes_128_cbc_hmac_sha1, 0 }; @@ -284,6 +301,30 @@ _hidden_aes_128_cbc = NULL; } + _hidden_aes_256_ctr = EVP_CIPHER_meth_new(NID_aes_256_ctr, + 1 /* block size */, + 32 /* key len */); + if (_hidden_aes_256_ctr == NULL + || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_256_ctr,16) + || !EVP_CIPHER_meth_set_flags(_hidden_aes_256_ctr, + EVP_CIPH_FLAG_DEFAULT_ASN1 + | EVP_CIPH_CTR_MODE + | EVP_CIPH_FLAG_PIPELINE + | EVP_CIPH_CUSTOM_COPY) + || !EVP_CIPHER_meth_set_init(_hidden_aes_256_ctr, + dasync_aes256_init_key) + || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_256_ctr, + dasync_aes256_ctr_cipher) + || !EVP_CIPHER_meth_set_cleanup(_hidden_aes_256_ctr, + dasync_aes256_ctr_cleanup) + || !EVP_CIPHER_meth_set_ctrl(_hidden_aes_256_ctr, + dasync_aes256_ctr_ctrl) + || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_256_ctr, + sizeof(struct dasync_pipeline_ctx))) { + EVP_CIPHER_meth_free(_hidden_aes_256_ctr); + _hidden_aes_256_ctr = NULL; + } + _hidden_aes_128_cbc_hmac_sha1 = EVP_CIPHER_meth_new( NID_aes_128_cbc_hmac_sha1, 16 /* block size */, @@ -445,6 +486,9 @@ case NID_aes_128_cbc: *cipher = dasync_aes_128_cbc(); break; + case NID_aes_256_ctr: + *cipher = dasync_aes_256_ctr(); + break; case NID_aes_128_cbc_hmac_sha1: *cipher = dasync_aes_128_cbc_hmac_sha1(); break; @@ -779,6 +823,29 @@ return dasync_cipher_cleanup_helper(ctx, EVP_aes_128_cbc()); } +static int dasync_aes256_ctr_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, + void *ptr) +{ + return dasync_cipher_ctrl_helper(ctx, type, arg, ptr, 0, EVP_aes_256_ctr()); +} + +static int dasync_aes256_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, + const unsigned char *iv, int enc) +{ + return dasync_cipher_init_key_helper(ctx, key, iv, enc, EVP_aes_256_ctr()); +} + +static int dasync_aes256_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + const unsigned char *in, size_t inl) +{ + return dasync_cipher_helper(ctx, out, in, inl, EVP_aes_256_ctr()); +} + +static int dasync_aes256_ctr_cleanup(EVP_CIPHER_CTX *ctx) +{ + return dasync_cipher_cleanup_helper(ctx, EVP_aes_256_ctr()); +} + /* * AES128 CBC HMAC SHA1 Implementation diff -Nru openssl-3.0.7/include/crypto/bn.h openssl-3.0.8/include/crypto/bn.h --- openssl-3.0.7/include/crypto/bn.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/crypto/bn.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -114,4 +114,10 @@ extern const BIGNUM ossl_bn_inv_sqrt_2; +int ossl_bn_rsa_do_unblind(const BIGNUM *intermediate, + const BN_BLINDING *blinding, + const BIGNUM *possible_arg2, + const BIGNUM *to_mod, BN_CTX *ctx, + unsigned char *buf, int num); + #endif diff -Nru openssl-3.0.7/include/crypto/evp.h openssl-3.0.8/include/crypto/evp.h --- openssl-3.0.7/include/crypto/evp.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/crypto/evp.h 2023-02-07 14:43:33.000000000 +0100 @@ -589,6 +589,7 @@ typedef struct { EVP_KEYMGMT *keymgmt; void *keydata; + int selection; } OP_CACHE_ELEM; DEFINE_STACK_OF(OP_CACHE_ELEM) @@ -778,12 +779,14 @@ int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, OSSL_CALLBACK *export_cb, void *export_cbarg); -void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int selection); OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt); + EVP_KEYMGMT *keymgmt, + int selection); int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); -int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, - EVP_KEYMGMT *keymgmt, void *keydata); +int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + void *keydata, int selection); void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, int selection, const OSSL_PARAM params[]); diff -Nru openssl-3.0.7/include/crypto/rand.h openssl-3.0.8/include/crypto/rand.h --- openssl-3.0.7/include/crypto/rand.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/crypto/rand.h 2023-02-07 14:43:33.000000000 +0100 @@ -125,4 +125,5 @@ size_t ossl_pool_acquire_entropy(RAND_POOL *pool); int ossl_pool_add_nonce_data(RAND_POOL *pool); +void ossl_rand_ctx_free(void *vdgbl); #endif diff -Nru openssl-3.0.7/include/crypto/types.h openssl-3.0.8/include/crypto/types.h --- openssl-3.0.7/include/crypto/types.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/crypto/types.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -20,6 +20,9 @@ typedef struct ec_key_st EC_KEY; typedef struct ec_key_method_st EC_KEY_METHOD; # endif +# ifndef OPENSSL_NO_DSA +typedef struct dsa_st DSA; +# endif # endif # ifndef OPENSSL_NO_EC diff -Nru openssl-3.0.7/include/crypto/x509.h openssl-3.0.8/include/crypto/x509.h --- openssl-3.0.7/include/crypto/x509.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/crypto/x509.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -339,6 +339,9 @@ RSA *ossl_d2i_RSA_PSS_PUBKEY(RSA **a, const unsigned char **pp, long length); int ossl_i2d_RSA_PSS_PUBKEY(const RSA *a, unsigned char **pp); +# ifndef OPENSSL_NO_DSA +DSA *ossl_d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length); +# endif /* OPENSSL_NO_DSA */ # ifndef OPENSSL_NO_DH DH *ossl_d2i_DH_PUBKEY(DH **a, const unsigned char **pp, long length); int ossl_i2d_DH_PUBKEY(const DH *a, unsigned char **pp); diff -Nru openssl-3.0.7/include/internal/cryptlib.h openssl-3.0.8/include/internal/cryptlib.h --- openssl-3.0.7/include/internal/cryptlib.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/internal/cryptlib.h 2023-02-07 14:43:33.000000000 +0100 @@ -199,6 +199,8 @@ int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn); const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx); +void ossl_release_default_drbg_ctx(void); + OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad); int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, CRYPTO_EX_DATA *ad); diff -Nru openssl-3.0.7/include/internal/ffc.h openssl-3.0.8/include/internal/ffc.h --- openssl-3.0.7/include/internal/ffc.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/internal/ffc.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -76,6 +76,7 @@ # define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 # define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 # define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 +# define FFC_ERROR_PASSED_NULL_PARAM 0x40 /* * Finite field cryptography (FFC) domain parameters are used by DH and DSA. diff -Nru openssl-3.0.7/include/openssl/cmperr.h openssl-3.0.8/include/openssl/cmperr.h --- openssl-3.0.7/include/openssl/cmperr.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/cmperr.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -69,7 +69,9 @@ # define CMP_R_MISSING_PRIVATE_KEY 131 # define CMP_R_MISSING_PROTECTION 143 # define CMP_R_MISSING_REFERENCE_CERT 168 +# define CMP_R_MISSING_SECRET 178 # define CMP_R_MISSING_SENDER_IDENTIFICATION 111 +# define CMP_R_MISSING_TRUST_ANCHOR 179 # define CMP_R_MISSING_TRUST_STORE 144 # define CMP_R_MULTIPLE_REQUESTS_NOT_SUPPORTED 161 # define CMP_R_MULTIPLE_RESPONSES_NOT_SUPPORTED 170 diff -Nru openssl-3.0.7/include/openssl/cmp.h.in openssl-3.0.8/include/openssl/cmp.h.in --- openssl-3.0.7/include/openssl/cmp.h.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/cmp.h.in 2023-02-07 14:43:33.000000000 +0100 @@ -194,13 +194,16 @@ * -- CertReqMsg * } */ -# define OSSL_CMP_PKISTATUS_accepted 0 -# define OSSL_CMP_PKISTATUS_grantedWithMods 1 -# define OSSL_CMP_PKISTATUS_rejection 2 -# define OSSL_CMP_PKISTATUS_waiting 3 -# define OSSL_CMP_PKISTATUS_revocationWarning 4 +# define OSSL_CMP_PKISTATUS_request -3 +# define OSSL_CMP_PKISTATUS_trans -2 +# define OSSL_CMP_PKISTATUS_unspecified -1 +# define OSSL_CMP_PKISTATUS_accepted 0 +# define OSSL_CMP_PKISTATUS_grantedWithMods 1 +# define OSSL_CMP_PKISTATUS_rejection 2 +# define OSSL_CMP_PKISTATUS_waiting 3 +# define OSSL_CMP_PKISTATUS_revocationWarning 4 # define OSSL_CMP_PKISTATUS_revocationNotification 5 -# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 +# define OSSL_CMP_PKISTATUS_keyUpdateWarning 6 typedef ASN1_INTEGER OSSL_CMP_PKISTATUS; DECLARE_ASN1_ITEM(OSSL_CMP_PKISTATUS) @@ -325,6 +328,7 @@ /* CMP message header and extra certificates: */ int OSSL_CMP_CTX_set1_recipient(OSSL_CMP_CTX *ctx, const X509_NAME *name); int OSSL_CMP_CTX_push0_geninfo_ITAV(OSSL_CMP_CTX *ctx, OSSL_CMP_ITAV *itav); +int OSSL_CMP_CTX_reset_geninfo_ITAVs(OSSL_CMP_CTX *ctx); int OSSL_CMP_CTX_set1_extraCertsOut(OSSL_CMP_CTX *ctx, STACK_OF(X509) *extraCertsOut); /* certificate template: */ diff -Nru openssl-3.0.7/include/openssl/cmserr.h openssl-3.0.8/include/openssl/cmserr.h --- openssl-3.0.7/include/openssl/cmserr.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/cmserr.h 2023-02-07 14:43:33.000000000 +0100 @@ -105,6 +105,7 @@ # define CMS_R_UNKNOWN_DIGEST_ALGORITHM 149 # define CMS_R_UNKNOWN_ID 150 # define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 +# define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM 194 # define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 # define CMS_R_UNSUPPORTED_ENCRYPTION_TYPE 192 # define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 diff -Nru openssl-3.0.7/include/openssl/sslerr.h openssl-3.0.8/include/openssl/sslerr.h --- openssl-3.0.7/include/openssl/sslerr.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/sslerr.h 2023-02-07 14:43:33.000000000 +0100 @@ -150,6 +150,7 @@ # define SSL_R_INVALID_SRP_USERNAME 357 # define SSL_R_INVALID_STATUS_RESPONSE 328 # define SSL_R_INVALID_TICKET_KEYS_LENGTH 325 +# define SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED 333 # define SSL_R_LENGTH_MISMATCH 159 # define SSL_R_LENGTH_TOO_LONG 404 # define SSL_R_LENGTH_TOO_SHORT 160 diff -Nru openssl-3.0.7/include/openssl/trace.h openssl-3.0.8/include/openssl/trace.h --- openssl-3.0.7/include/openssl/trace.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/trace.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -43,10 +43,8 @@ # define OSSL_TRACE_CATEGORY_TLS 3 # define OSSL_TRACE_CATEGORY_TLS_CIPHER 4 # define OSSL_TRACE_CATEGORY_CONF 5 -# ifndef OPENSSL_NO_ENGINE -# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 -# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 -# endif +# define OSSL_TRACE_CATEGORY_ENGINE_TABLE 6 +# define OSSL_TRACE_CATEGORY_ENGINE_REF_COUNT 7 # define OSSL_TRACE_CATEGORY_PKCS5V2 8 # define OSSL_TRACE_CATEGORY_PKCS12_KEYGEN 9 # define OSSL_TRACE_CATEGORY_PKCS12_DECRYPT 10 diff -Nru openssl-3.0.7/include/openssl/x509v3.h.in openssl-3.0.8/include/openssl/x509v3.h.in --- openssl-3.0.7/include/openssl/x509v3.h.in 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/include/openssl/x509v3.h.in 2023-02-07 14:43:33.000000000 +0100 @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -154,7 +154,7 @@ OTHERNAME *otherName; /* otherName */ ASN1_IA5STRING *rfc822Name; ASN1_IA5STRING *dNSName; - ASN1_TYPE *x400Address; + ASN1_STRING *x400Address; X509_NAME *directoryName; EDIPARTYNAME *ediPartyName; ASN1_IA5STRING *uniformResourceIdentifier; diff -Nru openssl-3.0.7/INSTALL.md openssl-3.0.8/INSTALL.md --- openssl-3.0.7/INSTALL.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/INSTALL.md 2023-02-07 14:43:33.000000000 +0100 @@ -244,9 +244,8 @@ $ nmake install -The easiest way to elevate the Command Prompt is to press and hold down -the both the `` and `` key while clicking the menu item in the -task menu. +The easiest way to elevate the Command Prompt is to press and hold down both +the `` and `` keys while clicking the menu item in the task menu. The default installation location is @@ -1204,6 +1203,14 @@ and defines various macros in `include/openssl/configuration.h` (generated from `include/openssl/configuration.h.in`. +If none of the generated build files suit your purpose, it's possible to +write your own build file template and give its name through the environment +variable `BUILDFILE`. For example, Ninja build files could be supported by +writing `Configurations/build.ninja.tmpl` and then configure with `BUILDFILE` +set like this (Unix syntax shown, you'll have to adapt for other platforms): + + $ BUILDFILE=build.ninja perl Configure [options...] + ### Out of Tree Builds OpenSSL can be configured to build in a build directory separate from the diff -Nru openssl-3.0.7/NEWS.md openssl-3.0.8/NEWS.md --- openssl-3.0.7/NEWS.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/NEWS.md 2023-02-07 14:43:33.000000000 +0100 @@ -18,6 +18,18 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023] + + * Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401]) + * Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286]) + * Fixed NULL dereference validating DSA public key ([CVE-2023-0217]) + * Fixed Invalid pointer dereference in d2i_PKCS7 functions ([CVE-2023-0216]) + * Fixed Use-after-free following BIO_new_NDEF ([CVE-2023-0215]) + * Fixed Double free after calling PEM_read_bio_ex ([CVE-2022-4450]) + * Fixed Timing Oracle in RSA Decryption ([CVE-2022-4304]) + * Fixed X.509 Name Constraints Read Buffer Overflow ([CVE-2022-4203]) + * Fixed X.509 Policy Constraints Double Locking ([CVE-2022-3996]) + ### Major changes between OpenSSL 3.0.6 and OpenSSL 3.0.7 [1 Nov 2022] * Added RIPEMD160 to the default provider. @@ -1418,7 +1430,15 @@ * Support for various new platforms - +[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401 +[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286 +[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217 +[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216 +[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215 +[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450 +[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304 +[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203 +[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996 [CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274 [CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971 diff -Nru openssl-3.0.7/NOTES-NONSTOP.md openssl-3.0.8/NOTES-NONSTOP.md --- openssl-3.0.7/NOTES-NONSTOP.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/NOTES-NONSTOP.md 2023-02-07 14:43:33.000000000 +0100 @@ -186,6 +186,9 @@ if [ -n "$PRE_RELEASE_TAG" ]; then PRE_RELEASE_TAG="-$PRE_RELEASE_TAG" fi + if [ -n "$BUILD_METADATA" ]; then + BUILD_METADATA="+$BUILD_METADATA" + fi echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\ sed -e 's/[-.+]/_/g' ) diff -Nru openssl-3.0.7/providers/common/der/oids_to_c.pm openssl-3.0.8/providers/common/der/oids_to_c.pm --- openssl-3.0.7/providers/common/der/oids_to_c.pm 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/common/der/oids_to_c.pm 2023-02-07 14:43:33.000000000 +0100 @@ -23,8 +23,6 @@ \s* ${OID_value_re} /x; -use Data::Dumper; - sub filter_to_H { my ($name, $comment) = @{ shift() }; my @oid_nums = @_; diff -Nru openssl-3.0.7/providers/fips.checksum openssl-3.0.8/providers/fips.checksum --- openssl-3.0.7/providers/fips.checksum 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/fips.checksum 2023-02-07 14:43:33.000000000 +0100 @@ -1 +1 @@ -674597de1e7bfa5782d42c044d5475e6fd473c737008a297e8e90746eafb97d9 providers/fips-sources.checksums +fd6bce79efec94a99e40c919e0a5ee392514b81cac01d4d46b5c76f27fb1b839 providers/fips-sources.checksums diff -Nru openssl-3.0.7/providers/fips.module.sources openssl-3.0.8/providers/fips.module.sources --- openssl-3.0.7/providers/fips.module.sources 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/fips.module.sources 2023-02-07 14:43:33.000000000 +0100 @@ -95,6 +95,7 @@ crypto/bn/bn_sqr.c crypto/bn/bn_sqrt.c crypto/bn/bn_word.c +crypto/bn/rsa_sup_mul.c crypto/bn/rsaz_exp.c crypto/bn/rsaz_exp.h crypto/bn/rsaz_exp_x2.c diff -Nru openssl-3.0.7/providers/fips-sources.checksums openssl-3.0.8/providers/fips-sources.checksums --- openssl-3.0.7/providers/fips-sources.checksums 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/fips-sources.checksums 2023-02-07 14:43:33.000000000 +0100 @@ -67,41 +67,42 @@ 259fb8d7f40c0dba46920b1f169d5b37de03b0fda645463d19e3ae2b56de851d crypto/bn/asm/x86_64-mont5.pl 0ea8185a037a2951bb3d1e590bbbdeac305176d5e618f3e43a04c09733a9de34 crypto/bn/bn_add.c 3962dfaa0142e67115ab84f7809d46d59bd122758be09a081b08b2e0d4743b2e crypto/bn/bn_asm.c -3e86e6e5777499703420afade11dd23a7c6912f8eccd08da47308c7aadd7459d crypto/bn/bn_blind.c +01a35f971062b97b4953604151d3b6a411be439743b5540aa25b638d2186db6f crypto/bn/bn_blind.c 7b761d541e3b7f6a3f2b14a09b2b3836a079a845cf67a54db4853e3fd38277c6 crypto/bn/bn_const.c 58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81 crypto/bn/bn_conv.c 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c -73cd9bd700b652a83280aa1a7a970351aed71111c9a1b0ddd81a1157cc6f3fb6 crypto/bn/bn_exp.c +a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c 1abab2cc5466b005b939d156e7d8664a4d42a191c9040dbb83941269d6844f0c crypto/bn/bn_gcd.c 4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c b33295765dc6d3843e3571007e2d6dbe75564645ebf181191a91464706d9fadb crypto/bn/bn_lib.c -64bce599181c45d999f0c5bda9ce36b2820f0e91ec6590cc8cba77e2760f8287 crypto/bn/bn_local.h +0567e3881c4577f25eb7b93070ac1914251d5ef98e3ac4ebacec09a65a12868c crypto/bn/bn_local.h 07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d crypto/bn/bn_mod.c -4f8763847752d570ef95dc0d06e51240829ab55c3529301214d3c2b613c6a18b crypto/bn/bn_mont.c +f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_mont.c 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c 4e3bf49a788ec36cd1d919475bc410a743931aa144e7c60d603e9c0b448faab4 crypto/bn/bn_nist.c c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h -eeeb2f85b60ae10e00907335032724f6ce198eb319e7a81f8eddaef0f67db6e3 crypto/bn/bn_rand.c +628419eabdb88b265823e43a7a1c88fdfecef79771180836f6089050dc9eadb1 crypto/bn/bn_rand.c 1f6e13da1d9965b341f81bc0842a987a7db9b7de0fa7f7040d49be01b92d282b crypto/bn/bn_recp.c 626226d4dae8e19530a60d8a94b270b262740550787fc46f686b301a043c705b crypto/bn/bn_rsa_fips186_4.c 704b0b4723e5c9e9bae5f3e35f9ae8ae8dca3383929e954de9e5169845abfdb2 crypto/bn/bn_shift.c 622e90766b29e0d25f46474429aebda8eba2246835b9e85dc26da7cdbd49334f crypto/bn/bn_sqr.c 42c8ce944c889abcfcf089d0ad2744b7587696d8d7785efa91b3f7ec53dc062a crypto/bn/bn_sqrt.c 24e62baa56e02f2db6454e10168b7c7fa7638db9221b9acda1803d43f38f36e0 crypto/bn/bn_word.c +2e69544977adab07422acab5cbb32f4efb7ab68bc160dde711e3f7a8e755b43d crypto/bn/rsa_sup_mul.c be27115efd36f0077a3ec26b1ff1f586b0b8969ba05d8ffa34b2ff4badf227bf crypto/bn/rsaz_exp.c c4d64da1cdc732ea918fccd6a7bb2746b03365dd26f7ba1e74e08c307ca4c58e crypto/bn/rsaz_exp.h -d231fa689f53994616b9ef1f661e4f90333184deae324d5d4a218aad891c500d crypto/bn/rsaz_exp_x2.c +5b82cb8dbf3087c2e671871cb0a92e4039223a51af533a2ee996f3bfd47453a7 crypto/bn/rsaz_exp_x2.c 834db8ff36006e5cb53e09ca6c44290124bd23692f4341ea6563b66fcade4cea crypto/bsearch.c c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75 crypto/buffer/buffer.c 0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d crypto/cmac/cmac.c -58068d6533fed9359b164ddc9711b2dd7b2a76f32ad94103d91dbe3462ac95d8 crypto/context.c +ff9be205d6d7ff00b0e64508f0eb8d9ec0415fbabc0948d26e308212b3f7b2d8 crypto/context.c c309d81ea991ddf5be4337afad2fd132169f7443c76f863349d3f3c82f3374e4 crypto/core_algorithm.c f0fd9eb38bf7f196bbb4d26ce8fdf86d0a4f9db219157e66b2c0ffefb4f42005 crypto/core_fetch.c 02670d631bf0f34cca1e3477079d7fe5de4e03c391cf3992986f44f55319597c crypto/core_namemap.c @@ -190,7 +191,7 @@ 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c 1c3d1b1f800b1f1f5adb1fdbdd67cdf37ca7ea93b264d1468c72a63c140873ce crypto/evp/evp_enc.c 7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c -d2b6c0e2736f20e4db4b7b8dd2b372de861624f3fed1290ee4c6dde383842071 crypto/evp/evp_lib.c +ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c 78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h 117e679d49d2ae87e49d3c942ff0ce768959e8b9713f84a99025cabba462ccd5 crypto/evp/evp_rand.c 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c crypto/evp/evp_utils.c @@ -198,12 +199,12 @@ 9e25042581b73e295c059c6217f3ecf809134d518eb79b1b67f34e3ca9145677 crypto/evp/kdf_lib.c 1d72f5506984df1df8606e8c7045f041cf517223e2e1b50c4da8ba8bf1c6c186 crypto/evp/kdf_meth.c 5179624b8e03615dc9caedc9ec16d094fa081495613dd552d71c2c39475bcd83 crypto/evp/kem.c -724d2ac784d6f22cb0a382abc23ac0f2d76f2f6831fcd09e101f6f27d0c3e4ed crypto/evp/keymgmt_lib.c +5016dd7ef8b4cf7e9ea8465c18d1daa4c8808cb589261cf236058ee75bc868d7 crypto/evp/keymgmt_lib.c a976cf4e7bfb61e06a147360b748238010d23efb069d191fd023abc38d9a2af9 crypto/evp/keymgmt_meth.c e1a052839b8b70dca20dbac1282d61abd1c415bf4fb6afb56b811e8770d8a2e1 crypto/evp/m_sigver.c 4290c95f63b43688a8da57690d122add5161a6811f9753da1444d28f46739961 crypto/evp/mac_lib.c e7e8eb5683cd3fbd409df888020dc353b65ac291361829cc4131d5bc86c9fcb3 crypto/evp/mac_meth.c -9c5ef2f0b513ad1b8458146efbff80c2b6185626d0571e5aa6a31e471d37d615 crypto/evp/p_lib.c +b3eebfe75d050bef62a2ce6c13399a2b72bdf60bb540666d01a47691f68931b3 crypto/evp/p_lib.c 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622 crypto/evp/pmeth_check.c 1f0e9e94e9b0ad322956521b438b78d44cfcd8eb974e8921d05f9e21ba1c05cf crypto/evp/pmeth_gn.c 76511fba789089a50ef87774817a5482c33633a76a94ecf7b6e8eb915585575d crypto/evp/pmeth_lib.c @@ -212,9 +213,9 @@ 709d40d5096497349b8b9e2917e949a0a75e6065df62798d1816866ca7e7b4ca crypto/ffc/ffc_backend.c a12af33e605315cdddd6d759e70cd9632f0f33682b9aa7103ed1ecd354fc7e55 crypto/ffc/ffc_dh.c 854378f57707e31ad02cca6eec94369f91f327288d3665713e249c12f7b13211 crypto/ffc/ffc_key_generate.c -084ae8e68a9df5785376bb961a998036336ed13092ffd1c4258b56e6a7e0478b crypto/ffc/ffc_key_validate.c +2695c9c8ad9193a8c1ab53d5d09712d50d12c91eb8d62e8a15cbc78f327afe84 crypto/ffc/ffc_key_validate.c b18d5d7cfc95163defea41f5a081e90f6a7163a6b81c6cfadb8b470ef2e83fc5 crypto/ffc/ffc_params.c -5174e008f44909724e0ee7109095ee353e67e9ba77e1ab3bedfcf6eaecab7b6c crypto/ffc/ffc_params_generate.c +1a1d227f9a0f427d2ec93bc646c726c9cd49a84a343b4aff0c9c744fa6df05a9 crypto/ffc/ffc_params_generate.c 73dac805abab36cd9df53a421221c71d06a366a4ce479fa788be777f11b47159 crypto/ffc/ffc_params_validate.c 0a4fc92e408b0562cf95c480df93a9907a318a2c92356642903a5d50ed04fd88 crypto/hmac/hmac.c 0395c1b0834f2f4a0ca1756385f4dc1a4ef6fb925b2db3743df7f57256c5166f crypto/hmac/hmac_local.h @@ -245,21 +246,21 @@ 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c 8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c -cc4483ec9ba7a30908e3a433a6817e2f211d4c1f69c206e6bae24bbd39a68281 crypto/param_build.c +a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c c2fe815fb3fd5efe9a6544cae55f9469063a0f6fb728361737b927f6182ae0bb crypto/param_build_set.c -02dfeb286c85567bb1b6323a53c089ba66447db97695cc78eceb6677fbc76bf9 crypto/params.c +06e67fdd2a308bf355c8dae2e0acd9af94f6e53d428a7d31966311eb5c0aebc1 crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c -48c20b804e18ede5e45697a766e7dbe6ef6b3da9f58c7b37bd8f293df2ac7d34 crypto/property/defn_cache.c -32539c14a8e4a0992b001e99a79f112746fd518d51edab57ccdec3516715ed4b crypto/property/property.c -a2c69527b60692a8b07cfdfe7e75f654daa092411d5de5e02b446a4ef3752855 crypto/property/property_local.h +b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c +7da6ae864beb1a4daa4be31eb41d48141a3a7eb7a263a4937a6889e05656a595 crypto/property/property.c +66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h 921305e62749aec22da4843738bee3448b61e7e30d5309beddc7141ad07a8004 crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c 9653ec9c1476350a94b9cc7f8be3d99961fd803870c9ac03315298d2909a6a8e crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c -4e6b7d1d8278067c18bcb5e3ac9b7fe7e9b1d0d03bc5a276275483f541d1a12c crypto/rand/rand_lib.c +a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c fd03b9bb2c23470fa40880ed3bf9847bb17d50592101a78c0ad7a0f121209788 crypto/rand/rand_local.h f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd crypto/rsa/rsa_acvp_test_params.c 9e7dd6fc91d3266d4aa4f0f41b7986381122b7d98114e63ebf04c5ee298b5fda crypto/rsa/rsa_backend.c @@ -271,7 +272,7 @@ cf0b75cd54b61b9b9a290ef18d0ddce9fb26a029a54eb3f720d9b25188440f00 crypto/rsa/rsa_mp_names.c 5c60f6e05db82e13178d805deb1947b8eee4a905e6e77523d3b288da70a46bb5 crypto/rsa/rsa_none.c 33de2accc3af530fd0a4758eb83d5e1d994bf49bac4512b01387dbae656e1a7d crypto/rsa/rsa_oaep.c -1b58825809bb9c5fc9e876d71e5b787b08f034eaee3c30eb20d30a1d889bdbd5 crypto/rsa/rsa_ossl.c +178c98421b54ec50ee55470a7b1acb771ed22efef2c2c0e059544baa7e6d387e crypto/rsa/rsa_ossl.c be3f39c1fcb777d6c0122061f9ef735d10a6bee95d67fcc1ca6ae2a664022d2b crypto/rsa/rsa_pk1.c 174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c @@ -314,7 +315,7 @@ 8d84164f3cfd53290c0c14bb5655510b7a9238857866328c0604d64b4e76fe21 crypto/sha/asm/sha512-armv4.pl dadacb6d66b160913bffb4e1a6c3e5f7be6509b26e2c099701d8d3fdb92c1be0 crypto/sha/asm/sha512-armv8.pl 6f548a088feae3b6faa179653ba449df9d3f5cda1e0561e5b5f120b32274d1eb crypto/sha/asm/sha512-c64xplus.pl -f999dbef1f95004b7dd926208dd942dc4106750de7a7ccfb70c6487e9916feac crypto/sha/asm/sha512-ia64.pl +9fa54fbc34fd881f4b344374b9b4f8fb15b641424be7af9a31c71af89ae5d577 crypto/sha/asm/sha512-ia64.pl fb06844e7c3b014a58dccc8ec6020c71843cfdc5be08288bc7d204f0a840c474 crypto/sha/asm/sha512-mips.pl 11548f06d213947104a80898e000218ec0d6ff3f6913f6582de498476482ce9f crypto/sha/asm/sha512-parisc.pl 7c0c490ce6bb11a228853aecad5e164ce84e5bdabb8a6658ae7184782076c7d3 crypto/sha/asm/sha512-ppc.pl @@ -338,7 +339,7 @@ 0a9c484f640d96e918921f57f592e82e99ccdbe35d3138d64b10c7af839e9a07 e_os.h 6f353dc7c8c4d8f24f7ffbf920668ccb224ebb5810805a7c80d96770cd858005 include/crypto/aes_platform.h 8c6f308c1ca774e6127e325c3b80511dbcdc99631f032694d8db53a5c02364ee include/crypto/asn1_dsa.h -8ce1b35c6924555ef316c7c51d6c27656869e6da7f513f45b7a7051579e3e54d include/crypto/bn.h +f49a26fc4348f3b79507dc4a04fade82cf870f7c22e6c977f402c859fdd1b98b include/crypto/bn.h 1c46818354d42bd1b1c4e5fdae9e019814936e775fd8c918ca49959c2a6416df include/crypto/bn_conf.h.in 7a43a4898fcc8446065e6c99249bcc14e475716e8c1d40d50408c0ab179520e6 include/crypto/bn_dh.h e69b2b20fb415e24b970941c84a62b752b5d0175bc68126e467f7cc970495504 include/crypto/cryptlib.h @@ -348,27 +349,27 @@ 20d99c9a740e4d7d67e23fa4ae4c6a39d114e486c66ad41b65d91a8244cd1dea include/crypto/dsa.h 2ea47c059e84ce9d14cc31f4faf45f64d631de9e2937aa1d7a83de5571c63574 include/crypto/ec.h edbfae8720502a4708983b60eac72aa04f031059f197ada31627cb5e72812858 include/crypto/ecx.h -41974ef3d365c608cf35310f99f7006f7995f8cc380f316ab4a280772cd092ae include/crypto/evp.h +9dab9af8b0a657fe5de46375b71aefcad7e98af272b69ed69c7c104e9e057414 include/crypto/evp.h bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6 include/crypto/lhash.h 162812058c69f65a824906193057cd3edeabc22f51a4220aea7cb9064379a9b6 include/crypto/md32_common.h f12bfc145290444bcc7bf408874bded348e742443c145b8b5bc70ae558d96c31 include/crypto/modes.h -8aa4f71ebd9753baceed428e323d5f550d74aff43ab9a55eda7c096d838b8f49 include/crypto/rand.h +f326212c978576c5346c89ae0336c2428594494b54054f6045b1f1038bfbc004 include/crypto/rand.h 90930fc8788d6e04e57829346e0405293ac7a678c3cef23d0692c742e9586d09 include/crypto/rand_pool.h 306abf9d327a9e63fff2cdef730275abc4d2781254a032b1f370f3428eb5a2ef include/crypto/rsa.h 32f0149ab1d82fddbdfbbc44e3078b4a4cc6936d35187e0f8d02cc0bc19f2401 include/crypto/security_bits.h 0f743762f646656b5480648c05632575fe8acc7506460c63e0fcdf42cf20c08a include/crypto/sha.h 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad include/crypto/sparse_array.h -5bfeea62d21b7cb43d9a819c5cd2800f02ea019687a8331abf313d615889ad37 include/crypto/types.h +7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e include/crypto/types.h 782a83d4e489fd865e2768a20bfa31e78c2071fd0ceeb9eb077276ae2bcc6590 include/internal/bio.h 92aacb3e49288f91b44f97e41933e88fe455706e1dd21a365683c2ab545db131 include/internal/constant_time.h c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8 include/internal/core.h -d7ddeab97434a21cb2cad1935a3cb130f6cd0b3c75322463d431c5eab3ab1ae1 include/internal/cryptlib.h +0b572801dfb8a41cc239e3439f8097a0ad11bbdf5d54811d10ceba3175cf2f17 include/internal/cryptlib.h 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63 include/internal/deprecated.h 3325b895d15c0a6341f456a8d866a0f83e80fc8a31a01c34fcfd717715b33075 include/internal/der.h fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -557aa7985c8cde8fd9fa59a49f47fa955ec36b36f6fe9edd4bfd3872e3b13a9a include/internal/ffc.h +094b69aeb8f349cafa8865b577e253132088c25eabb61b910fab141e6f7d2929 include/internal/ffc.h 100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99 include/internal/namemap.h b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h ae41a2fb41bf592bbb47e4855cf4efd9ef85fc11f910a7e195ceef78fb4321dc include/internal/numbers.h @@ -445,7 +446,7 @@ 2964274ab32b1ba8578a06b06663db2eda4317ae806369271d889176bb5a7d04 include/openssl/sha.h c169a015d7be52b7b99dd41c418a48d97e52ad21687c39c512a83a7c3f3ddb70 include/openssl/stack.h 22d7584ad609e30e818b54dca1dfae8dea38913fffedd25cd540c550372fb9a6 include/openssl/symhacks.h -410c6eb3ffadcbee13d511d6b8ee576db75b35b324cb394b5e05dbd4a17fb92e include/openssl/trace.h +5e452bf61d802fdf7b6a65d1c8a1e3f72a7885e4bf2f521eca6443cea69f4ce5 include/openssl/trace.h 873d2ec2054ec24c52df4abe830cb2b9666fe4e75cc62b4de0f50ef9d20c5812 include/openssl/types.h c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13 providers/common/bio_prov.c 4546387d6642603c81ec4cd8d5fc4af8ba60ac7359eb6f31e7d24827031e68ad providers/common/capabilities.c @@ -544,19 +545,19 @@ c95ce5498e724b9b3d58e3c2f4723e7e3e4beb07f9bea9422e43182cbadb43af providers/implementations/include/prov/macsignature.h 29d1a112b799e1f45fdf8bcee8361c2ed67428c250c1cdf408a9fbb7ebf4cce1 providers/implementations/include/prov/names.h 2187713b446d8b6d24ee986748b941ac3e24292c71e07ff9fb53a33021decdda providers/implementations/include/prov/seeding.h -86026710ea733f0dd44e400c43e7dab745526f2255816f48a6b00dd8b8009879 providers/implementations/kdfs/hkdf.c +04f22d6afbad5a6e806cf3af9a25843ccfefb748e24d97a09830a1677706acd5 providers/implementations/kdfs/hkdf.c a62e3af09f5af84dcf36f951ba4ac90ca1694adaf3747126186020b155f94186 providers/implementations/kdfs/kbkdf.c e0644e727aacfea4da3cf2c4d2602d7ef0626ebb760b6467432ffd54d5fbb24d providers/implementations/kdfs/pbkdf2.c c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c providers/implementations/kdfs/pbkdf2.h abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc providers/implementations/kdfs/pbkdf2_fips.c 9cc42a4b0a8089e6d1be64637dbb9e41bd21ae5e3386022a27a8f29308ad25c9 providers/implementations/kdfs/sshkdf.c -7c692170729ab1d648564abdbf9bcbba5071f9a81a25fab9eae66899316bcd4a providers/implementations/kdfs/sskdf.c +8571556d77d10e8edc98212473a38f09632e3f19e9995dde89ee6c95f2e84ccf providers/implementations/kdfs/sskdf.c 589f6133799da80760e8bc3ab0191a341ab6d4d2706e92e6eb4a24b0250fefa6 providers/implementations/kdfs/tls1_prf.c 4d4a6d9a562d2dcfec941d3f113a544663b5ac2fbe4accd89ec70c1cc11751d0 providers/implementations/kdfs/x942kdf.c 6b6c776b12664164f3cb54c21df61e1c4477c7855d89431a16fb338cdae58d43 providers/implementations/kem/rsa_kem.c -6ac9f9b04d195bd545d2357fad1769c098b84896c188d19de0b7f747b2db0ff6 providers/implementations/keymgmt/dh_kmgmt.c -5db963d0b3d86912b8234d90f2d8d15438c3e9710572b9d6a8d911a5bcd29836 providers/implementations/keymgmt/dsa_kmgmt.c -c7ff403834b8ead9c4b0f3fdbaae72500c350a51529af4205a61cef92612dd19 providers/implementations/keymgmt/ec_kmgmt.c +37120f8a420de0e44b7dc1f31b50d59520e5318cf546e83684e0c3de5c7b76c5 providers/implementations/keymgmt/dh_kmgmt.c +2a4493c9e68f41d37d7ec69c272005c6df7b1a34db2d49663f52e836e4fd888c providers/implementations/keymgmt/dsa_kmgmt.c +ed6825fb92d0ab30f9f858ee29dfa403caa22430cccf493f850f993fd03a975e providers/implementations/keymgmt/ec_kmgmt.c 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251 providers/implementations/keymgmt/ec_kmgmt_imexport.inc d77ece2494e6b12a6201a2806ee5fb24a6dc2fa3e1891a46012a870e0b781ab1 providers/implementations/keymgmt/ecx_kmgmt.c 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c @@ -565,7 +566,7 @@ aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c 895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c -aa7ba1d39ea4e3347294eb50b4dfcb895ef1a22bd6117d3b076a74e9ff11c242 providers/implementations/macs/kmac_prov.c +f75fbfe5348f93ad610da7d310f4e8fecf18c0549f27605da25d393c33e0edc2 providers/implementations/macs/kmac_prov.c bf30274dd6b528ae913984775bd8f29c6c48c0ef06d464d0f738217727b7aa5c providers/implementations/rands/crngt.c c7236e6e2e8adce14f8206da0ceef63c7974d4ba1a7dd71b94fa100cac6b46ba providers/implementations/rands/drbg.c bb5f8161a80d0d1a7ee919af2b167972b00afd62e326252ca6aa93101f315f19 providers/implementations/rands/drbg_ctr.c @@ -575,7 +576,7 @@ 04339b66c10017229ef368cb48077f58a252ebfda9ab12b9f919e4149b1036ed providers/implementations/rands/test_rng.c cafb9e6f54ad15889fcebddac6df61336bff7d78936f7de3bb5aab8aee5728d2 providers/implementations/signature/dsa_sig.c a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c -effdaa4a7b8f6c2326994ba1578a77af5e60a9ed89a5b8fab876950657366da0 providers/implementations/signature/eddsa_sig.c +02e833a767afbe98247d6f09dfb1eb5a5cf7304a93f2c5427a9f6af9c8a3b549 providers/implementations/signature/eddsa_sig.c 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c 2334c8bba705032b8c1db5dd28e024a45a73b72cae82a2d815fe855445a49d10 providers/implementations/signature/rsa_sig.c a14e901b02fe095713624db4080b3aa3ca685d43f9ebec03041f992240973346 ssl/record/tls_pad.c diff -Nru openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305.c openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305.c --- openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -14,7 +14,6 @@ #include "prov/implementations.h" #include "prov/providercommon.h" - #define CHACHA20_POLY1305_KEYLEN CHACHA_KEY_SIZE #define CHACHA20_POLY1305_BLKLEN 1 #define CHACHA20_POLY1305_MAX_IVLEN 12 @@ -53,7 +52,6 @@ ossl_prov_cipher_hw_chacha20_poly1305( CHACHA20_POLY1305_KEYLEN * 8), NULL); - ctx->nonce_len = CHACHA20_POLY1305_IVLEN; ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; ossl_chacha20_initctx(&ctx->chacha); } @@ -85,7 +83,7 @@ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); if (p != NULL) { - if (!OSSL_PARAM_set_size_t(p, ctx->nonce_len)) { + if (!OSSL_PARAM_set_size_t(p, CHACHA20_POLY1305_IVLEN)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return 0; } @@ -169,11 +167,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } - if (len == 0 || len > CHACHA20_POLY1305_MAX_IVLEN) { + if (len != CHACHA20_POLY1305_MAX_IVLEN) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - ctx->nonce_len = len; } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); diff -Nru openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305.h openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305.h --- openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305.h 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -25,7 +25,7 @@ struct { uint64_t aad, text; } len; unsigned int aad : 1; unsigned int mac_inited : 1; - size_t tag_len, nonce_len; + size_t tag_len; size_t tls_payload_length; size_t tls_aad_pad_sz; } PROV_CHACHA20_POLY1305_CTX; diff -Nru openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c --- openssl-3.0.7/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/ciphers/cipher_chacha20_poly1305_hw.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -55,7 +55,6 @@ return 1; } - static int chacha20_poly1305_initkey(PROV_CIPHER_CTX *bctx, const unsigned char *key, size_t keylen) { @@ -78,6 +77,7 @@ PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)bctx; unsigned char tempiv[CHACHA_CTR_SIZE] = { 0 }; int ret = 1; + size_t noncelen = CHACHA20_POLY1305_IVLEN; ctx->len.aad = 0; ctx->len.text = 0; @@ -85,22 +85,20 @@ ctx->mac_inited = 0; ctx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH; - /* pad on the left */ - if (ctx->nonce_len <= CHACHA_CTR_SIZE) { - memcpy(tempiv + CHACHA_CTR_SIZE - ctx->nonce_len, bctx->oiv, - ctx->nonce_len); - - if (bctx->enc) - ret = ossl_chacha20_einit(&ctx->chacha, NULL, 0, - tempiv, sizeof(tempiv), NULL); - else - ret = ossl_chacha20_dinit(&ctx->chacha, NULL, 0, - tempiv, sizeof(tempiv), NULL); - ctx->nonce[0] = ctx->chacha.counter[1]; - ctx->nonce[1] = ctx->chacha.counter[2]; - ctx->nonce[2] = ctx->chacha.counter[3]; - bctx->iv_set = 1; - } + /* pad on the left */ + memcpy(tempiv + CHACHA_CTR_SIZE - noncelen, bctx->oiv, + noncelen); + + if (bctx->enc) + ret = ossl_chacha20_einit(&ctx->chacha, NULL, 0, + tempiv, sizeof(tempiv), NULL); + else + ret = ossl_chacha20_dinit(&ctx->chacha, NULL, 0, + tempiv, sizeof(tempiv), NULL); + ctx->nonce[0] = ctx->chacha.counter[1]; + ctx->nonce[1] = ctx->chacha.counter[2]; + ctx->nonce[2] = ctx->chacha.counter[3]; + bctx->iv_set = 1; return ret; } diff -Nru openssl-3.0.7/providers/implementations/encode_decode/decode_der2key.c openssl-3.0.8/providers/implementations/encode_decode/decode_der2key.c --- openssl-3.0.7/providers/implementations/encode_decode/decode_der2key.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/encode_decode/decode_der2key.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -374,7 +374,7 @@ (key_from_pkcs8_t *)ossl_dsa_key_from_pkcs8); } -# define dsa_d2i_PUBKEY (d2i_of_void *)d2i_DSA_PUBKEY +# define dsa_d2i_PUBKEY (d2i_of_void *)ossl_d2i_DSA_PUBKEY # define dsa_free (free_key_fn *)DSA_free # define dsa_check NULL diff -Nru openssl-3.0.7/providers/implementations/kdfs/hkdf.c openssl-3.0.8/providers/implementations/kdfs/hkdf.c --- openssl-3.0.7/providers/implementations/kdfs/hkdf.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/kdfs/hkdf.c 2023-02-07 14:43:33.000000000 +0100 @@ -32,6 +32,7 @@ #include "e_os.h" #define HKDF_MAXBUF 2048 +#define HKDF_MAXINFO (32*1024) static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new; static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free; @@ -82,7 +83,7 @@ size_t label_len; unsigned char *data; size_t data_len; - unsigned char info[HKDF_MAXBUF]; + unsigned char *info; size_t info_len; } KDF_HKDF; @@ -121,7 +122,7 @@ OPENSSL_free(ctx->label); OPENSSL_clear_free(ctx->data, ctx->data_len); OPENSSL_clear_free(ctx->key, ctx->key_len); - OPENSSL_cleanse(ctx->info, ctx->info_len); + OPENSSL_clear_free(ctx->info, ctx->info_len); memset(ctx, 0, sizeof(*ctx)); ctx->provctx = provctx; } @@ -244,6 +245,41 @@ return 1; } +/* + * Use WPACKET to concat one or more OSSL_KDF_PARAM_INFO fields into a fixed + * out buffer of size *outlen. + * If out is NULL then outlen is used to return the required buffer size. + */ +static int setinfo_fromparams(const OSSL_PARAM *p, unsigned char *out, size_t *outlen) +{ + int ret = 0; + WPACKET pkt; + + if (out == NULL) { + if (!WPACKET_init_null(&pkt, 0)) + return 0; + } else { + if (!WPACKET_init_static_len(&pkt, out, *outlen, 0)) + return 0; + } + + for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, OSSL_KDF_PARAM_INFO)) { + if (p->data_type != OSSL_PARAM_OCTET_STRING) + goto err; + if (p->data != NULL + && p->data_size != 0 + && !WPACKET_memcpy(&pkt, p->data, p->data_size)) + goto err; + } + if (!WPACKET_get_total_written(&pkt, outlen) + || !WPACKET_finish(&pkt)) + goto err; + ret = 1; +err: + WPACKET_cleanup(&pkt); + return ret; +} + static int kdf_hkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { const OSSL_PARAM *p; @@ -257,20 +293,26 @@ /* The info fields concatenate, so process them all */ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) { - ctx->info_len = 0; - for (; p != NULL; p = OSSL_PARAM_locate_const(p + 1, - OSSL_KDF_PARAM_INFO)) { - const void *q = ctx->info + ctx->info_len; - size_t sz = 0; - - if (p->data_size != 0 - && p->data != NULL - && !OSSL_PARAM_get_octet_string(p, (void **)&q, - HKDF_MAXBUF - ctx->info_len, - &sz)) - return 0; - ctx->info_len += sz; - } + size_t sz = 0; + + /* calculate the total size */ + if (!setinfo_fromparams(p, NULL, &sz)) + return 0; + if (sz > HKDF_MAXINFO) + return 0; + + OPENSSL_clear_free(ctx->info, ctx->info_len); + ctx->info = NULL; + if (sz == 0) + return 1; + /* Alloc the buffer */ + ctx->info = OPENSSL_malloc(sz); + if (ctx->info == NULL) + return 0; + ctx->info_len = sz; + /* Concat one or more OSSL_KDF_PARAM_INFO fields */ + if (!setinfo_fromparams(p, ctx->info, &sz)) + return 0; } return 1; } diff -Nru openssl-3.0.7/providers/implementations/kdfs/sskdf.c openssl-3.0.8/providers/implementations/kdfs/sskdf.c --- openssl-3.0.7/providers/implementations/kdfs/sskdf.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/kdfs/sskdf.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -62,6 +62,7 @@ unsigned char *salt; size_t salt_len; size_t out_len; /* optional KMAC parameter */ + int is_kmac; } KDF_SSKDF; #define SSKDF_MAX_INLEN (1<<30) @@ -332,8 +333,12 @@ static size_t sskdf_size(KDF_SSKDF *ctx) { int len; - const EVP_MD *md = ossl_prov_digest_md(&ctx->digest); + const EVP_MD *md = NULL; + if (ctx->is_kmac) + return SIZE_MAX; + + md = ossl_prov_digest_md(&ctx->digest); if (md == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return 0; @@ -373,8 +378,7 @@ default_salt_len = EVP_MD_get_size(md); if (default_salt_len <= 0) return 0; - } else if (EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC128) - || EVP_MAC_is_a(mac, OSSL_MAC_NAME_KMAC256)) { + } else if (ctx->is_kmac) { /* H(x) = KMACzzz(x, salt, custom) */ custom = kmac_custom_str; custom_len = sizeof(kmac_custom_str); @@ -452,12 +456,20 @@ if (params == NULL) return 1; - if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) - return 0; - if (!ossl_prov_macctx_load_from_params(&ctx->macctx, params, NULL, NULL, NULL, libctx)) return 0; + if (ctx->macctx != NULL) { + if (EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC128) + || EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), + OSSL_MAC_NAME_KMAC256)) { + ctx->is_kmac = 1; + } + } + + if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx)) + return 0; if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) diff -Nru openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c openssl-3.0.8/providers/implementations/keymgmt/dh_kmgmt.c --- openssl-3.0.7/providers/implementations/keymgmt/dh_kmgmt.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/keymgmt/dh_kmgmt.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -198,8 +198,8 @@ if ((selection & DH_POSSIBLE_SELECTIONS) == 0) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && ossl_dh_params_fromdata(dh, params); + /* a key without parameters is meaningless */ + ok = ok && ossl_dh_params_fromdata(dh, params); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { int include_private = diff -Nru openssl-3.0.7/providers/implementations/keymgmt/dsa_kmgmt.c openssl-3.0.8/providers/implementations/keymgmt/dsa_kmgmt.c --- openssl-3.0.7/providers/implementations/keymgmt/dsa_kmgmt.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/keymgmt/dsa_kmgmt.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -199,8 +199,9 @@ if ((selection & DSA_POSSIBLE_SELECTIONS) == 0) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); + /* a key without parameters is meaningless */ + ok = ok && ossl_dsa_ffc_params_fromdata(dsa, params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; diff -Nru openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c openssl-3.0.8/providers/implementations/keymgmt/ec_kmgmt.c --- openssl-3.0.7/providers/implementations/keymgmt/ec_kmgmt.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/keymgmt/ec_kmgmt.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -147,8 +147,10 @@ if (p != NULL || tmpl != NULL) { /* convert pub_point to a octet string according to the SECG standard */ + point_conversion_form_t format = EC_KEY_get_conv_form(eckey); + if ((pub_key_len = EC_POINT_point2buf(ecg, pub_point, - POINT_CONVERSION_COMPRESSED, + format, pub_key, bnctx)) == 0 || !ossl_param_build_set_octet_string(tmpl, p, OSSL_PKEY_PARAM_PUB_KEY, @@ -156,10 +158,16 @@ goto err; } if (px != NULL || py != NULL) { - if (px != NULL) + if (px != NULL) { x = BN_CTX_get(bnctx); - if (py != NULL) + if (x == NULL) + goto err; + } + if (py != NULL) { y = BN_CTX_get(bnctx); + if (y == NULL) + goto err; + } if (!EC_POINT_get_affine_coordinates(ecg, pub_point, x, y, bnctx)) goto err; @@ -946,7 +954,7 @@ if ((flags & EC_FLAG_CHECK_NAMED_GROUP) != 0) ok = ok && EC_GROUP_check_named_curve(EC_KEY_get0_group(eck), - (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx); + (flags & EC_FLAG_CHECK_NAMED_GROUP_NIST) != 0, ctx) > 0; else ok = ok && EC_GROUP_check(EC_KEY_get0_group(eck), ctx); } @@ -996,10 +1004,10 @@ gctx->libctx = libctx; gctx->selection = selection; gctx->ecdh_mode = 0; - } - if (!ec_gen_set_params(gctx, params)) { - OPENSSL_free(gctx); - gctx = NULL; + if (!ec_gen_set_params(gctx, params)) { + OPENSSL_free(gctx); + gctx = NULL; + } } return gctx; } diff -Nru openssl-3.0.7/providers/implementations/macs/kmac_prov.c openssl-3.0.8/providers/implementations/macs/kmac_prov.c --- openssl-3.0.7/providers/implementations/macs/kmac_prov.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/macs/kmac_prov.c 2023-02-07 14:43:33.000000000 +0100 @@ -91,21 +91,21 @@ * Restrict the maximum length of the customisation string. This must not * exceed 64 bits = 8k bytes. */ -#define KMAC_MAX_CUSTOM 256 +#define KMAC_MAX_CUSTOM 512 /* Maximum size of encoded custom string */ #define KMAC_MAX_CUSTOM_ENCODED (KMAC_MAX_CUSTOM + KMAC_MAX_ENCODED_HEADER_LEN) -/* Maximum key size in bytes = 256 (2048 bits) */ -#define KMAC_MAX_KEY 256 +/* Maximum key size in bytes = 512 (4096 bits) */ +#define KMAC_MAX_KEY 512 #define KMAC_MIN_KEY 4 /* * Maximum Encoded Key size will be padded to a multiple of the blocksize - * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 256 + 4 + * i.e KMAC_MAX_KEY + KMAC_MAX_ENCODED_HEADER_LEN = 512 + 4 * Padded to a multiple of KMAC_MAX_BLOCKSIZE */ -#define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 2) +#define KMAC_MAX_KEY_ENCODED (KMAC_MAX_BLOCKSIZE * 4) /* Fixed value of encode_string("KMAC") */ static const unsigned char kmac_string[] = { diff -Nru openssl-3.0.7/providers/implementations/signature/eddsa_sig.c openssl-3.0.8/providers/implementations/signature/eddsa_sig.c --- openssl-3.0.7/providers/implementations/signature/eddsa_sig.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/providers/implementations/signature/eddsa_sig.c 2023-02-07 14:43:33.000000000 +0100 @@ -164,6 +164,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } + if (edkey->privkey == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } #ifdef S390X_EC_ASM if (S390X_CAN_SIGN(ED25519)) { if (s390x_ed25519_digestsign(edkey, sigret, tbs, tbslen) == 0) { @@ -201,6 +205,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } + if (edkey->privkey == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_A_PRIVATE_KEY); + return 0; + } #ifdef S390X_EC_ASM if (S390X_CAN_SIGN(ED448)) { if (s390x_ed448_digestsign(edkey, sigret, tbs, tbslen) == 0) { diff -Nru openssl-3.0.7/README-FIPS.md openssl-3.0.8/README-FIPS.md --- openssl-3.0.7/README-FIPS.md 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/README-FIPS.md 2023-02-07 14:43:33.000000000 +0100 @@ -1,13 +1,29 @@ OpenSSL FIPS support ==================== -This release of OpenSSL includes a cryptographic module that is intended to be +This release of OpenSSL includes a cryptographic module that can be FIPS 140-2 validated. The module is implemented as an OpenSSL provider. A provider is essentially a dynamically loadable module which implements cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file for further details. -The OpenSSL FIPS provider comes as shared library called `fips.so` (on Unix) +A cryptographic module is only FIPS validated after it has gone through the complex +FIPS 140 validation process. As this process takes a very long time, it is not +possible to validate every minor release of OpenSSL. +If you need a FIPS validated module then you must ONLY generate a FIPS provider +using OpenSSL versions that have valid FIPS certificates. A FIPS certificate +contains a link to a Security Policy, and you MUST follow the instructions +in the Security Policy in order to be FIPS compliant. +See for information related to OpenSSL +FIPS certificates and Security Policies. + +Newer OpenSSL Releases that include security or bug fixes can be used to build +all other components (such as the core API's, TLS and the default, base and +legacy providers) without any restrictions, but the FIPS provider must be built +as specified in the Security Policy (normally with a different version of the +source code). + +The OpenSSL FIPS provider is a shared library called `fips.so` (on Unix), or resp. `fips.dll` (on Windows). The FIPS provider does not get built and installed automatically. To enable it, you need to configure OpenSSL using the `enable-fips` option. @@ -15,6 +31,9 @@ Installing the FIPS module ========================== +The following is only a guide. +Please read the Security Policy for up to date installation instructions. + If the FIPS provider is enabled, it gets installed automatically during the normal installation process. Simply follow the normal procedure (configure, make, make test, make install) as described in the [INSTALL](INSTALL.md) file. diff -Nru openssl-3.0.7/ssl/record/rec_layer_s3.c openssl-3.0.8/ssl/record/rec_layer_s3.c --- openssl-3.0.7/ssl/record/rec_layer_s3.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/record/rec_layer_s3.c 2023-02-07 14:43:33.000000000 +0100 @@ -16,6 +16,7 @@ #include #include "record_local.h" #include "internal/packet.h" +#include "internal/cryptlib.h" #if defined(OPENSSL_SMALL_FOOTPRINT) || \ !( defined(AES_ASM) && ( \ @@ -1015,14 +1016,15 @@ } /* - * Reserve some bytes for any growth that may occur during encryption. - * This will be at most one cipher block or the tag length if using - * AEAD. SSL_RT_MAX_CIPHER_BLOCK_SIZE covers either case. - */ + * Reserve some bytes for any growth that may occur during encryption. If + * we are adding the MAC independently of the cipher algorithm, then the + * max encrypted overhead does not need to include an allocation for that + * MAC + */ if (!BIO_get_ktls_send(s->wbio)) { if (!WPACKET_reserve_bytes(thispkt, - SSL_RT_MAX_CIPHER_BLOCK_SIZE, - NULL) + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size, NULL) /* * We also need next the amount of bytes written to this * sub-packet @@ -1074,6 +1076,9 @@ /* Allocate bytes for the encryption overhead */ if (!WPACKET_get_length(thispkt, &origlen) + /* Check we allowed enough room for the encryption growth */ + || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + - mac_size >= thiswr->length) /* Encryption should never shrink the data! */ || origlen > thiswr->length || (thiswr->length > origlen diff -Nru openssl-3.0.7/ssl/record/ssl3_buffer.c openssl-3.0.8/ssl/record/ssl3_buffer.c --- openssl-3.0.7/ssl/record/ssl3_buffer.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/record/ssl3_buffer.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,11 +96,16 @@ #endif len = ssl_get_max_send_fragment(s) - + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align; + + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align + + SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */; #ifndef OPENSSL_NO_COMP if (ssl_allow_compression(s)) len += SSL3_RT_MAX_COMPRESSED_OVERHEAD; #endif + /* + * We don't need to add an allowance for eivlen here since empty + * fragments only occur when we don't have an explicit IV + */ if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD; } diff -Nru openssl-3.0.7/ssl/record/ssl3_record.c openssl-3.0.8/ssl/record/ssl3_record.c --- openssl-3.0.7/ssl/record/ssl3_record.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/record/ssl3_record.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1314,7 +1314,7 @@ } t = EVP_MD_CTX_get_size(hash); - if (t < 0) + if (t <= 0) return 0; md_size = t; npad = (48 / md_size) * md_size; diff -Nru openssl-3.0.7/ssl/ssl_err.c openssl-3.0.8/ssl/ssl_err.c --- openssl-3.0.7/ssl/ssl_err.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/ssl_err.c 2023-02-07 14:43:33.000000000 +0100 @@ -225,6 +225,8 @@ "invalid status response"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"}, + {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED), + "legacy sigalg disallowed or unsupported"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"}, diff -Nru openssl-3.0.7/ssl/ssl_lib.c openssl-3.0.8/ssl/ssl_lib.c --- openssl-3.0.7/ssl/ssl_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/ssl_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -4243,7 +4243,7 @@ } bbio = BIO_new(BIO_f_buffer()); - if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) { + if (bbio == NULL || BIO_set_read_buffer_size(bbio, 1) <= 0) { BIO_free(bbio); ERR_raise(ERR_LIB_SSL, ERR_R_BUF_LIB); return 0; diff -Nru openssl-3.0.7/ssl/statem/statem_clnt.c openssl-3.0.8/ssl/statem/statem_clnt.c --- openssl-3.0.7/ssl/statem/statem_clnt.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/statem/statem_clnt.c 2023-02-07 14:43:33.000000000 +0100 @@ -2251,7 +2251,8 @@ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } diff -Nru openssl-3.0.7/ssl/statem/statem_lib.c openssl-3.0.8/ssl/statem/statem_lib.c --- openssl-3.0.7/ssl/statem/statem_lib.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/ssl/statem/statem_lib.c 2023-02-07 14:43:33.000000000 +0100 @@ -442,7 +442,8 @@ goto err; } } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); + SSLfatal(s, SSL_AD_INTERNAL_ERROR, + SSL_R_LEGACY_SIGALG_DISALLOWED_OR_UNSUPPORTED); goto err; } diff -Nru openssl-3.0.7/test/bio_memleak_test.c openssl-3.0.8/test/bio_memleak_test.c --- openssl-3.0.7/test/bio_memleak_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/bio_memleak_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -261,13 +261,9 @@ error_callback_fired = 0; - /* - * The call succeeds even if the input stream ends unexpectedly as - * there is no handling for this case in SMIME_crlf_copy(). - */ - if (!TEST_true(i2d_ASN1_bio_stream(out, (ASN1_VALUE*) p7, bio, - SMIME_STREAM | SMIME_BINARY, - ASN1_ITEM_rptr(PKCS7)))) + if (!TEST_false(i2d_ASN1_bio_stream(out, (ASN1_VALUE*) p7, bio, + SMIME_STREAM | SMIME_BINARY, + ASN1_ITEM_rptr(PKCS7)))) goto finish; if (!TEST_int_eq(error_callback_fired, 1)) diff -Nru openssl-3.0.7/test/build.info openssl-3.0.8/test/build.info --- openssl-3.0.7/test/build.info 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/build.info 2023-02-07 14:43:33.000000000 +0100 @@ -877,6 +877,11 @@ INCLUDE[hexstr_test]=.. ../include ../apps/include DEPEND[hexstr_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=trace_api_test + SOURCE[trace_api_test]=trace_api_test.c + INCLUDE[trace_api_test]=.. ../include ../apps/include + DEPEND[trace_api_test]=../libcrypto.a libtestutil.a + PROGRAMS{noinst}=endecode_test SOURCE[endecode_test]=endecode_test.c helpers/predefined_dhparams.c INCLUDE[endecode_test]=.. ../include ../apps/include diff -Nru openssl-3.0.7/test/certs/bad-othername-cert.pem openssl-3.0.8/test/certs/bad-othername-cert.pem --- openssl-3.0.7/test/certs/bad-othername-cert.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/certs/bad-othername-cert.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRDCCAiygAwIBAgIBAjANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDDBRUZXN0 +IE5DIENBIG90aGVybmFtZTAgFw0yMjEyMTMxODMzMTZaGA8yMTIyMTIxNDE4MzMx +NlowMTEvMC0GA1UECgwmTkMgZW1haWwgaW4gb3RoZXJuYW1lIFRlc3QgQ2VydGlm +aWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPgeoakqHk1zYt +JZpEC0qkJPU/X0lfI+6GY2LHFY9KOSFqqmTXxrUtjQc3SdpQvBZhPuMZ8p82Jid2 +kkRHnWs0uqX9NtLO923yQalYvP6Mt3fokcYgw/C9b+I/q1PKUyN0kPB6McROguD5 +Jz2DcEufJBhbpyay1bFjEI2DAQJKDP/U7uH0EA7kH/27UMk0vfvL5uVjDvlo8i6S +Ul8+u0cDV5ZFJW2VAJKLU3wp6IY4fZl9UqkHZuRQpMJGqAjAleWOIEpyyvfGGh0b +75n3GJ+4YZ7CIBEgY7K0nIbKxtcDZPvmtbYg3g1tkPMTHcodFT7yEdqkBTJ5AGL7 +6U850OhjAgMBAAGjdzB1MB0GA1UdDgQWBBTBz0k+q6d4c3aM+s2IyOF/QP6zCTAf +BgNVHSMEGDAWgBTwhghX7uNdMejZ3f4XorqOQoMqwTAJBgNVHRMEAjAAMCgGA1Ud +EQQhMB+gHQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEB +CwUAA4IBAQAhxbCEVH8pq0aUMaLWaodyXdCqA0AKTFG6Mz9Rpwn89OwC8FylTEru +t+Bqx/ZuTo8YzON8h9m7DIrQIjZKDLW/g5YbvIsxIVV9gWhAGohdsIyMKRBepSmr +NxJQkO74RLBTamfl0WUCVM4HqroflFjBBG67CTJaQ9cH9ug3TKxaXCK1L6iQAXtq +enILGai98Byo0LCFH4MQOhmhV1BDT2boIG/iYb5VKCTSX25vhaF+PNBhUoysjW0O +vhQX8vrw42QRr4Qi7VfUBXzrbRTzxjOc4yqki7h2DcEdpginqe+aGyaFY+H9m/ka +1AR5KN8h5SYKltSXknjs0pp1w4k49aHl +-----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/ee-ed25519.pem openssl-3.0.8/test/certs/ee-ed25519.pem --- openssl-3.0.7/test/certs/ee-ed25519.pem 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/certs/ee-ed25519.pem 2023-02-07 14:43:33.000000000 +0100 @@ -1,9 +1,38 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 6197312946105598768 (0x5601474a2a8dc330) + Signature Algorithm: ED25519 + Issuer: CN = IETF Test Demo + Validity + Not Before: Aug 1 12:19:24 2016 GMT + Not After : Nov 11 16:34:03 2121 GMT + Subject: CN = IETF Test Demo + Subject Public Key Info: + Public Key Algorithm: X25519 + X25519 Public-Key: + pub: + 85:20:f0:09:89:30:a7:54:74:8b:7d:dc:b4:3e:f7: + 5a:0d:bf:3a:0d:26:38:1a:f4:eb:a4:a9:8e:aa:9b: + 4e:6a + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: + Key Agreement + X509v3 Subject Key Identifier: + 9B:1F:5E:ED:ED:04:33:85:E4:F7:BC:62:3C:59:75:B9:0B:C8:BB:3B + Signature Algorithm: ED25519 + 72:b4:22:9c:d5:7b:85:10:ff:7c:28:59:e5:bb:1e:e8:b6:5f: + 74:39:94:dd:2f:8a:3d:6c:f3:23:28:d1:5e:3c:d1:56:e7:0a: + ea:99:ff:62:5c:48:0f:1c:24:24:35:98:1a:bb:ae:96:b9:93: + b3:cb:8e:45:e3:c0:ef:2e:5c:07 -----BEGIN CERTIFICATE----- -MIIBLDCB36ADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBUZX -N0IERlbW8wHhcNMTYwODAxMTIxOTI0WhcNNDAxMjMxMjM1OTU5WjAZMRcwFQYDVQQD -DA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlbgMhAIUg8AmJMKdUdIt93LQ+91oNvzoNJj -ga9OukqY6qm05qo0UwQzAPBgNVHRMBAf8EBTADAQEAMA4GA1UdDwEBAAQEAwIDCDAg -BgNVHQ4BAQAEFgQUmx9e7e0EM4Xk97xiPFl1uQvIuzswBQYDK2VwA0EAryMB/t3J5v -/BzKc9dNZIpDmAgs3babFOTQbs+BolzlDUwsPrdGxO3YNGhW7Ibz3OGhhlxXrCe1Cg -w1AH9efZBw== +MIIBLjCB4aADAgECAghWAUdKKo3DMDAFBgMrZXAwGTEXMBUGA1UEAwwOSUVURiBU +ZXN0IERlbW8wIBcNMTYwODAxMTIxOTI0WhgPMjEyMTExMTExNjM0MDNaMBkxFzAV +BgNVBAMMDklFVEYgVGVzdCBEZW1vMCowBQYDK2VuAyEAhSDwCYkwp1R0i33ctD73 +Wg2/Og0mOBr066SpjqqbTmqjRTBDMA8GA1UdEwEB/wQFMAMBAQAwDgYDVR0PAQEA +BAQDAgMIMCAGA1UdDgEBAAQWBBSbH17t7QQzheT3vGI8WXW5C8i7OzAFBgMrZXAD +QQBytCKc1XuFEP98KFnlux7otl90OZTdL4o9bPMjKNFePNFW5wrqmf9iXEgPHCQk +NZgau66WuZOzy45F48DvLlwH -----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/nccaothername-cert.pem openssl-3.0.8/test/certs/nccaothername-cert.pem --- openssl-3.0.7/test/certs/nccaothername-cert.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/certs/nccaothername-cert.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPjCCAiagAwIBAgIBAjANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290 +IENBMCAXDTIyMTIxMzE4MTgwM1oYDzIxMjIxMjE0MTgxODAzWjAfMR0wGwYDVQQD +DBRUZXN0IE5DIENBIG90aGVybmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBAN0Dx+ei8CgtRKnDcYiLwX4vrA48at/o/zfX24X/WZZM1o9HUKo1FQBN +vhESJu+gqPxuIePrk+/L25XdRqwCKk8wkWX0XIz18q5orOHUUFAWNK3g0FDj6N8H +d8urNIbDJ44FCx+/0n8Ppiht/EYN3aVOW5enqbgZ+EEt+3AUG6ibieRdGri9g4oh +IIx60MmVHLbuT/TcVZxaeWyTl6iWmsYosUyqlhTtu1uGtbVtkCAhBYloVvz4J5eA +mVu/JuJbsNxbxVeO9Q8Kj6nb4jPPdGvZ3JPcabbWrz5LwaereBf5IPrXEVdQTlYB +gI0pTz2CEDHSIrd7jzRUX/9EC2gMk6UCAwEAAaOBjzCBjDAPBgNVHRMBAf8EBTAD +AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU8IYIV+7jXTHo2d3+F6K6jkKDKsEw +HwYDVR0jBBgwFoAUjvUlrx6ba4Q9fICayVOcTXL3o1IwLAYDVR0eBCUwI6EhMB+g +HQYIKwYBBQUHCAegEQwPZm9vQGV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IB +AQDPI5uZd8DhSNKMvYF5bxOshd6h6UJ7YzZS7K6fhiygltdqzkHQ/5+4yiuUkDe4 +hOZlH8MCfXQy5jVZDTk24yNchpdfie5Bswn4SmQVQh3QyzOLxizoh0rLCf2PHueu +dNVNhfiiJNJ5kd8MIuVG7CPK68dP0QrVR+DihROuJgvGB3ClKttLrgle19t4PFRR +2wW6hJT9aXEjzLNyN1QFZKoShuiGX4xwjZh7VyKkV64p8hjojhcLk6dQkel+Jw4y +OP26XbVfM8/6KG8f6WAZ8P0qJwHlhmi0EvRTnEpAM8WuenOeZH6ERZ9uZbRGh6xx +LKQu2Aw2+bOEZ2vUtz0dBhX8 +-----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/nccaothername-key.pem openssl-3.0.8/test/certs/nccaothername-key.pem --- openssl-3.0.7/test/certs/nccaothername-key.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/certs/nccaothername-key.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdA8fnovAoLUSp +w3GIi8F+L6wOPGrf6P8319uF/1mWTNaPR1CqNRUATb4REibvoKj8biHj65Pvy9uV +3UasAipPMJFl9FyM9fKuaKzh1FBQFjSt4NBQ4+jfB3fLqzSGwyeOBQsfv9J/D6Yo +bfxGDd2lTluXp6m4GfhBLftwFBuom4nkXRq4vYOKISCMetDJlRy27k/03FWcWnls +k5eolprGKLFMqpYU7btbhrW1bZAgIQWJaFb8+CeXgJlbvybiW7DcW8VXjvUPCo+p +2+Izz3Rr2dyT3Gm21q8+S8Gnq3gX+SD61xFXUE5WAYCNKU89ghAx0iK3e480VF// +RAtoDJOlAgMBAAECggEAMFSJlCyEFlER3Qq9asXe9eRgXEuXdmfZ2aEVIuf8M/sR +B0tpxxKtCUA24j5FL+0CzxKZTCFBnDRIzCyTbf1aOa9t+CzXyUZmP3/p4EdgmabF +dcl93FZ+X7kfF/VUGu0Vmv+c12BH3Fu0cs5cVohlMecg7diu6zCYok43F+L5ymRy +2mTcKkGc0ShWizj8Z9R3WJGssZOlxbxa/Zr4rZwRC24UVhfN8AfGWYx/StyQPQIw +gtbbtOmwbyredQmY4jwNqgrnfZS9bkWwJbRuCmD5l7lxubBgcHQpoM+DQVeOLZIq +uksFXeNfal9G5Bo747MMzpD7dJMCGmX+gbMY5oZF+QKBgQDs2MbY4nbxi+fV+KuV +zUvis8m8Lpzf3T6NLkgSkUPRN9tGr95iLIrB/bRPJg5Ne02q/cT7d86B9rpE42w7 +eeIF9fANezX2AF8LUqNZhIR23J3tfB/eqGlJRZeMNia+lD09a7SWGwrS7sufY1I+ +JQGcHx77ntt+eQT1MUJ1skF06QKBgQDu4z+TW4QIA5ItxIReVdcfh5e3xLkzDEVP +3KNo9tpXxvPwqapdeBh6c9z4Lqe3MKr5UPlDvVW+o40t6OjKxDCXczB8+JAM0OyX +8V+K3zXXUxRgieSd3oMncTylSWIvouPP3aW37B67TKdRlRHgaBrpJT2wdk3kYR4t +62J1eDdjXQKBgQDMsY0pZI/nskJrar7geM1c4IU5Xg+2aj/lRFqFsYYrC1s3fEd2 +EYjan6l1vi4eSLKXVTspGiIfsFzLrMGdpXjyLduJyzKXqTp7TrBebWkOUR0sYloo +1OQprzuKskJJ81P6AVvRXw27vyW8Wtp5WwJJK5xbWq/YXj8qqagGkEiCAQKBgQCc +RK3XAFurPmLGa7JHX5Hc/z8BKMAZo6JHrsZ6qFiGaRA0U1it0hz5JYfcFfECheSi +ORUF+fn4PlbhPGXkFljPCbwjVBovOBA9CNl+J6u50pAW4r1ZhDB5gbqxSQLgtIaf ++JcqbFxiG6+sT36lNJS+BO2I3KrxhZJPaZY7z8szxQKBgQDRy70XzwOk8jXayiF2 +ej2IN7Ow9cgSE4tLEwR/vCjxvOlWhA3jC3wxoggshGJkpbP3DqLkQtwQm0h1lM8J +QNtFwKzjtpf//bTlfFq08/YxWimTPMqzcV2PgRacB8P3yf1r8T7M4fA5TORCDWpW +5FtOCFEmwQHTR8lu4c63qfxkEQ== +-----END PRIVATE KEY----- diff -Nru openssl-3.0.7/test/certs/pkitsta.pem openssl-3.0.8/test/certs/pkitsta.pem --- openssl-3.0.7/test/certs/pkitsta.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/certs/pkitsta.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDRzCCAi+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJVUzEf +MB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMGA1UEAxMMVHJ1c3Qg +QW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAwMFowRTELMAkGA1UE +BhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExFTATBgNVBAMT +DFRydXN0IEFuY2hvcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALmZ +UYkRR+DNRbmEJ4ITAhbNRDmqrNsJw97iLE7bpFeflDUoNcJrZPZbC208bG+g5M0A +TzV0vOqg88Ds1/FjFDK1oPItqsiDImJIq0xb/et5w72WNPxHVrcsr7Ap6DHfdwLp +NMncqtzX92hU/iGVHLE/w/OCWwAIIbTHaxdrGMUG7DkJJ6iI7mzqpcyPvyAAo9O3 +SHjJr+uw5vSrHRretnV2un0bohvGslN64MY/UIiRnPFwd2gD76byDzoM1ioyLRCl +lfBJ5sRDz9xrUHNigTAUdlblb6yrnNtNJmkrROYvkh6sLETUh9EYh0Ar+94fZVXf +GVi57Sw7x1jyANTlA40CAwEAAaNCMEAwHQYDVR0OBBYEFOR9X9FclYYILAWuvnW2 +ZafZXahmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3 +DQEBCwUAA4IBAQCYoa9uR55KJTkpwyPihIgXHq7/Z8dx3qZlCJQwE5qQBZXIsf5e +C8Va/QjnTHOC4Gt4MwpnqqmoDqyqSW8pBVQgAUFAXqO91nLCQb4+/yfjiiNjzprp +xQlcqIZYjJSVtckH1IDWFLFeuGW+OgPPEFgN4hjU5YFIsE2r1i4+ixkeuorxxsK1 +D/jYbVwQMXLqn1pjJttOPJwuA8+ho1f2c8FrKlqjHgOwxuHhsiGN6MKgs1baalpR +/lnNFCIpq+/+3cnhufDjvxMy5lg+cwgMCiGzCxn4n4dBMw41C+4KhNF7ZtKuKSZ1 +eczztXD9NUkGUGw3LzpLDJazz3JhlZ/9pXzF +-----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/rootCA.pem openssl-3.0.8/test/certs/rootCA.pem --- openssl-3.0.7/test/certs/rootCA.pem 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/certs/rootCA.pem 2023-02-07 14:43:33.000000000 +0100 @@ -1,21 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 88:43:29:cb:c2:eb:15:9a + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA + Validity + Not Before: Jul 2 13:15:11 2015 GMT + Not After : Jul 2 17:50:05 2122 GMT + Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = rootCA + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:c0:f1:6b:77:88:ac:35:df:fb:73:53:2f:92:80: + 2f:74:16:32:4d:f5:10:20:6f:6c:3a:8e:d1:dc:6b: + e1:2e:3e:c3:04:0f:bf:9b:c4:c9:12:d1:e4:0b:45: + 97:e5:06:cd:66:3a:e1:e0:e2:2b:df:a2:c4:ec:7b: + d3:3d:3c:8a:ff:5e:74:a0:ab:a7:03:6a:16:5b:5e: + 92:c4:7e:5b:79:8a:69:d4:bc:83:5e:ae:42:92:74: + a5:2b:e7:00:c1:a9:dc:d5:b1:53:07:0f:73:f7:8e: + ad:14:3e:25:9e:e5:1e:e6:cc:91:cd:95:0c:80:44: + 20:c3:fd:17:cf:91:3d:63:10:1c:14:5b:fb:c3:a8: + c1:88:b2:77:ff:9c:db:fc:6a:44:44:44:f7:85:ec: + 08:2c:d4:df:81:a3:79:c9:fe:1e:9b:93:16:53:b7: + 97:ab:be:4f:1a:a5:e2:fa:46:05:e4:0d:9c:2a:a4: + cc:b9:1e:21:a0:6c:c4:ab:59:b0:40:39:bb:f9:88: + ad:fd:df:8d:b4:0b:af:7e:41:e0:21:3c:c8:33:45: + 49:84:2f:93:06:ee:fd:4f:ed:4f:f3:bc:9b:de:fc: + 25:5e:55:d5:75:d4:c5:7b:3a:40:35:06:9f:c4:84: + b4:6c:93:0c:af:37:5a:af:b6:41:4d:26:23:1c:b8: + 02:b3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Key Identifier: + 85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD + X509v3 Authority Key Identifier: + keyid:85:56:89:35:E2:9F:00:1A:E1:86:03:0B:4B:AF:76:12:6B:33:6D:FD + + Signature Algorithm: sha256WithRSAEncryption + b9:5c:c3:39:31:e9:c1:63:f9:f1:29:2c:c6:84:80:ed:33:e5: + 72:3c:2c:e8:93:1f:07:03:65:cd:bb:04:ed:10:29:00:5f:ea: + 91:08:19:df:10:88:e9:00:5c:2e:eb:b5:af:98:70:c8:c4:8b: + 53:c4:26:c5:a1:d8:46:b9:9f:7d:48:e0:26:74:2c:61:b8:c1: + 89:06:b6:e5:b5:ba:6b:75:2b:16:ad:ca:88:26:25:73:9b:15: + 22:59:6a:94:dc:61:34:88:28:58:9f:de:fd:71:1e:37:af:90: + 74:7b:cf:bb:93:1c:73:24:15:26:7a:33:8c:5d:5b:81:97:14: + 62:01:7e:17:76:fb:aa:7a:4d:ed:81:2b:bd:d9:f3:12:69:86: + 01:b3:91:0a:8d:6b:bd:71:41:a9:93:63:c2:a1:ab:0d:48:05: + 99:7d:9e:a2:a4:ac:9f:73:0d:5b:5c:05:3a:52:64:fe:17:79: + 2a:27:51:d7:5b:af:dc:10:d5:23:6b:2c:62:51:00:c9:67:17: + 2d:29:a3:21:88:fd:14:48:0d:99:8c:d8:f8:c8:c7:ec:d2:83: + 3d:ba:d4:94:7b:df:39:61:4b:e3:7c:b9:ea:77:09:01:bc:ec: + db:1c:fa:42:1b:6d:1d:b1:51:5f:e4:87:dd:41:24:00:a2:52: + e0:1a:c0:1c -----BEGIN CERTIFICATE----- -MIIDfzCCAmegAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV +MIIDgTCCAmmgAwIBAgIJAIhDKcvC6xWaMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX -aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAeFw0xNTA3MDIxMzE1MTFa -Fw0zNTA3MDIxMzE1MTFaMFYxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0 -YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDzANBgNVBAMM -BnJvb3RDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMDxa3eIrDXf -+3NTL5KAL3QWMk31ECBvbDqO0dxr4S4+wwQPv5vEyRLR5AtFl+UGzWY64eDiK9+i -xOx70z08iv9edKCrpwNqFlteksR+W3mKadS8g16uQpJ0pSvnAMGp3NWxUwcPc/eO -rRQ+JZ7lHubMkc2VDIBEIMP9F8+RPWMQHBRb+8OowYiyd/+c2/xqRERE94XsCCzU -34Gjecn+HpuTFlO3l6u+Txql4vpGBeQNnCqkzLkeIaBsxKtZsEA5u/mIrf3fjbQL -r35B4CE8yDNFSYQvkwbu/U/tT/O8m978JV5V1XXUxXs6QDUGn8SEtGyTDK83Wq+2 -QU0mIxy4ArMCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUhVaJNeKf -ABrhhgMLS692Emszbf0wHwYDVR0jBBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0w -DQYJKoZIhvcNAQELBQADggEBADIKvyoK4rtPQ86I2lo5EDeAuzctXi2I3SZpnOe0 -mCCxJeZhWW0S7JuHvlfhEgXFBPEXzhS4HJLUlZUsWyiJ+3KcINMygaiF7MgIe6hZ -WzpsMatS4mbNFElc89M+YryRFrQc9d1Uqjxhl3ms5MhDNcMP/PNwHa/wnIoqkpNI -qtDoR741wcZ7bdr6XVdF8+pBjzbBPPRSf24x3bqavHBWcTjcSVcM/ZEXxeqH5SN0 -GbK2mQxrogX4UWjtl+DfYvl+ejpEcYNXKEmIabUUHtpG42544cuPtZizLW5bt/aT -JBQfpPZpvf9MUlACxUONFOLQdZ8SXpSJ0e93iX2J2Z52mSQ= +aWRnaXRzIFB0eSBMdGQxDzANBgNVBAMMBnJvb3RDQTAgFw0xNTA3MDIxMzE1MTFa +GA8yMTIyMDcwMjE3NTAwNVowVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUt +U3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UE +AwwGcm9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPFrd4is +Nd/7c1MvkoAvdBYyTfUQIG9sOo7R3GvhLj7DBA+/m8TJEtHkC0WX5QbNZjrh4OIr +36LE7HvTPTyK/150oKunA2oWW16SxH5beYpp1LyDXq5CknSlK+cAwanc1bFTBw9z +946tFD4lnuUe5syRzZUMgEQgw/0Xz5E9YxAcFFv7w6jBiLJ3/5zb/GpERET3hewI +LNTfgaN5yf4em5MWU7eXq75PGqXi+kYF5A2cKqTMuR4hoGzEq1mwQDm7+Yit/d+N +tAuvfkHgITzIM0VJhC+TBu79T+1P87yb3vwlXlXVddTFezpANQafxIS0bJMMrzda +r7ZBTSYjHLgCswIDAQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBSFVok1 +4p8AGuGGAwtLr3YSazNt/TAfBgNVHSMEGDAWgBSFVok14p8AGuGGAwtLr3YSazNt +/TANBgkqhkiG9w0BAQsFAAOCAQEAuVzDOTHpwWP58SksxoSA7TPlcjws6JMfBwNl +zbsE7RApAF/qkQgZ3xCI6QBcLuu1r5hwyMSLU8QmxaHYRrmffUjgJnQsYbjBiQa2 +5bW6a3UrFq3KiCYlc5sVIllqlNxhNIgoWJ/e/XEeN6+QdHvPu5MccyQVJnozjF1b +gZcUYgF+F3b7qnpN7YErvdnzEmmGAbORCo1rvXFBqZNjwqGrDUgFmX2eoqSsn3MN +W1wFOlJk/hd5KidR11uv3BDVI2ssYlEAyWcXLSmjIYj9FEgNmYzY+MjH7NKDPbrU +lHvfOWFL43y56ncJAbzs2xz6QhttHbFRX+SH3UEkAKJS4BrAHA== -----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/root-ed25519.pem openssl-3.0.8/test/certs/root-ed25519.pem --- openssl-3.0.7/test/certs/root-ed25519.pem 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/certs/root-ed25519.pem 2023-02-07 14:43:33.000000000 +0100 @@ -1,9 +1,40 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 84:f1:08:3d:1c:e3:2d:95 + Signature Algorithm: ED25519 + Issuer: CN = IETF Test Demo + Validity + Not Before: Apr 19 21:36:39 2017 GMT + Not After : Nov 11 15:37:05 2122 GMT + Subject: CN = IETF Test Demo + Subject Public Key Info: + Public Key Algorithm: ED25519 + ED25519 Public-Key: + pub: + 19:bf:44:09:69:84:cd:fe:85:41:ba:c1:67:dc:3b: + 96:c8:50:86:aa:30:b6:b6:cb:0c:5c:38:ad:70:31: + 66:e1 + X509v3 extensions: + X509v3 Subject Key Identifier: + A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C + X509v3 Authority Key Identifier: + keyid:A2:8C:C1:F8:6E:59:60:D3:E0:3A:E7:5C:96:2C:97:A8:D4:48:29:3C + + X509v3 Basic Constraints: + CA:TRUE + Signature Algorithm: ED25519 + 08:f9:fc:49:37:0c:03:64:ed:90:70:89:eb:f1:69:ca:75:3b: + 71:15:8f:eb:80:45:00:db:88:9b:66:46:9c:a4:e1:50:c5:59: + 43:98:66:37:6d:b7:59:51:5d:b4:9d:1d:89:25:b4:f6:87:43: + b7:d3:3b:85:b9:8e:e1:a8:46:04 -----BEGIN CERTIFICATE----- -MIIBODCB66ADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg -VGVzdCBEZW1vMB4XDTE3MDQxOTIxMzYzOVoXDTQxMDIxMjIxMzYzOVowGTEXMBUG -A1UEAwwOSUVURiBUZXN0IERlbW8wKjAFBgMrZXADIQAZv0QJaYTN/oVBusFn3DuW -yFCGqjC2tssMXDitcDFm4aNQME4wHQYDVR0OBBYEFKKMwfhuWWDT4DrnXJYsl6jU -SCk8MB8GA1UdIwQYMBaAFKKMwfhuWWDT4DrnXJYsl6jUSCk8MAwGA1UdEwQFMAMB -Af8wBQYDK2VwA0EAa6iEoQZBWB1MhCzASv5HuFM7fR5Nz2/KM7GxYjQWsfvK2Ds1 -jaPSG7Lx4uywIndMafp5CoPoFr6yLBkt+NZLAg== +MIIBOjCB7aADAgECAgkAhPEIPRzjLZUwBQYDK2VwMBkxFzAVBgNVBAMMDklFVEYg +VGVzdCBEZW1vMCAXDTE3MDQxOTIxMzYzOVoYDzIxMjIxMTExMTUzNzA1WjAZMRcw +FQYDVQQDDA5JRVRGIFRlc3QgRGVtbzAqMAUGAytlcAMhABm/RAlphM3+hUG6wWfc +O5bIUIaqMLa2ywxcOK1wMWbho1AwTjAdBgNVHQ4EFgQUoozB+G5ZYNPgOudcliyX +qNRIKTwwHwYDVR0jBBgwFoAUoozB+G5ZYNPgOudcliyXqNRIKTwwDAYDVR0TBAUw +AwEB/zAFBgMrZXADQQAI+fxJNwwDZO2QcInr8WnKdTtxFY/rgEUA24ibZkacpOFQ +xVlDmGY3bbdZUV20nR2JJbT2h0O30zuFuY7hqEYE -----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/certs/setup.sh openssl-3.0.8/test/certs/setup.sh --- openssl-3.0.7/test/certs/setup.sh 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/certs/setup.sh 2023-02-07 14:43:33.000000000 +0100 @@ -388,6 +388,17 @@ "email.1 = good@good.org" "email.2 = any@good.com" \ "IP = 127.0.0.1" "IP = 192.168.0.1" +# Certs for CVE-2022-4203 testcase + +NC="excluded;otherName:SRVName;UTF8STRING:foo@example.org" ./mkcert.sh genca \ + "Test NC CA othername" nccaothername-key nccaothername-cert \ + root-key root-cert + +./mkcert.sh req alt-email-key "O = NC email in othername Test Certificate" | \ + ./mkcert.sh geneealt bad-othername-key bad-othername-cert \ + nccaothername-key nccaothername-cert \ + "otherName.1 = SRVName;UTF8STRING:foo@example.org" + # RSA-PSS signatures # SHA1 ./mkcert.sh genee PSS-SHA1 ee-key ee-pss-sha1-cert ca-key ca-cert \ diff -Nru openssl-3.0.7/test/cmp_asn_test.c openssl-3.0.8/test/cmp_asn_test.c --- openssl-3.0.7/test/cmp_asn_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/cmp_asn_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -47,7 +47,10 @@ if (!TEST_ptr(asn1integer)) return 0; - ASN1_INTEGER_set(asn1integer, 77); + if (!TEST_true(ASN1_INTEGER_set(asn1integer, 77))) { + ASN1_INTEGER_free(asn1integer); + return 0; + } res = TEST_int_eq(77, ossl_cmp_asn1_get_int(asn1integer)); ASN1_INTEGER_free(asn1integer); return res; diff -Nru openssl-3.0.7/test/cmp_client_test.c openssl-3.0.8/test/cmp_client_test.c --- openssl-3.0.7/test/cmp_client_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/cmp_client_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -89,27 +89,49 @@ return NULL; } -static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixture) +static int execute_exec_RR_ses_test(CMP_SES_TEST_FIXTURE *fixt) { - return TEST_int_eq(fixture->expected, - OSSL_CMP_exec_RR_ses(fixture->cmp_ctx) == 1); + return TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), + OSSL_CMP_PKISTATUS_unspecified) + && TEST_int_eq(OSSL_CMP_exec_RR_ses(fixt->cmp_ctx), + fixt->expected == OSSL_CMP_PKISTATUS_accepted) + && TEST_int_eq(OSSL_CMP_CTX_get_status(fixt->cmp_ctx), fixt->expected); } -static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) +static int execute_exec_GENM_ses_test_single(CMP_SES_TEST_FIXTURE *fixture) { - STACK_OF(OSSL_CMP_ITAV) *itavs = NULL; - if (!TEST_ptr(itavs = OSSL_CMP_exec_GENM_ses(fixture->cmp_ctx))) - return 0; + OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + ASN1_OBJECT *type = OBJ_txt2obj("1.3.6.1.5.5.7.4.2", 1); + OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_create(type, NULL); + STACK_OF(OSSL_CMP_ITAV) *itavs; + + OSSL_CMP_CTX_push0_genm_ITAV(ctx, itav); + itavs = OSSL_CMP_exec_GENM_ses(ctx); + sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free); - return 1; + return TEST_int_eq(OSSL_CMP_CTX_get_status(ctx), fixture->expected) + && fixture->expected == OSSL_CMP_PKISTATUS_accepted ? + TEST_ptr(itavs) : TEST_ptr_null(itavs); +} + +static int execute_exec_GENM_ses_test(CMP_SES_TEST_FIXTURE *fixture) +{ + return execute_exec_GENM_ses_test_single(fixture) + && OSSL_CMP_CTX_reinit(fixture->cmp_ctx) + && execute_exec_GENM_ses_test_single(fixture); } static int execute_exec_certrequest_ses_test(CMP_SES_TEST_FIXTURE *fixture) { - X509 *res = OSSL_CMP_exec_certreq(fixture->cmp_ctx, - fixture->req_type, NULL); + OSSL_CMP_CTX *ctx = fixture->cmp_ctx; + X509 *res = OSSL_CMP_exec_certreq(ctx, fixture->req_type, NULL); + int status = OSSL_CMP_CTX_get_status(ctx); - if (fixture->expected == 0) + if (!TEST_int_eq(status, fixture->expected) + && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting + && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans))) + return 0; + if (fixture->expected != OSSL_CMP_PKISTATUS_accepted) return TEST_ptr_null(res); if (!TEST_ptr(res) || !TEST_int_eq(X509_cmp(res, client_cert), 0)) @@ -124,14 +146,27 @@ return 1; } -static int test_exec_RR_ses(void) +static int test_exec_RR_ses(int request_error) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->expected = 1; + if (request_error) + OSSL_CMP_CTX_set1_oldCert(fixture->cmp_ctx, NULL); + fixture->expected = request_error ? OSSL_CMP_PKISTATUS_request + : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); return result; } +static int test_exec_RR_ses_ok(void) +{ + return test_exec_RR_ses(0); +} + +static int test_exec_RR_ses_request_error(void) +{ + return test_exec_RR_ses(1); +} + static int test_exec_RR_ses_receive_error(void) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); @@ -140,7 +175,7 @@ OSSL_CMP_CTX_FAILINFO_signerNotTrusted, "test string"); ossl_cmp_mock_srv_set_send_error(fixture->srv_ctx, 1); - fixture->expected = 0; + fixture->expected = OSSL_CMP_PKISTATUS_rejection; EXECUTE_TEST(execute_exec_RR_ses_test, tear_down); return result; } @@ -149,7 +184,7 @@ { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_IR; - fixture->expected = 1; + fixture->expected = OSSL_CMP_PKISTATUS_accepted; fixture->caPubs = sk_X509_new_null(); sk_X509_push(fixture->caPubs, server_cert); sk_X509_push(fixture->caPubs, server_cert); @@ -158,71 +193,90 @@ return result; } -static const int checkAfter = 1; -static int test_exec_IR_ses_poll(void) +static int test_exec_IR_ses_poll(int check_after, int poll_count, + int total_timeout, int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_IR; - fixture->expected = 1; - ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, 2); - ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter); + fixture->expected = expect; + ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, check_after); + ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, poll_count); + OSSL_CMP_CTX_set_option(fixture->cmp_ctx, + OSSL_CMP_OPT_TOTAL_TIMEOUT, total_timeout); EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } -static int test_exec_IR_ses_poll_timeout(void) +static int checkAfter = 1; +static int test_exec_IR_ses_poll_ok(void) { - const int pollCount = 3; - const int tout = pollCount * checkAfter; + return test_exec_IR_ses_poll(checkAfter, 2, 0, OSSL_CMP_PKISTATUS_accepted); +} - SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_IR; - fixture->expected = 0; - ossl_cmp_mock_srv_set_pollCount(fixture->srv_ctx, pollCount + 1); - ossl_cmp_mock_srv_set_checkAfterTime(fixture->srv_ctx, checkAfter); - OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_TOTAL_TIMEOUT, tout); - EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); - return result; +static int test_exec_IR_ses_poll_no_timeout(void) +{ + return test_exec_IR_ses_poll(checkAfter, 1 /* pollCount */, checkAfter + 1, + OSSL_CMP_PKISTATUS_accepted); } +static int test_exec_IR_ses_poll_total_timeout(void) +{ + return test_exec_IR_ses_poll(checkAfter + 1, 2 /* pollCount */, checkAfter, + OSSL_CMP_PKISTATUS_waiting); +} -static int test_exec_CR_ses(void) +static int test_exec_CR_ses(int implicit_confirm, int granted) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_CR; - fixture->expected = 1; + fixture->expected = OSSL_CMP_PKISTATUS_accepted; + OSSL_CMP_CTX_set_option(fixture->cmp_ctx, + OSSL_CMP_OPT_IMPLICIT_CONFIRM, implicit_confirm); + OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, granted); EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } +static int test_exec_CR_ses_explicit_confirm(void) +{ + return test_exec_CR_ses(0, 0); +} + static int test_exec_CR_ses_implicit_confirm(void) { - SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); - fixture->req_type = OSSL_CMP_CR; - fixture->expected = 1; - OSSL_CMP_CTX_set_option(fixture->cmp_ctx, - OSSL_CMP_OPT_IMPLICIT_CONFIRM, 1); - OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(fixture->srv_ctx, 1); - EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); - return result; + return test_exec_CR_ses(1, 0) + && test_exec_CR_ses(1, 1); } -static int test_exec_KUR_ses(void) +static int test_exec_KUR_ses(int transfer_error) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_KUR; - fixture->expected = 1; + if (transfer_error) + OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); + fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans + : OSSL_CMP_PKISTATUS_accepted; EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down); return result; } +static int test_exec_KUR_ses_ok(void) +{ + return test_exec_KUR_ses(0); +} + +static int test_exec_KUR_ses_transfer_error(void) +{ + return test_exec_KUR_ses(1); +} + static int test_exec_P10CR_ses(void) { X509_REQ *req = NULL; SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); fixture->req_type = OSSL_CMP_P10CR; - fixture->expected = 1; + fixture->expected = OSSL_CMP_PKISTATUS_accepted; if (!TEST_ptr(req = load_csr_der(pkcs10_f, libctx)) || !TEST_true(OSSL_CMP_CTX_set1_p10CSR(fixture->cmp_ctx, req))) { tear_down(fixture); @@ -287,13 +341,36 @@ return result; } -static int test_exec_GENM_ses(void) +static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect) { SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up); + if (transfer_error) + OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL); + /* + * cannot use OSSL_CMP_CTX_set_option(... OSSL_CMP_OPT_TOTAL_TIMEOUT) + * here because this will correct total_timeout to be >= 0 + */ + fixture->cmp_ctx->total_timeout = total_timeout; + fixture->expected = expect; EXECUTE_TEST(execute_exec_GENM_ses_test, tear_down); return result; } +static int test_exec_GENM_ses_ok(void) +{ + return test_exec_GENM_ses(0, 0, OSSL_CMP_PKISTATUS_accepted); +} + +static int test_exec_GENM_ses_transfer_error(void) +{ + return test_exec_GENM_ses(1, 0, OSSL_CMP_PKISTATUS_trans); +} + +static int test_exec_GENM_ses_total_timeout(void) +{ + return test_exec_GENM_ses(0, -1, OSSL_CMP_PKISTATUS_trans); +} + static int execute_exchange_certConf_test(CMP_SES_TEST_FIXTURE *fixture) { int res = @@ -375,18 +452,23 @@ return 0; } - ADD_TEST(test_exec_RR_ses); + ADD_TEST(test_exec_RR_ses_ok); + ADD_TEST(test_exec_RR_ses_request_error); ADD_TEST(test_exec_RR_ses_receive_error); - ADD_TEST(test_exec_CR_ses); + ADD_TEST(test_exec_CR_ses_explicit_confirm); ADD_TEST(test_exec_CR_ses_implicit_confirm); ADD_TEST(test_exec_IR_ses); - ADD_TEST(test_exec_IR_ses_poll); - ADD_TEST(test_exec_IR_ses_poll_timeout); - ADD_TEST(test_exec_KUR_ses); + ADD_TEST(test_exec_IR_ses_poll_ok); + ADD_TEST(test_exec_IR_ses_poll_no_timeout); + ADD_TEST(test_exec_IR_ses_poll_total_timeout); + ADD_TEST(test_exec_KUR_ses_ok); + ADD_TEST(test_exec_KUR_ses_transfer_error); ADD_TEST(test_exec_P10CR_ses); ADD_TEST(test_try_certreq_poll); ADD_TEST(test_try_certreq_poll_abort); - ADD_TEST(test_exec_GENM_ses); + ADD_TEST(test_exec_GENM_ses_ok); + ADD_TEST(test_exec_GENM_ses_transfer_error); + ADD_TEST(test_exec_GENM_ses_total_timeout); ADD_TEST(test_exchange_certConf); ADD_TEST(test_exchange_error); return 1; diff -Nru openssl-3.0.7/test/cmp_hdr_test.c openssl-3.0.8/test/cmp_hdr_test.c --- openssl-3.0.7/test/cmp_hdr_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/cmp_hdr_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright Nokia 2007-2019 * Copyright Siemens AG 2015-2019 * @@ -333,12 +333,12 @@ if (!TEST_ptr(asn1int)) return 0; - if (!TEST_ptr(val)) { + if (!TEST_ptr(val) + || !TEST_true(ASN1_INTEGER_set(asn1int, 88))) { ASN1_INTEGER_free(asn1int); return 0; } - ASN1_INTEGER_set(asn1int, 88); ASN1_TYPE_set(val, V_ASN1_INTEGER, asn1int); if (!TEST_ptr(itav = OSSL_CMP_ITAV_create(OBJ_txt2obj(oid, 1), val))) { ASN1_TYPE_free(val); diff -Nru openssl-3.0.7/test/cmp_vfy_test.c openssl-3.0.8/test/cmp_vfy_test.c --- openssl-3.0.7/test/cmp_vfy_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/cmp_vfy_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -83,6 +83,12 @@ static unsigned char rand_data[OSSL_CMP_TRANSACTIONID_LENGTH]; static OSSL_CMP_MSG *ir_unprotected, *ir_rmprotection; +/* secret value used for IP_waitingStatus_PBM.der */ +static const unsigned char sec_1[] = { + '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3', + 'Q', '-', 'u', 'd', 'N', 'R' +}; + static int flip_bit(ASN1_BIT_STRING *bitstr) { int bit_num = 7; @@ -142,19 +148,14 @@ return res; } -static int test_validate_msg_mac_alg_protection(void) +static int test_validate_msg_mac_alg_protection(int miss, int wrong) { - /* secret value belonging to cmp-test/CMP_IP_waitingStatus_PBM.der */ - const unsigned char sec_1[] = { - '9', 'p', 'p', '8', '-', 'b', '3', '5', 'i', '-', 'X', 'd', '3', - 'Q', '-', 'u', 'd', 'N', 'R' - }; - SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - fixture->expected = 1; - if (!TEST_true(OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, - sizeof(sec_1))) + fixture->expected = !miss && !wrong; + if (!TEST_true(miss ? OSSL_CMP_CTX_set0_trustedStore(fixture->cmp_ctx, NULL) + : OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, sec_1, + wrong ? 4 : sizeof(sec_1))) || !TEST_ptr(fixture->msg = load_pkimsg(ip_waiting_f, libctx))) { tear_down(fixture); fixture = NULL; @@ -163,6 +164,21 @@ return result; } +static int test_validate_msg_mac_alg_protection_ok(void) +{ + return test_validate_msg_mac_alg_protection(0, 0); +} + +static int test_validate_msg_mac_alg_protection_missing(void) +{ + return test_validate_msg_mac_alg_protection(1, 0); +} + +static int test_validate_msg_mac_alg_protection_wrong(void) +{ + return test_validate_msg_mac_alg_protection(0, 1); +} + #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_mac_alg_protection_bad(void) { @@ -231,12 +247,17 @@ } #endif -static int test_validate_msg_signature_srvcert_wrong(void) +static int test_validate_msg_signature_srvcert(int bad_sig, int miss, int wrong) { SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - fixture->expected = 0; + fixture->cert = srvcert; + fixture->expected = !bad_sig && !wrong && !miss; if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) - || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, clcert))) { + || !TEST_true(miss ? OSSL_CMP_CTX_set1_secretValue(fixture->cmp_ctx, + sec_1, sizeof(sec_1)) + : OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, + wrong? clcert : srvcert)) + || (bad_sig && !flip_bit(fixture->msg->protection))) { tear_down(fixture); fixture = NULL; } @@ -244,30 +265,26 @@ return result; } -static int test_validate_msg_signature_srvcert(int bad_sig) +static int test_validate_msg_signature_srvcert_missing(void) { - SETUP_TEST_FIXTURE(CMP_VFY_TEST_FIXTURE, set_up); - fixture->expected = !bad_sig; - if (!TEST_ptr(fixture->msg = load_pkimsg(ir_protected_f, libctx)) - || !TEST_true(OSSL_CMP_CTX_set1_srvCert(fixture->cmp_ctx, srvcert)) - || (bad_sig && !flip_bit(fixture->msg->protection))) { - tear_down(fixture); - fixture = NULL; - } - EXECUTE_TEST(execute_validate_msg_test, tear_down); - return result; + return test_validate_msg_signature_srvcert(0, 1, 0); +} + +static int test_validate_msg_signature_srvcert_wrong(void) +{ + return test_validate_msg_signature_srvcert(0, 0, 1); } #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION static int test_validate_msg_signature_bad(void) { - return test_validate_msg_signature_srvcert(1); + return test_validate_msg_signature_srvcert(1, 0, 0); } #endif static int test_validate_msg_signature_sender_cert_srvcert(void) { - return test_validate_msg_signature_srvcert(0); + return test_validate_msg_signature_srvcert(0, 0, 0); } static int test_validate_msg_signature_sender_cert_untrusted(void) @@ -634,6 +651,7 @@ ADD_TEST(test_validate_msg_signature_trusted_ok); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_signature_trusted_expired); + ADD_TEST(test_validate_msg_signature_srvcert_missing); #endif ADD_TEST(test_validate_msg_signature_srvcert_wrong); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION @@ -651,8 +669,10 @@ #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION ADD_TEST(test_validate_msg_unprotected_request); #endif - ADD_TEST(test_validate_msg_mac_alg_protection); + ADD_TEST(test_validate_msg_mac_alg_protection_ok); #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + ADD_TEST(test_validate_msg_mac_alg_protection_missing); + ADD_TEST(test_validate_msg_mac_alg_protection_wrong); ADD_TEST(test_validate_msg_mac_alg_protection_bad); #endif diff -Nru openssl-3.0.7/test/ectest.c openssl-3.0.8/test/ectest.c --- openssl-3.0.7/test/ectest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/ectest.c 2023-02-07 14:43:33.000000000 +0100 @@ -2724,6 +2724,13 @@ if (!TEST_ptr(ctx = BN_CTX_new())) return 0; + BN_CTX_start(ctx); + if (!TEST_ptr(p = BN_CTX_get(ctx)) + || !TEST_ptr(a = BN_CTX_get(ctx)) + || !TEST_ptr(b = BN_CTX_get(ctx)) + || !TEST_ptr(k = BN_CTX_get(ctx))) + goto err; + if (!TEST_ptr(group = EC_GROUP_new_by_curve_name(nid))) goto err; @@ -2735,13 +2742,6 @@ } #endif - BN_CTX_start(ctx); - if (!TEST_ptr(p = BN_CTX_get(ctx)) - || !TEST_ptr(a = BN_CTX_get(ctx)) - || !TEST_ptr(b = BN_CTX_get(ctx)) - || !TEST_ptr(k = BN_CTX_get(ctx))) - goto err; - /* expected byte length of encoded points */ bsize = (EC_GROUP_get_degree(group) + 7) / 8; bsize = 1 + 2 * bsize; /* UNCOMPRESSED_POINT format */ diff -Nru openssl-3.0.7/test/evp_extra_test2.c openssl-3.0.8/test/evp_extra_test2.c --- openssl-3.0.7/test/evp_extra_test2.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/evp_extra_test2.c 2023-02-07 14:43:33.000000000 +0100 @@ -356,6 +356,37 @@ EVP_PKEY_CTX_free(gctx); return ret; } + +static int test_dh_paramgen(void) +{ + int ret; + OSSL_PARAM params[3]; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *gctx = NULL; + unsigned int pbits = 512; /* minimum allowed for speed */ + + params[0] = OSSL_PARAM_construct_uint(OSSL_PKEY_PARAM_FFC_PBITS, &pbits); + params[1] = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, + "generator", 0); + params[2] = OSSL_PARAM_construct_end(); + + ret = TEST_ptr(gctx = EVP_PKEY_CTX_new_from_name(mainctx, "DH", NULL)) + && TEST_int_gt(EVP_PKEY_paramgen_init(gctx), 0) + && TEST_true(EVP_PKEY_CTX_set_params(gctx, params)) + && TEST_true(EVP_PKEY_paramgen(gctx, &pkey)) + && TEST_ptr(pkey); + + EVP_PKEY_CTX_free(gctx); + gctx = NULL; + + ret = ret && TEST_ptr(gctx = EVP_PKEY_CTX_new_from_pkey(mainctx, pkey, NULL)) + && TEST_int_eq(EVP_PKEY_param_check(gctx), 1) + && TEST_int_eq(EVP_PKEY_param_check_quick(gctx), 1); + + EVP_PKEY_CTX_free(gctx); + EVP_PKEY_free(pkey); + return ret; +} #endif #ifndef OPENSSL_NO_EC @@ -382,6 +413,19 @@ } #endif +#ifndef OPENSSL_NO_SM2 +static int test_sm2_tofrom_data_select(void) +{ + int ret; + EVP_PKEY *key = NULL; + + ret = TEST_ptr(key = EVP_PKEY_Q_keygen(mainctx, NULL, "SM2")) + && TEST_true(do_pkey_tofrom_data_select(key, "SM2")); + EVP_PKEY_free(key); + return ret; +} +#endif + static int test_rsa_tofrom_data_select(void) { int ret; @@ -1105,12 +1149,16 @@ #else ADD_ALL_TESTS(test_d2i_PrivateKey_ex, 1); #endif +#ifndef OPENSSL_NO_SM2 + ADD_TEST(test_sm2_tofrom_data_select); +#endif #ifndef OPENSSL_NO_DSA ADD_TEST(test_dsa_todata); ADD_TEST(test_dsa_tofrom_data_select); #endif #ifndef OPENSSL_NO_DH ADD_TEST(test_dh_tofrom_data_select); + ADD_TEST(test_dh_paramgen); #endif ADD_TEST(test_rsa_tofrom_data_select); diff -Nru openssl-3.0.7/test/evp_extra_test.c openssl-3.0.8/test/evp_extra_test.c --- openssl-3.0.7/test/evp_extra_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/evp_extra_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -31,6 +31,7 @@ #include #include #include +#include #include "testutil.h" #include "internal/nelem.h" #include "internal/sizes.h" @@ -2039,7 +2040,7 @@ sizeof(kMsg)))) goto done; - if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) + if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) goto done; if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) @@ -4622,11 +4623,13 @@ EVP_PKEY *pkey; - pkey = EVP_PKEY_new_raw_private_key(ecxnids[tst], NULL, &ecxkeydata, 1); + pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), + NULL, &ecxkeydata, 1); if (!TEST_ptr_null(pkey)) { EVP_PKEY_free(pkey); return 0; } + return 1; } @@ -4647,6 +4650,73 @@ return options; } +#ifndef OPENSSL_NO_EC +/* Test that trying to sign with a public key errors out gracefully */ +static int test_ecx_not_private_key(int tst) +{ + EVP_PKEY *pkey = NULL; + + const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; + int testresult = 0; + EVP_MD_CTX *ctx = NULL; + unsigned char *mac = NULL; + size_t maclen = 0; + unsigned char *pubkey; + size_t pubkeylen; + + switch (keys[tst].type) { + case NID_X25519: + case NID_X448: + return TEST_skip("signing not supported for X25519/X448"); + } + + /* Check if this algorithm supports public keys */ + if (keys[tst].pub == NULL) + return TEST_skip("no public key present"); + + pubkey = (unsigned char *)keys[tst].pub; + pubkeylen = strlen(keys[tst].pub); + + pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), + NULL, pubkey, pubkeylen); + if (!TEST_ptr(pkey)) + goto err; + + if (!TEST_ptr(ctx = EVP_MD_CTX_new())) + goto err; + + if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) + goto check_err; + + if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) + goto check_err; + + if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) + goto err; + + if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) + goto err; + + check_err: + /* + * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, + * but we relax the check to allow error also thrown by + * EVP_DigestSignInit and EVP_DigestSign. + */ + if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { + testresult = 1; + ERR_clear_error(); + } + + err: + EVP_MD_CTX_free(ctx); + OPENSSL_free(mac); + EVP_PKEY_free(pkey); + + return testresult; +} +#endif /* OPENSSL_NO_EC */ + int setup_tests(void) { OPTION_CHOICE o; @@ -4782,6 +4852,10 @@ ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); +#ifndef OPENSSL_NO_EC + ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); +#endif + return 1; } diff -Nru openssl-3.0.7/test/evp_kdf_test.c openssl-3.0.8/test/evp_kdf_test.c --- openssl-3.0.7/test/evp_kdf_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/evp_kdf_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -1399,7 +1399,7 @@ { int ret; EVP_KDF_CTX *kctx; - OSSL_PARAM params[6], *p = params; + OSSL_PARAM params[7], *p = params; unsigned char out[64]; size_t mac_size = 20; static unsigned char z[] = { @@ -1422,6 +1422,9 @@ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, (char *)OSSL_MAC_NAME_KMAC128, 0); + /* The digest parameter is not needed here and should be ignored */ + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + (char *)"SHA256", 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, z, sizeof(z)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, other, sizeof(other)); @@ -1432,7 +1435,12 @@ ret = TEST_ptr(kctx = get_kdfbyname(OSSL_KDF_NAME_SSKDF)) - && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), params), 0) + && TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), 0) + && TEST_int_eq(EVP_KDF_CTX_set_params(kctx, params), 1) + /* The bug fix for KMAC returning SIZE_MAX was added in 3.0.8 */ + && (fips_provider_version_lt(NULL, 3, 0, 8) + || TEST_size_t_eq(EVP_KDF_CTX_get_kdf_size(kctx), SIZE_MAX)) + && TEST_int_gt(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0) && TEST_mem_eq(out, sizeof(out), expected, sizeof(expected)); EVP_KDF_CTX_free(kctx); diff -Nru openssl-3.0.7/test/evp_pkey_provided_test.c openssl-3.0.8/test/evp_pkey_provided_test.c --- openssl-3.0.7/test/evp_pkey_provided_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/evp_pkey_provided_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -188,7 +188,12 @@ /* Unencrypted private key in PEM form */ || !TEST_true(PEM_write_bio_PrivateKey(membio, pk, NULL, NULL, 0, NULL, NULL)) - || !TEST_true(compare_with_file(alg, PRIV_PEM, membio))) + || !TEST_true(compare_with_file(alg, PRIV_PEM, membio)) + /* NULL key */ + || !TEST_false(PEM_write_bio_PrivateKey(membio, NULL, + NULL, NULL, 0, NULL, NULL)) + || !TEST_false(PEM_write_bio_PrivateKey_traditional(membio, NULL, + NULL, NULL, 0, NULL, NULL))) goto err; ret = 1; @@ -1180,13 +1185,20 @@ 0x7f, 0x59, 0x5f, 0x8c, 0xd1, 0x96, 0x0b, 0xdf, 0x29, 0x3e, 0x49, 0x07, 0x88, 0x3f, 0x9a, 0x29 }; + /* SAME BUT COMPRESSED FORMAT */ + static const unsigned char ec_pub_keydata_compressed[] = { + POINT_CONVERSION_COMPRESSED+1, + 0x1b, 0x93, 0x67, 0x55, 0x1c, 0x55, 0x9f, 0x63, + 0xd1, 0x22, 0xa4, 0xd8, 0xd1, 0x0a, 0x60, 0x6d, + 0x02, 0xa5, 0x77, 0x57, 0xc8, 0xa3, 0x47, 0x73, + 0x3a, 0x6a, 0x08, 0x28, 0x39, 0xbd, 0xc9, 0xd2 + }; static const unsigned char ec_priv_keydata[] = { 0x33, 0xd0, 0x43, 0x83, 0xa9, 0x89, 0x56, 0x03, 0xd2, 0xd7, 0xfe, 0x6b, 0x01, 0x6f, 0xe4, 0x59, 0xcc, 0x0d, 0x9a, 0x24, 0x6c, 0x86, 0x1b, 0x2e, 0xdc, 0x4b, 0x4d, 0x35, 0x43, 0xe1, 0x1b, 0xad }; - const int compressed_sz = 1 + (sizeof(ec_pub_keydata) - 1) / 2; unsigned char out_pub[sizeof(ec_pub_keydata)]; char out_curve_name[80]; const OSSL_PARAM *gettable = NULL; @@ -1209,9 +1221,17 @@ if (OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_PKEY_PARAM_GROUP_NAME, curve, 0) <= 0) goto err; + /* + * We intentionally provide the input point in compressed format, + * and avoid setting `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT`. + * + * Later on we check what format is used when exporting the + * `OSSL_PKEY_PARAM_PUB_KEY` and expect to default to uncompressed + * format. + */ if (OSSL_PARAM_BLD_push_octet_string(bld, OSSL_PKEY_PARAM_PUB_KEY, - ec_pub_keydata, - sizeof(ec_pub_keydata)) <= 0) + ec_pub_keydata_compressed, + sizeof(ec_pub_keydata_compressed)) <= 0) goto err; if (OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, ec_priv_bn) <= 0) goto err; @@ -1282,9 +1302,17 @@ || !TEST_str_eq(out_curve_name, curve) || !EVP_PKEY_get_octet_string_param(pk, OSSL_PKEY_PARAM_PUB_KEY, out_pub, sizeof(out_pub), &len) - || !TEST_true(out_pub[0] == (POINT_CONVERSION_COMPRESSED + 1)) + + /* + * Our providers use uncompressed format by default if + * `OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT` was not + * explicitly set, irrespective of the format used for the + * input point given as a param to create this key. + */ + || !TEST_true(out_pub[0] == POINT_CONVERSION_UNCOMPRESSED) || !TEST_mem_eq(out_pub + 1, len - 1, - ec_pub_keydata + 1, compressed_sz - 1) + ec_pub_keydata + 1, sizeof(ec_pub_keydata) - 1) + || !TEST_true(EVP_PKEY_get_bn_param(pk, OSSL_PKEY_PARAM_PRIV_KEY, &bn_priv)) || !TEST_BN_eq(ec_priv_bn, bn_priv)) diff -Nru openssl-3.0.7/test/exptest.c openssl-3.0.8/test/exptest.c --- openssl-3.0.7/test/exptest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/exptest.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -49,7 +49,8 @@ BIGNUM *r = NULL; BN_ULONG one_word = 1; BN_CTX *ctx = BN_CTX_new(); - int ret = 1, failed = 0; + int ret = 0, failed = 0; + BN_MONT_CTX *mont = NULL; if (!TEST_ptr(m = BN_new()) || !TEST_ptr(a = BN_new()) @@ -94,6 +95,33 @@ if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) failed = 1; + if (!TEST_ptr(mont = BN_MONT_CTX_new())) + goto err; + + ERR_set_mark(); + /* mont is not set but passed in */ + if (!TEST_false(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont))) + goto err; + if (!TEST_false(BN_mod_exp_mont(r, p, a, m, ctx, mont))) + goto err; + ERR_pop_to_mark(); + + if (!TEST_true(BN_MONT_CTX_set(mont, m, ctx))) + goto err; + + /* we compute 0 ** a mod 1 here, to execute code that uses mont */ + if (!TEST_true(BN_mod_exp_mont_consttime(r, p, a, m, ctx, mont))) + goto err; + + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont_consttime", r, a))) + failed = 1; + + if (!TEST_true(BN_mod_exp_mont(r, p, a, m, ctx, mont))) + goto err; + + if (!TEST_true(a_is_zero_mod_one("BN_mod_exp_mont", r, a))) + failed = 1; + /* * A different codepath exists for single word multiplication * in non-constant-time only. @@ -114,6 +142,7 @@ BN_free(a); BN_free(p); BN_free(m); + BN_MONT_CTX_free(mont); BN_CTX_free(ctx); return ret; diff -Nru openssl-3.0.7/test/fake_rsaprov.c openssl-3.0.8/test/fake_rsaprov.c --- openssl-3.0.7/test/fake_rsaprov.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/fake_rsaprov.c 2023-02-07 14:43:33.000000000 +0100 @@ -22,24 +22,34 @@ static OSSL_FUNC_keymgmt_query_operation_name_fn fake_rsa_keymgmt_query; static OSSL_FUNC_keymgmt_import_fn fake_rsa_keymgmt_import; static OSSL_FUNC_keymgmt_import_types_fn fake_rsa_keymgmt_imptypes; +static OSSL_FUNC_keymgmt_export_fn fake_rsa_keymgmt_export; +static OSSL_FUNC_keymgmt_export_types_fn fake_rsa_keymgmt_exptypes; static OSSL_FUNC_keymgmt_load_fn fake_rsa_keymgmt_load; static int has_selection; static int imptypes_selection; +static int exptypes_selection; static int query_id; +struct fake_rsa_keydata { + int selection; + int status; +}; + static void *fake_rsa_keymgmt_new(void *provctx) { - unsigned char *keydata = OPENSSL_zalloc(1); + struct fake_rsa_keydata *key; - TEST_ptr(keydata); + if (!TEST_ptr(key = OPENSSL_zalloc(sizeof(struct fake_rsa_keydata)))) + return NULL; /* clear test globals */ has_selection = 0; imptypes_selection = 0; + exptypes_selection = 0; query_id = 0; - return keydata; + return key; } static void fake_rsa_keymgmt_free(void *keydata) @@ -67,14 +77,104 @@ static int fake_rsa_keymgmt_import(void *keydata, int selection, const OSSL_PARAM *p) { - unsigned char *fake_rsa_key = keydata; + struct fake_rsa_keydata *fake_rsa_key = keydata; /* key was imported */ - *fake_rsa_key = 1; + fake_rsa_key->status = 1; return 1; } +static unsigned char fake_rsa_n[] = + "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" + "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" + "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" + "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" + "\xF5"; + +static unsigned char fake_rsa_e[] = "\x11"; + +static unsigned char fake_rsa_d[] = + "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" + "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" + "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" + "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + +static unsigned char fake_rsa_p[] = + "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" + "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" + "\x0D"; + +static unsigned char fake_rsa_q[] = + "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" + "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" + "\x89"; + +static unsigned char fake_rsa_dmp1[] = + "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" + "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + +static unsigned char fake_rsa_dmq1[] = + "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" + "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" + "\x51"; + +static unsigned char fake_rsa_iqmp[] = + "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" + "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + +OSSL_PARAM *fake_rsa_key_params(int priv) +{ + if (priv) { + OSSL_PARAM params[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, + sizeof(fake_rsa_n) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, + sizeof(fake_rsa_e) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_D, fake_rsa_d, + sizeof(fake_rsa_d) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR1, fake_rsa_p, + sizeof(fake_rsa_p) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_FACTOR2, fake_rsa_q, + sizeof(fake_rsa_q) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT1, fake_rsa_dmp1, + sizeof(fake_rsa_dmp1) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_EXPONENT2, fake_rsa_dmq1, + sizeof(fake_rsa_dmq1) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_COEFFICIENT1, fake_rsa_iqmp, + sizeof(fake_rsa_iqmp) -1), + OSSL_PARAM_END + }; + return OSSL_PARAM_dup(params); + } else { + OSSL_PARAM params[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, fake_rsa_n, + sizeof(fake_rsa_n) -1), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, fake_rsa_e, + sizeof(fake_rsa_e) -1), + OSSL_PARAM_END + }; + return OSSL_PARAM_dup(params); + } +} + +static int fake_rsa_keymgmt_export(void *keydata, int selection, + OSSL_CALLBACK *param_callback, void *cbarg) +{ + OSSL_PARAM *params = NULL; + int ret; + + if (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) + return 0; + + if (!TEST_ptr(params = fake_rsa_key_params(0))) + return 0; + + ret = param_callback(params, cbarg); + OSSL_PARAM_free(params); + return ret; +} + static const OSSL_PARAM fake_rsa_import_key_types[] = { OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), @@ -95,19 +195,33 @@ return fake_rsa_import_key_types; } +static const OSSL_PARAM fake_rsa_export_key_types[] = { + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_N, NULL, 0), + OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *fake_rsa_keymgmt_exptypes(int selection) +{ + /* record global for checking */ + exptypes_selection = selection; + + return fake_rsa_export_key_types; +} + static void *fake_rsa_keymgmt_load(const void *reference, size_t reference_sz) { - unsigned char *key = NULL; + struct fake_rsa_keydata *key = NULL; - if (reference_sz != sizeof(key)) + if (reference_sz != sizeof(*key)) return NULL; - key = *(unsigned char **)reference; - if (*key != 1) + key = *(struct fake_rsa_keydata **)reference; + if (key->status != 1) return NULL; /* detach the reference */ - *(unsigned char **)reference = NULL; + *(struct fake_rsa_keydata **)reference = NULL; return key; } @@ -129,7 +243,7 @@ { unsigned char *gctx = genctx; static const unsigned char inited[] = { 1 }; - unsigned char *keydata; + struct fake_rsa_keydata *keydata; if (!TEST_ptr(gctx) || !TEST_mem_eq(gctx, sizeof(*gctx), inited, sizeof(inited))) @@ -138,7 +252,7 @@ if (!TEST_ptr(keydata = fake_rsa_keymgmt_new(NULL))) return NULL; - *keydata = 2; + keydata->status = 2; return keydata; } @@ -156,6 +270,9 @@ { OSSL_FUNC_KEYMGMT_IMPORT, (void (*)(void))fake_rsa_keymgmt_import }, { OSSL_FUNC_KEYMGMT_IMPORT_TYPES, (void (*)(void))fake_rsa_keymgmt_imptypes }, + { OSSL_FUNC_KEYMGMT_EXPORT, (void (*)(void))fake_rsa_keymgmt_export }, + { OSSL_FUNC_KEYMGMT_EXPORT_TYPES, + (void (*)(void))fake_rsa_keymgmt_exptypes }, { OSSL_FUNC_KEYMGMT_LOAD, (void (*)(void))fake_rsa_keymgmt_load }, { OSSL_FUNC_KEYMGMT_GEN_INIT, (void (*)(void))fake_rsa_gen_init }, { OSSL_FUNC_KEYMGMT_GEN, (void (*)(void))fake_rsa_gen }, @@ -191,14 +308,14 @@ const OSSL_PARAM params[]) { unsigned char *sigctx = ctx; - unsigned char *keydata = provkey; + struct fake_rsa_keydata *keydata = provkey; /* we must have a ctx */ if (!TEST_ptr(sigctx)) return 0; /* we must have some initialized key */ - if (!TEST_ptr(keydata) || !TEST_int_gt(keydata[0], 0)) + if (!TEST_ptr(keydata) || !TEST_int_gt(keydata->status, 0)) return 0; /* record that sign init was called */ @@ -289,7 +406,7 @@ unsigned char *storectx = loaderctx; OSSL_PARAM params[4]; int object_type = OSSL_OBJECT_PKEY; - void *key = NULL; + struct fake_rsa_keydata *key = NULL; int rv = 0; switch (*storectx) { @@ -307,7 +424,7 @@ /* The address of the key becomes the octet string */ params[2] = OSSL_PARAM_construct_octet_string(OSSL_OBJECT_PARAM_REFERENCE, - &key, sizeof(key)); + &key, sizeof(*key)); params[3] = OSSL_PARAM_construct_end(); rv = object_cb(params, object_cbarg); *storectx = 1; diff -Nru openssl-3.0.7/test/fake_rsaprov.h openssl-3.0.8/test/fake_rsaprov.h --- openssl-3.0.7/test/fake_rsaprov.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/fake_rsaprov.h 2023-02-07 14:43:33.000000000 +0100 @@ -12,3 +12,4 @@ /* Fake RSA provider implementation */ OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx); void fake_rsa_finish(OSSL_PROVIDER *p); +OSSL_PARAM *fake_rsa_key_params(int priv); diff -Nru openssl-3.0.7/test/ffc_internal_test.c openssl-3.0.8/test/ffc_internal_test.c --- openssl-3.0.7/test/ffc_internal_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/ffc_internal_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -510,6 +510,27 @@ if (!TEST_true(ossl_ffc_validate_public_key(params, pub, &res))) goto err; + /* Fail if params is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(NULL, pub, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + /* Fail if pubkey is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(params, NULL, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + + BN_free(params->p); + params->p = NULL; + /* Fail if params->p is NULL */ + if (!TEST_false(ossl_ffc_validate_public_key(params, pub, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + ret = 1; err: DH_free(dh); @@ -567,6 +588,16 @@ if (!TEST_true(ossl_ffc_validate_private_key(params->q, priv, &res))) goto err; + if (!TEST_false(ossl_ffc_validate_private_key(NULL, priv, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + res = -1; + if (!TEST_false(ossl_ffc_validate_private_key(params->q, NULL, &res))) + goto err; + if (!TEST_int_eq(FFC_ERROR_PASSED_NULL_PARAM, res)) + goto err; + ret = 1; err: DH_free(dh); diff -Nru openssl-3.0.7/test/keymgmt_internal_test.c openssl-3.0.8/test/keymgmt_internal_test.c --- openssl-3.0.7/test/keymgmt_internal_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/keymgmt_internal_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -227,7 +227,7 @@ while (dup_pk == NULL) { ret = 0; km = km3; - /* Check that we can't export an RSA key into a RSA-PSS keymanager */ + /* Check that we can't export an RSA key into an RSA-PSS keymanager */ if (!TEST_ptr_null(provkey2 = evp_pkey_export_to_provider(pk, NULL, &km, NULL))) diff -Nru openssl-3.0.7/test/packettest.c openssl-3.0.8/test/packettest.c --- openssl-3.0.7/test/packettest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/packettest.c 2023-02-07 14:43:33.000000000 +0100 @@ -12,13 +12,13 @@ #define BUF_LEN 255 -static unsigned char smbuf[BUF_LEN]; +static unsigned char smbuf[BUF_LEN + 1]; static int test_PACKET_remaining(void) { PACKET pkt; - if (!TEST_true(PACKET_buf_init(&pkt, smbuf, sizeof(smbuf))) + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) || !TEST_size_t_eq(PACKET_remaining(&pkt), 1) @@ -33,7 +33,7 @@ { PACKET pkt; - if (!TEST_true(PACKET_buf_init(&pkt, smbuf, sizeof(smbuf))) + if (!TEST_true(PACKET_buf_init(&pkt, smbuf, BUF_LEN)) || !TEST_size_t_eq(PACKET_remaining(&pkt), BUF_LEN) || !TEST_ptr_eq(PACKET_end(&pkt), smbuf + BUF_LEN) || !TEST_true(PACKET_forward(&pkt, BUF_LEN - 1)) diff -Nru openssl-3.0.7/test/param_build_test.c openssl-3.0.8/test/param_build_test.c --- openssl-3.0.7/test/param_build_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/param_build_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -16,11 +16,78 @@ static const OSSL_PARAM params_empty[] = { OSSL_PARAM_END }; +static int template_public_single_zero_test(void) +{ + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL, *params_blt = NULL, *p; + BIGNUM *zbn = NULL, *zbn_res = NULL; + int res = 0; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(zbn = BN_new()) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) + || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + params = params_blt; + /* Check BN (zero BN becomes unsigned integer) */ + if (!TEST_ptr(p = OSSL_PARAM_locate(params, "zeronumber")) + || !TEST_str_eq(p->key, "zeronumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) + || !TEST_BN_eq(zbn_res, zbn)) + goto err; + res = 1; +err: + if (params != params_blt) + OPENSSL_free(params); + OSSL_PARAM_free(params_blt); + OSSL_PARAM_BLD_free(bld); + BN_free(zbn); + BN_free(zbn_res); + return res; +} + +static int template_private_single_zero_test(void) +{ + OSSL_PARAM_BLD *bld = NULL; + OSSL_PARAM *params = NULL, *params_blt = NULL, *p; + BIGNUM *zbn = NULL, *zbn_res = NULL; + int res = 0; + + if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) + || !TEST_ptr(zbn = BN_secure_new()) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) + || !TEST_ptr(params_blt = OSSL_PARAM_BLD_to_param(bld))) + goto err; + + params = params_blt; + /* Check BN (zero BN becomes unsigned integer) */ + if (!TEST_ptr(p = OSSL_PARAM_locate(params, "zeronumber")) + || !TEST_true(CRYPTO_secure_allocated(p->data)) + || !TEST_str_eq(p->key, "zeronumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) + || !TEST_int_eq(BN_get_flags(zbn, BN_FLG_SECURE), BN_FLG_SECURE) + || !TEST_BN_eq(zbn_res, zbn)) + goto err; + res = 1; +err: + if (params != params_blt) + OPENSSL_free(params); + OSSL_PARAM_free(params_blt); + OSSL_PARAM_BLD_free(bld); + BN_free(zbn); + BN_free(zbn_res); + return res; +} + static int template_public_test(int tstid) { OSSL_PARAM_BLD *bld = OSSL_PARAM_BLD_new(); OSSL_PARAM *params = NULL, *params_blt = NULL, *p1 = NULL, *p; BIGNUM *bn = NULL, *bn_res = NULL; + BIGNUM *zbn = NULL, *zbn_res = NULL; int i; long int l; int32_t i32; @@ -37,6 +104,8 @@ || !TEST_true(OSSL_PARAM_BLD_push_int64(bld, "i64", -9999999)) || !TEST_true(OSSL_PARAM_BLD_push_time_t(bld, "t", 11224)) || !TEST_true(OSSL_PARAM_BLD_push_double(bld, "d", 1.61803398875)) + || !TEST_ptr(zbn = BN_new()) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) || !TEST_ptr(bn = BN_new()) || !TEST_true(BN_set_word(bn, 1729)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) @@ -118,6 +187,12 @@ || !TEST_ptr(p = OSSL_PARAM_locate(params, "utf8_p")) || !TEST_true(OSSL_PARAM_get_utf8_ptr(p, &cutf)) || !TEST_str_eq(cutf, "bar-boom") + /* Check BN (zero BN becomes unsigned integer) */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "zeronumber")) + || !TEST_str_eq(p->key, "zeronumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) + || !TEST_BN_eq(zbn_res, zbn) /* Check BN */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) || !TEST_str_eq(p->key, "bignumber") @@ -133,6 +208,8 @@ OSSL_PARAM_free(params_blt); OSSL_PARAM_BLD_free(bld); OPENSSL_free(utf); + BN_free(zbn); + BN_free(zbn_res); BN_free(bn); BN_free(bn_res); return res; @@ -152,6 +229,7 @@ uint32_t i32; uint64_t i64; size_t st; + BIGNUM *zbn = NULL, *zbn_res = NULL; BIGNUM *bn = NULL, *bn_res = NULL; int res = 0; @@ -170,6 +248,8 @@ || !TEST_true(OSSL_PARAM_BLD_push_uint32(bld, "i32", 1532)) || !TEST_true(OSSL_PARAM_BLD_push_uint64(bld, "i64", 9999999)) || !TEST_true(OSSL_PARAM_BLD_push_size_t(bld, "st", 65537)) + || !TEST_ptr(zbn = BN_secure_new()) + || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "zeronumber", zbn)) || !TEST_ptr(bn = BN_secure_new()) || !TEST_true(BN_set_word(bn, 1729)) || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, "bignumber", bn)) @@ -251,6 +331,14 @@ || !TEST_str_eq(p->key, "oct_p") || !TEST_uint_eq(p->data_type, OSSL_PARAM_OCTET_PTR) || !TEST_mem_eq(*(void **)p->data, p->data_size, data2, data2_size) + /* Check BN (zero BN becomes unsigned integer) */ + || !TEST_ptr(p = OSSL_PARAM_locate(params, "zeronumber")) + || !TEST_true(CRYPTO_secure_allocated(p->data)) + || !TEST_str_eq(p->key, "zeronumber") + || !TEST_uint_eq(p->data_type, OSSL_PARAM_UNSIGNED_INTEGER) + || !TEST_true(OSSL_PARAM_get_BN(p, &zbn_res)) + || !TEST_int_eq(BN_get_flags(zbn, BN_FLG_SECURE), BN_FLG_SECURE) + || !TEST_BN_eq(zbn_res, zbn) /* Check BN */ || !TEST_ptr(p = OSSL_PARAM_locate(params, "bignumber")) || !TEST_true(CRYPTO_secure_allocated(p->data)) @@ -269,6 +357,8 @@ OSSL_PARAM_BLD_free(bld); OPENSSL_secure_free(data1); OPENSSL_secure_free(data2); + BN_free(zbn); + BN_free(zbn_res); BN_free(bn); BN_free(bn_res); return res; @@ -432,10 +522,13 @@ int setup_tests(void) { + ADD_TEST(template_public_single_zero_test); ADD_ALL_TESTS(template_public_test, 5); /* Only run the secure memory testing if we have secure memory available */ - if (CRYPTO_secure_malloc_init(1<<16, 16)) + if (CRYPTO_secure_malloc_init(1<<16, 16)) { + ADD_TEST(template_private_single_zero_test); ADD_ALL_TESTS(template_private_test, 5); + } ADD_TEST(builder_limit_test); ADD_TEST(builder_merge_test); return 1; diff -Nru openssl-3.0.7/test/pemtest.c openssl-3.0.8/test/pemtest.c --- openssl-3.0.7/test/pemtest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/pemtest.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -96,6 +96,35 @@ return 1; } +static int test_empty_payload(void) +{ + BIO *b; + static char *emptypay = + "-----BEGIN CERTIFICATE-----\n" + "-\n" /* Base64 EOF character */ + "-----END CERTIFICATE-----"; + char *name = NULL, *header = NULL; + unsigned char *data = NULL; + long len; + int ret = 0; + + b = BIO_new_mem_buf(emptypay, strlen(emptypay)); + if (!TEST_ptr(b)) + return 0; + + /* Expected to fail because the payload is empty */ + if (!TEST_false(PEM_read_bio_ex(b, &name, &header, &data, &len, 0))) + goto err; + + ret = 1; + err: + OPENSSL_free(name); + OPENSSL_free(header); + OPENSSL_free(data); + BIO_free(b); + return ret; +} + int setup_tests(void) { if (!TEST_ptr(pemfile = test_get_argument(0))) @@ -103,5 +132,6 @@ ADD_ALL_TESTS(test_b64, OSSL_NELEM(b64_pem_data)); ADD_TEST(test_invalid); ADD_TEST(test_cert_key_cert); + ADD_TEST(test_empty_payload); return 1; } diff -Nru openssl-3.0.7/test/property_test.c openssl-3.0.8/test/property_test.c --- openssl-3.0.7/test/property_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/property_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -165,6 +165,7 @@ { 0, "a=abc,#@!, n=1" }, /* non-ASCII character located */ { 1, "a='Hello" }, /* Unterminated string */ { 0, "a=\"World" }, /* Unterminated string */ + { 0, "a=_abd_" }, /* Unquoted string not starting with alphabetic */ { 1, "a=2, n=012345678" }, /* Bad octal digit */ { 0, "n=0x28FG, a=3" }, /* Bad hex digit */ { 0, "n=145d, a=2" }, /* Bad decimal digit */ @@ -255,19 +256,42 @@ static int test_property_defn_cache(void) { OSSL_METHOD_STORE *store; - OSSL_PROPERTY_LIST *red, *blue; - int r = 0; + OSSL_PROPERTY_LIST *red = NULL, *blue = NULL, *blue2 = NULL; + int r; - if (TEST_ptr(store = ossl_method_store_new(NULL)) + r = TEST_ptr(store = ossl_method_store_new(NULL)) && add_property_names("red", "blue", NULL) && TEST_ptr(red = ossl_parse_property(NULL, "red")) && TEST_ptr(blue = ossl_parse_property(NULL, "blue")) && TEST_ptr_ne(red, blue) - && TEST_true(ossl_prop_defn_set(NULL, "red", red)) - && TEST_true(ossl_prop_defn_set(NULL, "blue", blue)) - && TEST_ptr_eq(ossl_prop_defn_get(NULL, "red"), red) - && TEST_ptr_eq(ossl_prop_defn_get(NULL, "blue"), blue)) - r = 1; + && TEST_true(ossl_prop_defn_set(NULL, "red", &red)); + + if (!r) { + ossl_property_free(red); + red = NULL; + ossl_property_free(blue); + blue = NULL; + } + + r = r && TEST_true(ossl_prop_defn_set(NULL, "blue", &blue)); + if (!r) { + ossl_property_free(blue); + blue = NULL; + } + + r = r && TEST_ptr_eq(ossl_prop_defn_get(NULL, "red"), red) + && TEST_ptr_eq(ossl_prop_defn_get(NULL, "blue"), blue) + && TEST_ptr(blue2 = ossl_parse_property(NULL, "blue")) + && TEST_ptr_ne(blue2, blue) + && TEST_true(ossl_prop_defn_set(NULL, "blue", &blue2)); + if (!r) { + ossl_property_free(blue2); + blue2 = NULL; + } + + r = r && TEST_ptr_eq(blue2, blue) + && TEST_ptr_eq(ossl_prop_defn_get(NULL, "blue"), blue); + ossl_method_store_free(store); return r; } diff -Nru openssl-3.0.7/test/provider_pkey_test.c openssl-3.0.8/test/provider_pkey_test.c --- openssl-3.0.7/test/provider_pkey_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/provider_pkey_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -176,6 +176,67 @@ return ret; } +static int test_pkey_eq(void) +{ + OSSL_PROVIDER *deflt = NULL; + OSSL_PROVIDER *fake_rsa = NULL; + EVP_PKEY *pkey_fake = NULL; + EVP_PKEY *pkey_dflt = NULL; + EVP_PKEY_CTX *ctx = NULL; + OSSL_PARAM *params = NULL; + int ret = 0; + + if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx))) + return 0; + + if (!TEST_ptr(deflt = OSSL_PROVIDER_load(libctx, "default"))) + goto end; + + /* Construct a public key for fake-rsa */ + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=fake-rsa")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_ptr(pkey_fake)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + OSSL_PARAM_free(params); + params = NULL; + + /* Construct a public key for default */ + if (!TEST_ptr(params = fake_rsa_key_params(0)) + || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA", + "provider=default")) + || !TEST_true(EVP_PKEY_fromdata_init(ctx)) + || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_dflt, EVP_PKEY_PUBLIC_KEY, + params)) + || !TEST_ptr(pkey_dflt)) + goto end; + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + OSSL_PARAM_free(params); + params = NULL; + + /* now test for equality */ + if (!TEST_int_eq(EVP_PKEY_eq(pkey_fake, pkey_dflt), 1)) + goto end; + + ret = 1; +end: + fake_rsa_finish(fake_rsa); + OSSL_PROVIDER_unload(deflt); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey_fake); + EVP_PKEY_free(pkey_dflt); + OSSL_PARAM_free(params); + return ret; +} + static int test_pkey_store(int idx) { OSSL_PROVIDER *deflt = NULL; @@ -235,6 +296,7 @@ ADD_TEST(test_pkey_sig); ADD_TEST(test_alternative_keygen_init); + ADD_TEST(test_pkey_eq); ADD_ALL_TESTS(test_pkey_store, 2); return 1; diff -Nru openssl-3.0.7/test/punycode_test.c openssl-3.0.8/test/punycode_test.c --- openssl-3.0.7/test/punycode_test.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/punycode_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -154,7 +154,7 @@ if (!TEST_true(ossl_punycode_decode(tc->encoded, strlen(tc->encoded), buffer, &bsize))) return 0; - for (i = 0; i < sizeof(tc->raw); i++) + for (i = 0; i < OSSL_NELEM(tc->raw); i++) if (tc->raw[i] == 0) break; if (!TEST_mem_eq(buffer, bsize * sizeof(*buffer), diff -Nru openssl-3.0.7/test/recipes/03-test_fipsinstall.t openssl-3.0.8/test/recipes/03-test_fipsinstall.t --- openssl-3.0.7/test/recipes/03-test_fipsinstall.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/03-test_fipsinstall.t 2023-02-07 14:43:33.000000000 +0100 @@ -28,6 +28,7 @@ my $infile = bldtop_file('providers', platform->dso('fips')); my $fipskey = $ENV{FIPSKEY} // config('FIPSKEY') // '00'; +my $provconf = srctop_file("test", "fips-and-base.cnf"); # Read in a text $infile and replace the regular expression in $srch with the # value in $repl and output to a new file $outfile. @@ -230,6 +231,12 @@ SKIP: { skip "Skipping Signature DSA corruption test because of no dsa in this build", 1 if disabled("dsa"); + + run(test(["fips_version_test", "-config", $provconf, "<3.1.0"]), + capture => 1, statusvar => \my $exit); + skip "FIPS provider version is too new for PCT DSA signature test", 1 + if !$exit; + ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', $infile, '-provider_name', 'fips', '-mac_name', 'HMAC', '-macopt', 'digest:SHA256', '-macopt', "hexkey:$fipskey", diff -Nru openssl-3.0.7/test/recipes/05-test_rand.t openssl-3.0.8/test/recipes/05-test_rand.t --- openssl-3.0.7/test/recipes/05-test_rand.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/05-test_rand.t 2023-02-07 14:43:33.000000000 +0100 @@ -11,9 +11,30 @@ use OpenSSL::Test; use OpenSSL::Test::Utils; -plan tests => 3; +plan tests => 5; setup("test_rand"); ok(run(test(["rand_test"]))); ok(run(test(["drbgtest"]))); ok(run(test(["rand_status_test"]))); + +SKIP: { + skip "engine is not supported by this OpenSSL build", 2 + if disabled("engine") || disabled("dynamic-engine"); + + my $success; + my @randdata; + my $expected = '0102030405060708090a0b0c0d0e0f10'; + + @randdata = run(app(['openssl', 'rand', '-engine', 'ossltest', '-hex', '16' ]), + capture => 1, statusvar => \$success); + chomp(@randdata); + ok($success and $randdata[0] eq $expected, + "rand with ossltest: Check rand output is as expected"); + + @randdata = run(app(['openssl', 'rand', '-engine', 'dasync', '-hex', '16' ]), + capture => 1, statusvar => \$success); + chomp(@randdata); + ok($success and length($randdata[0]) == 32, + "rand with dasync: Check rand output is of expected length"); +} diff -Nru openssl-3.0.7/test/recipes/15-test_rsapss.t openssl-3.0.8/test/recipes/15-test_rsapss.t --- openssl-3.0.7/test/recipes/15-test_rsapss.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/15-test_rsapss.t 2023-02-07 14:43:33.000000000 +0100 @@ -16,7 +16,7 @@ setup("test_rsapss"); -plan tests => 10; +plan tests => 11; #using test/testrsa.pem which happens to be a 512 bit RSA ok(run(app(['openssl', 'dgst', '-sign', srctop_file('test', 'testrsa.pem'), '-sha1', @@ -60,6 +60,15 @@ ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), '-sha1', + '-sigopt', 'rsa_padding_mode:pss', + '-sigopt', 'rsa_pss_saltlen:42', + '-sigopt', 'rsa_mgf1_md:sha512', + '-signature', 'testrsapss-restricted.sig', + srctop_file('test', 'testrsa.pem')])), + "openssl dgst -sign rsa512bit.pem -sha1 -sigopt rsa_pss_saltlen:max produces 42 bits of PSS salt"); + +ok(run(app(['openssl', 'dgst', '-prverify', srctop_file('test', 'testrsa.pem'), + '-sha1', '-sigopt', 'rsa_padding_mode:pss', '-signature', 'testrsapss-unrestricted.sig', srctop_file('test', 'testrsa.pem')])), diff -Nru openssl-3.0.7/test/recipes/20-test_dgst.t openssl-3.0.8/test/recipes/20-test_dgst.t --- openssl-3.0.7/test/recipes/20-test_dgst.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/20-test_dgst.t 2023-02-07 14:43:33.000000000 +0100 @@ -17,7 +17,7 @@ setup("test_dgst"); -plan tests => 12; +plan tests => 13; sub tsignverify { my $testtext = shift; @@ -51,6 +51,43 @@ $testtext.": Expect failure verifying mismatching data"); } +sub tsignverify_sha512 { + my $testtext = shift; + my $privkey = shift; + my $pubkey = shift; + + my $data_to_sign = srctop_file('test', 'data.bin'); + my $other_data = srctop_file('test', 'data2.bin'); + + my $sigfile = basename($privkey, '.pem') . '.sig'; + plan tests => 5; + + ok(run(app(['openssl', 'sha512', '-sign', $privkey, + '-out', $sigfile, + $data_to_sign])), + $testtext.": Generating signature using sha512 command"); + + ok(run(app(['openssl', 'sha512', '-verify', $pubkey, + '-signature', $sigfile, + $data_to_sign])), + $testtext.": Verify signature with public key using sha512 command"); + + ok(run(app(['openssl', 'dgst', '-sha512', '-prverify', $privkey, + '-signature', $sigfile, + $data_to_sign])), + $testtext.": Verify signature with private key"); + + ok(run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey, + '-signature', $sigfile, + $data_to_sign])), + $testtext.": Verify signature with public key"); + + ok(!run(app(['openssl', 'dgst', '-sha512', '-verify', $pubkey, + '-signature', $sigfile, + $other_data])), + $testtext.": Expect failure verifying mismatching data"); +} + SKIP: { skip "RSA is not supported by this OpenSSL build", 1 if disabled("rsa"); @@ -60,6 +97,12 @@ srctop_file("test","testrsa.pem"), srctop_file("test","testrsapub.pem")); }; + + subtest "RSA signature generation and verification with `sha512` CLI" => sub { + tsignverify_sha512("RSA", + srctop_file("test","testrsa2048.pem"), + srctop_file("test","testrsa2048pub.pem")); + }; } SKIP: { diff -Nru openssl-3.0.7/test/recipes/20-test_legacy_okay.t openssl-3.0.8/test/recipes/20-test_legacy_okay.t --- openssl-3.0.7/test/recipes/20-test_legacy_okay.t 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/recipes/20-test_legacy_okay.t 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,23 @@ +#! /usr/bin/env perl +# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test; + +setup("test_legacy"); + +plan tests => 3; + +ok(run(app(['openssl', 'rand', '-out', 'rand.txt', '256'])), "Generate random file"); + +ok(run(app(['openssl', 'dgst', '-sha256', 'rand.txt'])), "Generate a digest"); + +ok(!run(app(['openssl', 'dgst', '-sha256', '-propquery', 'foo=1', + 'rand.txt'])), "Fail to generate a digest"); diff -Nru openssl-3.0.7/test/recipes/25-test_pkcs7_data/malformed.pkcs7 openssl-3.0.8/test/recipes/25-test_pkcs7_data/malformed.pkcs7 --- openssl-3.0.7/test/recipes/25-test_pkcs7_data/malformed.pkcs7 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/recipes/25-test_pkcs7_data/malformed.pkcs7 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,3 @@ +-----BEGIN PKCS7----- +MAsGCSqGSIb3DQEHAg== +-----END PKCS7----- diff -Nru openssl-3.0.7/test/recipes/25-test_pkcs7.t openssl-3.0.8/test/recipes/25-test_pkcs7.t --- openssl-3.0.7/test/recipes/25-test_pkcs7.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/25-test_pkcs7.t 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,11 +11,11 @@ use warnings; use File::Spec; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file data_file/; setup("test_pkcs7"); -plan tests => 3; +plan tests => 4; require_ok(srctop_file('test','recipes','tconversion.pl')); @@ -27,3 +27,6 @@ tconversion( -type => 'p7d', -in => srctop_file("test", "pkcs7-1.pem"), -args => ["pkcs7"] ); }; + +my $malformed = data_file('malformed.pkcs7'); +ok(run(app(["openssl", "pkcs7", "-in", $malformed]))); diff -Nru openssl-3.0.7/test/recipes/25-test_verify.t openssl-3.0.8/test/recipes/25-test_verify.t --- openssl-3.0.7/test/recipes/25-test_verify.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/25-test_verify.t 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -29,7 +29,7 @@ run(app([@args])); } -plan tests => 163; +plan tests => 164; # Canonical success ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]), @@ -402,6 +402,9 @@ ok(!verify("badalt10-cert", "", ["root-cert"], ["ncca1-cert", "ncca3-cert"], ), "Name constraints nested DNS name excluded"); +ok(!verify("bad-othername-cert", "", ["root-cert"], ["nccaothername-cert"], ), + "CVE-2022-4203 type confusion test"); + #Check that we get the expected failure return code with({ exit_checker => sub { return shift == 2; } }, sub { diff -Nru openssl-3.0.7/test/recipes/30-test_evp_data/evpciph_chacha.txt openssl-3.0.8/test/recipes/30-test_evp_data/evpciph_chacha.txt --- openssl-3.0.7/test/recipes/30-test_evp_data/evpciph_chacha.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/30-test_evp_data/evpciph_chacha.txt 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ # -# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -153,6 +153,16 @@ Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d Ciphertext = 64a0861575861af460f062c79be643bd5e805cfd345cf389f108670ac76c8cb24c6cfc18755d43eea09ee94e382d26b0bdb7b73c321b0100d4f03b7f355894cf332f830e710b97ce98c8a84abd0b948114ad176e008d33bd60f982b1ff37c8559797a06ef4f0ef61c186324e2b3506383606907b6a7c02b0f9f6157b53c867e4b9166c767b804d46a59b5216cde7a4e99040c5a40433225ee282a1b0a06c523eaf4534d7f83fa1155b0047718cbc546a0d072b04b3564eea1b422273f548271a0bb2316053fa76991955ebd63159434ecebb4e466dae5a1073a6727627097a1049e617d91d361094fa68f0ff77987130305beaba2eda04df997b714d6c6f2c29a6ad5cb4022b02709b +# Test that a truncated IV is no longer allowed (since 3.0) +# This is the same test as above with the leading zeros stripped from the IV +Cipher = chacha20-poly1305 +Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 +IV = 0102030405060708 +AAD = f33388860000000000004e91 +Tag = eead9d67890cbb22392336fea1851f38 +Plaintext = 496e7465726e65742d4472616674732061726520647261667420646f63756d656e74732076616c696420666f722061206d6178696d756d206f6620736978206d6f6e74687320616e64206d617920626520757064617465642c207265706c616365642c206f72206f62736f6c65746564206279206f7468657220646f63756d656e747320617420616e792074696d652e20497420697320696e617070726f70726961746520746f2075736520496e7465726e65742d447261667473206173207265666572656e6365206d6174657269616c206f7220746f2063697465207468656d206f74686572207468616e206173202fe2809c776f726b20696e2070726f67726573732e2fe2809d +Result = INVALID_IV_LENGTH + Cipher = chacha20-poly1305 Key = 1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 IV = 000000000102030405060708 diff -Nru openssl-3.0.7/test/recipes/30-test_evp_data/evpkdf_hkdf.txt openssl-3.0.8/test/recipes/30-test_evp_data/evpkdf_hkdf.txt --- openssl-3.0.7/test/recipes/30-test_evp_data/evpkdf_hkdf.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/30-test_evp_data/evpkdf_hkdf.txt 2023-02-07 14:43:33.000000000 +0100 @@ -202,3 +202,14 @@ Ctrl.salt = salt: Output = da8c8a73 Result = KDF_DERIVE_ERROR + +# Test concat of multiple info (Uses existing test data, and just splits the info into separate fields) +KDF = HKDF +Ctrl.mode = mode:EXPAND_ONLY +Ctrl.digest = digest:SHA1 +Ctrl.IKM = hexkey:8adae09a2a307059478d309b26c4115a224cfaf6 +Ctrl.info = hexinfo:b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0 +Ctrl.info = hexinfo:c1c2c3 +Ctrl.info = hexinfo:c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9 +Ctrl.info = hexinfo:dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff +Output = 0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4 diff -Nru openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_common.txt openssl-3.0.8/test/recipes/30-test_evp_data/evpmac_common.txt --- openssl-3.0.7/test/recipes/30-test_evp_data/evpmac_common.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/30-test_evp_data/evpmac_common.txt 2023-02-07 14:43:33.000000000 +0100 @@ -486,7 +486,7 @@ MAC = KMAC128 Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7 -Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::" +Custom = ":abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789:::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789::" Result = MAC_INIT_ERROR Title = KMAC output is too large diff -Nru openssl-3.0.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt openssl-3.0.8/test/recipes/30-test_evp_data/evppkey_rsa_common.txt --- openssl-3.0.7/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/30-test_evp_data/evppkey_rsa_common.txt 2023-02-07 14:43:33.000000000 +0100 @@ -254,6 +254,7 @@ Output = "Hello World" # Corrupted ciphertext +FIPSversion = <3.2.0 Decrypt = RSA-2048 Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A79 Output = "Hello World" diff -Nru openssl-3.0.7/test/recipes/30-test_evp.t openssl-3.0.8/test/recipes/30-test_evp.t --- openssl-3.0.7/test/recipes/30-test_evp.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/30-test_evp.t 2023-02-07 14:43:33.000000000 +0100 @@ -26,7 +26,6 @@ my $no_dh = disabled("dh"); my $no_dsa = disabled("dsa"); my $no_ec = disabled("ec"); -my $no_gost = disabled("gost"); my $no_sm2 = disabled("sm2"); # Default config depends on if the legacy module is built or not @@ -76,7 +75,7 @@ evppkey_ecdsa.txt evppkey_kas.txt evppkey_mismatch.txt - ) unless $no_ec || $no_gost; + ) unless $no_ec; # A list of tests that only run with the default provider # (i.e. The algorithms are not present in the fips provider) diff -Nru openssl-3.0.7/test/recipes/80-test_cms_data/pkcs7-md4.pem openssl-3.0.8/test/recipes/80-test_cms_data/pkcs7-md4.pem --- openssl-3.0.7/test/recipes/80-test_cms_data/pkcs7-md4.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/recipes/80-test_cms_data/pkcs7-md4.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,32 @@ +-----BEGIN PKCS7----- +MIIFhAYJKoZIhvcNAQcCoIIFdTCCBXECAQExDjAMBggqhkiG9w0CBAUAMB0GCSqG +SIb3DQEHAaAQBA5UZXN0IGNvbnRlbnQNCqCCAyQwggMgMIICCKADAgECAgECMA0G +CSqGSIb3DQEBCwUAMA0xCzAJBgNVBAMMAkNBMCAXDTE2MDExNTA4MTk0OVoYDzIx +MTYwMTE2MDgxOTQ5WjAZMRcwFQYDVQQDDA5zZXJ2ZXIuZXhhbXBsZTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj/iVhhha7e2ywP1XP74reoG3p1YCvU +fTxzdrWu3pMvfySQbckc9Io4zZ+igBZWy7Qsu5PlFx//DcZD/jE0+CjYdemju4iC +76Ny4lNiBUVN4DGX76qdENJYDZ4GnjK7GwhWXWUPP2aOwjagEf/AWTX9SRzdHEIz +BniuBDgj5ed1Z9OUrVqpQB+sWRD1DMFkrUrExjVTs5ZqghsVi9GZq+Seb5Sq0pbl +V/uMkWSKPCQWxtIZvoJgEztisO0+HbPK+WvfMbl6nktHaKcpxz9K4iIntO+QY9fv +0HJJPlutuRvUK2+GaN3VcxK4Q8ncQQ+io0ZPi2eIhA9h/nk0H0qJH7cCAwEAAaN9 +MHswHQYDVR0OBBYEFOeb4iqtimw6y3ZR5Y4HmCKX4XOiMB8GA1UdIwQYMBaAFLQR +M/HX4l73U54gIhBPhga/H8leMAkGA1UdEwQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH +AwEwGQYDVR0RBBIwEIIOc2VydmVyLmV4YW1wbGUwDQYJKoZIhvcNAQELBQADggEB +AEG0PE9hQuXlvtUULv9TQ2BXy9MmTjOk+dQwxDhAXYBYMUB6TygsqvPXwpDwz8MS +EPGCRqh5cQwtPoElQRU1i4URgcQMZquXScwNFcvE6AATF/PdN/+mOwtqFrlpYfs3 +IJIpYL6ViQg4n8pv+b/pCwMmhewQLwCGs9+omHNTOwKjEiVoNaprAfj5Lxt15fS2 ++zZW0mT9Y4kfEypetrqSAjh8CDK+vaQhkeKdDfJyBfjS4ALfxvCkT3mQnsWFJ9CU +TVG3uw6ylSPT3wN3RE0Ofa4rI5PESogQsd/DgBc7dcDO3yoPKGjycR3/GJDqqCxC +e9dr6FJEnDjaDf9zNWyTFHExggITMIICDwIBATASMA0xCzAJBgNVBAMMAkNBAgEC +MAwGCCqGSIb3DQIEBQCggdQwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq +hkiG9w0BCQUxDxcNMjMwMTE4MTU0NzExWjAfBgkqhkiG9w0BCQQxEgQQRXO4TKpp +RgA4XHb8bD1pczB5BgkqhkiG9w0BCQ8xbDBqMAsGCWCGSAFlAwQBKjALBglghkgB +ZQMEARYwCwYJYIZIAWUDBAECMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAN +BggqhkiG9w0DAgIBQDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B +AQEFAASCAQAe+xlm/TGg/s/7b0xBc3FFnmmUDEe7ljkehIx61OnBV9ZWA+LcBX/7 +kmMSMdaHjRq4w8FmwBMLzn0ttXVqf0QuPbBF/E6X5EqK9lpOdkUQhNiN2v+ZfY6c +lrH4ADsSD9D+UHw0sxo5KEF+PPuneUfYCJZosFUJosBbuSEXK0C9yfJoDKVE8Syp +0vdqh73ogLeNgZLAUGSSB66OmHDxwgAj4qPAv6FHFBy1Xs4uFZER5vniYrH9OrAk +Z6XdvzDoYZC4XcGMDtcOpOM6D4owqy5svHPDw8wIlM4GVhrTw7CQmuBz5uRNnf6a +ZK3jZIxG1hr/INaNWheHoPIhPblYaVc6 +-----END PKCS7----- diff -Nru openssl-3.0.7/test/recipes/80-test_cms.t openssl-3.0.8/test/recipes/80-test_cms.t --- openssl-3.0.7/test/recipes/80-test_cms.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/80-test_cms.t 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -13,7 +13,7 @@ use POSIX; use File::Spec::Functions qw/catfile/; use File::Compare qw/compare_text compare/; -use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir bldtop_file with data_file/; use OpenSSL::Test::Utils; @@ -50,7 +50,7 @@ $no_rc2 = 1 if disabled("legacy"); -plan tests => 12; +plan tests => 16; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -64,6 +64,7 @@ @config, "-provider", $provname); +my $smrsa1024 = catfile($smdir, "smrsa1024.pem"); my $smrsa1 = catfile($smdir, "smrsa1.pem"); my $smroot = catfile($smdir, "smroot.pem"); @@ -498,6 +499,7 @@ "-signer", $smrsa1, "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:max", "-out", "{output}.cms" ], + sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 222; }, [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", "-CAfile", $smroot, "-out", "{output}.txt" ], \&final_compare @@ -523,6 +525,29 @@ \&final_compare ], + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=16", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, "-md", "sha256", + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:16", + "-out", "{output}.cms" ], + sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 16; }, + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + + [ "signed content test streaming PEM format, RSA keys, PSS signature, saltlen=digest", + [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach", + "-signer", $smrsa1, "-md", "sha256", + "-keyopt", "rsa_padding_mode:pss", "-keyopt", "rsa_pss_saltlen:digest", + "-out", "{output}.cms" ], + # digest is SHA-256, which produces 32 bytes of output + sub { my %opts = @_; rsapssSaltlen("$opts{output}.cms") == 32; }, + [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "PEM", + "-CAfile", $smroot, "-out", "{output}.txt" ], + \&final_compare + ], + [ "enveloped content test streaming S/MIME format, DES, OAEP default parameters", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", @@ -738,6 +763,57 @@ return scalar(@c); } +sub rsapssSaltlen { + my ($in) = @_; + my $exit = 0; + + my @asn1parse = run(app(["openssl", "asn1parse", "-in", $in, "-dump"]), + capture => 1, + statusvar => $exit); + return -1 if $exit != 0; + + my $pssparam_offset = -1; + while ($_ = shift @asn1parse) { + chomp; + next unless /:rsassaPss/; + # This line contains :rsassaPss, the next line contains a raw dump of the + # RSA_PSS_PARAMS sequence; obtain its offset + $_ = shift @asn1parse; + if (/^\s*(\d+):/) { + $pssparam_offset = int($1); + } + } + + if ($pssparam_offset == -1) { + note "Failed to determine RSA_PSS_PARAM offset in CMS. " + + "Was the file correctly signed with RSASSA-PSS?"; + return -1; + } + + my @pssparam = run(app(["openssl", "asn1parse", "-in", $in, + "-strparse", $pssparam_offset]), + capture => 1, + statusvar => $exit); + return -1 if $exit != 0; + + my $saltlen = -1; + # Can't use asn1parse -item RSA_PSS_PARAMS here, because that's deprecated. + # This assumes the salt length is the last field, which may possibly be + # incorrect if there is a non-standard trailer field, but there almost never + # is in PSS. + if ($pssparam[-1] =~ /prim:\s+INTEGER\s+:([A-Fa-f0-9]+)/) { + $saltlen = hex($1); + } + + if ($saltlen == -1) { + note "Failed to determine salt length from RSA_PSS_PARAM struct. " + + "Was the file correctly signed with RSASSA-PSS?"; + return -1; + } + + return $saltlen; +} + subtest "CMS Check the content type attribute is added for additional signers\n" => sub { plan tests => (scalar @contenttype_cms_test); @@ -760,6 +836,24 @@ } }; +subtest "CMS Check that bad encryption algorithm fails\n" => sub { + plan tests => 1; + + SKIP: { + skip "DES or Legacy isn't supported in this build", 1 + if disabled("des") || disabled("legacy"); + + my $out = "smtst.txt"; + + ok(!run(app(["openssl", "cms", @legacyprov, "-encrypt", + "-in", $smcont, + "-stream", "-recip", $smrsa1, + "-des-ede3", + "-out", $out ])), + "Decrypt message from OpenSSL 1.1.1"); + } +}; + subtest "CMS Decrypt message encrypted with OpenSSL 1.1.1\n" => sub { plan tests => 1; @@ -847,6 +941,17 @@ "verify binary input with -binary missing -crlfeol"); }; +# Test case for missing MD algorithm (must not segfault) + +with({ exit_checker => sub { return shift == 4; } }, + sub { + ok(run(app(['openssl', 'smime', '-verify', '-noverify', + '-inform', 'PEM', + '-in', data_file("pkcs7-md4.pem"), + ])), + "Check failure of EVP_DigestInit is handled correctly"); + }); + sub check_availability { my $tnam = shift; @@ -867,3 +972,25 @@ return ""; } + +# Test case for the locking problem reported in #19643. +# This will fail if the fix is in and deadlock on Windows (and possibly +# other platforms) if not. +ok(!run(app(['openssl', 'cms', '-verify', + '-CAfile', srctop_file("test/certs", "pkitsta.pem"), + '-policy', 'anyPolicy', + '-in', srctop_file("test/smime-eml", + "SignedInvalidMappingFromanyPolicyTest7.eml") + ])), + "issue#19643"); + +# Check that we get the expected failure return code +with({ exit_checker => sub { return shift == 6; } }, + sub { + ok(run(app(['openssl', 'cms', '-encrypt', + '-in', srctop_file("test", "smcont.txt"), + '-stream', '-recip', + srctop_file("test/smime-certs", "badrsa.pem"), + ])), + "Check failure during BIO setup with -stream is handled correctly"); + }); diff -Nru openssl-3.0.7/test/recipes/90-test_traceapi.t openssl-3.0.8/test/recipes/90-test_traceapi.t --- openssl-3.0.7/test/recipes/90-test_traceapi.t 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/recipes/90-test_traceapi.t 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,12 @@ +#! /usr/bin/env perl +# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; + +simple_test("test_traceapi", "trace_api_test"); Binary files /tmp/9sSqQotuTD/openssl-3.0.7/test/recipes/91-test_pkey_check_data/dsapub_noparam.der and /tmp/WizzFHhHL4/openssl-3.0.8/test/recipes/91-test_pkey_check_data/dsapub_noparam.der differ diff -Nru openssl-3.0.7/test/recipes/91-test_pkey_check_data/dsapub.pem openssl-3.0.8/test/recipes/91-test_pkey_check_data/dsapub.pem --- openssl-3.0.7/test/recipes/91-test_pkey_check_data/dsapub.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/recipes/91-test_pkey_check_data/dsapub.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBvzCCATQGByqGSM44BAEwggEnAoGBAIjbXpOVVciVNuagg26annKkghIIZFI4 +4WdMomnV+I/oXyxHbZTBBBpW9xy/E1+yMjbp4GmX+VxyDj3WxUWxXllzL+miEkzD +9Xz638VzIBhjFbMvk1/N4kS4bKVUd9yk7HfvYzAdnRphk0WI+RoDiDrBNPPxSoQD +CEWgvwgsLIDhAh0A6dbz1IQpQwGF4+Ca28x6OO+UfJJv3ggeZ++fNwKBgQCA9XKV +lRrTY8ALBxS0KbZjpaIXuUj5nr3i1lIDyP3ISksDF0ekyLtn6eK9VijX6Pm65Np+ +4ic9Nr5WKLKhPaUSpLNRx1gDqo3sd92hYgiEUifzEuhLYfK/CsgFED+l2hDXtJUq +bISNSHVwI5lsyNXLu7HI1Fk8F5UO3LqsboFAngOBhAACgYATxFY89nEYcUhgHGgr +YDHhXBQfMKnTKYdvon4DN7WQ9ip+t4VUsLpTD1ZE9zrM2R/B04+8C6KGoViwyeER +kS4dxWOkX71x4X2DlNpYevcR53tNcTDqmMD7YKfDDmrb0lftMyfW8aESaiymVMys +DRjhKHBjdo0rZeSM8DAk3ctrXA== +-----END PUBLIC KEY----- diff -Nru openssl-3.0.7/test/recipes/91-test_pkey_check.t openssl-3.0.8/test/recipes/91-test_pkey_check.t --- openssl-3.0.7/test/recipes/91-test_pkey_check.t 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/recipes/91-test_pkey_check.t 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -11,19 +11,24 @@ use warnings; use File::Spec; -use OpenSSL::Test qw/:DEFAULT data_file/; +use OpenSSL::Test qw/:DEFAULT data_file with/; use OpenSSL::Test::Utils; sub pkey_check { my $f = shift; + my $pubcheck = shift; + my @checkopt = ('-check'); - return run(app(['openssl', 'pkey', '-check', '-text', + @checkopt = ('-pubcheck', '-pubin') if $pubcheck; + + return run(app(['openssl', 'pkey', @checkopt, '-text', '-in', $f])); } sub check_key { my $f = shift; my $should_fail = shift; + my $pubcheck = shift; my $str; @@ -33,11 +38,10 @@ $f = data_file($f); if ( -s $f ) { - if ($should_fail) { - ok(!pkey_check($f), $str); - } else { - ok(pkey_check($f), $str); - } + with({ exit_checker => sub { return shift == $should_fail; } }, + sub { + ok(pkey_check($f, $pubcheck), $str); + }); } else { fail("Missing file $f"); } @@ -66,15 +70,37 @@ "dhpkey.pem" )) unless disabled("dh"); +my @negative_pubtests = (); + +push(@negative_pubtests, ( + "dsapub_noparam.der" + )) unless disabled("dsa"); + +my @positive_pubtests = (); + +push(@positive_pubtests, ( + "dsapub.pem" + )) unless disabled("dsa"); + plan skip_all => "No tests within the current enabled feature set" - unless @negative_tests && @positive_tests; + unless @negative_tests && @positive_tests + && @negative_pubtests && @positive_pubtests; -plan tests => scalar(@negative_tests) + scalar(@positive_tests); +plan tests => scalar(@negative_tests) + scalar(@positive_tests) + + scalar(@negative_pubtests) + scalar(@positive_pubtests); foreach my $t (@negative_tests) { - check_key($t, 1); + check_key($t, 1, 0); } foreach my $t (@positive_tests) { - check_key($t, 0); + check_key($t, 0, 0); +} + +foreach my $t (@negative_pubtests) { + check_key($t, 1, 1); +} + +foreach my $t (@positive_pubtests) { + check_key($t, 0, 1); } diff -Nru openssl-3.0.7/test/smime-certs/badrsa.pem openssl-3.0.8/test/smime-certs/badrsa.pem --- openssl-3.0.7/test/smime-certs/badrsa.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/smime-certs/badrsa.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIDbTCCAlWgAwIBAgIToTV4Z0iuK08vZP20oTh//hC8BDANBgkqhkiG9w0BAQ0FADAtMSswKQYD +VfcDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MCAXDTE5MTEyMDA2NTQxOFoY +DzIwNTIwOTI3MDY1NDE4WjAZMRcwFQYDVQQDEw5BbGljZSBMb3ZlbGFjZTCCASIwDQYJKoZIhvcN +AQEBBQADggEPADCCAQoCggEBALT0iehYOBY+TZp/T5K2KNI05Hwr+E3wP6XTvyi6WWyTgBK9LCOw +I2juwdRrjFBmXkk7pWpjXwsA3A5GOtz0FpfgyC7OxsVcF7q4WHWZWleYXFKlQHJD73nQwXP968+A +/3rBX7PhO0DBbZnfitOLPgPEwjTtdg0VQQ6Wz+CRQ/YbHPKaw7aRphZO63dKvIKp4cQVtkWQHi6s +yTjGsgkLcLNau5LZDQUdsGV+SAo3nBdWCRYV+I65x8Kf4hCxqqmjV3d/2NKRu0BXnDe/N+iDz3X0 +zEoj0fqXgq4SWcC0nsG1lyyXt1TL270I6ATKRGJWiQVCCpDtc0NT6vdJ45bCSxgCAwEAAaOBlzCB +lDAMBgNVHRMBAf8EAjAAMB4GA1UdEQQXMBWBE2FsaWNlQHNtaW1lLmV4YW1wbGUwEwYDVR0lBAww +CgYIKwYBBQUHAwQwDwYDVR0PAQH/BAUDAwfAADAdBgNVHQ4EFgQUu/bMsi0dBhIcl64papAQ0yBm +ZnMwHwYDVR0jBBgwFoAUeF8OWnjYa+RUcD2z3ez38fL6wEcwDQYJKoZIhvcNAQENBQADggEBABbW +eonR6TMTckehDKNOabwaCIcekahAIL6l9tTzUX5ew6ufiAPlC6I/zQlmUaU0iSyFDG1NW14kNbFt +5CAokyLhMtE4ASHBIHbiOp/ZSbUBTVYJZB61ot7w1/ol5QECSs08b8zrxIncf+t2DHGuVEy/Qq1d +rBz8d4ay8zpqAE1tUyL5Da6ZiKUfWwZQXSI/JlbjQFzYQqTRDnzHWrg1xPeMTO1P2/cplFaseTiv +yk4cYwOp/W9UAWymOZXF8WcJYCIUXkdcG/nEZxr057KlScrJmFXOoh7Y+8ON4iWYYcAfiNgpUFo/ +j8BAwrKKaFvdlZS9k1Ypb2+UQY75mKJE9Bg= +-----END CERTIFICATE----- diff -Nru openssl-3.0.7/test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml openssl-3.0.8/test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml --- openssl-3.0.7/test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/smime-eml/SignedInvalidMappingFromanyPolicyTest7.eml 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,93 @@ +To: recipient@testcertificates.gov +From: sender@testcertificates.gov +Subject: Invalid Mapping From anyPolicy Test7 +MIME-Version: 1.0 +Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----C124D5D1A319E09E6A4BB51A44961168" + +This is an S/MIME signed message + +------C124D5D1A319E09E6A4BB51A44961168 +Content-Type: text/plain + +This is a sample signed message. + +------C124D5D1A319E09E6A4BB51A44961168 +Content-Type: application/pkcs7-signature; name="smime.p7s" +Content-Transfer-Encoding: base64 +Content-Disposition: attachment; filename="smime.p7s" + +MIINTQYJKoZIhvcNAQcCoIINPjCCDToCAQExDzANBglghkgBZQMEAgEFADALBgkq +hkiG9w0BBwGgggdpMIIDvTCCAqWgAwIBAgIBMzANBgkqhkiG9w0BAQsFADBFMQsw +CQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBDZXJ0aWZpY2F0ZXMgMjAxMTEVMBMG +A1UEAxMMVHJ1c3QgQW5jaG9yMB4XDTEwMDEwMTA4MzAwMFoXDTMwMTIzMTA4MzAw +MFowUjELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw +MTExIjAgBgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgQ0EwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrp6IDBPUKqlzfwBrwMM0/8mXKVyogMBl5 +xjRYIAzPCs0Mwv7RkEQbM1BIsYtbSJgsFJtldgS1u2yhYklqgcTsHZK7NrBL/Qle +ugZcze2gunSlvAYW2qO6t9japmswZ5/8l2hTia0T7P7Nk9lcBbDi+HjNDRqZglal +b/gXvfWnsWxOxAiSQY35dAnqxXl5KlkscU7uvsQubTBmNaQHsDrxoqSAXnMZG8dy +s1G3ET5Emp6FvYBZLSYQqK2nWkL8xFIbbdureHpD1Af+HWFDTntlZzw1Vb2MXvmz +0pYFdRGA75KD7SSpLEl5BiXwPLMF/UHmMZWhqVug0MlJ7mWl1UkzAgMBAAGjgaow +gacwHwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwHQYDVR0OBBYEFGhz +FOALNM9yQNqUltYVq3qkby6MMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD +AQH/MBEGA1UdIAQKMAgwBgYEVR0gADAgBgNVHSEBAf8EFjAUMBIGBFUdIAAGCmCG +SAFlAwIBMAEwDwYDVR0kAQH/BAUwA4ABADANBgkqhkiG9w0BAQsFAAOCAQEACkuU +lU5OLnBP9XTQLJdC4cZ2L1LbaCvAnUSD5ZU1UyDAPHcs+YsbjerZT1Alt/KqnVyD +9pvkUuScevjjvLCyfSGq4slrV8mHUVBbMuumv5q+0Z4J2PFgNXIvdxHiIRFUq9A1 +89ZiQkfUxSeRPUK4M3YmPO0iaeuS0SlAKIQ8a1dxNgm9ax8GOj+SQsx84FxED2wC +R024sOajIHIPVvyhbWPQMQbdJVSuVULjsfuGDyMZyN6a0gR5uBQ1MXmsIVrnwAia +0LTH7kjudgabGYa9MJkUVscZiu01jZBYfDqpaCN4MWkXCNvf9gksys7HoBvFlGyH +m32/XiFrVKYufBkfiDCCA6QwggKMoAMCAQICAQEwDQYJKoZIhvcNAQELBQAwUjEL +MAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIwMTExIjAg +BgNVBAMTGU1hcHBpbmcgRnJvbSBhbnlQb2xpY3kgQ0EwHhcNMTAwMTAxMDgzMDAw +WhcNMzAxMjMxMDgzMDAwWjBsMQswCQYDVQQGEwJVUzEfMB0GA1UEChMWVGVzdCBD +ZXJ0aWZpY2F0ZXMgMjAxMTE8MDoGA1UEAxMzSW52YWxpZCBNYXBwaW5nIEZyb20g +YW55UG9saWN5IEVFIENlcnRpZmljYXRlIFRlc3Q3MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAxfXuaqNaFrVVSPjnxUFtGQ+B4oSrl3Dmch6wknP1ECbn +OIpxuf4PAiwpc11/YMUpznskRKJuZNQGNDflv8p8h99ZWyj1WbwZk/5zDIYMyFau +vdXdzt8EiImBB+ODosDMoZGPpgkR3q4dC5LaSF+X55ktBb09cGAFRYhAqxTwjkdn +DbLyi/CmTrraCWLSBpzNkLSnFGH3WIcKSqvt39WnvJ5RK5YVkvBiJ9AuxPMdRz3q +AjwKDwbjPQQ7GuKu0bUPL5Aoi/u5jDH9Npgb2OqnXTyvi6Qr2hWUkxRhWcF+0/k0 +FF52bWERYyNGjFmo5l+zRkGI8A66I59L9O1DJoy5pQIDAQABo2swaTAfBgNVHSME +GDAWgBRocxTgCzTPckDalJbWFat6pG8ujDAdBgNVHQ4EFgQUMYuIk253zuy75Ecs +q5WlLPrSs3UwDgYDVR0PAQH/BAQDAgTwMBcGA1UdIAQQMA4wDAYKYIZIAWUDAgEw +ATANBgkqhkiG9w0BAQsFAAOCAQEAO99EfWAFfz2p7FCmZMuITeZtkUImyyI7tTDR ++sakA9E+wZKuGj9ZkE6s2W5O5+79YXC6S8Q2Q0J2WdQEAB0JeSTYyzMCoKJy/IF9 +GCyMqV1xXmbcVO6CUc3ZlTT8U5nJz4C3DJurj1URke+qldg4YYElmFeAuHsCLhBt +WZeseGsyeXjpC+cadcjPWq2v9E/pRssIDq9Ok9Pu+vypsK6/pBfnx15G+a/Lp1N9 +pb0qSLiisZMoxHDegNbPYOgcRZH6TVc2VLl6YWKAMtKJZDAL1FpqwHjM/4z/WauA +ZqvFByxphRYOMufn4ejld0RUQ5Nwc1/FrhuNK5cxNSGIAw5lf6GCA7cwggHMMIG1 +AgEBMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0 +IENlcnRpZmljYXRlcyAyMDExMSIwIAYDVQQDExlNYXBwaW5nIEZyb20gYW55UG9s +aWN5IENBFw0xMDAxMDEwODMwMDBaFw0zMDEyMzEwODMwMDBaoC8wLTAfBgNVHSME +GDAWgBRocxTgCzTPckDalJbWFat6pG8ujDAKBgNVHRQEAwIBATANBgkqhkiG9w0B +AQsFAAOCAQEApnKINszWHTlYmTKNj9GLq8l9TJd4c92R4ubYr4O7FWxU6t4xx29s +oIOb5WMC53Xb36i70JQVlSfa8/CFnn5bpnuiHNSijxB5YahaS+Vj/JT8d/ipHpA7 +FQBMav9/27em2xtWMEoSEPrpD869eCIEU3M51k6oq64j/H+udfI5Kjilgn9F5xRv +Wb1ZpWM7V4pAIYiYxusdOcg7OICDjv8h0LO25vG1bC1XyOZ3/OLkT7QU7+UGcXLK +CGo2M+cwvQsdBQzwuvUScVT0uDab9AWDataCGtZp1gqhrqWug8qF0yeFMv4GdNmS +vCUns60IjXBAPU0cgmaIvqUMEVPpMwfU/TCCAeMwgcwCAQEwDQYJKoZIhvcNAQEL +BQAwRTELMAkGA1UEBhMCVVMxHzAdBgNVBAoTFlRlc3QgQ2VydGlmaWNhdGVzIDIw +MTExFTATBgNVBAMTDFRydXN0IEFuY2hvchcNMTAwMTAxMDgzMDAwWhcNMzAxMjMx +MDgzMDAwWjAiMCACAWgXDTEwMDEwMTA4MzAwMFowDDAKBgNVHRUEAwoBAaAvMC0w +HwYDVR0jBBgwFoAU5H1f0VyVhggsBa6+dbZlp9ldqGYwCgYDVR0UBAMCAQEwDQYJ +KoZIhvcNAQELBQADggEBAKsZHbW7IWu24UzN8Lc3npU40dSBkICuEfD7HNn8NjTs +nZavD3knN6orR1epuHah83IUJcrWKaziuHUYrRIfkWGOFClDbvjkEOVRS0r7gtFr +98Z9sNvVaqULWrwRXyfC7LfedtKXnHusfOnwfS+lT+GDRiKy3Pu4RIxAwCybPrbT +6MTTVxjAKUEIuccmRJLF0AKOtGXR/6/eZXVQmu1NjlVztTArmZVkEZapdAYtwsxN +unFtY3HBHVOskNDjSjbkTkfujbF2dkJtgpRxBlhSQGfwlgezY0PZmjZKIqGW+CAd +gCjygXG9Jk902LKYE/M3GUj+QywvIlTq3Mdki0r3d+YxggHtMIIB6QIBATBXMFIx +CzAJBgNVBAYTAlVTMR8wHQYDVQQKExZUZXN0IENlcnRpZmljYXRlcyAyMDExMSIw +IAYDVQQDExlNYXBwaW5nIEZyb20gYW55UG9saWN5IENBAgEBMA0GCWCGSAFlAwQC +AQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN +MTEwNDE0MTMwMjIwWjAvBgkqhkiG9w0BCQQxIgQgwrMnqwOj7H0umdTqIoQwrAZp +r3vR7I+xbnE9vb7qK4cwDQYJKoZIhvcNAQEBBQAEggEAHe7vG964RqLsMJhpYO1C ++wB6qmYM4JGbNLkx3XveYcpY18CVDyWuOOdO7UF0ynUv1K6zx/pffuWmtfRkuhXA +mwMxTXrZThsS+1xoGX1mvmX1LZdok2kYeqbyzv87mPogqATLb11ihjcfB98j4wVJ +wKxl2/DYbW2DCHUy+lwwHWExwHqAt2jOSQDtOfyfFz+nT52k60ZA4tkW6GnqguFx +R4lE9Ovg/7wfxSUE1w3HFrPuzzN3ZsOLGQiUXG55KTFgI4YXr7PXHkR+eJsvC9nP +JSF6GxiEeZcwmciv5FQxc6QWyOrWPtHimROS2RbDzv/aP7mwFu7HTU47hu2AW9/X +yg== + +------C124D5D1A319E09E6A4BB51A44961168-- + diff -Nru openssl-3.0.7/test/sslapitest.c openssl-3.0.8/test/sslapitest.c --- openssl-3.0.7/test/sslapitest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/sslapitest.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -399,7 +399,7 @@ * Now we want to test that our output data was vaguely sensible. We * do that by using strtok and confirming that we have more or less the * data we expect. For both client and server, we expect to see one master - * secret. The client should also see a RSA key exchange. + * secret. The client should also see an RSA key exchange. */ expected.rsa_key_exchange_count = 1; expected.master_secret_count = 1; @@ -1427,7 +1427,9 @@ { TLS1_2_VERSION, "AES256-GCM-SHA384"}, # endif # ifdef OPENSSL_KTLS_CHACHA20_POLY1305 +# ifndef OPENSSL_NO_EC { TLS1_2_VERSION, "ECDHE-RSA-CHACHA20-POLY1305"}, +# endif # endif # endif # if !defined(OSSL_NO_USABLE_TLS1_3) @@ -1505,6 +1507,167 @@ } #endif +/* + * Test we can successfully send the maximum amount of application data. We + * test each protocol version individually, each with and without EtM enabled. + * TLSv1.3 doesn't use EtM so technically it is redundant to test both but it is + * simpler this way. We also test all combinations with and without the + * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option which affects the size of the + * underlying buffer. + */ +static int test_large_app_data(int tst) +{ + SSL_CTX *cctx = NULL, *sctx = NULL; + SSL *clientssl = NULL, *serverssl = NULL; + int testresult = 0, prot; + unsigned char *msg, *buf = NULL; + size_t written, readbytes; + const SSL_METHOD *smeth = TLS_server_method(); + const SSL_METHOD *cmeth = TLS_client_method(); + + switch (tst >> 2) { + case 0: +#ifndef OSSL_NO_USABLE_TLS1_3 + prot = TLS1_3_VERSION; + break; +#else + return 1; +#endif + + case 1: +#ifndef OPENSSL_NO_TLS1_2 + prot = TLS1_2_VERSION; + break; +#else + return 1; +#endif + + case 2: +#ifndef OPENSSL_NO_TLS1_1 + prot = TLS1_1_VERSION; + break; +#else + return 1; +#endif + + case 3: +#ifndef OPENSSL_NO_TLS1 + prot = TLS1_VERSION; + break; +#else + return 1; +#endif + + case 4: +#ifndef OPENSSL_NO_SSL3 + prot = SSL3_VERSION; + break; +#else + return 1; +#endif + + case 5: +#ifndef OPENSSL_NO_DTLS1_2 + prot = DTLS1_2_VERSION; + smeth = DTLS_server_method(); + cmeth = DTLS_client_method(); + break; +#else + return 1; +#endif + + case 6: +#ifndef OPENSSL_NO_DTLS1 + prot = DTLS1_VERSION; + smeth = DTLS_server_method(); + cmeth = DTLS_client_method(); + break; +#else + return 1; +#endif + + default: + /* Shouldn't happen */ + return 0; + } + + if ((prot < TLS1_2_VERSION || prot == DTLS1_VERSION) && is_fips) + return 1; + + /* Maximal sized message of zeros */ + msg = OPENSSL_zalloc(SSL3_RT_MAX_PLAIN_LENGTH); + if (!TEST_ptr(msg)) + goto end; + + buf = OPENSSL_malloc(SSL3_RT_MAX_PLAIN_LENGTH + 1); + if (!TEST_ptr(buf)) + goto end; + /* Set whole buffer to all bits set */ + memset(buf, 0xff, SSL3_RT_MAX_PLAIN_LENGTH + 1); + + if (!TEST_true(create_ssl_ctx_pair(libctx, smeth, cmeth, prot, prot, + &sctx, &cctx, cert, privkey))) + goto end; + + if (prot < TLS1_2_VERSION || prot == DTLS1_VERSION) { + /* Older protocol versions need SECLEVEL=0 due to SHA1 usage */ + if (!TEST_true(SSL_CTX_set_cipher_list(cctx, "DEFAULT:@SECLEVEL=0")) + || !TEST_true(SSL_CTX_set_cipher_list(sctx, + "DEFAULT:@SECLEVEL=0"))) + goto end; + } + + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, + &clientssl, NULL, NULL))) + goto end; + + if ((tst & 1) != 0) { + /* Setting this option gives us a minimally sized underlying buffer */ + if (!TEST_true(SSL_set_options(serverssl, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) + || !TEST_true(SSL_set_options(clientssl, + SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))) + goto end; + } + + if ((tst & 2) != 0) { + /* + * Setting this option means the MAC is added before encryption + * giving us a larger record for the encryption process + */ + if (!TEST_true(SSL_set_options(serverssl, SSL_OP_NO_ENCRYPT_THEN_MAC)) + || !TEST_true(SSL_set_options(clientssl, + SSL_OP_NO_ENCRYPT_THEN_MAC))) + goto end; + } + + if (!TEST_true(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE))) + goto end; + + if (!TEST_true(SSL_write_ex(clientssl, msg, SSL3_RT_MAX_PLAIN_LENGTH, + &written)) + || !TEST_size_t_eq(written, SSL3_RT_MAX_PLAIN_LENGTH)) + goto end; + + /* We provide a buffer slightly larger than what we are actually expecting */ + if (!TEST_true(SSL_read_ex(serverssl, buf, SSL3_RT_MAX_PLAIN_LENGTH + 1, + &readbytes))) + goto end; + + if (!TEST_mem_eq(msg, written, buf, readbytes)) + goto end; + + testresult = 1; +end: + OPENSSL_free(msg); + OPENSSL_free(buf); + SSL_free(serverssl); + SSL_free(clientssl); + SSL_CTX_free(sctx); + SSL_CTX_free(cctx); + return testresult; +} + static int execute_cleanse_plaintext(const SSL_METHOD *smeth, const SSL_METHOD *cmeth, int min_version, int max_version) @@ -10013,6 +10176,7 @@ #ifndef OPENSSL_NO_DTLS ADD_TEST(test_large_message_dtls); #endif + ADD_ALL_TESTS(test_large_app_data, 28); ADD_TEST(test_cleanse_plaintext); #ifndef OPENSSL_NO_OCSP ADD_TEST(test_tlsext_status_type); diff -Nru openssl-3.0.7/test/testrsa2048pub.pem openssl-3.0.8/test/testrsa2048pub.pem --- openssl-3.0.7/test/testrsa2048pub.pem 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/testrsa2048pub.pem 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQCB6nsq4eoG1Z98c9n/ +uUoJYVwuS6fGNs7wjdNTPsMYVSWwFcdpuZp31nJb+cNTKptuX2Yn1fuFFgdo092p +y9NZdFEXF9w9MJ0vxH7kH5fjKtt/ndhkocR2emZuzXG8Gqz151F/SzhZT+qbBeQt +WtqZEgCAE+RTFqTZu47QhriNKHWLrK+SLUaoaLSF0jnJuusOK2RZJxD0Ky0eoKS0 +gCwL7Ksyj4posAc721Rv7qmAnShJkSs5DBUyvH4px2WPgXX65G80My/4e8qz5AZJ +uYV3hp2g6nGDU/ByJ1SIaRNkh2DRIr5nbg/Eg90g/8Mb2pajGWbJqi51rQPeR+HE +TwIDAQAB +-----END PUBLIC KEY----- diff -Nru openssl-3.0.7/test/testutil/provider.c openssl-3.0.8/test/testutil/provider.c --- openssl-3.0.7/test/testutil/provider.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/testutil/provider.c 2023-02-07 14:43:33.000000000 +0100 @@ -129,6 +129,19 @@ || (prov.minor == minor && prov.patch <= patch))); } +int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return prov.major < major + || (prov.major == major + && (prov.minor < minor + || (prov.minor == minor && prov.patch < patch))); +} + int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch) { FIPS_VERSION prov; @@ -142,12 +155,25 @@ || (prov.minor == minor && prov.patch > patch))); } +int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch) +{ + FIPS_VERSION prov; + int res; + + if ((res = fips_provider_version(libctx, &prov)) <= 0) + return res == 0; + return prov.major > major + || (prov.major == major + && (prov.minor > minor + || (prov.minor == minor && prov.patch >= patch))); +} + int fips_provider_version_match(OSSL_LIB_CTX *libctx, const char *versions) { const char *p; int major, minor, patch, r; enum { - MODE_EQ, MODE_NE, MODE_LE, MODE_GT + MODE_EQ, MODE_NE, MODE_LE, MODE_LT, MODE_GT, MODE_GE } mode; while (*versions != '\0') { @@ -166,6 +192,12 @@ } else if (*p == '<' && p[1] == '=') { mode = MODE_LE; p += 2; + } else if (*p == '>' && p[1] == '=') { + mode = MODE_GE; + p += 2; + } else if (*p == '<') { + mode = MODE_LT; + p++; } else if (*p == '>') { mode = MODE_GT; p++; @@ -189,9 +221,15 @@ case MODE_LE: r = fips_provider_version_le(libctx, major, minor, patch); break; + case MODE_LT: + r = fips_provider_version_lt(libctx, major, minor, patch); + break; case MODE_GT: r = fips_provider_version_gt(libctx, major, minor, patch); break; + case MODE_GE: + r = fips_provider_version_ge(libctx, major, minor, patch); + break; } if (r < 0) { TEST_info("Error matching FIPS version: internal error\n"); diff -Nru openssl-3.0.7/test/testutil.h openssl-3.0.8/test/testutil.h --- openssl-3.0.7/test/testutil.h 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/testutil.h 2023-02-07 14:43:33.000000000 +0100 @@ -256,7 +256,9 @@ int fips_provider_version_eq(OSSL_LIB_CTX *libctx, int major, int minor, int patch); int fips_provider_version_ne(OSSL_LIB_CTX *libctx, int major, int minor, int patch); int fips_provider_version_le(OSSL_LIB_CTX *libctx, int major, int minor, int patch); +int fips_provider_version_lt(OSSL_LIB_CTX *libctx, int major, int minor, int patch); int fips_provider_version_gt(OSSL_LIB_CTX *libctx, int major, int minor, int patch); +int fips_provider_version_ge(OSSL_LIB_CTX *libctx, int major, int minor, int patch); /* * This function matches fips provider version with (potentially multiple) diff -Nru openssl-3.0.7/test/trace_api_test.c openssl-3.0.8/test/trace_api_test.c --- openssl-3.0.7/test/trace_api_test.c 1970-01-01 01:00:00.000000000 +0100 +++ openssl-3.0.8/test/trace_api_test.c 2023-02-07 14:43:33.000000000 +0100 @@ -0,0 +1,163 @@ +/* + * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include + +#include "testutil.h" + +static int test_trace_categories(void) +{ + int cat_num; + + for (cat_num = -1; cat_num <= OSSL_TRACE_CATEGORY_NUM + 1; ++cat_num) { + const char *cat_name = OSSL_trace_get_category_name(cat_num); + int is_cat_name_eq = 0; + int ret_cat_num; + int expected_ret; + + switch (cat_num) { +#define CASE(name) \ + case OSSL_TRACE_CATEGORY_##name: \ + is_cat_name_eq = TEST_str_eq(cat_name, #name); \ + break + + CASE(ALL); + CASE(TRACE); + CASE(INIT); + CASE(TLS); + CASE(TLS_CIPHER); + CASE(CONF); + CASE(ENGINE_TABLE); + CASE(ENGINE_REF_COUNT); + CASE(PKCS5V2); + CASE(PKCS12_KEYGEN); + CASE(PKCS12_DECRYPT); + CASE(X509V3_POLICY); + CASE(BN_CTX); + CASE(CMP); + CASE(STORE); + CASE(DECODER); + CASE(ENCODER); + CASE(REF_COUNT); +#undef CASE + default: + is_cat_name_eq = TEST_ptr_null(cat_name); + break; + } + + if (!TEST_true(is_cat_name_eq)) + return 0; + ret_cat_num = + OSSL_trace_get_category_num(cat_name); + expected_ret = cat_name != NULL ? cat_num : -1; + if (!TEST_int_eq(expected_ret, ret_cat_num)) + return 0; + } + + return 1; +} + +#ifndef OPENSSL_NO_TRACE +static void put_trace_output(void) +{ + OSSL_TRACE_BEGIN(REF_COUNT) { + BIO_printf(trc_out, "Hello World\n"); + BIO_printf(trc_out, "Good Bye Universe\n"); + } OSSL_TRACE_END(REF_COUNT); +} + +static int test_trace_channel(void) +{ + static const char expected[] = "xyz-\nHello World\nGood Bye Universe\n-abc\n"; + static const char expected_len = sizeof(expected) - 1; + BIO *bio = NULL; + char *p_buf = NULL; + long len = 0; + int ret = 0; + + bio = BIO_new(BIO_s_mem()); + if (!TEST_ptr(bio)) + goto end; + + if (!TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_REF_COUNT, bio), 1)) + goto end; + + if (!TEST_true(OSSL_trace_enabled(OSSL_TRACE_CATEGORY_REF_COUNT))) + goto end; + + if (!TEST_int_eq(OSSL_trace_set_prefix(OSSL_TRACE_CATEGORY_REF_COUNT, "xyz-"), 1)) + goto end; + if (!TEST_int_eq(OSSL_trace_set_suffix(OSSL_TRACE_CATEGORY_REF_COUNT, "-abc"), 1)) + goto end; + + put_trace_output(); + len = BIO_get_mem_data(bio, &p_buf); + if (!TEST_strn2_eq(p_buf, len, expected, expected_len)) + goto end; + if (!TEST_int_eq(OSSL_trace_set_channel(OSSL_TRACE_CATEGORY_REF_COUNT, NULL), 1)) + goto end; + bio = NULL; + + ret = 1; + end: + BIO_free(bio); + return ret; +} + +static int trace_cb_failure; +static int trace_cb_called; + +static size_t trace_cb(const char *buffer, size_t count, + int category, int cmd, void *data) +{ + trace_cb_called = 1; + if (!TEST_true(category == OSSL_TRACE_CATEGORY_TRACE)) + trace_cb_failure = 1; + return count; +} + +static int test_trace_callback(void) +{ + int ret = 0; + + if (!TEST_true(OSSL_trace_set_callback(OSSL_TRACE_CATEGORY_TRACE, trace_cb, + NULL))) + goto end; + + put_trace_output(); + + if (!TEST_false(trace_cb_failure) || !TEST_true(trace_cb_called)) + goto end; + + ret = 1; + end: + return ret; +} +#endif + +OPT_TEST_DECLARE_USAGE("\n") + +int setup_tests(void) +{ + if (!test_skip_common_options()) { + TEST_error("Error parsing test options\n"); + return 0; + } + + ADD_TEST(test_trace_categories); +#ifndef OPENSSL_NO_TRACE + ADD_TEST(test_trace_channel); + ADD_TEST(test_trace_callback); +#endif + return 1; +} + +void cleanup_tests(void) +{ +} diff -Nru openssl-3.0.7/test/v3ext.c openssl-3.0.8/test/v3ext.c --- openssl-3.0.7/test/v3ext.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/v3ext.c 2023-02-07 14:43:33.000000000 +0100 @@ -226,6 +226,92 @@ return testresult; } +static int test_addr_fam_len(void) +{ + int testresult = 0; + IPAddrBlocks *addr = NULL; + IPAddressFamily *f1 = NULL; + ASN1_OCTET_STRING *ip1 = NULL, *ip2 = NULL; + unsigned char key[6]; + unsigned int keylen; + unsigned afi = IANA_AFI_IPV4; + + /* Create the IPAddrBlocks with a good IPAddressFamily */ + addr = sk_IPAddressFamily_new_null(); + if (!TEST_ptr(addr)) + goto end; + ip1 = a2i_IPADDRESS(ranges[0].ip1); + if (!TEST_ptr(ip1)) + goto end; + ip2 = a2i_IPADDRESS(ranges[0].ip2); + if (!TEST_ptr(ip2)) + goto end; + if (!TEST_true(X509v3_addr_add_range(addr, ranges[0].afi, NULL, ip1->data, ip2->data))) + goto end; + if (!TEST_true(X509v3_addr_is_canonical(addr))) + goto end; + + /* Create our malformed IPAddressFamily */ + key[0] = (afi >> 8) & 0xFF; + key[1] = afi & 0xFF; + key[2] = 0xD; + key[3] = 0xE; + key[4] = 0xA; + key[5] = 0xD; + keylen = 6; + if ((f1 = IPAddressFamily_new()) == NULL) + goto end; + if (f1->ipAddressChoice == NULL && + (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) + goto end; + if (f1->addressFamily == NULL && + (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + goto end; + if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) + goto end; + if (!sk_IPAddressFamily_push(addr, f1)) + goto end; + + /* Shouldn't be able to canonize this as the len is > 3*/ + if (!TEST_false(X509v3_addr_canonize(addr))) + goto end; + + /* Create a well formed IPAddressFamily */ + f1 = sk_IPAddressFamily_pop(addr); + IPAddressFamily_free(f1); + + key[0] = (afi >> 8) & 0xFF; + key[1] = afi & 0xFF; + key[2] = 0x1; + keylen = 3; + if ((f1 = IPAddressFamily_new()) == NULL) + goto end; + if (f1->ipAddressChoice == NULL && + (f1->ipAddressChoice = IPAddressChoice_new()) == NULL) + goto end; + if (f1->addressFamily == NULL && + (f1->addressFamily = ASN1_OCTET_STRING_new()) == NULL) + goto end; + if (!ASN1_OCTET_STRING_set(f1->addressFamily, key, keylen)) + goto end; + + /* Mark this as inheritance so we skip some of the is_canonize checks */ + f1->ipAddressChoice->type = IPAddressChoice_inherit; + if (!sk_IPAddressFamily_push(addr, f1)) + goto end; + + /* Should be able to canonize now */ + if (!TEST_true(X509v3_addr_canonize(addr))) + goto end; + + testresult = 1; + end: + sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1); + ASN1_OCTET_STRING_free(ip2); + return testresult; +} + static struct extvalues_st { const char *value; int pass; @@ -323,6 +409,49 @@ return testresult; } + +static int test_addr_subset(void) +{ + int i; + int ret = 0; + IPAddrBlocks *addrEmpty = NULL; + IPAddrBlocks *addr[3] = { NULL, NULL }; + ASN1_OCTET_STRING *ip1[3] = { NULL, NULL }; + ASN1_OCTET_STRING *ip2[3] = { NULL, NULL }; + int sz = OSSL_NELEM(addr); + + for (i = 0; i < sz; ++i) { + /* Create the IPAddrBlocks with a good IPAddressFamily */ + if (!TEST_ptr(addr[i] = sk_IPAddressFamily_new_null()) + || !TEST_ptr(ip1[i] = a2i_IPADDRESS(ranges[i].ip1)) + || !TEST_ptr(ip2[i] = a2i_IPADDRESS(ranges[i].ip2)) + || !TEST_true(X509v3_addr_add_range(addr[i], ranges[i].afi, NULL, + ip1[i]->data, ip2[i]->data))) + goto end; + } + + ret = TEST_ptr(addrEmpty = sk_IPAddressFamily_new_null()) + && TEST_true(X509v3_addr_subset(NULL, NULL)) + && TEST_true(X509v3_addr_subset(NULL, addr[0])) + && TEST_true(X509v3_addr_subset(addrEmpty, addr[0])) + && TEST_true(X509v3_addr_subset(addr[0], addr[0])) + && TEST_true(X509v3_addr_subset(addr[0], addr[1])) + && TEST_true(X509v3_addr_subset(addr[0], addr[2])) + && TEST_true(X509v3_addr_subset(addr[1], addr[2])) + && TEST_false(X509v3_addr_subset(addr[0], NULL)) + && TEST_false(X509v3_addr_subset(addr[1], addr[0])) + && TEST_false(X509v3_addr_subset(addr[2], addr[1])) + && TEST_false(X509v3_addr_subset(addr[0], addrEmpty)); +end: + sk_IPAddressFamily_pop_free(addrEmpty, IPAddressFamily_free); + for (i = 0; i < sz; ++i) { + sk_IPAddressFamily_pop_free(addr[i], IPAddressFamily_free); + ASN1_OCTET_STRING_free(ip1[i]); + ASN1_OCTET_STRING_free(ip2[i]); + } + return ret; +} + #endif /* OPENSSL_NO_RFC3779 */ OPT_TEST_DECLARE_USAGE("cert.pem\n") @@ -342,6 +471,8 @@ ADD_TEST(test_asid); ADD_TEST(test_addr_ranges); ADD_TEST(test_ext_syntax); + ADD_TEST(test_addr_fam_len); + ADD_TEST(test_addr_subset); #endif /* OPENSSL_NO_RFC3779 */ return 1; } diff -Nru openssl-3.0.7/test/v3nametest.c openssl-3.0.8/test/v3nametest.c --- openssl-3.0.7/test/v3nametest.c 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/test/v3nametest.c 2023-02-07 14:43:33.000000000 +0100 @@ -1,5 +1,5 @@ /* - * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -644,6 +644,14 @@ 0xb7, 0x09, 0x02, 0x02 }, 15 + }, { + /* + * Regression test for CVE-2023-0286. + */ + { + 0xa3, 0x00 + }, + 2 } }; diff -Nru openssl-3.0.7/util/libcrypto.num openssl-3.0.8/util/libcrypto.num --- openssl-3.0.7/util/libcrypto.num 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/util/libcrypto.num 2023-02-07 14:43:33.000000000 +0100 @@ -5427,3 +5427,4 @@ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION: OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION: OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION: +OSSL_CMP_CTX_reset_geninfo_ITAVs 5558 3_0_8 EXIST::FUNCTION:CMP diff -Nru openssl-3.0.7/util/missingcrypto.txt openssl-3.0.8/util/missingcrypto.txt --- openssl-3.0.7/util/missingcrypto.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/util/missingcrypto.txt 2023-02-07 14:43:33.000000000 +0100 @@ -202,7 +202,6 @@ BIO_method_name(3) BIO_new_NDEF(3) BIO_new_PKCS7(3) -BIO_new_dgram(3) BIO_new_dgram_sctp(3) BIO_nread(3) BIO_nread0(3) @@ -210,7 +209,6 @@ BIO_number_written(3) BIO_nwrite(3) BIO_nwrite0(3) -BIO_s_datagram(3) BIO_s_datagram_sctp(3) BIO_s_log(3) BIO_set_flags(3) @@ -553,42 +551,6 @@ ENGINE_unregister_EC(3) ENGINE_unregister_pkey_asn1_meths(3) ENGINE_unregister_pkey_meths(3) -EVP_ASYM_CIPHER-RSA(7) -EVP_CIPHER-AES(7) -EVP_CIPHER-ARIA(7) -EVP_CIPHER-BF(7) -EVP_CIPHER-DES(7) -EVP_CIPHER-CAMELLIA(7) -EVP_CIPHER-CAST5(7) -EVP_CIPHER-ChaCha20(7) -EVP_CIPHER-ChaCha20-Poly1305(7) -EVP_CIPHER-DES(7) -EVP_CIPHER-IDEA(7) -EVP_CIPHER-RC2(7) -EVP_CIPHER-RC4(7) -EVP_CIPHER-RC5(7) -EVP_CIPHER-SEED(7) -EVP_CIPHER-SM4(7) -EVP_KDF-KBKDF(7) -EVP_KDF-SSKDF(7) -EVP_KDF-TLS1-PRF(7) -EVP_KEYEXCH-DH(7) -EVP_KEYEXCH-ECDH(7) -EVP_KEYEXCH-DSA(7) -EVP_KEYEXCH-RSA(7) -EVP_KEYEXCH-X25519(7) -EVP_KEYEXCH-X448(7) -EVP_KEYMGMT-DH(7) -EVP_KEYMGMT-EC(7) -EVP_KEYMGMT-DSA(7) -EVP_KEYMGMT-RSA(7) -EVP_KEYMGMT-X25519(7) -EVP_KEYMGMT-X448(7) -EVP_SIGNATURE-DSA(7) -EVP_SIGNATURE-ECDSA(7) -EVP_SIGNATURE-ED25519(7) -EVP_SIGNATURE-ED448(7) -EVP_SIGNATURE-RSA(7) ERR_get_state(3) ERR_load_ASN1_strings(3) ERR_load_ASYNC_strings(3) @@ -637,8 +599,6 @@ EVP_MD_do_all_sorted(3) EVP_PBE_cleanup(3) EVP_PBE_get(3) -EVP_PKEY_CTX_get0_peerkey(3) -EVP_PKEY_CTX_get0_pkey(3) EVP_PKEY_CTX_get_data(3) EVP_PKEY_CTX_get_operation(3) EVP_PKEY_CTX_hex2ctrl(3) @@ -1412,7 +1372,6 @@ i2v_GENERAL_NAME(3) i2v_GENERAL_NAMES(3) o2i_ECPublicKey(3) -provider-kdf(7) v2i_ASN1_BIT_STRING(3) v2i_GENERAL_NAME(3) v2i_GENERAL_NAMES(3) diff -Nru openssl-3.0.7/util/missingmacro.txt openssl-3.0.8/util/missingmacro.txt --- openssl-3.0.7/util/missingmacro.txt 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/util/missingmacro.txt 2023-02-07 14:43:33.000000000 +0100 @@ -13,13 +13,6 @@ BIO_dup_state(3) BIO_buffer_get_num_lines(3) BIO_buffer_peek(3) -BIO_ctrl_dgram_connect(3) -BIO_ctrl_set_connected(3) -BIO_dgram_recv_timedout(3) -BIO_dgram_send_timedout(3) -BIO_dgram_get_peer(3) -BIO_dgram_set_peer(3) -BIO_dgram_get_mtu_overhead(3) BIO_sock_cleanup(3) ossl_bio__attr__(3) BN_prime_checks_for_size(3) diff -Nru openssl-3.0.7/util/other.syms openssl-3.0.8/util/other.syms --- openssl-3.0.7/util/other.syms 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/util/other.syms 2023-02-07 14:43:33.000000000 +0100 @@ -53,23 +53,28 @@ EVP_RAND_CTX datatype EVP_SIGNATURE datatype GEN_SESSION_CB datatype -OPENSSL_Applink external -OSSL_LIB_CTX datatype NAMING_AUTHORITY datatype +OPENSSL_Applink external +OSSL_ALGORITHM datatype +OSSL_CALLBACK datatype OSSL_DECODER datatype OSSL_DECODER_CTX datatype OSSL_DECODER_CONSTRUCT datatype OSSL_DECODER_CLEANUP datatype OSSL_DECODER_INSTANCE datatype -OSSL_HTTP_bio_cb_t datatype -OSSL_PARAM datatype -OSSL_PROVIDER datatype +OSSL_DISPATCH datatype OSSL_ENCODER datatype OSSL_ENCODER_CTX datatype OSSL_ENCODER_CONSTRUCT datatype OSSL_ENCODER_CLEANUP datatype OSSL_ENCODER_INSTANCE datatype +OSSL_HTTP_bio_cb_t datatype OSSL_HTTP_REQ_CTX datatype +OSSL_ITEM datatype +OSSL_LIB_CTX datatype +OSSL_PARAM datatype +OSSL_PASSPHRASE_CALLBACK datatype +OSSL_PROVIDER datatype OSSL_STORE_CTX datatype OSSL_STORE_INFO datatype OSSL_STORE_LOADER datatype @@ -141,6 +146,13 @@ ASN1_BIT_STRING_digest define BIO_append_filename define BIO_destroy_bio_pair define +BIO_ctrl_dgram_connect define +BIO_ctrl_set_connected define +BIO_dgram_get_mtu_overhead define +BIO_dgram_get_peer define +BIO_dgram_set_peer define +BIO_dgram_recv_timedout define +BIO_dgram_send_timedout define BIO_do_accept define BIO_do_connect define BIO_do_handshake define diff -Nru openssl-3.0.7/util/perl/OpenSSL/ParseC.pm openssl-3.0.8/util/perl/OpenSSL/ParseC.pm --- openssl-3.0.7/util/perl/OpenSSL/ParseC.pm 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/util/perl/OpenSSL/ParseC.pm 2023-02-07 14:43:33.000000000 +0100 @@ -822,7 +822,7 @@ # We use ¦undef¦ as a marker for a new line from the file. # Since we convert one line to several and unshift that into @lines, # that's the only safe way we have to track the original lines - my @lines = map { ( undef, $_ ) } split $/, $line; + my @lines = map { ( undef, $_ ) } split m|\R|, $line; # Remember that extra # we added above? Now we remove it pop @lines; diff -Nru openssl-3.0.7/VERSION.dat openssl-3.0.8/VERSION.dat --- openssl-3.0.7/VERSION.dat 2022-11-01 15:14:36.000000000 +0100 +++ openssl-3.0.8/VERSION.dat 2023-02-07 14:43:33.000000000 +0100 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=7 +PATCH=8 PRE_RELEASE_TAG= BUILD_METADATA= -RELEASE_DATE="1 Nov 2022" +RELEASE_DATE="7 Feb 2023" SHLIB_VERSION=3