diff -Nru openssl-3.0.12/CHANGES.md openssl-3.0.13/CHANGES.md --- openssl-3.0.12/CHANGES.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/CHANGES.md 2024-01-30 13:28:16.000000000 +0000 @@ -28,11 +28,89 @@ [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod -### Changes between 3.0.12 and 3.0.12+quic [24 Oct 2023] +### Changes between 3.0.12 and 3.0.13 [30 Jan 2024] -* Add QUIC API support from BoringSSL + * A file in PKCS12 format can contain certificates and keys and may come from + an untrusted source. The PKCS12 specification allows certain fields to be + NULL, but OpenSSL did not correctly check for this case. A fix has been + applied to prevent a NULL pointer dereference that results in OpenSSL + crashing. If an application processes PKCS12 files from an untrusted source + using the OpenSSL APIs then that application will be vulnerable to this + issue prior to this fix. - *Todd Short* + OpenSSL APIs that were vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass(). + + We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security + significant. + + ([CVE-2024-0727]) + + *Matt Caswell* + + * When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time. + + An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack. + + The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the "-pubin" and "-check" options on untrusted data. + + To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will + now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason. + + ([CVE-2023-6237]) + + *Tomáš Mráz* + + * Restore the encoding of SM2 PrivateKeyInfo and SubjectPublicKeyInfo to + have the contained AlgorithmIdentifier.algorithm set to id-ecPublicKey + rather than SM2. + + *Richard Levitte* + + * The POLY1305 MAC (message authentication code) implementation in OpenSSL + for PowerPC CPUs saves the contents of vector registers in different + order than they are restored. Thus the contents of some of these vector + registers is corrupted when returning to the caller. The vulnerable code is + used only on newer PowerPC processors supporting the PowerISA 2.07 + instructions. + + The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the + application process. However unless the compiler uses the vector registers + for storing pointers, the most likely consequence, if any, would be an + incorrect result of some application dependent calculations or a crash + leading to a denial of service. + + ([CVE-2023-6129]) + + *Rohan McLure* + + * Fix excessive time spent in DH check / generation with large Q parameter + value. + + Applications that use the functions DH_generate_key() to generate an + X9.42 DH key may experience long delays. Likewise, applications that use + DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service. + + ([CVE-2023-5678]) + + *Richard Levitte* ### Changes between 3.0.11 and 3.0.12 [24 Oct 2023] @@ -19746,6 +19824,10 @@ +[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 +[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 +[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 +[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 diff -Nru openssl-3.0.12/CONTRIBUTING.md openssl-3.0.13/CONTRIBUTING.md --- openssl-3.0.12/CONTRIBUTING.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/CONTRIBUTING.md 2024-01-30 13:28:16.000000000 +0000 @@ -9,22 +9,36 @@ [openssl/openssl]: -To request new features or report bugs, please open an issue on GitHub +To request new a feature, ask a question, or report a bug, +please open an [issue on GitHub](https://github.com/openssl/openssl/issues). -To submit a patch, please open a pull request on GitHub. If you are thinking -of making a large contribution, open an issue for it before starting work, -to get comments from the community. Someone may be already working on -the same thing or there may be reasons why that feature isn't implemented. +To submit a patch or implement a new feature, please open a +[pull request on GitHub](https://github.com/openssl/openssl/pulls). +If you are thinking of making a large contribution, +open an issue for it before starting work, to get comments from the community. +Someone may be already working on the same thing, +or there may be special reasons why a feature is not implemented. To make it easier to review and accept your pull request, please follow these guidelines: 1. Anything other than a trivial contribution requires a [Contributor License Agreement] (CLA), giving us permission to use your code. - If your contribution is too small to require a CLA (e.g. fixing a spelling - mistake), place the text "`CLA: trivial`" on a line by itself separated by - an empty line from the rest of the commit message. It is not sufficient to - only place the text in the GitHub pull request description. + If your contribution is too small to require a CLA (e.g., fixing a spelling + mistake), then place the text "`CLA: trivial`" on a line by itself below + the rest of your commit message separated by an empty line, like this: + + ``` + One-line summary of trivial change + + Optional main body of commit message. It might contain a sentence + or two explaining the trivial change. + + CLA: trivial + ``` + + It is not sufficient to only place the text "`CLA: trivial`" in the GitHub + pull request description. [Contributor License Agreement]: @@ -32,8 +46,8 @@ ``` git commit --amend - [add the line, save and quit the editor] - git push -f + # add the line, save and quit the editor + git push -f [ []] ``` 2. All source files should start with the following text (with @@ -53,22 +67,24 @@ often. We do not accept merge commits, you will have to remove them (usually by rebasing) before it will be acceptable. - 4. Patches should follow our [coding style] and compile without warnings. - Where `gcc` or `clang` is available you should use the + 4. Code provided should follow our [coding style] and compile without warnings. + There is a [Perl tool](util/check-format.pl) that helps + finding code formatting mistakes and other coding style nits. + Where `gcc` or `clang` is available, you should use the `--strict-warnings` `Configure` option. OpenSSL compiles on many varied - platforms: try to ensure you only use portable features. Clean builds via - GitHub Actions and AppVeyor are required, and they are started automatically - whenever a PR is created or updated. + platforms: try to ensure you only use portable features. + Clean builds via GitHub Actions are required. They are started automatically + whenever a PR is created or updated by committers. [coding style]: https://www.openssl.org/policies/technical/coding-style.html - 5. When at all possible, patches should include tests. These can + 5. When at all possible, code contributions should include tests. These can either be added to an existing test, or completely new. Please see [test/README.md](test/README.md) for information on the test framework. 6. New features or changed functionality must include - documentation. Please look at the "pod" files in doc/man[1357] for - examples of our style. Run "make doc-nits" to make sure that your + documentation. Please look at the `.pod` files in `doc/man[1357]` for + examples of our style. Run `make doc-nits` to make sure that your documentation changes are clean. 7. For user visible changes (API changes, behaviour changes, ...), @@ -78,7 +94,7 @@ Have a look through existing entries for inspiration. Please note that this is NOT simply a copy of git-log one-liners. Also note that security fixes get an entry in [CHANGES.md](CHANGES.md). - This file helps users get more in depth information of what comes + This file helps users get more in-depth information of what comes with a specific release without having to sift through the higher noise ratio in git-log. diff -Nru openssl-3.0.12/Configurations/10-main.conf openssl-3.0.13/Configurations/10-main.conf --- openssl-3.0.12/Configurations/10-main.conf 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/Configurations/10-main.conf 2024-01-30 13:28:16.000000000 +0000 @@ -1941,5 +1941,15 @@ inherit_from => [ "vms-generic" ], bn_ops => "SIXTY_FOUR_BIT", pointer_size => "", + }, + "vms-x86_64-p32" => { + inherit_from => [ "vms-x86_64" ], + cflags => add("/POINTER_SIZE=32"), + pointer_size => "32", + }, + "vms-x86_64-p64" => { + inherit_from => [ "vms-x86_64" ], + cflags => add("/POINTER_SIZE=64=ARGV"), + pointer_size => "64", } ); diff -Nru openssl-3.0.12/Configurations/descrip.mms.tmpl openssl-3.0.13/Configurations/descrip.mms.tmpl --- openssl-3.0.12/Configurations/descrip.mms.tmpl 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/Configurations/descrip.mms.tmpl 2024-01-30 13:28:16.000000000 +0000 @@ -478,7 +478,8 @@ all : build_sw build_docs test : tests -{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep run_tests +{- dependmagic('tests'); -} : build_programs_nodep, build_modules_nodep + $(MMS) $(MMSQUALIFIERS) run_tests run_tests : @ ! {- output_off() if $disabled{tests}; "" -} DEFINE SRCTOP "$(SRCDIR)" @@ -710,13 +711,15 @@ WRITE CONFIG " shlib_version => '","{- $config{shlib_version} -}","'," WRITE CONFIG " shlib_major => '","{- $config{shlib_major} -}","'," WRITE CONFIG " shlib_minor => '","{- $config{shlib_minor} -}","'," - WRITE CONFIG " no_shared => '","{- $disabled{shared} -}","'," WRITE CONFIG " INSTALLTOP => '$(INSTALLTOP)'," WRITE CONFIG " OPENSSLDIR => '$(OPENSSLDIR)'," + WRITE CONFIG ");" + WRITE CONFIG "our %target = (" WRITE CONFIG " pointer_size => '","{- $target{pointer_size} -}","'," WRITE CONFIG ");" - WRITE CONFIG "our %target = ();" - WRITE CONFIG "our %disabled = ();" + WRITE CONFIG "our %disabled = (" + WRITE CONFIG " shared => '","{- $disabled{shared} -}","'," + WRITE CONFIG ");" WRITE CONFIG "our %withargs = ();" WRITE CONFIG "our %unified_info = ();" WRITE CONFIG "1;" diff -Nru openssl-3.0.12/Configurations/unix-Makefile.tmpl openssl-3.0.13/Configurations/unix-Makefile.tmpl --- openssl-3.0.12/Configurations/unix-Makefile.tmpl 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/Configurations/unix-Makefile.tmpl 2024-01-30 13:28:16.000000000 +0000 @@ -526,8 +526,9 @@ all: build_sw build_docs test: tests -{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils run_tests -run_tests: +{- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep link-utils + $(MAKE) run_tests +run_tests: FORCE @ : {- output_off() if $disabled{tests}; "" -} ( SRCTOP=$(SRCDIR) \ BLDTOP=$(BLDDIR) \ diff -Nru openssl-3.0.12/Configurations/windows-makefile.tmpl openssl-3.0.13/Configurations/windows-makefile.tmpl --- openssl-3.0.12/Configurations/windows-makefile.tmpl 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/Configurations/windows-makefile.tmpl 2024-01-30 13:28:16.000000000 +0000 @@ -294,7 +294,7 @@ CNF_ASFLAGS={- join(' ', $target{asflags} || (), @{$config{asflags}}) -} -CNF_CPPFLAGS={- our $cppfags2 = +CNF_CPPFLAGS={- our $cppflags2 = join(' ', $target{cppflags} || (), (map { '-D'.quotify1($_) } @{$target{defines}}, @{$config{defines}}), @@ -440,6 +440,8 @@ test: tests {- dependmagic('tests'); -}: build_programs_nodep build_modules_nodep copy-utils + $(MAKE) /$(MAKEFLAGS) run_tests +run_tests: @{- output_off() if $disabled{tests}; "\@rem" -} cmd /C "set "SRCTOP=$(SRCDIR)" & set "BLDTOP=$(BLDDIR)" & set "PERL=$(PERL)" & set "FIPSKEY=$(FIPSKEY)" & "$(PERL)" "$(SRCDIR)\test\run_tests.pl" $(TESTS)" @{- if ($disabled{tests}) { output_on(); } else { output_off(); } "" -} diff -Nru openssl-3.0.12/Configure openssl-3.0.13/Configure --- openssl-3.0.12/Configure 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/Configure 2024-01-30 13:28:16.000000000 +0000 @@ -467,7 +467,6 @@ "poly1305", "posix-io", "psk", - "quic", "rc2", "rc4", "rc5", @@ -578,7 +577,6 @@ "sm3", "sm4", "srp", "srtp", "ssl3-method", "ssl-trace", "ts", "ui-console", "whirlpool", - "quic", "fips-securitychecks" ], sub { $config{processor} eq "386" } => [ "sse2" ], @@ -586,7 +584,7 @@ "ssl3-method" => [ "ssl3" ], "zlib" => [ "zlib-dynamic" ], "des" => [ "mdc2" ], - "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost", "quic" ], + "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ], "dgram" => [ "dtls", "sctp" ], "sock" => [ "dgram" ], "dtls" => [ @dtls ], @@ -637,7 +635,6 @@ "legacy" => [ "md2" ], "cmp" => [ "crmf" ], - "tls1_3" => [ "quic" ], "fips" => [ "fips-securitychecks", "acvp-tests" ], @@ -936,8 +933,6 @@ if (/^--prefix=(.*)$/) { $config{prefix}=$1; - die "Directory given with --prefix MUST be absolute\n" - unless file_name_is_absolute($config{prefix}); } elsif (/^--api=(.*)$/) { @@ -1380,6 +1375,11 @@ # At this point, we can forget everything about %user and %useradd, # because it's now all been merged into the corresponding $config entry +if ($config{prefix} && !$config{CROSS_COMPILE}) { + die "Directory given with --prefix MUST be absolute\n" + unless file_name_is_absolute($config{prefix}); +} + if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) { disable('static', 'pic', 'threads'); } @@ -1835,11 +1835,12 @@ my $base = shift; my $dir = shift; my $relativeto = shift || "."; + my $no_mkpath = shift // 0; $dir = catdir($base,$dir) unless isabsolute($dir); # Make sure the directories we're building in exists - mkpath($dir); + mkpath($dir) unless $no_mkpath; my $res = abs2rel(absolutedir($dir), rel2abs($relativeto)); #print STDERR "DEBUG[cleandir]: $dir , $base => $res\n"; @@ -1850,6 +1851,7 @@ my $base = shift; my $file = shift; my $relativeto = shift || "."; + my $no_mkpath = shift // 0; $file = catfile($base,$file) unless isabsolute($file); @@ -1857,7 +1859,7 @@ my $f = basename($file); # Make sure the directories we're building in exists - mkpath($d); + mkpath($d) unless $no_mkpath; my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto)); #print STDERR "DEBUG[cleanfile]: $d , $f => $res\n"; @@ -1887,7 +1889,7 @@ } # Then, look in our standard directory push @build_file_templates, - ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } + ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) } @build_file_template_names ); my $build_file_template; @@ -1902,7 +1904,7 @@ } $config{build_file_templates} = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"), - $blddir), + $blddir, 1), $build_file_template ]; my @build_dirs = ( [ ] ); # current directory @@ -1911,7 +1913,7 @@ # We want to detect configdata.pm in the source tree, so we # don't use it if the build tree is different. - my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir); + my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1); # Any source file that we recognise is placed in this hash table, with # the list of its intended destinations as value. When everything has @@ -2264,7 +2266,7 @@ my $dest = $_; my $ddest = cleanfile($buildd, $_, $blddir); foreach (@{$sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); + my $s = cleanfile($sourced, $_, $blddir, 1); # If it's generated or we simply don't find it in the source # tree, we assume it's in the build tree. @@ -2309,7 +2311,7 @@ my $dest = $_; my $ddest = cleanfile($buildd, $_, $blddir); foreach (@{$shared_sources{$dest}}) { - my $s = cleanfile($sourced, $_, $blddir); + my $s = cleanfile($sourced, $_, $blddir, 1); # If it's generated or we simply don't find it in the source # tree, we assume it's in the build tree. @@ -2364,7 +2366,7 @@ if scalar @{$generate{$_}} > 1; my @generator = split /\s+/, $generate{$dest}->[0]; my $gen = $generator[0]; - $generator[0] = cleanfile($sourced, $gen, $blddir); + $generator[0] = cleanfile($sourced, $gen, $blddir, 1); # If the generator is itself generated, it's in the build tree if ($generate{$gen} || ! -f $generator[0]) { @@ -2390,7 +2392,7 @@ } elsif ($dest eq '') { $ddest = ''; } else { - $ddest = cleanfile($sourced, $_, $blddir); + $ddest = cleanfile($sourced, $_, $blddir, 1); # If the destination doesn't exist in source, it can only be # a generated file in the build tree. @@ -2399,7 +2401,7 @@ } } foreach (@{$depends{$dest}}) { - my $d = cleanfile($sourced, $_, $blddir); + my $d = cleanfile($sourced, $_, $blddir, 1); my $d2 = cleanfile($buildd, $_, $blddir); # If we know it's generated, or assume it is because we can't @@ -2422,7 +2424,7 @@ foreach (keys %includes) { my $dest = $_; - my $ddest = cleanfile($sourced, $_, $blddir); + my $ddest = cleanfile($sourced, $_, $blddir, 1); # If the destination doesn't exist in source, it can only be # a generated file in the build tree. @@ -2430,7 +2432,7 @@ $ddest = cleanfile($buildd, $_, $blddir); } foreach (@{$includes{$dest}}) { - my $is = cleandir($sourced, $_, $blddir); + my $is = cleandir($sourced, $_, $blddir, 1); my $ib = cleandir($buildd, $_, $blddir); push @{$unified_info{includes}->{$ddest}->{source}}, $is unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}}; @@ -2443,7 +2445,7 @@ my $ddest; if ($dest ne "") { - $ddest = cleanfile($sourced, $dest, $blddir); + $ddest = cleanfile($sourced, $dest, $blddir, 1); # If the destination doesn't exist in source, it can only # be a generated file in the build tree. @@ -2825,7 +2827,7 @@ my $configdata_outname = 'configdata.pm'; open CONFIGDATA, ">$configdata_outname.new" or die "Trying to create $configdata_outname.new: $!"; -my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir); +my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1); my $configdata_tmpl = OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname); $configdata_tmpl->fill_in( diff -Nru openssl-3.0.12/INSTALL.md openssl-3.0.13/INSTALL.md --- openssl-3.0.12/INSTALL.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/INSTALL.md 2024-01-30 13:28:16.000000000 +0000 @@ -822,10 +822,6 @@ Don't build support for Pre-Shared Key based ciphersuites. -### no-quic - -Don't build support for QUIC API from BoringSSL. - ### no-rdrand Don't use hardware RDRAND capabilities. diff -Nru openssl-3.0.12/NEWS.md openssl-3.0.13/NEWS.md --- openssl-3.0.12/NEWS.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/NEWS.md 2024-01-30 13:28:16.000000000 +0000 @@ -18,6 +18,18 @@ OpenSSL 3.0 ----------- +### Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024] + + * Fixed PKCS12 Decoding crashes + ([CVE-2024-0727]) + * Fixed Excessive time spent checking invalid RSA public keys + ([CVE-2023-6237]) + * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC + CPUs which support PowerISA 2.07 + ([CVE-2023-6129]) + * Fix excessive time spent in DH check / generation with large Q parameter + value ([CVE-2023-5678]) + ### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] * Mitigate incorrect resize handling for symmetric cipher keys and IVs. @@ -1458,6 +1470,10 @@ +[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727 +[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237 +[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129 +[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678 [CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817 diff -Nru openssl-3.0.12/README-OpenSSL.md openssl-3.0.13/README-OpenSSL.md --- openssl-3.0.12/README-OpenSSL.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/README-OpenSSL.md 1970-01-01 00:00:00.000000000 +0000 @@ -1,224 +0,0 @@ -Welcome to the OpenSSL Project -============================== - -[![openssl logo]][www.openssl.org] - -[![github actions ci badge]][github actions ci] -[![appveyor badge]][appveyor jobs] - -OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit -for the Transport Layer Security (TLS) protocol formerly known as the -Secure Sockets Layer (SSL) protocol. The protocol implementation is based -on a full-strength general purpose cryptographic library, which can also -be used stand-alone. - -OpenSSL is descended from the SSLeay library developed by Eric A. Young -and Tim J. Hudson. - -The official Home Page of the OpenSSL Project is [www.openssl.org]. - -Table of Contents -================= - - - [Overview](#overview) - - [Download](#download) - - [Build and Install](#build-and-install) - - [Documentation](#documentation) - - [License](#license) - - [Support](#support) - - [Contributing](#contributing) - - [Legalities](#legalities) - -Overview -======== - -The OpenSSL toolkit includes: - -- **libssl** - an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]). - -- **libcrypto** - a full-strength general purpose cryptographic library. It constitutes the - basis of the TLS implementation, but can also be used independently. - -- **openssl** - the OpenSSL command line tool, a swiss army knife for cryptographic tasks, - testing and analyzing. It can be used for - - creation of key parameters - - creation of X.509 certificates, CSRs and CRLs - - calculation of message digests - - encryption and decryption - - SSL/TLS client and server tests - - handling of S/MIME signed or encrypted mail - - and more... - -Download -======== - -For Production Use ------------------- - -Source code tarballs of the official releases can be downloaded from -[www.openssl.org/source](https://www.openssl.org/source). -The OpenSSL project does not distribute the toolkit in binary form. - -However, for a large variety of operating systems precompiled versions -of the OpenSSL toolkit are available. In particular on Linux and other -Unix operating systems it is normally recommended to link against the -precompiled shared libraries provided by the distributor or vendor. - -For Testing and Development ---------------------------- - -Although testing and development could in theory also be done using -the source tarballs, having a local copy of the git repository with -the entire project history gives you much more insight into the -code base. - -The official OpenSSL Git Repository is located at [git.openssl.org]. -There is a GitHub mirror of the repository at [github.com/openssl/openssl], -which is updated automatically from the former on every commit. - -A local copy of the Git Repository can be obtained by cloning it from -the original OpenSSL repository using - - git clone git://git.openssl.org/openssl.git - -or from the GitHub mirror using - - git clone https://github.com/openssl/openssl.git - -If you intend to contribute to OpenSSL, either to fix bugs or contribute -new features, you need to fork the OpenSSL repository openssl/openssl on -GitHub and clone your public fork instead. - - git clone https://github.com/yourname/openssl.git - -This is necessary, because all development of OpenSSL nowadays is done via -GitHub pull requests. For more details, see [Contributing](#contributing). - -Build and Install -================= - -After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for -detailed instructions about building and installing OpenSSL. For some -platforms, the installation instructions are amended by a platform specific -document. - - * [Notes for UNIX-like platforms](NOTES-UNIX.md) - * [Notes for Android platforms](NOTES-ANDROID.md) - * [Notes for Windows platforms](NOTES-WINDOWS.md) - * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md) - * [Notes for the OpenVMS platform](NOTES-VMS.md) - * [Notes on Perl](NOTES-PERL.md) - * [Notes on Valgrind](NOTES-VALGRIND.md) - -Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found -in the [migration_guide(7ossl)] manual page. - -Documentation -============= - -Manual Pages ------------- - -The manual pages for the master branch and all current stable releases are -available online. - -- [OpenSSL master](https://www.openssl.org/docs/manmaster) -- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0) -- [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1) - -Wiki ----- - -There is a Wiki at [wiki.openssl.org] which is currently not very active. -It contains a lot of useful information, not all of which is up to date. - -License -======= - -OpenSSL is licensed under the Apache License 2.0, which means that -you are free to get and use it for commercial and non-commercial -purposes as long as you fulfill its conditions. - -See the [LICENSE.txt](LICENSE.txt) file for more details. - -Support -======= - -There are various ways to get in touch. The correct channel depends on -your requirement. see the [SUPPORT](SUPPORT.md) file for more details. - -Contributing -============ - -If you are interested and willing to contribute to the OpenSSL project, -please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file. - -Legalities -========== - -A number of nations restrict the use or export of cryptography. If you are -potentially subject to such restrictions you should seek legal advice before -attempting to develop or distribute cryptographic code. - -Copyright -========= - -Copyright (c) 1998-2023 The OpenSSL Project - -Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson - -All rights reserved. - - - -[www.openssl.org]: - - "OpenSSL Homepage" - -[git.openssl.org]: - - "OpenSSL Git Repository" - -[git.openssl.org]: - - "OpenSSL Git Repository" - -[github.com/openssl/openssl]: - - "OpenSSL GitHub Mirror" - -[wiki.openssl.org]: - - "OpenSSL Wiki" - -[migration_guide(7ossl)]: - - "OpenSSL Migration Guide" - -[RFC 8446]: - - - - -[openssl logo]: - doc/images/openssl.svg - "OpenSSL Logo" - -[github actions ci badge]: - - "GitHub Actions CI Status" - -[github actions ci]: - - "GitHub Actions CI" - -[appveyor badge]: - - "AppVeyor Build Status" - -[appveyor jobs]: - - "AppVeyor Jobs" diff -Nru openssl-3.0.12/README.md openssl-3.0.13/README.md --- openssl-3.0.12/README.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/README.md 2024-01-30 13:28:16.000000000 +0000 @@ -1,113 +1,224 @@ -What This Is -============ +Welcome to the OpenSSL Project +============================== -This is a fork of [OpenSSL](https://www.openssl.org) to enable QUIC. In addition -to the website, the official source distribution is at -. The OpenSSL `README` can be found at -[README-OpenSSL.md](https://github.com/quictls/openssl/blob/openssl-3.0.12%2Bquic/README-OpenSSL.md) - -This fork adds APIs that can be used by QUIC implementations for connection -handshakes. Quoting the IETF Working group -[charter](https://datatracker.ietf.org/wg/quic/about/), QUIC is a "UDP-based, -stream-multiplexing, encrypted transport protocol." If you don't need QUIC, you -should use the official OpenSSL distributions. - -The APIs here are used by Microsoft's -[MsQuic](https://github.com/microsoft/msquic) and Google's -[Chromium QUIC](https://chromium.googlesource.com/chromium/src/+/master/net/quic/) - -We are not in competition with OpenSSL project. We informed them of -our plans to fork the code before we went public. We do not speak for the -OpenSSL project, and can only point to a -[blog post](https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/) and -[openssl-project email](https://github.com/quictls/openssl/discussions/54) -that provides their view of QUIC support. - -As stated in their blog post, the OpenSSL team is focused on their 3.0 release -(released 2021-09-07), and does not intend to add QUIC functionality to 1.1.x. -There is a community need for a QUIC-capable TLS library. This fork is intended -as stopgap solution to enable higher level frameworks and runtimes to use QUIC -with the proven and reliable TLS functionality from OpenSSL. This fork will be -maintained until OpenSSL officially provides reasonable support for QUIC -implementations. - -This fork can be considered a supported version of -[OpenSSL PR 8797](https://github.com/openssl/openssl/pull/8797). -We will endeavor to track OpenSSL releases within a day or so, and there is an -item below about how we'll follow their tagging. - -On to the questions and answers. - -What about branches? --------------------- - -We don't want to conflict with OpenSSL branch names. Our current plan is to append -`+quic`. Release tags are likely to be the QUIC branch with `-releaseX` appended. -For example, the OpenSSL tag `openssl-3.0.0` would have a branch named -`openssl-3.0.0+quic` and a release tag of `openssl-3.0.0+quic-release1`. - -How are you keeping current with OpenSSL? ------------------------------------------ - -(In other words, "What about rebasing?") - -Our plan is to always rebase on top of an upstream release tag. In particular: - -- The changes for QUIC will always be at the tip of the branch -- you will know what - is from the original OpenSSL and what is for QUIC. -- New versions are quickly created once upstream creates a new tag. -- The use of git commands (such as `cherry`) can be used to ensure that all changes - have moved forward with minimal or no changes. You will be able to see - "QUIC: Add X" on all branches and the commit itself will be nearly identical on - all branches, and any changes to that can be easily identified. - -What about library names? -------------------------- - -Library names will be the same, but will use a different version number. The version -numbers for the current OpenSSL libraries are `1.1` (for the 1.1.0 and 1.1.1 branches) -and `3` (for the 3.0 branch). We will be prefixing `81` (ASCII for 'Q') to -the version numbers to generate a unique version number. - -- `libcrypto.so.81.3` vs `libcrypto.so.3` -- `libcrypto.so.81.1.1` vs `libcrypto.so.1.1` -- `libssl.so.81.3` vs `libssl.so.3` -- `libssl.so.81.1.1` vs `libssl.so.1.1` - -The SONAME of these libraries are all different, guaranteeing the correct library -will be used. - -...and the executable? ----------------------- +[![openssl logo]][www.openssl.org] -We currently do not have any plans to change the name, mainly because we -haven't made any changes there. If you see a need, please open an issue. +[![github actions ci badge]][github actions ci] +[![appveyor badge]][appveyor jobs] -The `openssl version` command will report that it is `+quic` enabled. +OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit +for the Transport Layer Security (TLS) protocol formerly known as the +Secure Sockets Layer (SSL) protocol. The protocol implementation is based +on a full-strength general purpose cryptographic library, which can also +be used stand-alone. -...and FIPS? ------------- +OpenSSL is descended from the SSLeay library developed by Eric A. Young +and Tim J. Hudson. + +The official Home Page of the OpenSSL Project is [www.openssl.org]. + +Table of Contents +================= + + - [Overview](#overview) + - [Download](#download) + - [Build and Install](#build-and-install) + - [Documentation](#documentation) + - [License](#license) + - [Support](#support) + - [Contributing](#contributing) + - [Legalities](#legalities) + +Overview +======== + +The OpenSSL toolkit includes: + +- **libssl** + an implementation of all TLS protocol versions up to TLSv1.3 ([RFC 8446]). + +- **libcrypto** + a full-strength general purpose cryptographic library. It constitutes the + basis of the TLS implementation, but can also be used independently. + +- **openssl** + the OpenSSL command line tool, a swiss army knife for cryptographic tasks, + testing and analyzing. It can be used for + - creation of key parameters + - creation of X.509 certificates, CSRs and CRLs + - calculation of message digests + - encryption and decryption + - SSL/TLS client and server tests + - handling of S/MIME signed or encrypted mail + - and more... + +Download +======== + +For Production Use +------------------ + +Source code tarballs of the official releases can be downloaded from +[www.openssl.org/source](https://www.openssl.org/source). +The OpenSSL project does not distribute the toolkit in binary form. + +However, for a large variety of operating systems precompiled versions +of the OpenSSL toolkit are available. In particular on Linux and other +Unix operating systems it is normally recommended to link against the +precompiled shared libraries provided by the distributor or vendor. + +For Testing and Development +--------------------------- -We are not doing anything with FIPS. This is actually good news: you should -be able to load the OpenSSL 3.0 FIPS module into an application built against -this fork and everything should Just Work™. - -How can I contribute? ---------------------- - -We want any code here to be acceptable to OpenSSL. This means that all contributors -must have signed the appropriate -[contributor license agreements](https://www.openssl.org/policies/cla.html). We -will not ask for copies of any paperwork, you just need to tell us that you've -done so (and we might verify with OpenSSL). We are only interested in making it -easier and better for at least the mentioned QUIC implementations to use a variant -of OpenSSL. If you have a pull request that changes the TLS protocol, or adds -assembly support for a new CPU, or otherwise is not specific to enabling QUIC, -please contribute that to OpenSSL. This fork is intended to be a clean extension -to OpenSSL, with the deltas being specific to QUIC. +Although testing and development could in theory also be done using +the source tarballs, having a local copy of the git repository with +the entire project history gives you much more insight into the +code base. -Who are you? +The official OpenSSL Git Repository is located at [git.openssl.org]. +There is a GitHub mirror of the repository at [github.com/openssl/openssl], +which is updated automatically from the former on every commit. + +A local copy of the Git Repository can be obtained by cloning it from +the original OpenSSL repository using + + git clone git://git.openssl.org/openssl.git + +or from the GitHub mirror using + + git clone https://github.com/openssl/openssl.git + +If you intend to contribute to OpenSSL, either to fix bugs or contribute +new features, you need to fork the OpenSSL repository openssl/openssl on +GitHub and clone your public fork instead. + + git clone https://github.com/yourname/openssl.git + +This is necessary, because all development of OpenSSL nowadays is done via +GitHub pull requests. For more details, see [Contributing](#contributing). + +Build and Install +================= + +After obtaining the Source, have a look at the [INSTALL](INSTALL.md) file for +detailed instructions about building and installing OpenSSL. For some +platforms, the installation instructions are amended by a platform specific +document. + + * [Notes for UNIX-like platforms](NOTES-UNIX.md) + * [Notes for Android platforms](NOTES-ANDROID.md) + * [Notes for Windows platforms](NOTES-WINDOWS.md) + * [Notes for the DOS platform with DJGPP](NOTES-DJGPP.md) + * [Notes for the OpenVMS platform](NOTES-VMS.md) + * [Notes on Perl](NOTES-PERL.md) + * [Notes on Valgrind](NOTES-VALGRIND.md) + +Specific notes on upgrading to OpenSSL 3.0 from previous versions can be found +in the [migration_guide(7ossl)] manual page. + +Documentation +============= + +Manual Pages ------------ -This is a collaborative effort between [Akamai](https://www.akamai.com) and -[Microsoft](https://www.microsoft.com). We welcome anyone to contribute! +The manual pages for the master branch and all current stable releases are +available online. + +- [OpenSSL master](https://www.openssl.org/docs/manmaster) +- [OpenSSL 3.0](https://www.openssl.org/docs/man3.0) +- [OpenSSL 1.1.1](https://www.openssl.org/docs/man1.1.1) + +Wiki +---- + +There is a Wiki at [wiki.openssl.org] which is currently not very active. +It contains a lot of useful information, not all of which is up to date. + +License +======= + +OpenSSL is licensed under the Apache License 2.0, which means that +you are free to get and use it for commercial and non-commercial +purposes as long as you fulfill its conditions. + +See the [LICENSE.txt](LICENSE.txt) file for more details. + +Support +======= + +There are various ways to get in touch. The correct channel depends on +your requirement. see the [SUPPORT](SUPPORT.md) file for more details. + +Contributing +============ + +If you are interested and willing to contribute to the OpenSSL project, +please take a look at the [CONTRIBUTING](CONTRIBUTING.md) file. + +Legalities +========== + +A number of nations restrict the use or export of cryptography. If you are +potentially subject to such restrictions you should seek legal advice before +attempting to develop or distribute cryptographic code. + +Copyright +========= + +Copyright (c) 1998-2024 The OpenSSL Project + +Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson + +All rights reserved. + + + +[www.openssl.org]: + + "OpenSSL Homepage" + +[git.openssl.org]: + + "OpenSSL Git Repository" + +[git.openssl.org]: + + "OpenSSL Git Repository" + +[github.com/openssl/openssl]: + + "OpenSSL GitHub Mirror" + +[wiki.openssl.org]: + + "OpenSSL Wiki" + +[migration_guide(7ossl)]: + + "OpenSSL Migration Guide" + +[RFC 8446]: + + + + +[openssl logo]: + doc/images/openssl.svg + "OpenSSL Logo" + +[github actions ci badge]: + + "GitHub Actions CI Status" + +[github actions ci]: + + "GitHub Actions CI" + +[appveyor badge]: + + "AppVeyor Build Status" + +[appveyor jobs]: + + "AppVeyor Jobs" diff -Nru openssl-3.0.12/VERSION.dat openssl-3.0.13/VERSION.dat --- openssl-3.0.12/VERSION.dat 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/VERSION.dat 2024-01-30 13:28:16.000000000 +0000 @@ -1,7 +1,7 @@ MAJOR=3 MINOR=0 -PATCH=12 +PATCH=13 PRE_RELEASE_TAG= -BUILD_METADATA=quic -RELEASE_DATE="24 Oct 2023" -SHLIB_VERSION=81.3 +BUILD_METADATA= +RELEASE_DATE="30 Jan 2024" +SHLIB_VERSION=3 diff -Nru openssl-3.0.12/VMS/openssl_ivp.com.in openssl-3.0.13/VMS/openssl_ivp.com.in --- openssl-3.0.12/VMS/openssl_ivp.com.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/VMS/openssl_ivp.com.in 2024-01-30 13:28:16.000000000 +0000 @@ -21,9 +21,9 @@ $ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v' $ $ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $config{no_shared}; "" -}- + .OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}- .OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" - - .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $config{no_shared}; "" -}- + .OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}- .OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" - .OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" - .OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. "" diff -Nru openssl-3.0.12/VMS/openssl_shutdown.com.in openssl-3.0.13/VMS/openssl_shutdown.com.in --- openssl-3.0.12/VMS/openssl_shutdown.com.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/VMS/openssl_shutdown.com.in 2024-01-30 13:28:16.000000000 +0000 @@ -39,19 +39,19 @@ $ DEAS OSSL$EXE $ DEAS OSSL$LIBCRYPTO'pz' $ DEAS OSSL$LIBSSL'pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEAS OSSL$LIBCRYPTO'sv'_SHR'pz' $ DEAS OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ DEAS OPENSSL $ $ IF P2 .NES. "NOALIASES" $ THEN $ DEAS OSSL$ENGINES'pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEAS OSSL$LIBCRYPTO_SHR'pz' $ DEAS OSSL$LIBSSL_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ ENDIF $ $ EXIT 'status' diff -Nru openssl-3.0.12/VMS/openssl_startup.com.in openssl-3.0.13/VMS/openssl_startup.com.in --- openssl-3.0.12/VMS/openssl_startup.com.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/VMS/openssl_startup.com.in 2024-01-30 13:28:16.000000000 +0000 @@ -103,19 +103,19 @@ OSSL$INSTROOT:[EXE] $ DEF OSSL$LIBCRYPTO'pz' OSSL$LIB:OSSL$LIBCRYPTO'pz'.OLB $ DEF OSSL$LIBSSL'pz' OSSL$LIB:OSSL$LIBSSL'pz'.OLB -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEF OSSL$LIBCRYPTO'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBCRYPTO'sv'_SHR'pz'.EXE $ DEF OSSL$LIBSSL'sv'_SHR'pz' OSSL$SHARE:OSSL$LIBSSL'sv'_SHR'pz'.EXE -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ DEF OPENSSL OSSL$INCLUDE:[OPENSSL] $ $ IF P2 .NES. "NOALIASES" $ THEN $ DEF OSSL$ENGINES'pz' OSSL$ENGINES'sv''pz' -${- output_off() if $config{no_shared}; "" -} +${- output_off() if $disabled{shared}; "" -} $ DEF OSSL$LIBCRYPTO_SHR'pz' OSSL$LIBCRYPTO'sv'_SHR'pz' $ DEF OSSL$LIBSSL_SHR'pz' OSSL$LIBSSL'sv'_SHR'pz' -${- output_on() if $config{no_shared}; "" -} +${- output_on() if $disabled{shared}; "" -} $ ENDIF $ $ bailout: diff -Nru openssl-3.0.12/apps/cms.c openssl-3.0.13/apps/cms.c --- openssl-3.0.12/apps/cms.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/cms.c 2024-01-30 13:28:16.000000000 +0000 @@ -620,7 +620,8 @@ "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; } else { recipfile = opt_arg(); @@ -831,7 +832,8 @@ "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; } } @@ -1413,6 +1415,7 @@ STACK_OF(OPENSSL_STRING) *rr_from) { STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL; + CMS_ReceiptRequest *rr; rct_to = make_names_stack(rr_to); if (rct_to == NULL) @@ -1424,10 +1427,14 @@ } else { rct_from = NULL; } - return CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, - rct_to, app_get0_libctx()); + rr = CMS_ReceiptRequest_create0_ex(NULL, -1, rr_allorfirst, rct_from, + rct_to, app_get0_libctx()); + if (rr == NULL) + goto err; + return rr; err: sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free); + sk_GENERAL_NAMES_pop_free(rct_from, GENERAL_NAMES_free); return NULL; } diff -Nru openssl-3.0.12/apps/errstr.c openssl-3.0.13/apps/errstr.c --- openssl-3.0.12/apps/errstr.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/errstr.c 2024-01-30 13:28:16.000000000 +0000 @@ -62,7 +62,7 @@ /* All remaining arg are error code. */ ret = 0; for (argv = opt_rest(); *argv != NULL; argv++) { - if (sscanf(*argv, "%lx", &l) == 0) { + if (sscanf(*argv, "%lx", &l) <= 0) { ret++; } else { ERR_error_string_n(l, buf, sizeof(buf)); diff -Nru openssl-3.0.12/apps/info.c openssl-3.0.13/apps/info.c --- openssl-3.0.12/apps/info.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/info.c 2024-01-30 13:28:16.000000000 +0000 @@ -10,15 +10,11 @@ #include #include "apps.h" #include "progs.h" -#include typedef enum OPTION_choice { OPT_COMMON, OPT_CONFIGDIR, OPT_ENGINESDIR, OPT_MODULESDIR, OPT_DSOEXT, OPT_DIRNAMESEP, OPT_LISTSEP, OPT_SEEDS, OPT_CPUSETTINGS -#ifndef OPENSSL_NO_QUIC - , OPT_QUIC -#endif } OPTION_CHOICE; const OPTIONS info_options[] = { @@ -36,9 +32,6 @@ {"listsep", OPT_LISTSEP, '-', "List separator character"}, {"seeds", OPT_SEEDS, '-', "Seed sources"}, {"cpusettings", OPT_CPUSETTINGS, '-', "CPU settings info"}, -#ifndef OPENSSL_NO_QUIC - {"quic", OPT_QUIC, '-', "QUIC info"}, -#endif {NULL} }; @@ -91,12 +84,6 @@ type = OPENSSL_INFO_CPU_SETTINGS; dirty++; break; -#ifndef OPENSSL_NO_QUIC - case OPT_QUIC: - type = OPENSSL_INFO_QUIC; - dirty++; - break; -#endif } } if (opt_num_rest() != 0) diff -Nru openssl-3.0.12/apps/lib/opt.c openssl-3.0.13/apps/lib/opt.c --- openssl-3.0.12/apps/lib/opt.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/lib/opt.c 2024-01-30 13:28:16.000000000 +0000 @@ -696,7 +696,12 @@ opt_printf_stderr("%s: Invalid Policy %s\n", prog, opt_arg()); return 0; } - X509_VERIFY_PARAM_add0_policy(vpm, otmp); + if (!X509_VERIFY_PARAM_add0_policy(vpm, otmp)) { + ASN1_OBJECT_free(otmp); + opt_printf_stderr("%s: Internal error adding Policy %s\n", + prog, opt_arg()); + return 0; + } break; case OPT_V_PURPOSE: /* purpose name -> purpose index */ diff -Nru openssl-3.0.12/apps/list.c openssl-3.0.13/apps/list.c --- openssl-3.0.12/apps/list.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/list.c 2024-01-30 13:28:16.000000000 +0000 @@ -1209,9 +1209,11 @@ static int collect_providers(OSSL_PROVIDER *provider, void *stack) { STACK_OF(OSSL_PROVIDER) *provider_stack = stack; - - sk_OSSL_PROVIDER_push(provider_stack, provider); - return 1; + /* + * If OK - result is the index of inserted data + * Error - result is -1 or 0 + */ + return sk_OSSL_PROVIDER_push(provider_stack, provider) > 0 ? 1 : 0; } static void list_provider_info(void) @@ -1226,11 +1228,19 @@ BIO_printf(bio_err, "ERROR: Memory allocation\n"); return; } + + if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) { + BIO_printf(bio_err, "ERROR: Memory allocation\n"); + return; + } + BIO_printf(bio_out, "Providers:\n"); - OSSL_PROVIDER_do_all(NULL, &collect_providers, providers); sk_OSSL_PROVIDER_sort(providers); for (i = 0; i < sk_OSSL_PROVIDER_num(providers); i++) { const OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(providers, i); + const char *provname = OSSL_PROVIDER_get0_name(prov); + + BIO_printf(bio_out, " %s\n", provname); /* Query the "known" information parameters, the order matches below */ params[0] = OSSL_PARAM_construct_utf8_ptr(OSSL_PROV_PARAM_NAME, @@ -1243,23 +1253,23 @@ params[4] = OSSL_PARAM_construct_end(); OSSL_PARAM_set_all_unmodified(params); if (!OSSL_PROVIDER_get_params(prov, params)) { - BIO_printf(bio_err, "ERROR: Unable to query provider parameters\n"); - return; - } - - /* Print out the provider information, the params order matches above */ - BIO_printf(bio_out, " %s\n", OSSL_PROVIDER_get0_name(prov)); - if (OSSL_PARAM_modified(params)) - BIO_printf(bio_out, " name: %s\n", name); - if (OSSL_PARAM_modified(params + 1)) - BIO_printf(bio_out, " version: %s\n", version); - if (OSSL_PARAM_modified(params + 2)) - BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in"); - if (verbose) { - if (OSSL_PARAM_modified(params + 3)) - BIO_printf(bio_out, " build info: %s\n", buildinfo); - print_param_types("gettable provider parameters", - OSSL_PROVIDER_gettable_params(prov), 4); + BIO_printf(bio_err, + "WARNING: Unable to query provider parameters for %s\n", + provname); + } else { + /* Print out the provider information, the params order matches above */ + if (OSSL_PARAM_modified(params)) + BIO_printf(bio_out, " name: %s\n", name); + if (OSSL_PARAM_modified(params + 1)) + BIO_printf(bio_out, " version: %s\n", version); + if (OSSL_PARAM_modified(params + 2)) + BIO_printf(bio_out, " status: %sactive\n", status ? "" : "in"); + if (verbose) { + if (OSSL_PARAM_modified(params + 3)) + BIO_printf(bio_out, " build info: %s\n", buildinfo); + print_param_types("gettable provider parameters", + OSSL_PROVIDER_gettable_params(prov), 4); + } } } sk_OSSL_PROVIDER_free(providers); diff -Nru openssl-3.0.12/apps/rehash.c openssl-3.0.13/apps/rehash.c --- openssl-3.0.12/apps/rehash.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/rehash.c 2024-01-30 13:28:16.000000000 +0000 @@ -45,9 +45,6 @@ # ifndef PATH_MAX # define PATH_MAX 4096 # endif -# ifndef NAME_MAX -# define NAME_MAX 255 -# endif # define MAX_COLLISIONS 256 # if defined(OPENSSL_SYS_VXWORKS) @@ -355,21 +352,22 @@ OPENSSL_DIR_CTX *d = NULL; struct stat st; unsigned char idmask[MAX_COLLISIONS / 8]; - int n, numfiles, nextid, buflen, errs = 0; - size_t i; - const char *pathsep; + int n, numfiles, nextid, dirlen, buflen, errs = 0; + size_t i, fname_max_len = 20; /* maximum length of "%08x.r%d" */ + const char *pathsep = ""; const char *filename; - char *buf, *copy = NULL; + char *buf = NULL, *copy = NULL; STACK_OF(OPENSSL_STRING) *files = NULL; if (app_access(dirname, W_OK) < 0) { BIO_printf(bio_err, "Skipping %s, can't write\n", dirname); return 1; } - buflen = strlen(dirname); - pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": ""; - buflen += NAME_MAX + 1 + 1; - buf = app_malloc(buflen, "filename buffer"); + dirlen = strlen(dirname); + if (dirlen != 0 && !ends_with_dirsep(dirname)) { + pathsep = "/"; + dirlen++; + } if (verbose) BIO_printf(bio_out, "Doing %s\n", dirname); @@ -380,17 +378,25 @@ goto err; } while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) { + size_t fname_len = strlen(filename); + if ((copy = OPENSSL_strdup(filename)) == NULL || sk_OPENSSL_STRING_push(files, copy) == 0) { OPENSSL_free(copy); + OPENSSL_DIR_end(&d); BIO_puts(bio_err, "out of memory\n"); errs = 1; goto err; } + if (fname_len > fname_max_len) + fname_max_len = fname_len; } OPENSSL_DIR_end(&d); sk_OPENSSL_STRING_sort(files); + buflen = dirlen + fname_max_len + 1; + buf = app_malloc(buflen, "filename buffer"); + numfiles = sk_OPENSSL_STRING_num(files); for (n = 0; n < numfiles; ++n) { filename = sk_OPENSSL_STRING_value(files, n); @@ -427,12 +433,12 @@ while (bit_isset(idmask, nextid)) nextid++; - BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bp->hash, + BIO_snprintf(buf, buflen, "%s%s%08x.%s%d", + dirname, pathsep, bp->hash, suffixes[bp->type], nextid); if (verbose) BIO_printf(bio_out, "link %s -> %s\n", - ep->filename, &buf[n]); + ep->filename, &buf[dirlen]); if (unlink(buf) < 0 && errno != ENOENT) { BIO_printf(bio_err, "%s: Can't unlink %s, %s\n", @@ -449,12 +455,12 @@ bit_set(idmask, nextid); } else if (remove_links) { /* Link to be deleted */ - BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d", - dirname, pathsep, &n, bp->hash, + BIO_snprintf(buf, buflen, "%s%s%08x.%s%d", + dirname, pathsep, bp->hash, suffixes[bp->type], ep->old_id); if (verbose) BIO_printf(bio_out, "unlink %s\n", - &buf[n]); + &buf[dirlen]); if (unlink(buf) < 0 && errno != ENOENT) { BIO_printf(bio_err, "%s: Can't unlink %s, %s\n", diff -Nru openssl-3.0.12/apps/req.c openssl-3.0.13/apps/req.c --- openssl-3.0.12/apps/req.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/req.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -733,7 +733,7 @@ } goto end; } - BIO_free(out); + BIO_free_all(out); out = NULL; BIO_printf(bio_err, "-----\n"); } diff -Nru openssl-3.0.12/apps/s_server.c openssl-3.0.13/apps/s_server.c --- openssl-3.0.12/apps/s_server.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/s_server.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * Copyright 2005 Nokia. All rights reserved. * @@ -1670,6 +1670,11 @@ BIO_printf(bio_err, "Can only use -listen with DTLS\n"); goto end; } + + if (rev && socket_type == SOCK_DGRAM) { + BIO_printf(bio_err, "Can't use -rev with DTLS\n"); + goto end; + } #endif if (stateless && socket_type != SOCK_STREAM) { diff -Nru openssl-3.0.12/apps/smime.c openssl-3.0.13/apps/smime.c --- openssl-3.0.12/apps/smime.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/apps/smime.c 2024-01-30 13:28:16.000000000 +0000 @@ -453,7 +453,8 @@ "recipient certificate file"); if (cert == NULL) goto end; - sk_X509_push(encerts, cert); + if (!sk_X509_push(encerts, cert)) + goto end; cert = NULL; argv++; } diff -Nru openssl-3.0.12/crypto/asn1/asn_moid.c openssl-3.0.13/crypto/asn1/asn_moid.c --- openssl-3.0.12/crypto/asn1/asn_moid.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/asn1/asn_moid.c 2024-01-30 13:28:16.000000000 +0000 @@ -67,6 +67,10 @@ if (p == NULL) { ln = name; ostr = value; + } else if (p == value) { + /* we started with a leading comma */ + ln = name; + ostr = p + 1; } else { ln = value; ostr = p + 1; diff -Nru openssl-3.0.12/crypto/asn1/asn_mstbl.c openssl-3.0.13/crypto/asn1/asn_mstbl.c --- openssl-3.0.12/crypto/asn1/asn_mstbl.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/asn1/asn_mstbl.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -72,6 +72,8 @@ goto err; for (i = 0; i < sk_CONF_VALUE_num(lst); i++) { cnf = sk_CONF_VALUE_value(lst, i); + if (cnf->value == NULL) + goto err; if (strcmp(cnf->name, "min") == 0) { tbl_min = strtoul(cnf->value, &eptr, 0); if (*eptr) @@ -98,7 +100,9 @@ if (rv == 0) { if (cnf) ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, - "field=%s, value=%s", cnf->name, cnf->value); + "field=%s, value=%s", cnf->name, + cnf->value != NULL ? cnf->value + : value); else ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, "name=%s, value=%s", name, value); diff -Nru openssl-3.0.12/crypto/asn1/x_algor.c openssl-3.0.13/crypto/asn1/x_algor.c --- openssl-3.0.12/crypto/asn1/x_algor.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/asn1/x_algor.c 2024-01-30 13:28:16.000000000 +0000 @@ -179,7 +179,11 @@ *palg = X509_ALGOR_new(); if (*palg == NULL) goto err; - X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); + if (!X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp)) { + X509_ALGOR_free(*palg); + *palg = NULL; + goto err; + } stmp = NULL; err: ASN1_STRING_free(stmp); diff -Nru openssl-3.0.12/crypto/bn/bn_exp.c openssl-3.0.13/crypto/bn/bn_exp.c --- openssl-3.0.12/crypto/bn/bn_exp.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/bn/bn_exp.c 2024-01-30 13:28:16.000000000 +0000 @@ -243,6 +243,14 @@ wstart = bits - 1; /* The top bit of the window */ wend = 0; /* The bottom bit of the window */ + if (r == p) { + BIGNUM *p_dup = BN_CTX_get(ctx); + + if (p_dup == NULL || BN_copy(p_dup, p) == NULL) + goto err; + p = p_dup; + } + if (!BN_one(r)) goto err; @@ -1317,6 +1325,11 @@ return 0; } + if (r == m) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + bits = BN_num_bits(p); if (bits == 0) { /* x**0 mod 1, or x**0 mod -1 is still zero. */ @@ -1362,6 +1375,14 @@ wstart = bits - 1; /* The top bit of the window */ wend = 0; /* The bottom bit of the window */ + if (r == p) { + BIGNUM *p_dup = BN_CTX_get(ctx); + + if (p_dup == NULL || BN_copy(p_dup, p) == NULL) + goto err; + p = p_dup; + } + if (!BN_one(r)) goto err; diff -Nru openssl-3.0.12/crypto/bn/bn_gf2m.c openssl-3.0.13/crypto/bn/bn_gf2m.c --- openssl-3.0.12/crypto/bn/bn_gf2m.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/bn/bn_gf2m.c 2024-01-30 13:28:16.000000000 +0000 @@ -734,14 +734,20 @@ { BIGNUM *b = NULL; int ret = 0; + int numbits; BN_CTX_start(ctx); if ((b = BN_CTX_get(ctx)) == NULL) goto err; + /* Fail on a non-sensical input p value */ + numbits = BN_num_bits(p); + if (numbits <= 1) + goto err; + /* generate blinding value */ do { - if (!BN_priv_rand_ex(b, BN_num_bits(p) - 1, + if (!BN_priv_rand_ex(b, numbits - 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY, 0, ctx)) goto err; } while (BN_is_zero(b)); diff -Nru openssl-3.0.12/crypto/bn/bn_mod.c openssl-3.0.13/crypto/bn/bn_mod.c --- openssl-3.0.12/crypto/bn/bn_mod.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/bn/bn_mod.c 2024-01-30 13:28:16.000000000 +0000 @@ -17,6 +17,11 @@ * always holds) */ + if (r == d) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + if (!(BN_mod(r, m, d, ctx))) return 0; if (!r->neg) @@ -186,6 +191,11 @@ int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) { + if (r == m) { + ERR_raise(ERR_LIB_BN, ERR_R_PASSED_INVALID_ARGUMENT); + return 0; + } + if (!BN_sub(r, a, b)) return 0; if (r->neg) diff -Nru openssl-3.0.12/crypto/bn/bn_nist.c openssl-3.0.13/crypto/bn/bn_nist.c --- openssl-3.0.12/crypto/bn/bn_nist.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/bn/bn_nist.c 2024-01-30 13:28:16.000000000 +0000 @@ -319,6 +319,28 @@ # endif #endif /* BN_BITS2 != 64 */ +#ifdef NIST_INT64 +/* Helpers to load/store a 32-bit word (uint32_t) from/into a memory + * location and avoid potential aliasing issue. */ +static ossl_inline uint32_t load_u32(const void *ptr) +{ + uint32_t tmp; + + memcpy(&tmp, ptr, sizeof(tmp)); + return tmp; +} + +static ossl_inline void store_lo32(void *ptr, NIST_INT64 val) +{ + /* A cast is needed for big-endian system: on a 32-bit BE system + * NIST_INT64 may be defined as well if the compiler supports 64-bit + * long long. */ + uint32_t tmp = (uint32_t)val; + + memcpy(ptr, &tmp, sizeof(tmp)); +} +#endif /* NIST_INT64 */ + #define nist_set_192(to, from, a1, a2, a3) \ { \ bn_cp_64(to, 0, from, (a3) - 3) \ @@ -374,42 +396,42 @@ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[3 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[3 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[3 * 2 - 6]; acc += bp[4 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[3 * 2 - 5]; acc += bp[4 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[4 * 2 - 6]; acc += bp[5 * 2 - 6]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[4 * 2 - 5]; acc += bp[5 * 2 - 5]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); carry = (int)(acc >> 32); } @@ -683,36 +705,36 @@ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[8 - 8]; acc += bp[9 - 8]; acc -= bp[11 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[9 - 8]; acc += bp[10 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; acc -= bp[15 - 8]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[10 - 8]; acc += bp[11 - 8]; acc -= bp[13 - 8]; acc -= bp[14 - 8]; acc -= bp[15 - 8]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[11 - 8]; acc += bp[11 - 8]; acc += bp[12 - 8]; @@ -721,10 +743,10 @@ acc -= bp[15 - 8]; acc -= bp[8 - 8]; acc -= bp[9 - 8]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[12 - 8]; acc += bp[12 - 8]; acc += bp[13 - 8]; @@ -732,10 +754,10 @@ acc += bp[14 - 8]; acc -= bp[9 - 8]; acc -= bp[10 - 8]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[13 - 8]; acc += bp[13 - 8]; acc += bp[14 - 8]; @@ -743,10 +765,10 @@ acc += bp[15 - 8]; acc -= bp[10 - 8]; acc -= bp[11 - 8]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); acc >>= 32; - acc += rp[6]; + acc += load_u32(&rp[6]); acc += bp[14 - 8]; acc += bp[14 - 8]; acc += bp[15 - 8]; @@ -755,10 +777,10 @@ acc += bp[13 - 8]; acc -= bp[8 - 8]; acc -= bp[9 - 8]; - rp[6] = (unsigned int)acc; + store_lo32(&rp[6], acc); acc >>= 32; - acc += rp[7]; + acc += load_u32(&rp[7]); acc += bp[15 - 8]; acc += bp[15 - 8]; acc += bp[15 - 8]; @@ -767,7 +789,7 @@ acc -= bp[11 - 8]; acc -= bp[12 - 8]; acc -= bp[13 - 8]; - rp[7] = (unsigned int)acc; + store_lo32(&rp[7], acc); carry = (int)(acc >> 32); } @@ -920,32 +942,32 @@ unsigned int *rp = (unsigned int *)r_d; const unsigned int *bp = (const unsigned int *)buf.ui; - acc = rp[0]; + acc = load_u32(&rp[0]); acc += bp[12 - 12]; acc += bp[21 - 12]; acc += bp[20 - 12]; acc -= bp[23 - 12]; - rp[0] = (unsigned int)acc; + store_lo32(&rp[0], acc); acc >>= 32; - acc += rp[1]; + acc += load_u32(&rp[1]); acc += bp[13 - 12]; acc += bp[22 - 12]; acc += bp[23 - 12]; acc -= bp[12 - 12]; acc -= bp[20 - 12]; - rp[1] = (unsigned int)acc; + store_lo32(&rp[1], acc); acc >>= 32; - acc += rp[2]; + acc += load_u32(&rp[2]); acc += bp[14 - 12]; acc += bp[23 - 12]; acc -= bp[13 - 12]; acc -= bp[21 - 12]; - rp[2] = (unsigned int)acc; + store_lo32(&rp[2], acc); acc >>= 32; - acc += rp[3]; + acc += load_u32(&rp[3]); acc += bp[15 - 12]; acc += bp[12 - 12]; acc += bp[20 - 12]; @@ -953,10 +975,10 @@ acc -= bp[14 - 12]; acc -= bp[22 - 12]; acc -= bp[23 - 12]; - rp[3] = (unsigned int)acc; + store_lo32(&rp[3], acc); acc >>= 32; - acc += rp[4]; + acc += load_u32(&rp[4]); acc += bp[21 - 12]; acc += bp[21 - 12]; acc += bp[16 - 12]; @@ -967,10 +989,10 @@ acc -= bp[15 - 12]; acc -= bp[23 - 12]; acc -= bp[23 - 12]; - rp[4] = (unsigned int)acc; + store_lo32(&rp[4], acc); acc >>= 32; - acc += rp[5]; + acc += load_u32(&rp[5]); acc += bp[22 - 12]; acc += bp[22 - 12]; acc += bp[17 - 12]; @@ -979,10 +1001,10 @@ acc += bp[21 - 12]; acc += bp[23 - 12]; acc -= bp[16 - 12]; - rp[5] = (unsigned int)acc; + store_lo32(&rp[5], acc); acc >>= 32; - acc += rp[6]; + acc += load_u32(&rp[6]); acc += bp[23 - 12]; acc += bp[23 - 12]; acc += bp[18 - 12]; @@ -990,48 +1012,48 @@ acc += bp[14 - 12]; acc += bp[22 - 12]; acc -= bp[17 - 12]; - rp[6] = (unsigned int)acc; + store_lo32(&rp[6], acc); acc >>= 32; - acc += rp[7]; + acc += load_u32(&rp[7]); acc += bp[19 - 12]; acc += bp[16 - 12]; acc += bp[15 - 12]; acc += bp[23 - 12]; acc -= bp[18 - 12]; - rp[7] = (unsigned int)acc; + store_lo32(&rp[7], acc); acc >>= 32; - acc += rp[8]; + acc += load_u32(&rp[8]); acc += bp[20 - 12]; acc += bp[17 - 12]; acc += bp[16 - 12]; acc -= bp[19 - 12]; - rp[8] = (unsigned int)acc; + store_lo32(&rp[8], acc); acc >>= 32; - acc += rp[9]; + acc += load_u32(&rp[9]); acc += bp[21 - 12]; acc += bp[18 - 12]; acc += bp[17 - 12]; acc -= bp[20 - 12]; - rp[9] = (unsigned int)acc; + store_lo32(&rp[9], acc); acc >>= 32; - acc += rp[10]; + acc += load_u32(&rp[10]); acc += bp[22 - 12]; acc += bp[19 - 12]; acc += bp[18 - 12]; acc -= bp[21 - 12]; - rp[10] = (unsigned int)acc; + store_lo32(&rp[10], acc); acc >>= 32; - acc += rp[11]; + acc += load_u32(&rp[11]); acc += bp[23 - 12]; acc += bp[20 - 12]; acc += bp[19 - 12]; acc -= bp[22 - 12]; - rp[11] = (unsigned int)acc; + store_lo32(&rp[11], acc); carry = (int)(acc >> 32); } diff -Nru openssl-3.0.12/crypto/build.info openssl-3.0.13/crypto/build.info --- openssl-3.0.12/crypto/build.info 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/build.info 2024-01-30 13:28:16.000000000 +0000 @@ -74,8 +74,8 @@ # already gets everything that the static libcrypto.a has, and doesn't need it # added again. IF[{- !$disabled{module} && !$disabled{shared} -}] - SOURCE[../providers/liblegacy.a]=$CPUID_COMMON - DEFINE[../providers/liblegacy.a]=$CPUIDDEF + SOURCE[../providers/legacy]=$CPUID_COMMON + DEFINE[../providers/legacy]=$CPUIDDEF ENDIF # Implementations are now spread across several libraries, so the CPUID define diff -Nru openssl-3.0.12/crypto/cms/cms_att.c openssl-3.0.13/crypto/cms/cms_att.c --- openssl-3.0.12/crypto/cms/cms_att.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/cms/cms_att.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -12,8 +12,9 @@ #include #include #include -#include "cms_local.h" #include "internal/nelem.h" +#include "crypto/x509.h" +#include "cms_local.h" /*- * Attribute flags. @@ -94,7 +95,7 @@ int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if (X509at_add1_attr(&si->signedAttrs, attr)) + if (ossl_x509at_add1_attr(&si->signedAttrs, attr)) return 1; return 0; } @@ -103,7 +104,7 @@ const ASN1_OBJECT *obj, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) + if (ossl_x509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len)) return 1; return 0; } @@ -111,7 +112,7 @@ int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) + if (ossl_x509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len)) return 1; return 0; } @@ -120,7 +121,8 @@ const char *attrname, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len)) + if (ossl_x509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, + len)) return 1; return 0; } @@ -161,7 +163,7 @@ int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr) { - if (X509at_add1_attr(&si->unsignedAttrs, attr)) + if (ossl_x509at_add1_attr(&si->unsignedAttrs, attr)) return 1; return 0; } @@ -170,7 +172,7 @@ const ASN1_OBJECT *obj, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) + if (ossl_x509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len)) return 1; return 0; } @@ -179,7 +181,7 @@ int nid, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) + if (ossl_x509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len)) return 1; return 0; } @@ -188,8 +190,8 @@ const char *attrname, int type, const void *bytes, int len) { - if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, - type, bytes, len)) + if (ossl_x509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, + type, bytes, len)) return 1; return 0; } diff -Nru openssl-3.0.12/crypto/cms/cms_dh.c openssl-3.0.13/crypto/cms/cms_dh.c --- openssl-3.0.12/crypto/cms/cms_dh.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/cms/cms_dh.c 2024-01-30 13:28:16.000000000 +0000 @@ -316,10 +316,10 @@ goto err; ASN1_STRING_set0(wrap_str, penc, penclen); penc = NULL; - X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), - V_ASN1_SEQUENCE, wrap_str); - - rv = 1; + rv = X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH), + V_ASN1_SEQUENCE, wrap_str); + if (!rv) + ASN1_STRING_free(wrap_str); err: OPENSSL_free(penc); diff -Nru openssl-3.0.12/crypto/cms/cms_rsa.c openssl-3.0.13/crypto/cms/cms_rsa.c --- openssl-3.0.12/crypto/cms/cms_rsa.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/cms/cms_rsa.c 2024-01-30 13:28:16.000000000 +0000 @@ -99,8 +99,10 @@ if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; if (label != NULL - && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) + && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) { + OPENSSL_free(label); goto err; + } /* Carry on */ rv = 1; @@ -114,6 +116,7 @@ const EVP_MD *md, *mgf1md; RSA_OAEP_PARAMS *oaep = NULL; ASN1_STRING *os = NULL; + ASN1_OCTET_STRING *los = NULL; X509_ALGOR *alg; EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; @@ -125,10 +128,10 @@ if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; } - if (pad_mode == RSA_PKCS1_PADDING) { - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0); - return 1; - } + if (pad_mode == RSA_PKCS1_PADDING) + return X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), + V_ASN1_NULL, NULL); + /* Not supported */ if (pad_mode != RSA_PKCS1_OAEP_PADDING) return 0; @@ -147,30 +150,32 @@ if (!ossl_x509_algor_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) goto err; if (labellen > 0) { - ASN1_OCTET_STRING *los; - oaep->pSourceFunc = X509_ALGOR_new(); if (oaep->pSourceFunc == NULL) goto err; los = ASN1_OCTET_STRING_new(); if (los == NULL) goto err; - if (!ASN1_OCTET_STRING_set(los, label, labellen)) { - ASN1_OCTET_STRING_free(los); + if (!ASN1_OCTET_STRING_set(los, label, labellen)) goto err; - } - X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), - V_ASN1_OCTET_STRING, los); + + if (!X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified), + V_ASN1_OCTET_STRING, los)) + goto err; + + los = NULL; } - /* create string with pss parameter encoding. */ + /* create string with oaep parameter encoding. */ if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os)) - goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os); + goto err; + if (!X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os)) + goto err; os = NULL; rv = 1; err: RSA_OAEP_PARAMS_free(oaep); ASN1_STRING_free(os); + ASN1_OCTET_STRING_free(los); return rv; } diff -Nru openssl-3.0.12/crypto/cms/cms_sd.c openssl-3.0.13/crypto/cms/cms_sd.c --- openssl-3.0.12/crypto/cms/cms_sd.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/cms/cms_sd.c 2024-01-30 13:28:16.000000000 +0000 @@ -1037,31 +1037,32 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize) { - X509_ALGOR *alg; + X509_ALGOR *alg = NULL; ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (key == NULL || !ASN1_INTEGER_set(key, keysize)) { - ASN1_INTEGER_free(key); - return 0; - } + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) + goto err; } alg = X509_ALGOR_new(); - if (alg == NULL) { - ASN1_INTEGER_free(key); - return 0; - } + if (alg == NULL) + goto err; - X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), - key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); + if (!X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), + key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key)) + goto err; + key = NULL; if (*algs == NULL) *algs = sk_X509_ALGOR_new_null(); - if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { - X509_ALGOR_free(alg); - return 0; - } + if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) + goto err; return 1; + + err: + ASN1_INTEGER_free(key); + X509_ALGOR_free(alg); + return 0; } /* Check to see if a cipher exists and if so add S/MIME capabilities */ diff -Nru openssl-3.0.12/crypto/cms/cms_smime.c openssl-3.0.13/crypto/cms/cms_smime.c --- openssl-3.0.12/crypto/cms/cms_smime.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/cms/cms_smime.c 2024-01-30 13:28:16.000000000 +0000 @@ -558,7 +558,7 @@ { CMS_SignerInfo *rct_si; CMS_ContentInfo *cms = NULL; - ASN1_OCTET_STRING **pos, *os; + ASN1_OCTET_STRING **pos, *os = NULL; BIO *rct_cont = NULL; int r = 0; const CMS_CTX *ctx = si->cms_ctx; @@ -620,6 +620,7 @@ if (r) return cms; CMS_ContentInfo_free(cms); + ASN1_OCTET_STRING_free(os); return NULL; } diff -Nru openssl-3.0.12/crypto/conf/conf_err.c openssl-3.0.13/crypto/conf/conf_err.c --- openssl-3.0.12/crypto/conf/conf_err.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/conf/conf_err.c 2024-01-30 13:28:16.000000000 +0000 @@ -41,6 +41,8 @@ "openssl conf references missing section"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE), "recursive directory include"}, + {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_SECTION_REFERENCE), + "recursive section reference"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"}, {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY), "ssl command section empty"}, diff -Nru openssl-3.0.12/crypto/dh/dh_check.c openssl-3.0.13/crypto/dh/dh_check.c --- openssl-3.0.12/crypto/dh/dh_check.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/dh/dh_check.c 2024-01-30 13:28:16.000000000 +0000 @@ -249,6 +249,18 @@ */ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) { + /* Don't do any checks at all with an excessively large modulus */ + if (BN_num_bits(dh->params.p) > OPENSSL_DH_CHECK_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE); + *ret = DH_MODULUS_TOO_LARGE | DH_CHECK_PUBKEY_INVALID; + return 0; + } + + if (dh->params.q != NULL && BN_ucmp(dh->params.p, dh->params.q) < 0) { + *ret |= DH_CHECK_INVALID_Q_VALUE | DH_CHECK_PUBKEY_INVALID; + return 1; + } + return ossl_ffc_validate_public_key(&dh->params, pub_key, ret); } diff -Nru openssl-3.0.12/crypto/dh/dh_err.c openssl-3.0.13/crypto/dh/dh_err.c --- openssl-3.0.12/crypto/dh/dh_err.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/dh/dh_err.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -54,6 +54,7 @@ {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR), "parameter encoding error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"}, + {ERR_PACK(ERR_LIB_DH, 0, DH_R_Q_TOO_LARGE), "q too large"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"}, {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR), "unable to check generator"}, diff -Nru openssl-3.0.12/crypto/dh/dh_key.c openssl-3.0.13/crypto/dh/dh_key.c --- openssl-3.0.12/crypto/dh/dh_key.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/dh/dh_key.c 2024-01-30 13:28:16.000000000 +0000 @@ -49,6 +49,12 @@ goto err; } + if (dh->params.q != NULL + && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE); + goto err; + } + if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); return 0; @@ -267,6 +273,12 @@ return 0; } + if (dh->params.q != NULL + && BN_num_bits(dh->params.q) > OPENSSL_DH_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_DH, DH_R_Q_TOO_LARGE); + return 0; + } + if (BN_num_bits(dh->params.p) < DH_MIN_MODULUS_BITS) { ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_SMALL); return 0; diff -Nru openssl-3.0.12/crypto/ec/ecx_backend.c openssl-3.0.13/crypto/ec/ecx_backend.c --- openssl-3.0.12/crypto/ec/ecx_backend.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/ec/ecx_backend.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -122,7 +122,7 @@ } ret->libctx = key->libctx; - ret->haspubkey = key->haspubkey; + ret->haspubkey = 0; ret->keylen = key->keylen; ret->type = key->type; ret->references = 1; @@ -133,8 +133,11 @@ goto err; } - if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) + if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0 + && key->haspubkey == 1) { memcpy(ret->pubkey, key->pubkey, sizeof(ret->pubkey)); + ret->haspubkey = 1; + } if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0 && key->privkey != NULL) { diff -Nru openssl-3.0.12/crypto/err/openssl.txt openssl-3.0.13/crypto/err/openssl.txt --- openssl-3.0.12/crypto/err/openssl.txt 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/err/openssl.txt 2024-01-30 13:28:16.000000000 +0000 @@ -403,6 +403,7 @@ CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\ openssl conf references missing section CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include +CONF_R_RECURSIVE_SECTION_REFERENCE:126:recursive section reference CONF_R_RELATIVE_PATH:125:relative path CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found @@ -500,6 +501,7 @@ DH_R_NO_PRIVATE_VALUE:100:no private value DH_R_PARAMETER_ENCODING_ERROR:105:parameter encoding error DH_R_PEER_KEY_ERROR:111:peer key error +DH_R_Q_TOO_LARGE:130:q too large DH_R_SHARED_INFO_ERROR:113:shared info error DH_R_UNABLE_TO_CHECK_GENERATOR:121:unable to check generator DSA_R_BAD_FFC_PARAMETERS:114:bad ffc parameters @@ -1386,8 +1388,6 @@ SSL_R_MISSING_FATAL:256:missing fatal SSL_R_MISSING_PARAMETERS:290:missing parameters SSL_R_MISSING_PSK_KEX_MODES_EXTENSION:310:missing psk kex modes extension -SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION:801:\ - missing quic transport parameters extension SSL_R_MISSING_RSA_CERTIFICATE:168:missing rsa certificate SSL_R_MISSING_RSA_ENCRYPTING_CERT:169:missing rsa encrypting cert SSL_R_MISSING_RSA_SIGNING_CERT:170:missing rsa signing cert @@ -1538,7 +1538,6 @@ SSL_R_WRONG_CERTIFICATE_TYPE:383:wrong certificate type SSL_R_WRONG_CIPHER_RETURNED:261:wrong cipher returned SSL_R_WRONG_CURVE:378:wrong curve -SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED:800:wrong encryption level received SSL_R_WRONG_SIGNATURE_LENGTH:264:wrong signature length SSL_R_WRONG_SIGNATURE_SIZE:265:wrong signature size SSL_R_WRONG_SIGNATURE_TYPE:370:wrong signature type diff -Nru openssl-3.0.12/crypto/evp/e_aes.c openssl-3.0.13/crypto/evp/e_aes.c --- openssl-3.0.12/crypto/evp/e_aes.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/evp/e_aes.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -831,8 +831,6 @@ /* KMO-AES parameter block - end */ } kmo; unsigned int fc; - - int res; } S390X_AES_OFB_CTX; typedef struct { @@ -849,8 +847,6 @@ /* KMF-AES parameter block - end */ } kmf; unsigned int fc; - - int res; } S390X_AES_CFB_CTX; typedef struct { @@ -1002,7 +998,6 @@ memcpy(cctx->kmo.param.cv, iv, ivlen); memcpy(cctx->kmo.param.k, key, keylen); cctx->fc = S390X_AES_FC(keylen); - cctx->res = 0; return 1; } @@ -1012,7 +1007,7 @@ S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; + int n = ctx->num; int rem; memcpy(cctx->kmo.param.cv, iv, ivlen); @@ -1045,7 +1040,7 @@ } memcpy(iv, cctx->kmo.param.cv, ivlen); - cctx->res = n; + ctx->num = n; return 1; } @@ -1063,7 +1058,6 @@ if (!enc) cctx->fc |= S390X_DECRYPT; - cctx->res = 0; memcpy(cctx->kmf.param.cv, iv, ivlen); memcpy(cctx->kmf.param.k, key, keylen); return 1; @@ -1077,7 +1071,7 @@ const int enc = EVP_CIPHER_CTX_is_encrypting(ctx); const int ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx); - int n = cctx->res; + int n = ctx->num; int rem; unsigned char tmp; @@ -1115,7 +1109,7 @@ } memcpy(iv, cctx->kmf.param.cv, ivlen); - cctx->res = n; + ctx->num = n; return 1; } diff -Nru openssl-3.0.12/crypto/evp/evp_fetch.c openssl-3.0.13/crypto/evp/evp_fetch.c --- openssl-3.0.12/crypto/evp/evp_fetch.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/evp/evp_fetch.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -349,13 +349,26 @@ * there is a correct name_id and meth_id, since those have * already been calculated in get_evp_method_from_store() and * put_evp_method_in_store() above. + * Note that there is a corner case here, in which, if a user + * passes a name of the form name1:name2:..., then the construction + * will create a method against all names, but the lookup will fail + * as ossl_namemap_name2num treats the name string as a single name + * rather than introducing new features where in the EVP__fetch + * parses the string and querys for each, return an error. */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); - meth_id = evp_method_id(name_id, operation_id); - if (name_id != 0) - ossl_method_store_cache_set(store, prov, meth_id, propq, - method, up_ref_method, free_method); + if (name_id == 0) { + ERR_raise_data(ERR_LIB_EVP, ERR_R_FETCH_FAILED, + "Algorithm %s cannot be found", name); + free_method(method); + method = NULL; + } else { + meth_id = evp_method_id(name_id, operation_id); + if (meth_id != 0) + ossl_method_store_cache_set(store, prov, meth_id, propq, + method, up_ref_method, free_method); + } } /* diff -Nru openssl-3.0.12/crypto/http/http_client.c openssl-3.0.13/crypto/http/http_client.c --- openssl-3.0.12/crypto/http/http_client.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/http/http_client.c 2024-01-30 13:28:16.000000000 +0000 @@ -487,13 +487,17 @@ static int check_set_resp_len(OSSL_HTTP_REQ_CTX *rctx, size_t len) { - if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) + if (rctx->max_resp_len != 0 && len > rctx->max_resp_len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_MAX_RESP_LEN_EXCEEDED, "length=%zu, max=%zu", len, rctx->max_resp_len); - if (rctx->resp_len != 0 && rctx->resp_len != len) + return 0; + } + if (rctx->resp_len != 0 && rctx->resp_len != len) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INCONSISTENT_CONTENT_LENGTH, "ASN.1 length=%zu, Content-Length=%zu", len, rctx->resp_len); + return 0; + } rctx->resp_len = len; return 1; } diff -Nru openssl-3.0.12/crypto/http/http_lib.c openssl-3.0.13/crypto/http/http_lib.c --- openssl-3.0.12/crypto/http/http_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/http/http_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -118,7 +118,7 @@ port = ++p; /* remaining port spec handling is also done for the default values */ /* make sure a decimal port number is given */ - if (!sscanf(port, "%u", &portnum) || portnum > 65535) { + if (sscanf(port, "%u", &portnum) <= 0 || portnum > 65535) { ERR_raise_data(ERR_LIB_HTTP, HTTP_R_INVALID_PORT_NUMBER, "%s", port); goto err; } diff -Nru openssl-3.0.12/crypto/info.c openssl-3.0.13/crypto/info.c --- openssl-3.0.12/crypto/info.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/info.c 2024-01-30 13:28:16.000000000 +0000 @@ -14,7 +14,6 @@ #include "internal/cryptlib.h" #include "e_os.h" #include "buildinf.h" -#include #if defined(__arm__) || defined(__arm) || defined(__aarch64__) # include "arm_arch.h" @@ -200,10 +199,6 @@ if (ossl_cpu_info_str[0] != '\0') return ossl_cpu_info_str + strlen(CPUINFO_PREFIX); break; -#ifndef OPENSSL_NO_QUIC - case OPENSSL_INFO_QUIC: - return "QUIC"; -#endif default: break; } diff -Nru openssl-3.0.12/crypto/mem_sec.c openssl-3.0.13/crypto/mem_sec.c --- openssl-3.0.12/crypto/mem_sec.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/mem_sec.c 2024-01-30 13:28:16.000000000 +0000 @@ -238,11 +238,17 @@ size_t CRYPTO_secure_used(void) { + size_t ret = 0; + #ifndef OPENSSL_NO_SECURE_MEMORY - return secure_mem_used; -#else - return 0; + if (!CRYPTO_THREAD_read_lock(sec_malloc_lock)) + return 0; + + ret = secure_mem_used; + + CRYPTO_THREAD_unlock(sec_malloc_lock); #endif /* OPENSSL_NO_SECURE_MEMORY */ + return ret; } size_t CRYPTO_secure_actual_size(void *ptr) diff -Nru openssl-3.0.12/crypto/objects/obj_dat.c openssl-3.0.13/crypto/objects/obj_dat.c --- openssl-3.0.12/crypto/objects/obj_dat.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/objects/obj_dat.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -62,7 +62,7 @@ a = ca->obj; switch (ca->type) { case ADDED_DATA: - ret = a->length << 20L; + ret = (unsigned long)a->length << 20UL; p = (unsigned char *)a->data; for (i = 0; i < a->length; i++) ret ^= p[i] << ((i * 3) % 24); diff -Nru openssl-3.0.12/crypto/param_build.c openssl-3.0.13/crypto/param_build.c --- openssl-3.0.12/crypto/param_build.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/param_build.c 2024-01-30 13:28:16.000000000 +0000 @@ -239,9 +239,9 @@ OSSL_PARAM_BLD_DEF *pd; int secure; - if (bsize == 0) { + if (bsize == 0) bsize = strlen(buf); - } else if (bsize > INT_MAX) { + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } @@ -258,9 +258,9 @@ { OSSL_PARAM_BLD_DEF *pd; - if (bsize == 0) { + if (bsize == 0) bsize = strlen(buf); - } else if (bsize > INT_MAX) { + if (bsize > INT_MAX) { ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG); return 0; } diff -Nru openssl-3.0.12/crypto/params_from_text.c openssl-3.0.13/crypto/params_from_text.c --- openssl-3.0.12/crypto/params_from_text.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/params_from_text.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -118,7 +118,13 @@ break; case OSSL_PARAM_OCTET_STRING: if (*ishex) { - *buf_n = strlen(value) >> 1; + size_t hexdigits = strlen(value); + if ((hexdigits % 2) != 0) { + /* We don't accept an odd number of hex digits */ + ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_ODD_NUMBER_OF_DIGITS); + return 0; + } + *buf_n = hexdigits >> 1; } else { *buf_n = value_n; } diff -Nru openssl-3.0.12/crypto/perlasm/x86_64-xlate.pl openssl-3.0.13/crypto/perlasm/x86_64-xlate.pl --- openssl-3.0.12/crypto/perlasm/x86_64-xlate.pl 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/perlasm/x86_64-xlate.pl 2024-01-30 13:28:16.000000000 +0000 @@ -111,7 +111,12 @@ $gnuas=1; } elsif (`$ENV{CC} --version 2>/dev/null` - =~ /clang .*/) + =~ /(clang .*|Intel.*oneAPI .*)/) +{ + $gnuas=1; +} +elsif (`$ENV{CC} -V 2>/dev/null` + =~ /nvc .*/) { $gnuas=1; } diff -Nru openssl-3.0.12/crypto/pkcs12/p12_add.c openssl-3.0.13/crypto/pkcs12/p12_add.c --- openssl-3.0.12/crypto/pkcs12/p12_add.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/pkcs12/p12_add.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -78,6 +78,12 @@ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } + + if (p7->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); } @@ -150,6 +156,12 @@ { if (!PKCS7_type_is_encrypted(p7)) return NULL; + + if (p7->d.encrypted == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + return PKCS12_item_decrypt_d2i_ex(p7->d.encrypted->enc_data->algorithm, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, @@ -188,6 +200,12 @@ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_CONTENT_TYPE_NOT_DATA); return NULL; } + + if (p12->authsafes->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return NULL; + } + p7s = ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); if (p7s != NULL) { diff -Nru openssl-3.0.12/crypto/pkcs12/p12_mutl.c openssl-3.0.13/crypto/pkcs12/p12_mutl.c --- openssl-3.0.12/crypto/pkcs12/p12_mutl.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/pkcs12/p12_mutl.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -98,6 +98,11 @@ return 0; } + if (p12->authsafes->d.data == NULL) { + ERR_raise(ERR_LIB_PKCS12, PKCS12_R_DECODE_ERROR); + return 0; + } + salt = p12->mac->salt->data; saltlen = p12->mac->salt->length; if (p12->mac->iter == NULL) diff -Nru openssl-3.0.12/crypto/pkcs12/p12_npas.c openssl-3.0.13/crypto/pkcs12/p12_npas.c --- openssl-3.0.12/crypto/pkcs12/p12_npas.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/pkcs12/p12_npas.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -77,8 +77,9 @@ bags = PKCS12_unpack_p7data(p7); } else if (bagnid == NID_pkcs7_encrypted) { bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); - if (!alg_get(p7->d.encrypted->enc_data->algorithm, - &pbe_nid, &pbe_iter, &pbe_saltlen)) + if (p7->d.encrypted == NULL + || !alg_get(p7->d.encrypted->enc_data->algorithm, + &pbe_nid, &pbe_iter, &pbe_saltlen)) goto err; } else { continue; diff -Nru openssl-3.0.12/crypto/pkcs7/pk7_attr.c openssl-3.0.13/crypto/pkcs7/pk7_attr.c --- openssl-3.0.12/crypto/pkcs7/pk7_attr.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/pkcs7/pk7_attr.c 2024-01-30 13:28:16.000000000 +0000 @@ -28,8 +28,12 @@ } seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data, ASN1_ITEM_rptr(X509_ALGORS)); - return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, - V_ASN1_SEQUENCE, seq); + if (!PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq)) { + ASN1_STRING_free(seq); + return 0; + } + return 1; } STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) @@ -95,12 +99,18 @@ int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t) { - if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) { + ASN1_TIME *tmp = NULL; + + if (t == NULL && (tmp = t = X509_gmtime_adj(NULL, 0)) == NULL) { ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); return 0; } - return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, - V_ASN1_UTCTIME, t); + if (!PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime, + V_ASN1_UTCTIME, t)) { + ASN1_TIME_free(tmp); + return 0; + } + return 1; } int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si, diff -Nru openssl-3.0.12/crypto/pkcs7/pk7_mime.c openssl-3.0.13/crypto/pkcs7/pk7_mime.c --- openssl-3.0.12/crypto/pkcs7/pk7_mime.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/pkcs7/pk7_mime.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,10 +33,13 @@ int ctype_nid = OBJ_obj2nid(p7->type); const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); - if (ctype_nid == NID_pkcs7_signed) + if (ctype_nid == NID_pkcs7_signed) { + if (p7->d.sign == NULL) + return 0; mdalgs = p7->d.sign->md_algs; - else + } else { mdalgs = NULL; + } flags ^= SMIME_OLDMIME; diff -Nru openssl-3.0.12/crypto/poly1305/asm/poly1305-ppc.pl openssl-3.0.13/crypto/poly1305/asm/poly1305-ppc.pl --- openssl-3.0.12/crypto/poly1305/asm/poly1305-ppc.pl 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/poly1305/asm/poly1305-ppc.pl 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -744,7 +744,7 @@ my $LOCALS= 6*$SIZE_T; my $VSXFRAME = $LOCALS + 6*$SIZE_T; $VSXFRAME += 128; # local variables - $VSXFRAME += 13*16; # v20-v31 offload + $VSXFRAME += 12*16; # v20-v31 offload my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0; @@ -919,12 +919,12 @@ addi r11,r11,32 stvx v22,r10,$sp addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp + stvx v23,r11,$sp addi r11,r11,32 - stvx v25,r10,$sp + stvx v24,r10,$sp addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 stvx v26,r10,$sp addi r10,r10,32 stvx v27,r11,$sp @@ -1153,12 +1153,12 @@ addi r11,r11,32 stvx v22,r10,$sp addi r10,r10,32 - stvx v23,r10,$sp - addi r10,r10,32 - stvx v24,r11,$sp + stvx v23,r11,$sp addi r11,r11,32 - stvx v25,r10,$sp + stvx v24,r10,$sp addi r10,r10,32 + stvx v25,r11,$sp + addi r11,r11,32 stvx v26,r10,$sp addi r10,r10,32 stvx v27,r11,$sp @@ -1899,26 +1899,26 @@ mtspr 256,r12 # restore vrsave lvx v20,r10,$sp addi r10,r10,32 - lvx v21,r10,$sp - addi r10,r10,32 - lvx v22,r11,$sp + lvx v21,r11,$sp addi r11,r11,32 - lvx v23,r10,$sp + lvx v22,r10,$sp addi r10,r10,32 - lvx v24,r11,$sp + lvx v23,r11,$sp addi r11,r11,32 - lvx v25,r10,$sp + lvx v24,r10,$sp addi r10,r10,32 - lvx v26,r11,$sp + lvx v25,r11,$sp addi r11,r11,32 - lvx v27,r10,$sp + lvx v26,r10,$sp addi r10,r10,32 - lvx v28,r11,$sp + lvx v27,r11,$sp addi r11,r11,32 - lvx v29,r10,$sp + lvx v28,r10,$sp addi r10,r10,32 - lvx v30,r11,$sp - lvx v31,r10,$sp + lvx v29,r11,$sp + addi r11,r11,32 + lvx v30,r10,$sp + lvx v31,r11,$sp $POP r27,`$VSXFRAME-$SIZE_T*5`($sp) $POP r28,`$VSXFRAME-$SIZE_T*4`($sp) $POP r29,`$VSXFRAME-$SIZE_T*3`($sp) diff -Nru openssl-3.0.12/crypto/property/property_parse.c openssl-3.0.13/crypto/property/property_parse.c --- openssl-3.0.12/crypto/property/property_parse.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/property/property_parse.c 2024-01-30 13:28:16.000000000 +0000 @@ -97,9 +97,18 @@ const char *s = *t; int64_t v = 0; - if (!ossl_isdigit(*s)) - return 0; do { + if (!ossl_isdigit(*s)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_A_DECIMAL_DIGIT, + "HERE-->%s", *t); + return 0; + } + /* overflow check */ + if (v > ((INT64_MAX - (*s - '0')) / 10)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } v = v * 10 + (*s++ - '0'); } while (ossl_isdigit(*s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { @@ -117,15 +126,27 @@ { const char *s = *t; int64_t v = 0; + int sval; - if (!ossl_isxdigit(*s)) - return 0; do { + if (ossl_isdigit(*s)) { + sval = *s - '0'; + } else if (ossl_isxdigit(*s)) { + sval = ossl_tolower(*s) - 'a' + 10; + } else { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, + "%s", *t); + return 0; + } + + if (v > ((INT64_MAX - sval) / 16)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } + v <<= 4; - if (ossl_isdigit(*s)) - v += *s - '0'; - else - v += ossl_tolower(*s) - 'a'; + v += sval; } while (ossl_isxdigit(*++s)); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_HEXADECIMAL_DIGIT, @@ -143,9 +164,18 @@ const char *s = *t; int64_t v = 0; - if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) - return 0; do { + if (*s == '9' || *s == '8' || !ossl_isdigit(*s)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_NOT_AN_OCTAL_DIGIT, + "HERE-->%s", *t); + return 0; + } + if (v > ((INT64_MAX - (*s - '0')) / 8)) { + ERR_raise_data(ERR_LIB_PROP, PROP_R_PARSE_FAILED, + "Property %s overflows", *t); + return 0; + } + v = (v << 3) + (*s - '0'); } while (ossl_isdigit(*++s) && *s != '9' && *s != '8'); if (!ossl_isspace(*s) && *s != '\0' && *s != ',') { diff -Nru openssl-3.0.12/crypto/provider_conf.c openssl-3.0.13/crypto/provider_conf.c --- openssl-3.0.12/crypto/provider_conf.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/provider_conf.c 2024-01-30 13:28:16.000000000 +0000 @@ -70,13 +70,22 @@ return name; } -static int provider_conf_params(OSSL_PROVIDER *prov, - OSSL_PROVIDER_INFO *provinfo, - const char *name, const char *value, - const CONF *cnf) +/* + * Parse the provider params section + * Returns: + * 1 for success + * 0 for non-fatal errors + * < 0 for fatal errors + */ +static int provider_conf_params_internal(OSSL_PROVIDER *prov, + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf, + STACK_OF(OPENSSL_CSTRING) *visited) { STACK_OF(CONF_VALUE) *sect; int ok = 1; + int rc = 0; sect = NCONF_get_section(cnf, value); if (sect != NULL) { @@ -86,6 +95,25 @@ OSSL_TRACE1(CONF, "Provider params: start section %s\n", value); + /* + * Check to see if the provided section value has already + * been visited. If it has, then we have a recursive lookup + * in the configuration which isn't valid. As such we should error + * out + */ + for (i = 0; i < sk_OPENSSL_CSTRING_num(visited); i++) { + if (sk_OPENSSL_CSTRING_value(visited, i) == value) { + ERR_raise(ERR_LIB_CONF, CONF_R_RECURSIVE_SECTION_REFERENCE); + return -1; + } + } + + /* + * We've not visited this node yet, so record it on the stack + */ + if (!sk_OPENSSL_CSTRING_push(visited, value)) + return -1; + if (name != NULL) { OPENSSL_strlcpy(buffer, name, sizeof(buffer)); OPENSSL_strlcat(buffer, ".", sizeof(buffer)); @@ -95,14 +123,20 @@ for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i); - if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) - return 0; + if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) { + sk_OPENSSL_CSTRING_pop(visited); + return -1; + } buffer[buffer_len] = '\0'; OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); - if (!provider_conf_params(prov, provinfo, buffer, sectconf->value, - cnf)) - return 0; + rc = provider_conf_params_internal(prov, provinfo, buffer, + sectconf->value, cnf, visited); + if (rc < 0) { + sk_OPENSSL_CSTRING_pop(visited); + return rc; + } } + sk_OPENSSL_CSTRING_pop(visited); OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value); } else { @@ -116,6 +150,33 @@ return ok; } +/* + * recursively parse the provider configuration section + * of the config file. + * Returns + * 1 on success + * 0 on non-fatal error + * < 0 on fatal errors + */ +static int provider_conf_params(OSSL_PROVIDER *prov, + OSSL_PROVIDER_INFO *provinfo, + const char *name, const char *value, + const CONF *cnf) +{ + int rc; + STACK_OF(OPENSSL_CSTRING) *visited = sk_OPENSSL_CSTRING_new_null(); + + if (visited == NULL) + return -1; + + rc = provider_conf_params_internal(prov, provinfo, name, + value, cnf, visited); + + sk_OPENSSL_CSTRING_free(visited); + + return rc; +} + static int prov_already_activated(const char *name, STACK_OF(OSSL_PROVIDER) *activated) { @@ -146,6 +207,7 @@ const char *path = NULL; long activate = 0; int ok = 0; + int added = 0; name = skip_dot(name); OSSL_TRACE1(CONF, "Configuring provider %s\n", name); @@ -218,7 +280,7 @@ ok = provider_conf_params(prov, NULL, NULL, value, cnf); - if (ok) { + if (ok > 0) { if (!ossl_provider_activate(prov, 1, 0)) { ok = 0; } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { @@ -242,7 +304,7 @@ } } } - if (!ok) + if (ok <= 0) ossl_provider_free(prov); } CRYPTO_THREAD_unlock(pcgbl->lock); @@ -267,19 +329,23 @@ } if (ok) ok = provider_conf_params(NULL, &entry, NULL, value, cnf); - if (ok && (entry.path != NULL || entry.parameters != NULL)) + if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) { ok = ossl_provider_info_add_to_store(libctx, &entry); - if (!ok || (entry.path == NULL && entry.parameters == NULL)) { - ossl_provider_info_clear(&entry); + added = 1; } - + if (added == 0) + ossl_provider_info_clear(&entry); } /* - * Even if ok is 0, we still return success. Failure to load a provider is - * not fatal. We want to continue to load the rest of the config file. + * Provider activation returns a tristate: + * 1 for successful activation + * 0 for non-fatal activation failure + * < 0 for fatal activation failure + * We return success (1) for activation, (1) for non-fatal activation + * failure, and (0) for fatal activation failure */ - return 1; + return ok >= 0; } static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) @@ -302,7 +368,7 @@ for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { cval = sk_CONF_VALUE_value(elist, i); if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), - cval->name, cval->value, cnf)) + cval->name, cval->value, cnf)) return 0; } diff -Nru openssl-3.0.12/crypto/provider_core.c openssl-3.0.13/crypto/provider_core.c --- openssl-3.0.12/crypto/provider_core.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/provider_core.c 2024-01-30 13:28:16.000000000 +0000 @@ -936,44 +936,46 @@ prov->provctx = tmp_provctx; prov->dispatch = provider_dispatch; - for (; provider_dispatch->function_id != 0; provider_dispatch++) { - switch (provider_dispatch->function_id) { - case OSSL_FUNC_PROVIDER_TEARDOWN: - prov->teardown = - OSSL_FUNC_provider_teardown(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: - prov->gettable_params = - OSSL_FUNC_provider_gettable_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_PARAMS: - prov->get_params = - OSSL_FUNC_provider_get_params(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_SELF_TEST: - prov->self_test = - OSSL_FUNC_provider_self_test(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: - prov->get_capabilities = - OSSL_FUNC_provider_get_capabilities(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_QUERY_OPERATION: - prov->query_operation = - OSSL_FUNC_provider_query_operation(provider_dispatch); - break; - case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: - prov->unquery_operation = - OSSL_FUNC_provider_unquery_operation(provider_dispatch); - break; + if (provider_dispatch != NULL) { + for (; provider_dispatch->function_id != 0; provider_dispatch++) { + switch (provider_dispatch->function_id) { + case OSSL_FUNC_PROVIDER_TEARDOWN: + prov->teardown = + OSSL_FUNC_provider_teardown(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: + prov->gettable_params = + OSSL_FUNC_provider_gettable_params(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GET_PARAMS: + prov->get_params = + OSSL_FUNC_provider_get_params(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_SELF_TEST: + prov->self_test = + OSSL_FUNC_provider_self_test(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: + prov->get_capabilities = + OSSL_FUNC_provider_get_capabilities(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_QUERY_OPERATION: + prov->query_operation = + OSSL_FUNC_provider_query_operation(provider_dispatch); + break; + case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: + prov->unquery_operation = + OSSL_FUNC_provider_unquery_operation(provider_dispatch); + break; #ifndef OPENSSL_NO_ERR # ifndef FIPS_MODULE - case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: - p_get_reason_strings = - OSSL_FUNC_provider_get_reason_strings(provider_dispatch); - break; + case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: + p_get_reason_strings = + OSSL_FUNC_provider_get_reason_strings(provider_dispatch); + break; # endif #endif + } } } diff -Nru openssl-3.0.12/crypto/rsa/rsa_lib.c openssl-3.0.13/crypto/rsa/rsa_lib.c --- openssl-3.0.12/crypto/rsa/rsa_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/rsa/rsa_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -999,6 +999,10 @@ */ int EVP_PKEY_CTX_set_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md)); } @@ -1026,6 +1030,10 @@ */ int EVP_PKEY_CTX_get_rsa_oaep_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) { + /* If key type not RSA return error */ + if (!EVP_PKEY_CTX_is_a(ctx, "RSA")) + return -1; + return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT, EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)md); } diff -Nru openssl-3.0.12/crypto/rsa/rsa_sp800_56b_check.c openssl-3.0.13/crypto/rsa/rsa_sp800_56b_check.c --- openssl-3.0.12/crypto/rsa/rsa_sp800_56b_check.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/rsa/rsa_sp800_56b_check.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2019, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -289,6 +289,11 @@ return 0; nbits = BN_num_bits(rsa->n); + if (nbits > OPENSSL_RSA_MAX_MODULUS_BITS) { + ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE); + return 0; + } + #ifdef FIPS_MODULE /* * (Step a): modulus must be 2048 or 3072 (caveat from SP800-56Br1) @@ -324,7 +329,8 @@ goto err; } - ret = ossl_bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status); + /* Highest number of MR rounds from FIPS 186-5 Section B.3 Table B.1 */ + ret = ossl_bn_miller_rabin_is_prime(rsa->n, 5, ctx, NULL, 1, &status); #ifdef FIPS_MODULE if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) { #else diff -Nru openssl-3.0.12/crypto/x509/t_req.c openssl-3.0.13/crypto/x509/t_req.c --- openssl-3.0.12/crypto/x509/t_req.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/t_req.c 2024-01-30 13:28:16.000000000 +0000 @@ -42,15 +42,15 @@ EVP_PKEY *pkey; STACK_OF(X509_EXTENSION) *exts; char mlch = ' '; - int nmindent = 0; + int nmindent = 0, printok = 0; if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { mlch = '\n'; nmindent = 12; } - if (nmflags == X509_FLAG_COMPAT) - nmindent = 16; + if (nmflags == XN_FLAG_COMPAT) + printok = 1; if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate Request:\n", 21) <= 0) @@ -72,7 +72,7 @@ if (BIO_printf(bp, " Subject:%c", mlch) <= 0) goto err; if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x), - nmindent, nmflags) < 0) + nmindent, nmflags) < printok) goto err; if (BIO_write(bp, "\n", 1) <= 0) goto err; diff -Nru openssl-3.0.12/crypto/x509/t_x509.c openssl-3.0.13/crypto/x509/t_x509.c --- openssl-3.0.12/crypto/x509/t_x509.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/t_x509.c 2024-01-30 13:28:16.000000000 +0000 @@ -60,10 +60,8 @@ nmindent = 12; } - if (nmflags == X509_FLAG_COMPAT) { - nmindent = 16; + if (nmflags == XN_FLAG_COMPAT) printok = 1; - } if (!(cflag & X509_FLAG_NO_HEADER)) { if (BIO_write(bp, "Certificate:\n", 13) <= 0) diff -Nru openssl-3.0.12/crypto/x509/v3_addr.c openssl-3.0.13/crypto/x509/v3_addr.c --- openssl-3.0.12/crypto/x509/v3_addr.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_addr.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -972,6 +972,10 @@ * the other input values. */ if (safi != NULL) { + if (val->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); + goto err; + } *safi = strtoul(val->value, &t, 0); t += strspn(t, " \t"); if (*safi > 0xFF || *t++ != ':') { diff -Nru openssl-3.0.12/crypto/x509/v3_asid.c openssl-3.0.13/crypto/x509/v3_asid.c --- openssl-3.0.12/crypto/x509/v3_asid.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_asid.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -169,8 +169,11 @@ if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; - if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) + if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL) { + ASIdentifierChoice_free(*choice); + *choice = NULL; return 0; + } (*choice)->type = ASIdentifierChoice_inherit; } return (*choice)->type == ASIdentifierChoice_inherit; @@ -196,18 +199,23 @@ default: return 0; } - if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit) + if (*choice != NULL && (*choice)->type != ASIdentifierChoice_asIdsOrRanges) return 0; if (*choice == NULL) { if ((*choice = ASIdentifierChoice_new()) == NULL) return 0; (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp); - if ((*choice)->u.asIdsOrRanges == NULL) + if ((*choice)->u.asIdsOrRanges == NULL) { + ASIdentifierChoice_free(*choice); + *choice = NULL; return 0; + } (*choice)->type = ASIdentifierChoice_asIdsOrRanges; } if ((aor = ASIdOrRange_new()) == NULL) return 0; + if (!sk_ASIdOrRange_reserve((*choice)->u.asIdsOrRanges, 1)) + goto err; if (max == NULL) { aor->type = ASIdOrRange_id; aor->u.id = min; @@ -220,7 +228,8 @@ ASN1_INTEGER_free(aor->u.range->max); aor->u.range->max = max; } - if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) + /* Cannot fail due to the reservation above */ + if (!ossl_assert(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor))) goto err; return 1; @@ -538,6 +547,11 @@ goto err; } + if (val->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_EXTENSION_VALUE_ERROR); + goto err; + } + /* * Handle inheritance. */ diff -Nru openssl-3.0.12/crypto/x509/v3_crld.c openssl-3.0.13/crypto/x509/v3_crld.c --- openssl-3.0.12/crypto/x509/v3_crld.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_crld.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -70,6 +70,11 @@ STACK_OF(GENERAL_NAME) *fnm = NULL; STACK_OF(X509_NAME_ENTRY) *rnm = NULL; + if (cnf->value == NULL) { + ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE); + goto err; + } + if (strncmp(cnf->name, "fullname", 9) == 0) { fnm = gnames_from_sectname(ctx, cnf->value); if (!fnm) diff -Nru openssl-3.0.12/crypto/x509/v3_ist.c openssl-3.0.13/crypto/x509/v3_ist.c --- openssl-3.0.12/crypto/x509/v3_ist.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_ist.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,25 +50,33 @@ } if (strcmp(cnf->name, "signTool") == 0) { ist->signTool = ASN1_UTF8STRING_new(); - if (ist->signTool == NULL || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { + if (ist->signTool == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->signTool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } } else if (strcmp(cnf->name, "cATool") == 0) { ist->cATool = ASN1_UTF8STRING_new(); - if (ist->cATool == NULL || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { + if (ist->cATool == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->cATool, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } } else if (strcmp(cnf->name, "signToolCert") == 0) { ist->signToolCert = ASN1_UTF8STRING_new(); - if (ist->signToolCert == NULL || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { + if (ist->signToolCert == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->signToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } } else if (strcmp(cnf->name, "cAToolCert") == 0) { ist->cAToolCert = ASN1_UTF8STRING_new(); - if (ist->cAToolCert == NULL || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { + if (ist->cAToolCert == NULL + || cnf->value == NULL + || !ASN1_STRING_set(ist->cAToolCert, cnf->value, strlen(cnf->value))) { ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } diff -Nru openssl-3.0.12/crypto/x509/v3_san.c openssl-3.0.13/crypto/x509/v3_san.c --- openssl-3.0.12/crypto/x509/v3_san.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_san.c 2024-01-30 13:28:16.000000000 +0000 @@ -581,6 +581,8 @@ if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { + ASN1_IA5STRING_free(gen->d.ia5); + gen->d.ia5 = NULL; ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE); goto err; } @@ -651,16 +653,21 @@ */ ASN1_TYPE_free(gen->d.otherName->value); if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL) - return 0; + goto err; objlen = p - value; objtmp = OPENSSL_strndup(value, objlen); if (objtmp == NULL) - return 0; + goto err; gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0); OPENSSL_free(objtmp); if (!gen->d.otherName->type_id) - return 0; + goto err; return 1; + + err: + OTHERNAME_free(gen->d.otherName); + gen->d.otherName = NULL; + return 0; } static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) diff -Nru openssl-3.0.12/crypto/x509/v3_sxnet.c openssl-3.0.13/crypto/x509/v3_sxnet.c --- openssl-3.0.12/crypto/x509/v3_sxnet.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/v3_sxnet.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -103,8 +103,10 @@ int i; for (i = 0; i < sk_CONF_VALUE_num(nval); i++) { cnf = sk_CONF_VALUE_value(nval, i); - if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) + if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1)) { + SXNET_free(sx); return NULL; + } } return sx; } @@ -123,7 +125,11 @@ ERR_raise(ERR_LIB_X509V3, X509V3_R_ERROR_CONVERTING_ZONE); return 0; } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); + if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) { + ASN1_INTEGER_free(izone); + return 0; + } + return 1; } /* Add an id given the zone as an unsigned long */ @@ -139,8 +145,11 @@ ASN1_INTEGER_free(izone); return 0; } - return SXNET_add_id_INTEGER(psx, izone, user, userlen); - + if (!SXNET_add_id_INTEGER(psx, izone, user, userlen)) { + ASN1_INTEGER_free(izone); + return 0; + } + return 1; } /* @@ -187,6 +196,7 @@ goto err; if (!sk_SXNETID_push(sx->ids, id)) goto err; + ASN1_INTEGER_free(id->zone); id->zone = zone; *psx = sx; return 1; diff -Nru openssl-3.0.12/crypto/x509/x509_att.c openssl-3.0.13/crypto/x509/x509_att.c --- openssl-3.0.12/crypto/x509/x509_att.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/x509_att.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,8 +71,8 @@ return ret; } -STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, - X509_ATTRIBUTE *attr) +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr) { X509_ATTRIBUTE *new_attr = NULL; STACK_OF(X509_ATTRIBUTE) *sk = NULL; @@ -82,11 +82,6 @@ return NULL; } - if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) { - ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); - return NULL; - } - if (*x == NULL) { if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL) goto err; @@ -110,18 +105,68 @@ return NULL; } +STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr) +{ + if (x == NULL || attr == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_OBJ(*x, attr->object, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr(x, attr); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len) +{ + X509_ATTRIBUTE *attr; + STACK_OF(X509_ATTRIBUTE) *ret; + + attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); + if (attr == NULL) + return 0; + ret = ossl_x509at_add1_attr(x, attr); + X509_ATTRIBUTE_free(attr); + return ret; +} + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len) { + if (x == NULL || obj == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_OBJ(*x, obj, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr_by_OBJ(x, obj, type, bytes, len); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, + int len) +{ X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len); - if (!attr) + + attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); + if (attr == NULL) return 0; - ret = X509at_add1_attr(x, attr); + ret = ossl_x509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } @@ -131,12 +176,31 @@ const unsigned char *bytes, int len) { + if (x == NULL) { + ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + if (*x != NULL && X509at_get_attr_by_NID(*x, nid, -1) != -1) { + ERR_raise(ERR_LIB_X509, X509_R_DUPLICATE_ATTRIBUTE); + return NULL; + } + + return ossl_x509at_add1_attr_by_NID(x, nid, type, bytes, len); +} + +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len) +{ X509_ATTRIBUTE *attr; STACK_OF(X509_ATTRIBUTE) *ret; - attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len); - if (!attr) + + attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len); + if (attr == NULL) return 0; - ret = X509at_add1_attr(x, attr); + ret = ossl_x509at_add1_attr(x, attr); X509_ATTRIBUTE_free(attr); return ret; } diff -Nru openssl-3.0.12/crypto/x509/x509_req.c openssl-3.0.13/crypto/x509/x509_req.c --- openssl-3.0.12/crypto/x509/x509_req.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/crypto/x509/x509_req.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -219,7 +219,7 @@ if (req == NULL) { ERR_raise(ERR_LIB_X509, ERR_R_PASSED_NULL_PARAMETER); - return 0; + return NULL; } attr = X509at_delete_attr(req->req_info.attributes, loc); if (attr != NULL) diff -Nru openssl-3.0.12/debian/changelog openssl-3.0.13/debian/changelog --- openssl-3.0.12/debian/changelog 2024-01-27 17:02:40.000000000 +0000 +++ openssl-3.0.13/debian/changelog 2024-01-30 19:34:23.000000000 +0000 @@ -1,9 +1,9 @@ -openssl (3.0.12-10myguard5~jammy) jammy; urgency=medium +openssl (3.0.13-10myguard2~jammy) jammy; urgency=medium * Full rebuild and backport with quic * See for more https://deb.myguard.nl - -- Thijs Eilander Sat, 27 Jan 2024 18:02:40 +0100 + -- Thijs Eilander Tue, 30 Jan 2024 20:34:23 +0100 openssl (3.0.0~~beta2-1) experimental; urgency=medium diff -Nru openssl-3.0.12/doc/build.info openssl-3.0.13/doc/build.info --- openssl-3.0.12/doc/build.info 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/build.info 2024-01-30 13:28:16.000000000 +0000 @@ -843,6 +843,10 @@ GENERATE[html/man3/CMS_sign_receipt.html]=man3/CMS_sign_receipt.pod DEPEND[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod GENERATE[man/man3/CMS_sign_receipt.3]=man3/CMS_sign_receipt.pod +DEPEND[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod +GENERATE[html/man3/CMS_signed_get_attr.html]=man3/CMS_signed_get_attr.pod +DEPEND[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod +GENERATE[man/man3/CMS_signed_get_attr.3]=man3/CMS_signed_get_attr.pod DEPEND[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod GENERATE[html/man3/CMS_uncompress.html]=man3/CMS_uncompress.pod DEPEND[man/man3/CMS_uncompress.3]=man3/CMS_uncompress.pod @@ -1239,6 +1243,10 @@ GENERATE[html/man3/EVP_PKEY_fromdata.html]=man3/EVP_PKEY_fromdata.pod DEPEND[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod GENERATE[man/man3/EVP_PKEY_fromdata.3]=man3/EVP_PKEY_fromdata.pod +DEPEND[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod +GENERATE[html/man3/EVP_PKEY_get_attr.html]=man3/EVP_PKEY_get_attr.pod +DEPEND[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod +GENERATE[man/man3/EVP_PKEY_get_attr.3]=man3/EVP_PKEY_get_attr.pod DEPEND[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod GENERATE[html/man3/EVP_PKEY_get_default_digest_nid.html]=man3/EVP_PKEY_get_default_digest_nid.pod DEPEND[man/man3/EVP_PKEY_get_default_digest_nid.3]=man3/EVP_PKEY_get_default_digest_nid.pod @@ -2263,10 +2271,6 @@ GENERATE[html/man3/SSL_CTX_set_psk_client_callback.html]=man3/SSL_CTX_set_psk_client_callback.pod DEPEND[man/man3/SSL_CTX_set_psk_client_callback.3]=man3/SSL_CTX_set_psk_client_callback.pod GENERATE[man/man3/SSL_CTX_set_psk_client_callback.3]=man3/SSL_CTX_set_psk_client_callback.pod -DEPEND[html/man3/SSL_CTX_set_quic_method.html]=man3/SSL_CTX_set_quic_method.pod -GENERATE[html/man3/SSL_CTX_set_quic_method.html]=man3/SSL_CTX_set_quic_method.pod -DEPEND[man/man3/SSL_CTX_set_quic_method.3]=man3/SSL_CTX_set_quic_method.pod -GENERATE[man/man3/SSL_CTX_set_quic_method.3]=man3/SSL_CTX_set_quic_method.pod DEPEND[html/man3/SSL_CTX_set_quiet_shutdown.html]=man3/SSL_CTX_set_quiet_shutdown.pod GENERATE[html/man3/SSL_CTX_set_quiet_shutdown.html]=man3/SSL_CTX_set_quiet_shutdown.pod DEPEND[man/man3/SSL_CTX_set_quiet_shutdown.3]=man3/SSL_CTX_set_quiet_shutdown.pod @@ -2659,6 +2663,10 @@ GENERATE[html/man3/X509_ALGOR_dup.html]=man3/X509_ALGOR_dup.pod DEPEND[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod GENERATE[man/man3/X509_ALGOR_dup.3]=man3/X509_ALGOR_dup.pod +DEPEND[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod +GENERATE[html/man3/X509_ATTRIBUTE.html]=man3/X509_ATTRIBUTE.pod +DEPEND[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod +GENERATE[man/man3/X509_ATTRIBUTE.3]=man3/X509_ATTRIBUTE.pod DEPEND[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod GENERATE[html/man3/X509_CRL_get0_by_serial.html]=man3/X509_CRL_get0_by_serial.pod DEPEND[man/man3/X509_CRL_get0_by_serial.3]=man3/X509_CRL_get0_by_serial.pod @@ -2703,6 +2711,14 @@ GENERATE[html/man3/X509_PUBKEY_new.html]=man3/X509_PUBKEY_new.pod DEPEND[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod GENERATE[man/man3/X509_PUBKEY_new.3]=man3/X509_PUBKEY_new.pod +DEPEND[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod +GENERATE[html/man3/X509_REQ_get_attr.html]=man3/X509_REQ_get_attr.pod +DEPEND[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod +GENERATE[man/man3/X509_REQ_get_attr.3]=man3/X509_REQ_get_attr.pod +DEPEND[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod +GENERATE[html/man3/X509_REQ_get_extensions.html]=man3/X509_REQ_get_extensions.pod +DEPEND[man/man3/X509_REQ_get_extensions.3]=man3/X509_REQ_get_extensions.pod +GENERATE[man/man3/X509_REQ_get_extensions.3]=man3/X509_REQ_get_extensions.pod DEPEND[html/man3/X509_SIG_get0.html]=man3/X509_SIG_get0.pod GENERATE[html/man3/X509_SIG_get0.html]=man3/X509_SIG_get0.pod DEPEND[man/man3/X509_SIG_get0.3]=man3/X509_SIG_get0.pod @@ -2978,6 +2994,7 @@ html/man3/CMS_get1_ReceiptRequest.html \ html/man3/CMS_sign.html \ html/man3/CMS_sign_receipt.html \ +html/man3/CMS_signed_get_attr.html \ html/man3/CMS_uncompress.html \ html/man3/CMS_verify.html \ html/man3/CMS_verify_receipt.html \ @@ -3077,6 +3094,7 @@ html/man3/EVP_PKEY_encapsulate.html \ html/man3/EVP_PKEY_encrypt.html \ html/man3/EVP_PKEY_fromdata.html \ +html/man3/EVP_PKEY_get_attr.html \ html/man3/EVP_PKEY_get_default_digest_nid.html \ html/man3/EVP_PKEY_get_field_type.html \ html/man3/EVP_PKEY_get_group_name.html \ @@ -3333,7 +3351,6 @@ html/man3/SSL_CTX_set_num_tickets.html \ html/man3/SSL_CTX_set_options.html \ html/man3/SSL_CTX_set_psk_client_callback.html \ -html/man3/SSL_CTX_set_quic_method.html \ html/man3/SSL_CTX_set_quiet_shutdown.html \ html/man3/SSL_CTX_set_read_ahead.html \ html/man3/SSL_CTX_set_record_padding_callback.html \ @@ -3432,6 +3449,7 @@ html/man3/X509V3_get_d2i.html \ html/man3/X509V3_set_ctx.html \ html/man3/X509_ALGOR_dup.html \ +html/man3/X509_ATTRIBUTE.html \ html/man3/X509_CRL_get0_by_serial.html \ html/man3/X509_EXTENSION_set_object.html \ html/man3/X509_LOOKUP.html \ @@ -3443,6 +3461,8 @@ html/man3/X509_NAME_get_index_by_NID.html \ html/man3/X509_NAME_print_ex.html \ html/man3/X509_PUBKEY_new.html \ +html/man3/X509_REQ_get_attr.html \ +html/man3/X509_REQ_get_extensions.html \ html/man3/X509_SIG_get0.html \ html/man3/X509_STORE_CTX_get_error.html \ html/man3/X509_STORE_CTX_new.html \ @@ -3582,6 +3602,7 @@ man/man3/CMS_get1_ReceiptRequest.3 \ man/man3/CMS_sign.3 \ man/man3/CMS_sign_receipt.3 \ +man/man3/CMS_signed_get_attr.3 \ man/man3/CMS_uncompress.3 \ man/man3/CMS_verify.3 \ man/man3/CMS_verify_receipt.3 \ @@ -3681,6 +3702,7 @@ man/man3/EVP_PKEY_encapsulate.3 \ man/man3/EVP_PKEY_encrypt.3 \ man/man3/EVP_PKEY_fromdata.3 \ +man/man3/EVP_PKEY_get_attr.3 \ man/man3/EVP_PKEY_get_default_digest_nid.3 \ man/man3/EVP_PKEY_get_field_type.3 \ man/man3/EVP_PKEY_get_group_name.3 \ @@ -3937,7 +3959,6 @@ man/man3/SSL_CTX_set_num_tickets.3 \ man/man3/SSL_CTX_set_options.3 \ man/man3/SSL_CTX_set_psk_client_callback.3 \ -man/man3/SSL_CTX_set_quic_method.3 \ man/man3/SSL_CTX_set_quiet_shutdown.3 \ man/man3/SSL_CTX_set_read_ahead.3 \ man/man3/SSL_CTX_set_record_padding_callback.3 \ @@ -4036,6 +4057,7 @@ man/man3/X509V3_get_d2i.3 \ man/man3/X509V3_set_ctx.3 \ man/man3/X509_ALGOR_dup.3 \ +man/man3/X509_ATTRIBUTE.3 \ man/man3/X509_CRL_get0_by_serial.3 \ man/man3/X509_EXTENSION_set_object.3 \ man/man3/X509_LOOKUP.3 \ @@ -4047,6 +4069,8 @@ man/man3/X509_NAME_get_index_by_NID.3 \ man/man3/X509_NAME_print_ex.3 \ man/man3/X509_PUBKEY_new.3 \ +man/man3/X509_REQ_get_attr.3 \ +man/man3/X509_REQ_get_extensions.3 \ man/man3/X509_SIG_get0.3 \ man/man3/X509_STORE_CTX_get_error.3 \ man/man3/X509_STORE_CTX_new.3 \ Binary files /tmp/tmptjm9n1k2/6B8QtGLfI4/openssl-3.0.12/doc/images/openssl-square-nontransparent.png and /tmp/tmptjm9n1k2/HmBIDqc8rX/openssl-3.0.13/doc/images/openssl-square-nontransparent.png differ diff -Nru openssl-3.0.12/doc/images/openssl-square.svg openssl-3.0.13/doc/images/openssl-square.svg --- openssl-3.0.12/doc/images/openssl-square.svg 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/images/openssl-square.svg 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,49 @@ + + + + + + + + + + + + + + + + + + + + + + diff -Nru openssl-3.0.12/doc/images/openssl.svg openssl-3.0.13/doc/images/openssl.svg --- openssl-3.0.12/doc/images/openssl.svg 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/images/openssl.svg 2024-01-30 13:28:16.000000000 +0000 @@ -1,41 +1,49 @@ - - - - - OpenSSL - Cryptography and SSL/TLS Toolkit - + + + + + + + + + + + + + + + + + + + diff -Nru openssl-3.0.12/doc/man1/openssl-info.pod.in openssl-3.0.13/doc/man1/openssl-info.pod.in --- openssl-3.0.12/doc/man1/openssl-info.pod.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man1/openssl-info.pod.in 2024-01-30 13:28:16.000000000 +0000 @@ -17,7 +17,6 @@ [B<-listsep>] [B<-seeds>] [B<-cpusettings>] -[B<-quic>] =head1 DESCRIPTION @@ -74,10 +73,6 @@ Outputs the OpenSSL CPU settings info. -=item B<-quic> - -Outputs the OpenSSL QUIC info. - =back =head1 HISTORY diff -Nru openssl-3.0.12/doc/man1/openssl-pkeyutl.pod.in openssl-3.0.13/doc/man1/openssl-pkeyutl.pod.in --- openssl-3.0.12/doc/man1/openssl-pkeyutl.pod.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man1/openssl-pkeyutl.pod.in 2024-01-30 13:28:16.000000000 +0000 @@ -235,9 +235,9 @@ PKCS#1 padding, B for no padding, B for B mode, B for X9.31 mode and B for PSS. -In PKCS#1 padding if the message digest is not set then the supplied data is +In PKCS#1 padding, if the message digest is not set, then the supplied data is signed or verified directly instead of using a B structure. If a -digest is set then the a B structure is used and its the length +digest is set, then the B structure is used and its length must correspond to the digest type. For B mode only encryption and decryption is supported. diff -Nru openssl-3.0.12/doc/man1/openssl-req.pod.in openssl-3.0.13/doc/man1/openssl-req.pod.in --- openssl-3.0.12/doc/man1/openssl-req.pod.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man1/openssl-req.pod.in 2024-01-30 13:28:16.000000000 +0000 @@ -282,7 +282,7 @@ This option implies the B<-new> flag if B<-in> is not given. If an existing request is specified with the B<-in> option, it is converted -to the a certificate; otherwise a request is created from scratch. +to a certificate; otherwise a request is created from scratch. Unless specified using the B<-set_serial> option, a large random number will be used for the serial number. diff -Nru openssl-3.0.12/doc/man3/BIO_f_md.pod openssl-3.0.13/doc/man3/BIO_f_md.pod --- openssl-3.0.12/doc/man3/BIO_f_md.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/BIO_f_md.pod 2024-01-30 13:28:16.000000000 +0000 @@ -19,7 +19,7 @@ =head1 DESCRIPTION BIO_f_md() returns the message digest BIO method. This is a filter -BIO that digests any data passed through it, it is a BIO wrapper +BIO that digests any data passed through it. It is a BIO wrapper for the digest routines EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal(). @@ -36,8 +36,8 @@ must be called to initialize a digest BIO before any data is passed through it. It is a BIO_ctrl() macro. -BIO_get_md() places the a pointer to the digest BIOs digest method -in B, it is a BIO_ctrl() macro. +BIO_get_md() places a pointer to the digest BIOs digest method +in B. It is a BIO_ctrl() macro. BIO_get_md_ctx() returns the digest BIOs context into B. diff -Nru openssl-3.0.12/doc/man3/BN_add.pod openssl-3.0.13/doc/man3/BN_add.pod --- openssl-3.0.12/doc/man3/BN_add.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/BN_add.pod 2024-01-30 13:28:16.000000000 +0000 @@ -114,6 +114,11 @@ Unless noted otherwise, the result B must be different from the arguments. +=head1 NOTES + +For modular operations such as BN_nnmod() or BN_mod_exp() it is an error +to use the same B object for the modulus as for the output. + =head1 RETURN VALUES The BN_mod_sqrt() returns the result (possibly incorrect if I

is diff -Nru openssl-3.0.12/doc/man3/BN_mod_inverse.pod openssl-3.0.13/doc/man3/BN_mod_inverse.pod --- openssl-3.0.12/doc/man3/BN_mod_inverse.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/BN_mod_inverse.pod 2024-01-30 13:28:16.000000000 +0000 @@ -18,7 +18,11 @@ a new B is created. B is a previously allocated B used for temporary -variables. B may be the same B as B or B. +variables. B may be the same B as B. + +=head1 NOTES + +It is an error to use the same B as B. =head1 RETURN VALUES diff -Nru openssl-3.0.12/doc/man3/CMS_signed_get_attr.pod openssl-3.0.13/doc/man3/CMS_signed_get_attr.pod --- openssl-3.0.12/doc/man3/CMS_signed_get_attr.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/man3/CMS_signed_get_attr.pod 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,214 @@ +=pod + +=head1 NAME + +CMS_signed_get_attr_count, +CMS_signed_get_attr_by_NID, CMS_signed_get_attr_by_OBJ, CMS_signed_get_attr, +CMS_signed_delete_attr, +CMS_signed_add1_attr, CMS_signed_add1_attr_by_OBJ, +CMS_signed_add1_attr_by_NID, CMS_signed_add1_attr_by_txt, +CMS_signed_get0_data_by_OBJ, +CMS_unsigned_get_attr_count, +CMS_unsigned_get_attr_by_NID, CMS_unsigned_get_attr_by_OBJ, +CMS_unsigned_get_attr, CMS_unsigned_delete_attr, +CMS_unsigned_add1_attr, CMS_unsigned_add1_attr_by_OBJ, +CMS_unsigned_add1_attr_by_NID, CMS_unsigned_add1_attr_by_txt, +CMS_unsigned_get0_data_by_OBJ +- CMS signed and unsigned attribute functions + +=head1 SYNOPSIS + + #include + + int CMS_signed_get_attr_count(const CMS_SignerInfo *si); + int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); + int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); + int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); + int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); + int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); + int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); + void *CMS_signed_get0_data_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *oid, + int lastpos, int type); + + int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); + int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, + int lastpos); + int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); + X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); + int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); + int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int type, + const void *bytes, int len); + int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, + int nid, int type, + const void *bytes, int len); + int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, + const char *attrname, int type, + const void *bytes, int len); + void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, + int lastpos, int type); + +=head1 DESCRIPTION + +CMS_signerInfo contains separate attribute lists for signed and unsigned +attributes. Each CMS_signed_XXX() function is used for signed attributes, and +each CMS_unsigned_XXX() function is used for unsigned attributes. +Since the CMS_unsigned_XXX() functions work in the same way as the +CMS_signed_XXX() equivalents, only the CMS_signed_XXX() functions are +described below. + +CMS_signed_get_attr_by_OBJ() finds the location of the first matching object +I in the SignerInfo's I signed attribute list. The search starts at the +position after I. If the returned value is positive then it can be used +on the next call to CMS_signed_get_attr_by_OBJ() as the value of I in +order to iterate through the remaining attributes. I can be set to any +negative value on the first call, in order to start searching from the start of +the signed attribute list. + +CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +CMS_signed_get_attr() returns the B object at index I in the +I signed attribute list. I should be in the range from 0 to +CMS_signed_get_attr_count() - 1. + +CMS_signed_delete_attr() removes the B object at index I in +the I signed attribute list. An error occurs if the I attribute list +is NULL. + +CMS_signed_add1_attr() pushes a copy of the passed in B object +to the I signed attribute list. A new signed attribute list is created if +required. An error occurs if I is NULL. + +CMS_signed_add1_attr_by_OBJ() creates a new signed B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. + +CMS_signed_add1_attr_by_NID() is similar to CMS_signed_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +CMS_signed_add1_attr_by_txt() is similar to CMS_signed_add1_attr_by_OBJ() +except that it passes a name I associated with the object. +See for a list of SN_* names. + +CMS_signed_get0_data_by_OBJ() finds the first attribute in a I signed +attributes list that matches the I starting at index I +and returns the data retrieved from the found attributes first B +object. An error will occur if the attribute type I does not match the +type of the B object OR if I is either B or +B OR the attribute is not found. +If I is less than -1 then an error will occur if there are multiple +objects in the signed attribute list that match I. +If I is less than -2 then an error will occur if there is more than +one B object in the found signed attribute. + +Refer to L for information related to attributes. + +=head1 RETURN VALUES + +The CMS_unsigned_XXX() functions return values are similar to those of the +equivalent CMS_signed_XXX() functions. + +CMS_signed_get_attr_count() returns the number of signed attributes in the +SignerInfo I, or -1 if the signed attribute list is NULL. + +CMS_signed_get_attr_by_OBJ() returns -1 if either the signed attribute list of +I is empty OR if I is not found, otherwise it returns the location of +the I in the SignerInfo's I signed attribute list. + +CMS_signed_get_attr_by_NID() is similar to CMS_signed_get_attr_by_OBJ() except +that it returns -2 if the I is not known by OpenSSL. + +CMS_signed_get_attr() returns either a signed B or NULL on error. + +CMS_signed_delete_attr() returns either the removed signed B or +NULL if there is a error. + +CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(), +CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt(), +return 1 on success or 0 on error. + +CMS_signed_get0_data_by_OBJ() returns the data retrieved from the found +signed attributes first B object, or NULL if an error occurs. + +=head1 NOTES + +Some attributes are added automatically during the signing process. + +Calling CMS_SignerInfo_sign() adds the NID_pkcs9_signingTime signed +attribute. + +Calling CMS_final(), CMS_final_digest() or CMS_dataFinal() adds the +NID_pkcs9_messageDigest signed attribute. + +The NID_pkcs9_contentType signed attribute is always added if the +NID_pkcs9_signingTime attribute is added. + +Calling CMS_sign_ex(), CMS_sign_receipt() or CMS_add1_signer() may add +attributes depending on the flags parameter. See L for +more information. + +OpenSSL applies special rules for the following attribute NIDs: + +=over 4 + +=item CMS Signed Attributes + +NID_pkcs9_contentType +NID_pkcs9_messageDigest +NID_pkcs9_signingTime + +=item ESS Signed Attributes + +NID_id_smime_aa_signingCertificate +NID_id_smime_aa_signingCertificateV2 +NID_id_smime_aa_receiptRequest + +=item CMS Unsigned Attributes + +NID_pkcs9_countersignature + +=back + +CMS_signed_add1_attr(), CMS_signed_add1_attr_by_OBJ(), +CMS_signed_add1_attr_by_NID(), CMS_signed_add1_attr_by_txt() +and the equivalent CMS_unsigned_add1_attrXXX() functions allow +duplicate attributes to be added. The attribute rules are not checked +during these function calls, and are deferred until the sign or verify process +(i.e. during calls to any of CMS_sign_ex(), CMS_sign(), CMS_sign_receipt(), +CMS_add1_signer(), CMS_Final(), CMS_dataFinal(), CMS_final_digest(), +CMS_verify(), CMS_verify_receipt() or CMS_SignedData_verify()). + +For CMS attribute rules see RFC 5652 Section 11. +For ESS attribute rules see RFC 2634 Section 1.3.4 and RFC 5035 Section 5.4. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.12/doc/man3/EVP_EncryptInit.pod openssl-3.0.13/doc/man3/EVP_EncryptInit.pod --- openssl-3.0.12/doc/man3/EVP_EncryptInit.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/EVP_EncryptInit.pod 2024-01-30 13:28:16.000000000 +0000 @@ -359,7 +359,12 @@ =item EVP_EncryptUpdate() Encrypts I bytes from the buffer I and writes the encrypted version to -I. This function can be called multiple times to encrypt successive blocks +I. The pointers I and I may point to the same location, in which +case the encryption will be done in-place. If I and I point to different +locations, the two buffers must be disjoint, otherwise the operation might fail +or the outcome might be undefined. + +This function can be called multiple times to encrypt successive blocks of data. The amount of data written depends on the block alignment of the encrypted data. For most ciphers and modes, the amount of data written can be anything @@ -368,10 +373,9 @@ from zero bytes to (inl + cipher_block_size) bytes. For stream ciphers, the amount of data written can be anything from zero bytes to inl bytes. -Thus, I should contain sufficient room for the operation being performed. -The actual number of bytes written is placed in I. It also -checks if I and I are partially overlapping, and if they are -0 is returned to indicate failure. +Thus, the buffer pointed to by I must contain sufficient room for the +operation being performed. +The actual number of bytes written is placed in I. If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts the "final" data, that is any data that remains in a partial block. diff -Nru openssl-3.0.12/doc/man3/EVP_MAC.pod openssl-3.0.13/doc/man3/EVP_MAC.pod --- openssl-3.0.12/doc/man3/EVP_MAC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/EVP_MAC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -145,6 +145,9 @@ as part of this call or separately using EVP_MAC_CTX_set_params(). Providing non-NULL I to this function is equivalent to calling EVP_MAC_CTX_set_params() with those I for the same I beforehand. +Note: There are additional requirements for some MAC algorithms during +re-initalization (i.e. calling EVP_MAC_init() on an EVP_MAC after EVP_MAC_final() +has been called on the same object). See the NOTES section below. EVP_MAC_init() should be called before EVP_MAC_update() and EVP_MAC_final(). @@ -342,6 +345,13 @@ The usage of the parameter names "custom", "iv" and "salt" correspond to the names used in the standard where the algorithm was defined. +Some MAC algorithms store internal state that cannot be extracted during +re-initalization. For example GMAC cannot extract an B from the +underlying CIPHER context, and so calling EVP_MAC_init() on an EVP_MAC object +after EVP_MAC_final() has been called cannot reset its cipher state to what it +was when the B was initially generated. For such instances, an +B parameter must be passed with each call to EVP_MAC_init(). + =head1 RETURN VALUES EVP_MAC_fetch() returns a pointer to a newly fetched B, or @@ -481,7 +491,7 @@ =head1 COPYRIGHT -Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man3/EVP_PKEY_get_attr.pod openssl-3.0.13/doc/man3/EVP_PKEY_get_attr.pod --- openssl-3.0.12/doc/man3/EVP_PKEY_get_attr.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/man3/EVP_PKEY_get_attr.pod 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,113 @@ +=pod + +=head1 NAME + +EVP_PKEY_get_attr, +EVP_PKEY_get_attr_count, +EVP_PKEY_get_attr_by_NID, EVP_PKEY_get_attr_by_OBJ, +EVP_PKEY_delete_attr, +EVP_PKEY_add1_attr, +EVP_PKEY_add1_attr_by_OBJ, EVP_PKEY_add1_attr_by_NID, EVP_PKEY_add1_attr_by_txt +- EVP_PKEY B functions + +=head1 SYNOPSIS + + #include + + int EVP_PKEY_get_attr_count(const EVP_PKEY *key); + int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos); + int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc); + X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc); + int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr); + int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key, + int nid, int type, + const unsigned char *bytes, int len); + int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key, + const char *attrname, int type, + const unsigned char *bytes, int len); + +=head1 DESCRIPTION + +These functions are used by B. + +EVP_PKEY_get_attr_by_OBJ() finds the location of the first matching object I +in the I attribute list. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +EVP_PKEY_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. + +EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ() except that +it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +EVP_PKEY_get_attr() returns the B object at index I in the +I attribute list. I should be in the range from 0 to +EVP_PKEY_get_attr_count() - 1. + +EVP_PKEY_delete_attr() removes the B object at index I in +the I attribute list. + +EVP_PKEY_add1_attr() pushes a copy of the passed in B object +to the I attribute list. A new I attribute list is created if required. +An error occurs if either I is NULL, or the attribute already exists. + +EVP_PKEY_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. If I already exists in the attribute +list then an error occurs. + +EVP_PKEY_add1_attr_by_NID() is similar to EVP_PKEY_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +EVP_PKEY_add1_attr_by_txt() is similar to EVP_PKEY_add1_attr_by_OBJ() except +that it passes a name I associated with the object. +See for a list of SN_* names. + +=head1 RETURN VALUES + +EVP_PKEY_get_attr_count() returns the number of attributes in the I object +attribute list or -1 if the attribute list is NULL. + +EVP_PKEY_get_attr_by_OBJ() returns -1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. + +EVP_PKEY_get_attr_by_NID() is similar to EVP_PKEY_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +EVP_PKEY_get_attr() returns either a B or NULL if there is a +error. + +EVP_PKEY_delete_attr() returns either the removed B or NULL if +there is a error. + +EVP_PKEY_add1_attr(), EVP_PKEY_add1_attr_by_OBJ(), EVP_PKEY_add1_attr_by_NID() +and EVP_PKEY_add1_attr_by_txt() return 1 on success or 0 otherwise. + +=head1 NOTES + +A B object's attribute list is initially NULL. All the above functions +listed will return an error unless EVP_PKEY_add1_attr() is called. +All functions listed assume that the I is not NULL. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.12/doc/man3/OPENSSL_LH_COMPFUNC.pod openssl-3.0.13/doc/man3/OPENSSL_LH_COMPFUNC.pod --- openssl-3.0.12/doc/man3/OPENSSL_LH_COMPFUNC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/OPENSSL_LH_COMPFUNC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -8,10 +8,12 @@ IMPLEMENT_LHASH_HASH_FN, IMPLEMENT_LHASH_COMP_FN, lh_TYPE_new, lh_TYPE_free, lh_TYPE_flush, lh_TYPE_insert, lh_TYPE_delete, lh_TYPE_retrieve, -lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_error, +lh_TYPE_doall, lh_TYPE_doall_arg, lh_TYPE_num_items, lh_TYPE_get_down_load, +lh_TYPE_set_down_load, lh_TYPE_error, OPENSSL_LH_new, OPENSSL_LH_free, OPENSSL_LH_flush, OPENSSL_LH_insert, OPENSSL_LH_delete, OPENSSL_LH_retrieve, -OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_error +OPENSSL_LH_doall, OPENSSL_LH_doall_arg, OPENSSL_LH_num_items, +OPENSSL_LH_get_down_load, OPENSSL_LH_set_down_load, OPENSSL_LH_error - dynamic hash table =head1 SYNOPSIS @@ -34,6 +36,10 @@ void lh_TYPE_doall_arg(LHASH_OF(TYPE) *table, OPENSSL_LH_DOALL_FUNCARG func, TYPE *arg); + unsigned long lh_TYPE_num_items(OPENSSL_LHASH *lh); + unsigned long lh_TYPE_get_down_load(OPENSSL_LHASH *lh); + void lh_TYPE_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); + int lh_TYPE_error(LHASH_OF(TYPE) *table); typedef int (*OPENSSL_LH_COMPFUNC)(const void *, const void *); @@ -52,8 +58,14 @@ void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func); void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg); + unsigned long OPENSSL_LH_num_items(OPENSSL_LHASH *lh); + unsigned long OPENSSL_LH_get_down_load(OPENSSL_LHASH *lh); + void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long dl); + int OPENSSL_LH_error(OPENSSL_LHASH *lh); + #define LH_LOAD_MULT /* integer constant */ + =head1 DESCRIPTION This library implements type-checked dynamic hash tables. The hash @@ -145,15 +157,6 @@ /* Then the hash table itself can be deallocated */ lh_TYPE_free(hashtable); -When doing this, be careful if you delete entries from the hash table -in your callbacks: the table may decrease in size, moving the item -that you are currently on down lower in the hash table - this could -cause some entries to be skipped during the iteration. The second -best solution to this problem is to set hash-Edown_load=0 before -you start (which will stop the hash table ever decreasing in size). -The best solution is probably to avoid deleting items from the hash -table inside a "doall" callback! - B_doall_arg>() is the same as B_doall>() except that I will be called with I as the second argument and I should be of type B(B>) (a callback prototype @@ -175,21 +178,47 @@ lh_TYPE_doall_arg(hashtable, LHASH_DOALL_ARG_FN(TYPE_print), BIO, logging_bio); +Note that it is by default B safe to use B_delete>() inside a +callback passed to B_doall>() or B_doall_arg>(). The +reason for this is that deleting an item from the hash table may result in the +hash table being contracted to a smaller size and rehashed. +B_doall>() and B_doall_arg>() are unsafe and will exhibit +undefined behaviour under these conditions, as these functions assume the hash +table size and bucket pointers do not change during the call. + +If it is desired to use B_doall>() or B_doall_arg>() with +B_delete>(), it is essential that you call +B_set_down_load>() with a I argument of 0 first. This +disables hash table contraction and guarantees that it will be safe to delete +items from a hash table during a call to B_doall>() or +B_doall_arg>(). + +It is never safe to call B_insert>() during a call to +B_doall>() or B_doall_arg>(). B_error>() can be used to determine if an error occurred in the last operation. +B_num_items>() returns the number of items in the hash table. + +B_get_down_load>() and B_set_down_load>() get and set the +factor used to determine when the hash table is contracted. The factor is the +load factor at or below which hash table contraction will occur, multiplied by +B, where the load factor is the number of items divided by the +number of nodes. Setting this value to 0 disables hash table contraction. + OPENSSL_LH_new() is the same as the B_new>() except that it is not type specific. So instead of returning an B)> value it returns a B. In the same way the functions OPENSSL_LH_free(), OPENSSL_LH_flush(), OPENSSL_LH_insert(), OPENSSL_LH_delete(), -OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), and -OPENSSL_LH_error() are equivalent to the similarly named B> functions -except that they return or use a B where the equivalent B> -function returns or uses a B *> or B) *>. B> -functions are implemented as type checked wrappers around the B -functions. Most applications should not call the B functions -directly. +OPENSSL_LH_retrieve(), OPENSSL_LH_doall(), OPENSSL_LH_doall_arg(), +OPENSSL_LH_num_items(), OPENSSL_LH_get_down_load(), OPENSSL_LH_set_down_load() +and OPENSSL_LH_error() are equivalent to the similarly named B> +functions except that they return or use a B where the equivalent +B> function returns or uses a B *> or B) *>. +B> functions are implemented as type checked wrappers around the +B functions. Most applications should not call the B +functions directly. =head1 RETURN VALUES diff -Nru openssl-3.0.12/doc/man3/OSSL_PARAM_int.pod openssl-3.0.13/doc/man3/OSSL_PARAM_int.pod --- openssl-3.0.12/doc/man3/OSSL_PARAM_int.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/OSSL_PARAM_int.pod 2024-01-30 13:28:16.000000000 +0000 @@ -112,7 +112,7 @@ A collection of utility functions that simplify and add type safety to the L arrays. The following B> names are supported: -=over 1 +=over 2 =item * diff -Nru openssl-3.0.12/doc/man3/OpenSSL_version.pod openssl-3.0.13/doc/man3/OpenSSL_version.pod --- openssl-3.0.12/doc/man3/OpenSSL_version.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/OpenSSL_version.pod 2024-01-30 13:28:16.000000000 +0000 @@ -211,14 +211,6 @@ The value has the same syntax as the environment variable. For x86 the string looks like C. -=item OPENSSL_INFO_QUIC - -This is only defined when compiling with a QUIC-enabled version of -OpenSSL. At run time, this will return "QUIC" if QUIC is supported. - -This can be used as a build time flag to determine if OpenSSL has -QUIC enabled. - =back For an unknown I, NULL is returned. diff -Nru openssl-3.0.12/doc/man3/PKCS12_create.pod openssl-3.0.13/doc/man3/PKCS12_create.pod --- openssl-3.0.12/doc/man3/PKCS12_create.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/PKCS12_create.pod 2024-01-30 13:28:16.000000000 +0000 @@ -57,9 +57,15 @@ had restrictions on the permissible sizes of keys which could be used for encryption. -If a certificate contains an I or I then this will be -used for the corresponding B or B in the -PKCS12 structure. +If I is B and I contains an I then this will be +used for the corresponding B in the PKCS12 structure instead. +Similarly, if I is NULL and I contains a I then this will be +used for the corresponding B in the PKCS12 structure instead of the +id calculated from the I. + +For all certificates in I then if a certificate contains an I or +I then this will be used for the corresponding B or +B in the PKCS12 structure. Either I, I or both can be B to indicate that no key or certificate is required. In previous versions both had to be present or @@ -101,7 +107,7 @@ =head1 COPYRIGHT -Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man3/SSL_CIPHER_get_name.pod openssl-3.0.13/doc/man3/SSL_CIPHER_get_name.pod --- openssl-3.0.12/doc/man3/SSL_CIPHER_get_name.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_CIPHER_get_name.pod 2024-01-30 13:28:16.000000000 +0000 @@ -13,7 +13,6 @@ SSL_CIPHER_get_handshake_digest, SSL_CIPHER_get_kx_nid, SSL_CIPHER_get_auth_nid, -SSL_CIPHER_get_prf_nid, SSL_CIPHER_is_aead, SSL_CIPHER_find, SSL_CIPHER_get_id, @@ -35,7 +34,6 @@ const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c); int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c); int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c); - int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); int SSL_CIPHER_is_aead(const SSL_CIPHER *c); const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr); uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c); @@ -93,15 +91,6 @@ NID_auth_ecdsa NID_auth_psk -SSL_CIPHER_get_prf_nid() retuns the pseudo-random function NID for B. If B is -a pre-TLS-1.2 cipher, it returns B but note these ciphers use -SHA-256 in TLS 1.2. Other return values may be treated uniformly in all -applicable versions. Examples (not comprehensive): - - NID_md5_sha1 - NID_sha256 - NID_sha384 - SSL_CIPHER_is_aead() returns 1 if the cipher B is AEAD (e.g. GCM or ChaCha20/Poly1305), and 0 if it is not AEAD. @@ -212,8 +201,6 @@ The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1. -The SSL_CIPHER_get_prf_nid() function was added in OpenSSL 3.0.0. - =head1 COPYRIGHT Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. diff -Nru openssl-3.0.12/doc/man3/SSL_CTX_set_quic_method.pod openssl-3.0.13/doc/man3/SSL_CTX_set_quic_method.pod --- openssl-3.0.12/doc/man3/SSL_CTX_set_quic_method.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_CTX_set_quic_method.pod 1970-01-01 00:00:00.000000000 +0000 @@ -1,262 +0,0 @@ -=pod - -=head1 NAME - -SSL_QUIC_METHOD, -OSSL_ENCRYPTION_LEVEL, -SSL_CTX_set_quic_method, -SSL_set_quic_method, -SSL_set_quic_transport_params, -SSL_get_peer_quic_transport_params, -SSL_quic_max_handshake_flight_len, -SSL_quic_read_level, -SSL_quic_write_level, -SSL_provide_quic_data, -SSL_process_quic_post_handshake, -SSL_is_quic, -SSL_get_peer_quic_transport_version, -SSL_get_quic_transport_version, -SSL_set_quic_transport_version, -SSL_set_quic_use_legacy_codepoint, -SSL_set_quic_early_data_enabled -- QUIC support - -=head1 SYNOPSIS - - #include - - typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - typedef enum ssl_encryption_level_t OSSL_ENCRYPTION_LEVEL; - - int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); - int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); - int SSL_set_quic_transport_params(SSL *ssl, - const uint8_t *params, - size_t params_len); - void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len); - size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); - OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); - OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); - int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int SSL_process_quic_post_handshake(SSL *ssl); - int SSL_is_quic(SSL *ssl); - - void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); - void SSL_set_quic_transport_version(SSL *ssl, int version); - int SSL_get_quic_transport_version(const SSL *ssl); - int SSL_get_peer_quic_transport_version(const SSL *ssl); - void SSL_set_quic_early_data_enabled(SSL *ssl, int enabled); - -=head1 DESCRIPTION - -SSL_CTX_set_quic_method() and SSL_set_quic_method() configures the QUIC methods. -This should only be configured with a minimum version of TLS 1.3. B -must remain valid for the lifetime of B or B. Calling this disables -the SSL_OP_ENABLE_MIDDLEBOX_COMPAT option, which is not required for QUIC. - -SSL_set_quic_transport_params() configures B to send B (of length -B) in the quic_transport_parameters extension in either the -ClientHello or EncryptedExtensions handshake message. This extension will -only be sent if the TLS version is at least 1.3, and for a server, only if -the client sent the extension. The buffer pointed to by B only need be -valid for the duration of the call to this function. - -SSL_get_peer_quic_transport_params() provides the caller with the value of the -quic_transport_parameters extension sent by the peer. A pointer to the buffer -containing the TransportParameters will be put in B<*out_params>, and its -length in B<*out_params_len>. This buffer will be valid for the lifetime of the -B. If no params were received from the peer, B<*out_params_len> will be 0. - -SSL_quic_max_handshake_flight_len() returns the maximum number of bytes -that may be received at the given encryption level. This function should be -used to limit buffering in the QUIC implementation. - -See L. - -SSL_quic_read_level() returns the current read encryption level. - -SSL_quic_write_level() returns the current write encryption level. - -SSL_provide_quic_data() is used to provide data from QUIC CRYPTO frames to the -state machine, at a particular encryption level B. It is an error to -call this function with an encryption level less than the current read level. -It returns one on success and zero on error. - -SSL_process_quic_post_handshake() processes any data that QUIC has provided -after the handshake has completed. This includes NewSessionTicket messages -sent by the server. - -SSL_is_quic() indicates whether a connection uses QUIC. A given B -or B can only be used with QUIC or TLS, but not both. - -SSL_set_quic_use_legacy_codepoint() specifies the legacy extension codepoint -in manner compatible with some versions of BoringSSL. - -SSL_set_quic_transport_version() specifies the quic transport version that -allows for backwards and forwards compatibility. If set to 0 (default) the -server will use the highest version the client sent. If set to 0 (default) -the client will send both extensions. - -SSL_get_quic_transport_version() returns the value set by -SSL_set_quic_transport_version(). - -SSL_get_peer_quic_transport_version() returns the version the that was -negotiated. - -SSL_set_quic_early_data_enabled() enables QUIC early data if a nonzero -value is passed. Clients must set a resumed session before calling this -function. Servers must additionally call SSL_CTX_set_max_early_data() or -SSL_set_max_early_data() with 0xffffffffu as the argument, so that any -issued session tickets indicate that server is able to accept early data. - -=head1 NOTES - -These APIs are implementations of BoringSSL's QUIC APIs. - -QUIC acts as an underlying transport for the TLS 1.3 handshake. The following -functions allow a QUIC implementation to serve as the underlying transport as -described in RFC9001. - -When configured for QUIC, SSL_do_handshake() will drive the handshake as -before, but it will not use the configured B. It will call functions from -the configured B to configure secrets and send data. If data -is needed from the peer, it will return B. When received, -the caller should call SSL_provide_quic_data() and then SSL_do_handshake() to -continue the handshake. After the handshake is complete, the caller should call -SSL_provide_quic_data() for any post-handshake data, followed by -SSL_process_quic_post_handshake() to process it. It is an error to call -SSL_read()/SSL_read_ex() and SSL_write()/SSL_write_ex() in QUIC. - -Note that secrets for an encryption level may be available to QUIC before the -level is active in TLS. Callers should use SSL_quic_read_level() to determine -the active read level for SSL_provide_quic_data(). SSL_do_handshake() will -pass the active write level to add_handshake_data() when writing data. Callers -can use SSL_quic_write_level() to query the active write level when -generating their own errors. - -See L for more details. - -To avoid amplifying DoS attacks, the QUIC implementation must limit the amount -of data being queued up. The implementation can call -SSL_quic_max_handshake_flight_len() to get the maximum buffer length at each -encryption level. - -RFC9001 defines a new TLS extension "quic_transport_parameters" -used by QUIC for each endpoint to unilaterally declare its supported -transport parameters. The contents of the extension are specified in -L (as -a sequence of tag/length/value parameters) along with the interpretation of the -various parameters and the rules for their processing. - -OpenSSL handles this extension as an opaque byte string. The caller is -responsible for serializing and parsing it. - -=head2 OSSL_ENCRYPTION_LEVEL - -B (B) represents the -encryption levels: - -=over 4 - -=item ssl_encryption_initial - -The initial encryption level that is used for client and server hellos. - -=item ssl_encryption_early_data - -The encryption level for early data. This is a write-level for the client -and a read-level for the server. - -=item ssl_encryption_handshake - -The encryption level for the remainder of the handshake. - -=item ssl_encryption_application - -The encryption level for the application data. - -=back - -=head2 SSL_QUIC_METHOD - -The B (B) describes the -QUIC methods. - - struct ssl_quic_method_st { - int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, size_t secret_len); - int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int (*flush_flight)(SSL *ssl); - int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); - }; - typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - -set_encryption_secrets() configures the read and write secrets for the given -encryption level. This function will always be called before an encryption -level other than B is used. Note, however, that -secrets for a level may be configured before TLS is ready to send or accept -data at that level. - -When reading packets at a given level, the QUIC implementation must send -ACKs at the same level, so this function provides read and write secrets -together. The exception is B, where secrets are -only available in the client to server direction. The other secret will be -NULL. The server acknowledges such data at B, -which will be configured in the same SSL_do_handshake() call. - -add_handshake_data() adds handshake data to the current flight at the given -encryption level. It returns one on success and zero on error. - -OpenSSL will pack data from a single encryption level together, but a -single handshake flight may include multiple encryption levels. Callers -should defer writing data to the network until flush_flight() to better -pack QUIC packets into transport datagrams. - -flush_flight() is called when the current flight is complete and should be -written to the transport. Note a flight may contain data at several -encryption levels. - -send_alert() sends a fatal alert at the specified encryption level. - -All QUIC methods return 1 on success and 0 on error. - -=head1 RETURN VALUES - -SSL_CTX_set_quic_method(), -SSL_set_quic_method(), -SSL_set_quic_transport_params(), and -SSL_process_quic_post_handshake() -return 1 on success, and 0 on error. - -SSL_quic_read_level() and SSL_quic_write_level() return the current -encryption level as an B -(B). - -SSL_quic_max_handshake_flight_len() returns the maximum length in bytes of a -flight for a given encryption level. - -SSL_is_quic() returns 1 if QUIC is being used, 0 if not. - -=head1 SEE ALSO - -L, L, L - -=head1 HISTORY - -These functions were added in OpenSSL 3.0.0. - -=head1 COPYRIGHT - -Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - -Licensed under the Apache License 2.0 (the "License"). You may not use -this file except in compliance with the License. You can obtain a copy -in the file LICENSE in the source distribution or at -L. - -=cut diff -Nru openssl-3.0.12/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod openssl-3.0.13/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod --- openssl-3.0.12/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_CTX_set_tlsext_ticket_key_cb.pod 2024-01-30 13:28:16.000000000 +0000 @@ -42,8 +42,8 @@ state is unnecessary and a small set of cryptographic variables needs to be maintained by the callback function implementation. -In order to reuse a session, a TLS client must send the a session ticket -extension to the server. The client can only send exactly one session ticket. +In order to reuse a session, a TLS client must send the session ticket +extension to the server. The client must send exactly one session ticket. The server, through the callback function, either agrees to reuse the session ticket information or it starts a full TLS handshake to create a new session ticket. diff -Nru openssl-3.0.12/doc/man3/SSL_CTX_set_tmp_dh_callback.pod openssl-3.0.13/doc/man3/SSL_CTX_set_tmp_dh_callback.pod --- openssl-3.0.12/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_CTX_set_tmp_dh_callback.pod 2024-01-30 13:28:16.000000000 +0000 @@ -55,7 +55,7 @@ should not generate the parameters on the fly. DH parameters can be reused, as the actual key is newly generated during the negotiation. -Typically applications should use well know DH parameters that have built-in +Typically applications should use well known DH parameters that have built-in support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto() configure OpenSSL to use the default built-in DH parameters for the B and B objects respectively. Passing a value of 1 in the I parameter diff -Nru openssl-3.0.12/doc/man3/SSL_get_error.pod openssl-3.0.13/doc/man3/SSL_get_error.pod --- openssl-3.0.12/doc/man3/SSL_get_error.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_get_error.pod 2024-01-30 13:28:16.000000000 +0000 @@ -32,7 +32,9 @@ On an unexpected EOF, versions before OpenSSL 3.0 returned B, nothing was added to the error stack, and errno was 0. Since OpenSSL 3.0 the returned error is B with a meaningful -error on the error stack. +error on the error stack (SSL_R_UNEXPECTED_EOF_WHILE_READING). This error reason +code may be used for control flow decisions (see the man page for +L for further details on this). =head1 RETURN VALUES @@ -180,7 +182,7 @@ =head1 COPYRIGHT -Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man3/SSL_get_peer_certificate.pod openssl-3.0.13/doc/man3/SSL_get_peer_certificate.pod --- openssl-3.0.12/doc/man3/SSL_get_peer_certificate.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/SSL_get_peer_certificate.pod 2024-01-30 13:28:16.000000000 +0000 @@ -10,10 +10,15 @@ #include - X509 *SSL_get_peer_certificate(const SSL *ssl); X509 *SSL_get0_peer_certificate(const SSL *ssl); X509 *SSL_get1_peer_certificate(const SSL *ssl); +The following function has been deprecated since OpenSSL 3.0, +and can be hidden entirely by defining B with a suitable +version value, see L: + + X509 *SSL_get_peer_certificate(const SSL *ssl); + =head1 DESCRIPTION These functions return a pointer to the X509 certificate the @@ -69,7 +74,7 @@ =head1 COPYRIGHT -Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man3/X509_ATTRIBUTE.pod openssl-3.0.13/doc/man3/X509_ATTRIBUTE.pod --- openssl-3.0.12/doc/man3/X509_ATTRIBUTE.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/man3/X509_ATTRIBUTE.pod 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,263 @@ +=pod + +=head1 NAME + +X509_ATTRIBUTE, X509at_get_attr, +X509at_get_attr_count, X509at_get_attr_by_NID, X509at_get_attr_by_OBJ, +X509at_delete_attr, +X509at_add1_attr, +X509at_add1_attr_by_OBJ, X509at_add1_attr_by_NID, X509at_add1_attr_by_txt, +X509at_get0_data_by_OBJ, +X509_ATTRIBUTE_create, X509_ATTRIBUTE_create_by_NID, +X509_ATTRIBUTE_create_by_OBJ, X509_ATTRIBUTE_create_by_txt, +X509_ATTRIBUTE_set1_object, X509_ATTRIBUTE_set1_data, +X509_ATTRIBUTE_count, +X509_ATTRIBUTE_get0_data, X509_ATTRIBUTE_get0_object, X509_ATTRIBUTE_get0_type +- X509 attribute functions + +=head1 SYNOPSIS + + #include + + typedef struct x509_attributes_st X509_ATTRIBUTE; + + int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); + int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, + int lastpos); + int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, + const ASN1_OBJECT *obj, int lastpos); + X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); + X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) + **x, const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) + **x, int nid, int type, + const unsigned char *bytes, + int len); + STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) + **x, const char *attrname, + int type, + const unsigned char *bytes, + int len); + void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x, + const ASN1_OBJECT *obj, int lastpos, int type); + X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, + int atrtype, const void *data, + int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, + const ASN1_OBJECT *obj, + int atrtype, const void *data, + int len); + X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, + const char *atrname, int type, + const unsigned char *bytes, + int len); + int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); + int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, + const void *data, int len); + void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, + void *data); + int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr); + ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); + ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); + +=head1 DESCRIPTION + +B objects are used by many standards including X509, X509_REQ, +PKCS12, PKCS8, PKCS7 and CMS. + +The B object is used to represent the ASN.1 Attribute as defined +in RFC 5280, i.e. + + Attribute ::= SEQUENCE { + type AttributeType, + values SET OF AttributeValue } + + AttributeType ::= OBJECT IDENTIFIER + AttributeValue ::= ANY -- DEFINED BY AttributeType + +For example CMS defines the signing-time attribute as: + + id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) + us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 } + + SigningTime ::= Time + + Time ::= CHOICE { + utcTime UTCTime, + generalizedTime GeneralizedTime } + +In OpenSSL B maps to an B object +and B maps to a list of B objects. + +The following functions are used for B objects. + +X509at_get_attr_by_OBJ() finds the location of the first matching object I +in a list of attributes I. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +X509at_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the list. + +X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ() except that it +passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509at_get_attr() returns the B object at index I in the +list of attributes I. I should be in the range from 0 to +X509at_get_attr_count() - 1. + +X509at_delete_attr() removes the B object at index I in +the list of attributes I. + +X509at_add1_attr() pushes a copy of the passed in B object +to the list I. +Both I and I must be non NULL or an error will occur. +If I<*x> is NULL then a new list is created, otherwise it uses the +passed in list. An error will occur if an existing attribute (with the same +attribute type) already exists in the attribute list. + +X509at_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the attribute list I. Both I and I must be non NULL or an error +will occur. If I<*x> is NULL then a new attribute list is created. If I +already exists in the attribute list then an error occurs. + +X509at_add1_attr_by_NID() is similar to X509at_add1_attr_by_OBJ() except that it +passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509at_add1_attr_by_txt() is similar to X509at_add1_attr_by_OBJ() except that it +passes a name I associated with the object. +See for a list of SN_* names. + +X509_ATTRIBUTE_set1_object() assigns a B I +to the attribute I. If I contained an existing B then +it is freed. An error occurs if either I or I are NULL, or if +the passed in I cannot be duplicated. + +X509_ATTRIBUTE_set1_data() pushes a new B object onto the I +attributes list. The new object is assigned a copy of the data in I of +size I. +If I has flag I set then a table lookup using the +I attributes NID is used to set an B using +ASN1_STRING_set_by_NID(), and the passed in I must be in the format +required for that object type or an error will occur. +If I is not -1 then internally ASN1_STRING_type_new() is +used with the passed in I. +If I is 0 the call does nothing except return 1. + +X509_ATTRIBUTE_create() creates a new B using the I +to set the B OID and the I and I to set the +B. + +X509_ATTRIBUTE_create_by_OBJ() uses X509_ATTRIBUTE_set1_object() and +X509_ATTRIBUTE_set1_data() to assign a new I with type I and +data I of length I. If the passed in attribute I OR I<*attr> is +NULL then a new B will be returned, otherwise the passed in +B is used. Note that the ASN1_OBJECT I is pushed onto the +attributes existing list of objects, which could be an issue if the attributes + was different. + +X509_ATTRIBUTE_create_by_NID() is similar to X509_ATTRIBUTE_create_by_OBJ() +except that it passes the numerical identifier (NID) I associated with the +object. See for a list of NID_*. + +X509_ATTRIBUTE_create_by_txt() is similar to X509_ATTRIBUTE_create_by_OBJ() +except that it passes a name I associated with the +object. See for a list of SN_* names. + +X509_ATTRIBUTE_count() returns the number of B objects in an +attribute I. + +X509_ATTRIBUTE_get0_type() returns the B object at index I in +the attribute list I. I should be in the +range of 0 to X509_ATTRIBUTE_count() - 1 or an error will occur. + +X509_ATTRIBUTE_get0_data() returns the data of an B object at +index I in the attribute I. I is unused and can be set to NULL. +An error will occur if the attribute type I does not match the type of +the B object at index I OR if I is either +B or B OR if the I is not in the +range 0 to X509_ATTRIBUTE_count() - 1. + +X509at_get0_data_by_OBJ() finds the first attribute in an attribute list I +that matches the I starting at index I and returns the data +retrieved from the found attributes first B object. An error will +occur if the attribute type I does not match the type of the B +object OR if I is either B or B OR the +attribute is not found. +If I is less than -1 then an error will occur if there are multiple +objects in the list I that match I. +If I is less than -2 then an error will occur if there is more than +one B object in the found attribute. + +=head1 RETURN VALUES + +X509at_get_attr_count() returns the number of attributes in the list I or -1 +if I is NULL. + +X509at_get_attr_by_OBJ() returns -1 if either the list is empty OR the object +is not found, otherwise it returns the location of the object in the list. + +X509at_get_attr_by_NID() is similar to X509at_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +X509at_get_attr() returns either an B or NULL if there is a error. + +X509at_delete_attr() returns either the removed B or NULL if +there is a error. + +X509_ATTRIBUTE_count() returns -1 on error, otherwise it returns the number +of B elements. + +X509_ATTRIBUTE_get0_type() returns NULL on error, otherwise it returns a +B object. + +X509_ATTRIBUTE_get0_data() returns NULL if an error occurs, +otherwise it returns the data associated with an B object. + +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() returns 1 on +success, or 0 otherwise. + +X509_ATTRIBUTE_create(), X509_ATTRIBUTE_create_by_OBJ(), +X509_ATTRIBUTE_create_by_NID() and X509_ATTRIBUTE_create_by_txt() return either +a B on success, or NULL if there is a error. + +X509at_add1_attr(), X509at_add1_attr_by_OBJ(), X509at_add1_attr_by_NID() and +X509at_add1_attr_by_txt() return NULL on error, otherwise they return a list +of B. + +X509at_get0_data_by_OBJ() returns the data retrieved from the found attributes +first B object, or NULL if an error occurs. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L, +L, +L, + +=head1 COPYRIGHT + +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.12/doc/man3/X509_REQ_get_attr.pod openssl-3.0.13/doc/man3/X509_REQ_get_attr.pod --- openssl-3.0.12/doc/man3/X509_REQ_get_attr.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/man3/X509_REQ_get_attr.pod 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,111 @@ +=pod + +=head1 NAME + +X509_REQ_get_attr_count, +X509_REQ_get_attr_by_NID, X509_REQ_get_attr_by_OBJ, X509_REQ_get_attr, +X509_REQ_delete_attr, +X509_REQ_add1_attr, X509_REQ_add1_attr_by_OBJ, X509_REQ_add1_attr_by_NID, +X509_REQ_add1_attr_by_txt +- B support for signed certificate requests + +=head1 SYNOPSIS + + #include + + int X509_REQ_get_attr_count(const X509_REQ *req); + int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos); + int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj, + int lastpos); + X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); + X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); + int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); + int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, + const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_NID(X509_REQ *req, + int nid, int type, + const unsigned char *bytes, int len); + int X509_REQ_add1_attr_by_txt(X509_REQ *req, + const char *attrname, int type, + const unsigned char *bytes, int len); + +=head1 DESCRIPTION + +X509_REQ_get_attr_by_OBJ() finds the location of the first matching object I +in the I attribute list. The search starts at the position after I. +If the returned value is positive then it can be used on the next call to +X509_REQ_get_attr_by_OBJ() as the value of I in order to iterate through +the remaining attributes. I can be set to any negative value on the +first call, in order to start searching from the start of the attribute list. + +X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ() except that +it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509_REQ_get_attr() returns the B object at index I in the +I attribute list. I should be in the range from 0 to +X509_REQ_get_attr_count() - 1. + +X509_REQ_delete_attr() removes the B object at index I in +the I objects list of attributes. An error occurs if I is NULL. + +X509_REQ_add1_attr() pushes a copy of the passed in B I<>attr> +to the I object's attribute list. An error will occur if either the +attribute list is NULL or the attribute already exists. + +X509_REQ_add1_attr_by_OBJ() creates a new B using +X509_ATTRIBUTE_set1_object() and X509_ATTRIBUTE_set1_data() to assign a new +I with type I and data I of length I and then pushes it +to the I object's attribute list. I must be non NULL or an error +will occur. If I already exists in the attribute list then an error occurs. + +X509_REQ_add1_attr_by_NID() is similar to X509_REQ_add1_attr_by_OBJ() except +that it passes the numerical identifier (NID) I associated with the object. +See for a list of NID_*. + +X509_REQ_add1_attr_by_txt() is similar to X509_REQ_add1_attr_by_OBJ() except +that it passes a name I associated with the object. +See for a list of SN_* names. + +Refer to L for information related to attributes. + +=head1 RETURN VALUES + +X509_REQ_get_attr_count() returns the number of attributes in the I object +attribute list or -1 if the attribute list is NULL. + +X509_REQ_get_attr_by_OBJ() returns -1 if either the I object's attribute +list is empty OR I is not found, otherwise it returns the location of the +I in the attribute list. + +X509_REQ_get_attr_by_NID() is similar to X509_REQ_get_attr_by_OBJ(), except that +it returns -2 if the I is not known by OpenSSL. + +X509_REQ_get_attr() returns either an B or NULL on error. + +X509_REQ_delete_attr() returns either the removed B or NULL if +there is a error. + +X509_REQ_add1_attr(), X509_REQ_add1_attr_by_OBJ(), X509_REQ_add1_attr_by_NID() +and X509_REQ_add1_attr_by_txt() return 1 on success or 0 on error. + +=head1 NOTES + +Any functions that modify the attributes (add or delete) internally set a flag +to indicate the ASN.1 encoding has been modified. + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.12/doc/man3/X509_REQ_get_extensions.pod openssl-3.0.13/doc/man3/X509_REQ_get_extensions.pod --- openssl-3.0.12/doc/man3/X509_REQ_get_extensions.pod 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/doc/man3/X509_REQ_get_extensions.pod 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,50 @@ +=pod + +=head1 NAME + +X509_REQ_get_extensions, +X509_REQ_add_extensions, X509_REQ_add_extensions_nid +- handle X.509 extension attributes of a CSR + +=head1 SYNOPSIS + + #include + + STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); + int X509_REQ_add_extensions(X509_REQ *req, const STACK_OF(X509_EXTENSION) *exts); + int X509_REQ_add_extensions_nid(X509_REQ *req, + const STACK_OF(X509_EXTENSION) *exts, int nid); + +=head1 DESCRIPTION + +X509_REQ_get_extensions() returns the first list of X.509 extensions +found in the attributes of I. +The returned list is empty if there are no such extensions in I. +The caller is responsible for freeing the list obtained. + +X509_REQ_add_extensions() adds to I a list of X.509 extensions I, +which must not be NULL, using the default B. +This function must not be called more than once on the same I. + +X509_REQ_add_extensions_nid() is like X509_REQ_add_extensions() +except that I is used to identify the extensions attribute. +This function must not be called more than once with the same I and I. + +=head1 RETURN VALUES + +X509_REQ_get_extensions() returns a pointer to B +or NULL on error. + +X509_REQ_add_extensions() and X509_REQ_add_extensions_nid() +return 1 on success, 0 on error. + +=head1 COPYRIGHT + +Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut diff -Nru openssl-3.0.12/doc/man3/X509_dup.pod openssl-3.0.13/doc/man3/X509_dup.pod --- openssl-3.0.12/doc/man3/X509_dup.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man3/X509_dup.pod 2024-01-30 13:28:16.000000000 +0000 @@ -356,6 +356,15 @@ binary data using B>(). B_dup>() copies an existing object, leaving it untouched. +Note, however, that the internal representation of the object +may contain (besides the ASN.1 structure) further data, which is not copied. +For instance, an B object usually is augmented by cached information +on X.509v3 extensions, etc., and losing it can lead to wrong validation results. +To avoid such situations, better use B_up_ref>() if available. +For the case of B objects, an alternative to using L +may be to still call B_dup>(), e.g., I, +followed by I, +which re-builds the cached data. B_free>() releases the object and all pointers and sub-objects within it. @@ -373,6 +382,10 @@ B_print_ctx>() returns 1 on success or zero on failure. +=head1 SEE ALSO + +L + =head1 HISTORY The functions X509_REQ_new_ex(), X509_CRL_new_ex(), PKCS7_new_ex() and @@ -383,7 +396,7 @@ =head1 COPYRIGHT -Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man7/EVP_CIPHER-AES.pod openssl-3.0.13/doc/man7/EVP_CIPHER-AES.pod --- openssl-3.0.12/doc/man7/EVP_CIPHER-AES.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_CIPHER-AES.pod 2024-01-30 13:28:16.000000000 +0000 @@ -61,6 +61,19 @@ This implementation supports the parameters described in L. +=head1 NOTES + +The AES-SIV and AES-WRAP mode implementations do not support streaming. That +means to obtain correct results there can be only one L +or L call after the initialization of the context. + +The AES-XTS implementations allow streaming to be performed, but each +L or L call requires each input +to be a multiple of the blocksize. Only the final EVP_EncryptUpdate() or +EVP_DecryptUpdate() call can optionally have an input that is not a multiple +of the blocksize but is larger than one block. In that case ciphertext +stealing (CTS) is used to fill the block. + =head1 SEE ALSO L, L, L diff -Nru openssl-3.0.12/doc/man7/EVP_KDF-SS.pod openssl-3.0.13/doc/man7/EVP_KDF-SS.pod --- openssl-3.0.12/doc/man7/EVP_KDF-SS.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_KDF-SS.pod 2024-01-30 13:28:16.000000000 +0000 @@ -53,7 +53,7 @@ These parameters work as described in L. -=item "key" (B) +=item "key" (B) This parameter set the shared secret that is used for key derivation. @@ -116,7 +116,7 @@ SN_hmac, strlen(SN_hmac)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha256, strlen(SN_sha256)); - *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); @@ -143,7 +143,7 @@ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, SN_kmac128, strlen(SN_kmac128)); - *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); diff -Nru openssl-3.0.12/doc/man7/EVP_MAC-BLAKE2.pod openssl-3.0.13/doc/man7/EVP_MAC-BLAKE2.pod --- openssl-3.0.12/doc/man7/EVP_MAC-BLAKE2.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_MAC-BLAKE2.pod 2024-01-30 13:28:16.000000000 +0000 @@ -27,7 +27,8 @@ The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters (except for "block-size") can be set with +EVP_MAC_CTX_set_params(). Furthermore, the "size" parameter can be retrieved with EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_mac_size(). The length of the "size" parameter should not exceed that of a B. @@ -45,7 +46,7 @@ =item "custom" (B) -Sets the custom value. +Sets the customization/personalization string. It is an optional value of at most 16 bytes for BLAKE2BMAC or 8 for BLAKE2SMAC, and is empty by default. @@ -62,10 +63,10 @@ and 64 for EVP_MAC_BLAKE2B. It is 32 and 64 respectively by default. -=item "block-size" (B) +=item "block-size" (B) Gets the MAC block size. -By default, it is 64 for EVP_MAC_BLAKE2S and 128 for EVP_MAC_BLAKE2B. +It is 64 for EVP_MAC_BLAKE2S and 128 for EVP_MAC_BLAKE2B. =back diff -Nru openssl-3.0.12/doc/man7/EVP_MAC-CMAC.pod openssl-3.0.13/doc/man7/EVP_MAC-CMAC.pod --- openssl-3.0.12/doc/man7/EVP_MAC-CMAC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_MAC-CMAC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -62,7 +62,7 @@ =over 4 -=item "block-size" (B) +=item "block-size" (B) Gets the MAC block size. The "block-size" parameter can also be retrieved with EVP_MAC_CTX_get_block_size(). diff -Nru openssl-3.0.12/doc/man7/EVP_MAC-HMAC.pod openssl-3.0.13/doc/man7/EVP_MAC-HMAC.pod --- openssl-3.0.12/doc/man7/EVP_MAC-HMAC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_MAC-HMAC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -76,7 +76,7 @@ =over 4 -=item "block-size" (B) +=item "block-size" (B) Gets the MAC block size. The "block-size" parameter can also be retrieved with EVP_MAC_CTX_get_block_size(). diff -Nru openssl-3.0.12/doc/man7/EVP_MAC-KMAC.pod openssl-3.0.13/doc/man7/EVP_MAC-KMAC.pod --- openssl-3.0.12/doc/man7/EVP_MAC-KMAC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_MAC-KMAC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -27,7 +27,8 @@ The general description of these parameters can be found in L. -All these parameters can be set with EVP_MAC_CTX_set_params(). +All these parameters (except for "block-size") can be set with +EVP_MAC_CTX_set_params(). Furthermore, the "size" parameter can be retrieved with EVP_MAC_CTX_get_params(), or with EVP_MAC_CTX_get_mac_size(). The length of the "size" parameter should not exceed that of a B. @@ -45,18 +46,19 @@ =item "custom" (B) -Sets the custom value. -It is an optional value with a length of at most 512 bytes, and is empty by default. +Sets the customization string. +It is an optional value with a length of at most 512 bytes, and is +empty by default. =item "size" (B) Sets the MAC size. -By default, it is 16 for C and 32 for C. +By default, it is 32 for C and 64 for C. -=item "block-size" (B) +=item "block-size" (B) Gets the MAC block size. -By default, it is 168 for C and 136 for C. +It is 168 for C and 136 for C. =item "xof" (B) diff -Nru openssl-3.0.12/doc/man7/EVP_MD-SHAKE.pod openssl-3.0.13/doc/man7/EVP_MD-SHAKE.pod --- openssl-3.0.12/doc/man7/EVP_MD-SHAKE.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_MD-SHAKE.pod 2024-01-30 13:28:16.000000000 +0000 @@ -10,8 +10,9 @@ Support for computing SHAKE or KECCAK-KMAC digests through the B API. -KECCAK-KMAC is a special digest that's used by the KMAC EVP_MAC -implementation (see L). +KECCAK-KMAC is an Extendable Output Function (XOF), with a definition +similar to SHAKE, used by the KMAC EVP_MAC implementation (see +L). =head2 Identities @@ -22,21 +23,25 @@ =item KECCAK-KMAC-128 -Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128" -This is used by L +Known names are "KECCAK-KMAC-128" and "KECCAK-KMAC128". This is used +by L. Using the notation from NIST FIPS 202 +(Section 6.2), we have S = S +(see the description of KMAC128 in Appendix A of NIST SP 800-185). =item KECCAK-KMAC-256 -Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256" -This is used by L +Known names are "KECCAK-KMAC-256" and "KECCAK-KMAC256". This is used +by L. Using the notation from NIST FIPS 202 +(Section 6.2), we have S = S +(see the description of KMAC256 in Appendix A of NIST SP 800-185). =item SHAKE-128 -Known names are "SHAKE-128" and "SHAKE128" +Known names are "SHAKE-128" and "SHAKE128". =item SHAKE-256 -Known names are "SHAKE-256" and "SHAKE256" +Known names are "SHAKE-256" and "SHAKE256". =back diff -Nru openssl-3.0.12/doc/man7/EVP_PKEY-RSA.pod openssl-3.0.13/doc/man7/EVP_PKEY-RSA.pod --- openssl-3.0.12/doc/man7/EVP_PKEY-RSA.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_PKEY-RSA.pod 2024-01-30 13:28:16.000000000 +0000 @@ -80,7 +80,7 @@ =item "rsa-exponent10" (B) RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known -as "dP", "dQ" and "d_i in RFC8017". +as "dP", "dQ" and "d_i" in RFC8017. Up to eight additional "d_i" exponents are supported. =item "rsa-coefficient1" (B) diff -Nru openssl-3.0.12/doc/man7/EVP_RAND-SEED-SRC.pod openssl-3.0.13/doc/man7/EVP_RAND-SEED-SRC.pod --- openssl-3.0.12/doc/man7/EVP_RAND-SEED-SRC.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/EVP_RAND-SEED-SRC.pod 2024-01-30 13:28:16.000000000 +0000 @@ -49,9 +49,10 @@ OSSL_PARAM params[2], *p = params; unsigned int strength = 128; - /* Create a seed source */ + /* Create and instantiate a seed source */ rand = EVP_RAND_fetch(NULL, "SEED-SRC", NULL); seed = EVP_RAND_CTX_new(rand, NULL); + EVP_RAND_instantiate(seed, strength, 0, NULL, 0, NULL); EVP_RAND_free(rand); /* Feed this into a DRBG */ diff -Nru openssl-3.0.12/doc/man7/provider-cipher.pod openssl-3.0.13/doc/man7/provider-cipher.pod --- openssl-3.0.12/doc/man7/provider-cipher.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/provider-cipher.pod 2024-01-30 13:28:16.000000000 +0000 @@ -148,9 +148,13 @@ that are not multiples of the block length. In such cases a cipher implementation will typically cache partial blocks of input data until a complete block is obtained. -I may be the same location as I but it should not partially overlap. -The same expectations apply to I as documented for -L and L. +The pointers I and I may point to the same location, in which +case the encryption must be done in-place. If I and I point to different +locations, the requirements of L and L +guarantee that the two buffers are disjoint. +Similarly, the requirements of L and L +ensure that the buffer pointed to by I contains sufficient room for the +operation being performed. OSSL_FUNC_cipher_final() completes an encryption or decryption started through previous OSSL_FUNC_cipher_encrypt_init() or OSSL_FUNC_cipher_decrypt_init(), and OSSL_FUNC_cipher_update() diff -Nru openssl-3.0.12/doc/man7/provider-keymgmt.pod openssl-3.0.13/doc/man7/provider-keymgmt.pod --- openssl-3.0.12/doc/man7/provider-keymgmt.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/provider-keymgmt.pod 2024-01-30 13:28:16.000000000 +0000 @@ -360,7 +360,7 @@ The value should be the maximum size that a caller should allocate to safely store a signature (called I in L), -the result of asymmmetric encryption / decryption (I in +the result of asymmetric encryption / decryption (I in L, a derived secret (I in L, and similar data). @@ -442,7 +442,7 @@ =head1 COPYRIGHT -Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/doc/man7/provider-storemgmt.pod openssl-3.0.13/doc/man7/provider-storemgmt.pod --- openssl-3.0.12/doc/man7/provider-storemgmt.pod 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/doc/man7/provider-storemgmt.pod 2024-01-30 13:28:16.000000000 +0000 @@ -162,12 +162,12 @@ Indicates that the caller wants to search for an object with the given alias (some call it a "friendly name"). -=item "properties" (B +=item "properties" (B) Property string to use when querying for algorithms such as the B decoder implementations. -=item "input-type" (B +=item "input-type" (B) Type of the input format as a hint to use when decoding the objects in the store. diff -Nru openssl-3.0.12/include/crypto/dherr.h openssl-3.0.13/include/crypto/dherr.h --- openssl-3.0.12/include/crypto/dherr.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/crypto/dherr.h 2024-01-30 13:28:16.000000000 +0000 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff -Nru openssl-3.0.12/include/crypto/x509.h openssl-3.0.13/include/crypto/x509.h --- openssl-3.0.12/include/crypto/x509.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/crypto/x509.h 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -367,4 +367,21 @@ int x509v3_add_len_value_uchar(const char *name, const unsigned char *value, size_t vallen, STACK_OF(CONF_VALUE) **extlist); +/* Attribute addition functions not checking for duplicate attributes */ +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, + X509_ATTRIBUTE *attr); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, + const ASN1_OBJECT *obj, + int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, + int nid, int type, + const unsigned char *bytes, + int len); +STACK_OF(X509_ATTRIBUTE) *ossl_x509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, + const char *attrname, + int type, + const unsigned char *bytes, + int len); #endif /* OSSL_CRYPTO_X509_H */ diff -Nru openssl-3.0.12/include/internal/ffc.h openssl-3.0.13/include/internal/ffc.h --- openssl-3.0.12/include/internal/ffc.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/internal/ffc.h 2024-01-30 13:28:16.000000000 +0000 @@ -58,8 +58,11 @@ # define FFC_CHECK_INVALID_Q_VALUE 0x00020 # define FFC_CHECK_INVALID_J_VALUE 0x00040 -# define FFC_CHECK_BAD_LN_PAIR 0x00080 -# define FFC_CHECK_INVALID_SEED_SIZE 0x00100 +/* + * 0x80, 0x100 reserved by include/openssl/dh.h with check bits that are not + * relevant for FFC. + */ + # define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 # define FFC_CHECK_INVALID_G 0x00400 # define FFC_CHECK_INVALID_PQ 0x00800 @@ -68,6 +71,8 @@ # define FFC_CHECK_Q_MISMATCH 0x04000 # define FFC_CHECK_G_MISMATCH 0x08000 # define FFC_CHECK_COUNTER_MISMATCH 0x10000 +# define FFC_CHECK_BAD_LN_PAIR 0x20000 +# define FFC_CHECK_INVALID_SEED_SIZE 0x40000 /* Validation Return codes */ # define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 diff -Nru openssl-3.0.12/include/internal/refcount.h openssl-3.0.13/include/internal/refcount.h --- openssl-3.0.12/include/internal/refcount.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/internal/refcount.h 2024-01-30 13:28:16.000000000 +0000 @@ -134,14 +134,14 @@ static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, ossl_unused void *lock) { - *ret = _InterlockedExchangeAdd(val, 1) + 1; + *ret = _InterlockedExchangeAdd((long volatile *)val, 1) + 1; return 1; } static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, ossl_unused void *lock) { - *ret = _InterlockedExchangeAdd(val, -1) - 1; + *ret = _InterlockedExchangeAdd((long volatile *)val, -1) - 1; return 1; } # endif diff -Nru openssl-3.0.12/include/openssl/bio.h.in openssl-3.0.13/include/openssl/bio.h.in --- openssl-3.0.12/include/openssl/bio.h.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/bio.h.in 2024-01-30 13:28:16.000000000 +0000 @@ -844,7 +844,7 @@ int (*puts) (BIO *, const char *)); int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int); int BIO_meth_set_gets(BIO_METHOD *biom, - int (*gets) (BIO *, char *, int)); + int (*ossl_gets) (BIO *, char *, int)); long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *); int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl) (BIO *, int, long, void *)); diff -Nru openssl-3.0.12/include/openssl/conferr.h openssl-3.0.13/include/openssl/conferr.h --- openssl-3.0.12/include/openssl/conferr.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/conferr.h 2024-01-30 13:28:16.000000000 +0000 @@ -38,6 +38,7 @@ # define CONF_R_NUMBER_TOO_LARGE 121 # define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124 # define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111 +# define CONF_R_RECURSIVE_SECTION_REFERENCE 126 # define CONF_R_RELATIVE_PATH 125 # define CONF_R_SSL_COMMAND_SECTION_EMPTY 117 # define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118 diff -Nru openssl-3.0.12/include/openssl/dh.h openssl-3.0.13/include/openssl/dh.h --- openssl-3.0.12/include/openssl/dh.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/dh.h 2024-01-30 13:28:16.000000000 +0000 @@ -141,7 +141,7 @@ # define DH_GENERATOR_3 3 # define DH_GENERATOR_5 5 -/* DH_check error codes */ +/* DH_check error codes, some of them shared with DH_check_pub_key */ /* * NB: These values must align with the equivalently named macros in * internal/ffc.h. @@ -151,10 +151,10 @@ # define DH_UNABLE_TO_CHECK_GENERATOR 0x04 # define DH_NOT_SUITABLE_GENERATOR 0x08 # define DH_CHECK_Q_NOT_PRIME 0x10 -# define DH_CHECK_INVALID_Q_VALUE 0x20 +# define DH_CHECK_INVALID_Q_VALUE 0x20 /* +DH_check_pub_key */ # define DH_CHECK_INVALID_J_VALUE 0x40 # define DH_MODULUS_TOO_SMALL 0x80 -# define DH_MODULUS_TOO_LARGE 0x100 +# define DH_MODULUS_TOO_LARGE 0x100 /* +DH_check_pub_key */ /* DH_check_pub_key error codes */ # define DH_CHECK_PUBKEY_TOO_SMALL 0x01 diff -Nru openssl-3.0.12/include/openssl/dherr.h openssl-3.0.13/include/openssl/dherr.h --- openssl-3.0.12/include/openssl/dherr.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/dherr.h 2024-01-30 13:28:16.000000000 +0000 @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -50,6 +50,7 @@ # define DH_R_NO_PRIVATE_VALUE 100 # define DH_R_PARAMETER_ENCODING_ERROR 105 # define DH_R_PEER_KEY_ERROR 111 +# define DH_R_Q_TOO_LARGE 130 # define DH_R_SHARED_INFO_ERROR 113 # define DH_R_UNABLE_TO_CHECK_GENERATOR 121 diff -Nru openssl-3.0.12/include/openssl/quic.h openssl-3.0.13/include/openssl/quic.h --- openssl-3.0.12/include/openssl/quic.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/quic.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -/* - * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OPENSSL_QUIC_H -# define OPENSSL_QUIC_H -# pragma once -# ifndef OPENSSL_NO_QUIC - -/* moved from crypto.h.in to avoid breaking FIPS checksums */ -# define OPENSSL_INFO_QUIC 2000 - -# endif /* OPENSSL_NO_QUIC */ -#endif /* OPENSSL_QUIC_H */ diff -Nru openssl-3.0.12/include/openssl/ssl.h.in openssl-3.0.13/include/openssl/ssl.h.in --- openssl-3.0.12/include/openssl/ssl.h.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/ssl.h.in 2024-01-30 13:28:16.000000000 +0000 @@ -2521,75 +2521,6 @@ const char *OSSL_default_cipher_list(void); const char *OSSL_default_ciphersuites(void); -# ifndef OPENSSL_NO_QUIC -/* - * QUIC integration - The QUIC interface matches BoringSSL - * - * ssl_encryption_level_t represents a specific QUIC encryption level used to - * transmit handshake messages. BoringSSL has this as an 'enum'. - */ -#include - -/* Used by Chromium/QUIC - moved from evp.h to avoid breaking FIPS checksums */ -# define X25519_PRIVATE_KEY_LEN 32 -# define X25519_PUBLIC_VALUE_LEN 32 - -/* moved from types.h to avoid breaking FIPS checksums */ -typedef struct ssl_quic_method_st SSL_QUIC_METHOD; - -typedef enum ssl_encryption_level_t { - ssl_encryption_initial = 0, - ssl_encryption_early_data, - ssl_encryption_handshake, - ssl_encryption_application -} OSSL_ENCRYPTION_LEVEL; - -struct ssl_quic_method_st { - int (*set_encryption_secrets)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, size_t secret_len); - int (*add_handshake_data)(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); - int (*flush_flight)(SSL *ssl); - int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert); -}; - -__owur int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method); -__owur int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method); -__owur int SSL_set_quic_transport_params(SSL *ssl, - const uint8_t *params, - size_t params_len); -void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len); -__owur size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level); -__owur OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl); -__owur OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl); -__owur int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len); -__owur int SSL_process_quic_post_handshake(SSL *ssl); - -__owur int SSL_is_quic(SSL *ssl); - -/* BoringSSL API */ -void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy); - -/* - * Set an explicit value that you want to use - * If 0 (default) the server will use the highest extenstion the client sent - * If 0 (default) the client will send both extensions - */ -void SSL_set_quic_transport_version(SSL *ssl, int version); -__owur int SSL_get_quic_transport_version(const SSL *ssl); -/* Returns the negotiated version, or -1 on error */ -__owur int SSL_get_peer_quic_transport_version(const SSL *ssl); - -int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c); - -void SSL_set_quic_early_data_enabled(SSL *ssl, int enabled); - -# endif - # ifdef __cplusplus } # endif diff -Nru openssl-3.0.12/include/openssl/sslerr.h openssl-3.0.13/include/openssl/sslerr.h --- openssl-3.0.12/include/openssl/sslerr.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/sslerr.h 2024-01-30 13:28:16.000000000 +0000 @@ -161,7 +161,6 @@ # define SSL_R_MISSING_FATAL 256 # define SSL_R_MISSING_PARAMETERS 290 # define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION 310 -# define SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION 801 # define SSL_R_MISSING_RSA_CERTIFICATE 168 # define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 # define SSL_R_MISSING_RSA_SIGNING_CERT 170 @@ -334,7 +333,6 @@ # define SSL_R_WRONG_CERTIFICATE_TYPE 383 # define SSL_R_WRONG_CIPHER_RETURNED 261 # define SSL_R_WRONG_CURVE 378 -# define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED 800 # define SSL_R_WRONG_SIGNATURE_LENGTH 264 # define SSL_R_WRONG_SIGNATURE_SIZE 265 # define SSL_R_WRONG_SIGNATURE_TYPE 370 diff -Nru openssl-3.0.12/include/openssl/tls1.h openssl-3.0.13/include/openssl/tls1.h --- openssl-3.0.12/include/openssl/tls1.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/include/openssl/tls1.h 2024-01-30 13:28:16.000000000 +0000 @@ -151,10 +151,6 @@ /* Temporary extension type */ # define TLSEXT_TYPE_renegotiate 0xff01 - /* ExtensionType value from RFC9001 */ -# define TLSEXT_TYPE_quic_transport_parameters_draft 0xffa5 -# define TLSEXT_TYPE_quic_transport_parameters 0x0039 - # ifndef OPENSSL_NO_NEXTPROTONEG /* This is not an IANA defined extension number */ # define TLSEXT_TYPE_next_proto_neg 13172 diff -Nru openssl-3.0.12/providers/fips-sources.checksums openssl-3.0.13/providers/fips-sources.checksums --- openssl-3.0.12/providers/fips-sources.checksums 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/fips-sources.checksums 2024-01-30 13:28:16.000000000 +0000 @@ -77,19 +77,19 @@ 2893b6d03d4850d09c15959941b0759bbb50d8c20e873bed088e7cde4e15a65a crypto/bn/bn_ctx.c d94295953ab91469fe2b9da2a542b8ea11ac38551ecde8f8202b7f645c2dea16 crypto/bn/bn_dh.c 74b63a4515894592b7241fb30b91b21510beaa3d397809e3d74bc9a73e879d18 crypto/bn/bn_div.c -a29b8b7fa8460f11e50f880e3c3c9e0755b93889bcbb5476206c4d938a9c5735 crypto/bn/bn_exp.c +49e59eac540db304ab0ca7bee3ba9d45f89548fff98155561bbdb6602d0aab1d crypto/bn/bn_exp.c ec2b6e3af6df473a23e7f1a8522f2554cb0eb5d34e3282458c4a66d242278434 crypto/bn/bn_exp2.c baba7c8ae95af6aa36bc9f4be3a2eed33d500451e568ca4bfc6bc7cb48d4f7ea crypto/bn/bn_gcd.c -4d6cc7ed36978247a191df1eea0120f8ee97b639ba228793dabe5a8355a1a609 crypto/bn/bn_gf2m.c +5fbb1ab8463cd5544a1d95cf7996b6387ae634984a42256b7a21482ce3ac30a2 crypto/bn/bn_gf2m.c 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581 crypto/bn/bn_intern.c 602ed46fbfe12c899dfb7d9d99ff0dbfff96b454fce3cd02817f3e2488dd9192 crypto/bn/bn_kron.c bf73a1788a92142963177fb698bc518af9981bbf0ad9784701fbb2462ca10607 crypto/bn/bn_lib.c d5beb9fbac2ff5dc3ccbdfa4d1aabca7225c778cff4e3b05b6d6c63e182637f5 crypto/bn/bn_local.h -07247dc2ccc55f3be525baed92fd20031bbaa80fd0bc56155e80ee0da3fc943d crypto/bn/bn_mod.c +96f98cdf50087c5b567c31bf2581728623206d79b3f97f5a0c5fdaa0009e6e3c crypto/bn/bn_mod.c f60f3d49b183b04bcdf9b82f7c961b8c1bcb00e68a2c1166fe9edd95a783356e crypto/bn/bn_mont.c 2da73a76b746a47d8cf8ec8b3e0708c2a34e810abde4b4f1241a49e7f5bb2b60 crypto/bn/bn_mpi.c 76982b18b0803d59b33168b260677e7412970757d3b9513de5c80025290f211d crypto/bn/bn_mul.c -1f65ad369352d51af1a75eccf598cb497b400ebd86252f5ca8aac54bbb3cc7bd crypto/bn/bn_nist.c +b3677b73ac29aab660c9a549f7af154ca14347fac5cffd43b153a75211f1373f crypto/bn/bn_nist.c c6760a724d696b7209f0a71f8483fabcf4f081f7e93e2628284c32ef78f69365 crypto/bn/bn_prime.c c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3 crypto/bn/bn_prime.h 628419eabdb88b265823e43a7a1c88fdfecef79771180836f6089050dc9eadb1 crypto/bn/bn_rand.c @@ -122,11 +122,11 @@ 61926e30dd940616e80936d1c94c5f522daf0d475fb3a40a9e589e78f322901e crypto/des/set_key.c 8344811b14d151f6cd40a7bc45c8f4a1106252b119c1d5e6a589a023f39b107d crypto/des/spr.h 816472a54c273906d0a2b58650e0b9d28cc2c8023d120f0d77160f1fe34c4ca3 crypto/dh/dh_backend.c -fcbfe5acb73e1b4094efec56a754b803d2c1a53644c78cf6a73ae868e3f3886d crypto/dh/dh_check.c +24cf9462da6632c52b726041271f8a43dfb3f74414abe460d9cc9c7fd2fd2d7d crypto/dh/dh_check.c 7838e9a35870b0fbcba0aff2f52a2439f64d026e9922bce6e5978c2f22c51120 crypto/dh/dh_gen.c 6b17861887b2535159b9e6ca4f927767dad3e71b6e8be50055bc784f78e92d64 crypto/dh/dh_group_params.c a5cf5cb464b40f1bc5457dc2a6f2c5ec0f050196603cd2ba7037a23ab64adbf7 crypto/dh/dh_kdf.c -9e61a0b5017d835b348b15e93760c42d8d899ffae4251455c7b3085cfd25294c crypto/dh/dh_key.c +b0c248efc7dad48eaceb939a18cb2592cbfe5b02dd406592e5e590645488b153 crypto/dh/dh_key.c 92345c259ea2a8c09e6d6b069d0942bd6ca4642231580f3e8148ae7a832a1115 crypto/dh/dh_lib.c 8300775d88db0a1aa26a77eb49d6c4f7252e7fee69e1440de4c40edadc9da044 crypto/dh/dh_local.h bbcf4fc3067ac462a27d7277973180b7dc140df9262a686c7fbe4318ca01f7b8 crypto/dsa/dsa_backend.c @@ -186,7 +186,7 @@ f288c23b6f83740956886b2303c64d5a3098c98b530859c3bb4b698c01c1643b crypto/ec/ecp_nistz256.c 51cb98e7e9c241e33261589f0d74103238baaa850e333c61ff1da360e127518a crypto/ec/ecp_oct.c b4b7c683279454ba41438f50a015cb63ef056ccb9be0168918dfbae00313dc68 crypto/ec/ecp_smpl.c -2096e13aa2fbcb0d4b10faca3e3f5359cf66098b0397a6d74c6fca14f5dee659 crypto/ec/ecx_backend.c +e2705097cfab64e8d7eb2feba37c3f12b18aec74b135ad0c7f073efccf336d4c crypto/ec/ecx_backend.c 5ee19c357c318b2948ff5d9118a626a6207af2b2eade7d8536051d4a522668d3 crypto/ec/ecx_backend.h 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580 crypto/ec/ecx_key.c 28abc295dad8888b5482eb61d31cd78dd80545ecb67dc6f9446a36deb8c40a5e crypto/evp/asymcipher.c @@ -194,7 +194,7 @@ 1af3872164b4a4757bc7896a24b4d2f8eb2cfb4cba0d872a93db69975693e0a6 crypto/evp/digest.c 838277f228cd3025cf95a9cd435e5606ad1fb5d207bbb057aa29892e6a657c55 crypto/evp/ec_support.c 61df3942752307b7006f09d7628348a0cc9e5555469a3a8862349067a52824b7 crypto/evp/evp_enc.c -7f10367f9b6191c4a8c01784130d26b2d778485a41cdac5fa17c9a1c4096f132 crypto/evp/evp_fetch.c +62c994fd91dc4a5a1a81dfa9391d6eadae62d3549b2e1b22acb2e7c4cd278f27 crypto/evp/evp_fetch.c ebe32b2895f7f9767710674352c8949efe93b4bbb5e7b71c27bb5d1822339b46 crypto/evp/evp_lib.c 78f07bf50b6999611a4e9414ab3a20b219b0ab29ca2bd05002d6919a3f67b8eb crypto/evp/evp_local.h 117e679d49d2ae87e49d3c942ff0ce768959e8b9713f84a99025cabba462ccd5 crypto/evp/evp_rand.c @@ -251,20 +251,20 @@ 608a04f387be2a509b4d4ad414b7015ab833e56b85020e692e193160f36883a2 crypto/modes/xts128.c 8aa2504f84a0637b5122f0c963c9d82773ba248bad972ab92be7169995d162b5 crypto/o_str.c 8ddbbdf43131c10dcd4428aef0eff2b1e98b0410accada0fad41a4925868beef crypto/packet.c -a20bfd927d69737c86ca95d3cf636afa8cefd8fe23412d1a3897644a0da21211 crypto/param_build.c +c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55 crypto/param_build.c 2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d crypto/param_build_set.c 0e4a5388a92fabbe5a540176c0b4c5ce258b78dc9168ecc2e805352a06aaf0ba crypto/params.c 4fda13f6af05d80b0ab89ec4f5813c274a21a9b4565be958a02d006236cef05c crypto/params_dup.c -a0097ff2da8955fe15ba204cb54f3fd48a06f846e2b9826f507b26acf65715c3 crypto/params_from_text.c +b6cbfc8791b31587f32a3f9e4c117549793528ebddc34a361bad1ad8cf8d4c42 crypto/params_from_text.c 97cb7414dc2f165d5849ee3b46cdfff0afb067729435d9c01a747e0ca41e230c crypto/ppccap.c 3ca43596a7528dec8ff9d1a3cd0d68b62640f84b1d6a8b5e4842cfd0be1133ad crypto/ppccpuid.pl b4d34272a0bd1fbe6562022bf7ea6259b6a5a021a48222d415be47ef5ef2a905 crypto/property/defn_cache.c 3c4ade2fed4605e374d85ec1134a98da34e7124f89f44b81a754e8cfe81f14ba crypto/property/property.c 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26 crypto/property/property_local.h -099407e68e705f1458b701b9336f633565fc0843355fedf1ec83794349548a51 crypto/property/property_parse.c +37dba5e1f8a2f8cb8a69e491d52386359c9d08a3c7e43ac1c7a989b72b71593c crypto/property/property_parse.c a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3 crypto/property/property_query.c 065698c8d88a5facc0cbc02a3bd0c642c94687a8c5dd79901c942138b406067d crypto/property/property_string.c -0ba5d0297837940c972224c97cbbf3ea4a723c1eed9ce1112538c9bb26208639 crypto/provider_core.c +0b38639ffc696d6037ace06cc0169bb5c411ee1c6bacc1fa18b3abd82000e69f crypto/provider_core.c d0af10d4091b2032aac1b7db80f8c2e14fa7176592716b25b9437ab6b53c0a89 crypto/provider_local.h 5ba2e1c74ddcd0453d02e32612299d1eef18eff8493a7606c15d0dc3738ad1d9 crypto/provider_predefined.c a5a4472636b8b0095ad8d4acd37e275ad79da1a67ecff7b7b5c3e46c9ebc65b7 crypto/rand/rand_lib.c @@ -284,7 +284,7 @@ 174a42e156be48927fe6d6bf0d95575619b8e643a99761275bff933bc3449722 crypto/rsa/rsa_pss.c bf6d300b7e7e9e512a47c5bd1f8713806ae3033a140d83dfae4a16ad58d11170 crypto/rsa/rsa_schemes.c f01af62704dbf9457e2669c3e7c1d4d740f0388faa49df93611b987a8aa2bf11 crypto/rsa/rsa_sign.c -740c022caff3b2487c5838b581cdddcc7de2ceabb504aad72dc0dd70a67bf7cf crypto/rsa/rsa_sp800_56b_check.c +42d821612b0b0d62f587beb8a0cab8b8d876fedccd6913fec6d2044f8ac52b63 crypto/rsa/rsa_sp800_56b_check.c 3aba73dacebb046faf8d09dc279149b52c629004b524ec33e6d81c8ad0bc31a8 crypto/rsa/rsa_sp800_56b_gen.c 1c1c2aeeb18bf1d69e8f134315b7e50d8f43d30eb1aa5bf42983eec9136a2fdc crypto/rsa/rsa_x931.c 0acbebed48f6242d595c21e3c1ad69da0daa960d62062e8970209deda144f337 crypto/s390xcap.c @@ -381,7 +381,7 @@ fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b include/internal/dso.h f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7 include/internal/dsoerr.h 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef include/internal/endian.h -094b69aeb8f349cafa8865b577e253132088c25eabb61b910fab141e6f7d2929 include/internal/ffc.h +7854b5c1cd786dc01d052204c5b3ea946dc9929590f47ec4c27697387c5b7ce5 include/internal/ffc.h 100053a1bad1a85a98c5b919cf81ace0ee147b2164732963e40474d7b5fbbb99 include/internal/namemap.h b02701592960eb4608bb83b297eed90184004828c7fc03ea81568062f347623d include/internal/nelem.h ae41a2fb41bf592bbb47e4855cf4efd9ef85fc11f910a7e195ceef78fb4321dc include/internal/numbers.h @@ -390,7 +390,7 @@ d4ac19b28ea61f03383364cfad1e941cac44fc36787d80882c5b76ecc9d34e29 include/internal/property.h 727326afb3d33fdffdf26471e313f27892708318c0934089369e4b28267e2635 include/internal/propertyerr.h 6a899ef3e360c7144d84d3c3dbbd14aa457f5d38b83b13c0be7ec7f372076595 include/internal/provider.h -80d7d12b8b3d9945bde3991cb0d1413d120a58a04b17ac673549789e3f37b18a include/internal/refcount.h +34432d71c49dc8ee9926218ba78bdcd03c46cee4e966ee20d100e4519d85b064 include/internal/refcount.h 11ee9893f7774c83fcfdee6e0ca593af3d28b779107883553facdbfdae3a68f5 include/internal/sha3.h 494ab5c802716bf38032986674fb094dde927a21752fe395d82e6044d81801d1 include/internal/sizes.h 24f41a1985fa305833c3f58030c494d2563d15fc922cdf3eeb6a7ea8c135a880 include/internal/symhacks.h @@ -401,7 +401,7 @@ 98aa2fc5eae9ef2a36d3d0053212696d58893baa083fa1fcf720660fb4bc0a9f include/openssl/asn1.h.in d4733dcd490b3a2554eaf859d1ea964fe76f7d24f78e42be1094bdad6dee7429 include/openssl/asn1err.h 1550474ee05423896ec4abfb6346f1bc44c7be22329efac9ea25de10e81d549c include/openssl/asn1t.h.in -2cd8163cdc6c93386bc05e8ed983e5ca604d0bf9da65500cab736cfa8bc2b048 include/openssl/bio.h.in +dbd1501acb0804eec0f2aa7bbac4dbc483cf2b4691c6eb1436461b5ed4685b42 include/openssl/bio.h.in 0a26138aaded05cafe2326e11fdc19b28408e054cfe3dda40d45ef95ce8136b0 include/openssl/bioerr.h 7d1f9880976a926ba6e0cad08e8de6f326aae48d8350b499aa79127f63d4d108 include/openssl/bn.h 9ad8b04764797f5138f01f549ba18b44cf698ffc7fe795fef42c1822d84a6ff4 include/openssl/bnerr.h @@ -409,7 +409,7 @@ 9d48e6cab2ee98ae94d7113e4c65f000d97e125fdb3445642865ace3f34d06ac include/openssl/buffererr.h 8e772c24b051e59d2f65339f54584e3e44165a3eaf997d497faea764990130f5 include/openssl/cmac.h 55aa91482d327d1784484922389e8277bdcdff7a7df27e84200d5c908bd40454 include/openssl/conf.h.in -f20c3c845129a129f5e0b1dae970d86a5c96ab49f2e3f6f364734521e9e1abe3 include/openssl/conferr.h +bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142 include/openssl/conferr.h 02a1baff7b71a298419c6c5dcb43eaa9cc13e9beeb88c03fb14854b4e84e8862 include/openssl/configuration.h.in 6b3810dac6c9d6f5ee36a10ad6d895a5e4553afdfb9641ce9b7dc5db7eef30b7 include/openssl/conftypes.h df5e60af861665675e4a00d40d15e36884f940e3379c7b45c9f717eaf1942697 include/openssl/core.h @@ -420,7 +420,7 @@ bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6 include/openssl/cryptoerr_legacy.h fa3e6b6c2e6222424b9cd7005e3c5499a2334c831cd5d6a29256ce945be8cb1d include/openssl/des.h 75fba45d6fc66e3aaef216959327157613f08070935aae4a5260e740184f031f include/openssl/dh.h -836130f5a32bbdce51b97b34758ed1b03a9d06065c187418eaf323dca6adfc6d include/openssl/dherr.h +ab7ba5d7eb18d2ea8abc6862ae2ceaa1fa116a702c2bff617c5ae1651d97b6bc include/openssl/dherr.h 92ae2c907fd56859e3ae28a085071611be5c9245879305cdf8bad027219e64b6 include/openssl/dsa.h 276d1f6e111ba933bc708e6a0670047cbe0d0b67aabe31807abbbc231de4d8cf include/openssl/dsaerr.h 41bf49e64e1c341a8c17778147ddeba35e88dfd7ff131db6210e801ef25a8fd5 include/openssl/e_os2.h @@ -500,28 +500,28 @@ f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3 providers/fips/self_test.h d3c95c9c6cc4e3b1a5e4b2bfb2ae735a4109d763bcda7b1e9b8f9eb253f79820 providers/fips/self_test_data.inc 629f619ad055723e42624230c08430a3ef53e17ab405dc0fd35499e9ca4e389c providers/fips/self_test_kats.c -cd784a44a01a8a30a6be63381344a7f5432e74d40b02ea471c5b0dc943a7ac9d providers/implementations/asymciphers/rsa_enc.c +99baeec10374301e90352ab637056104a8ea28a6880804f44c640d0c9ee16eba providers/implementations/asymciphers/rsa_enc.c 4db1826ecce8b60cb641bcd7a61430ec8cef73d2fe3cbc06aa33526afe1c954a providers/implementations/ciphers/cipher_aes.c -f9d4b30e7110c90064b990c07430bb79061f4436b06ccaa981b25c306cfbfaa2 providers/implementations/ciphers/cipher_aes.h -89378cce6d31e8c2f221f9f29d0b17622624eb83e4ecec8465f7641f68352917 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c +6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6 providers/implementations/ciphers/cipher_aes.h +aef500281e7cd5a25a806a9bd45ec00a5b73984673202527dac5896fbcc9fa9c providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 7668e5c1cac474ad7b0f28aa78ca885edf44815fe4a606a6cd328b3c02fac25a providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.h 26e0f28523b416ba4067e471061f5a11fd76f5dc8bfe57ce37a137cf5667630b providers/implementations/ciphers/cipher_aes_cbc_hmac_sha1_hw.c 6d2ab2e059ef38fad342d4c65eebd533c08a2092bb174ff3566c6604e175c5a4 providers/implementations/ciphers/cipher_aes_cbc_hmac_sha256_hw.c -6d6bf36329af3b77f457898294be05fea3940a61cdaf0ed60cfb8d091a94186e providers/implementations/ciphers/cipher_aes_ccm.c +f37c3cf9e2e6fcfcbed941f3670b790fe09990349db72eb065bef51705d46e96 providers/implementations/ciphers/cipher_aes_ccm.c 00f36bf48e522dbb5ec71df0ec13e387955fa3672e6ff90e8a412ae95c4a642f providers/implementations/ciphers/cipher_aes_ccm.h 6337b570e0dc4e98af07aa9704254d3ab958cf605584e250fbd76cd1d2a25ac7 providers/implementations/ciphers/cipher_aes_ccm_hw.c 302b3819ff9fdfed750185421616b248b0e1233d75b45a065490fe4762b42f55 providers/implementations/ciphers/cipher_aes_ccm_hw_aesni.inc a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14 providers/implementations/ciphers/cipher_aes_cts.inc -710ee60704dd9dffa2a11e2e96596af1f7f84f915cedcedeec7292e0d978317a providers/implementations/ciphers/cipher_aes_gcm.c +7e886ecc088b5903aa082eac72a4c46f9064392bdf5723a592368ecebfeb71c0 providers/implementations/ciphers/cipher_aes_gcm.c 79f5a732820d2512a7f4fc2a99ece7e6e2523a51e62561eb67a4b70d5538b0c4 providers/implementations/ciphers/cipher_aes_gcm.h ab298c5f89f3165fa11093fad8063b7bcbff0924b43fb3107148ae66d54adcb5 providers/implementations/ciphers/cipher_aes_gcm_hw.c 8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9 providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc 4c6f3a2818754a5aa7b6db36dae53e248504f9e82cc5af2ed68c723903d4f9d5 providers/implementations/ciphers/cipher_aes_hw.c 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68 providers/implementations/ciphers/cipher_aes_hw_aesni.inc -0264d1ea3ece6f730b342586fb1fe00e3f0ff01e47d53f552864df986bf35573 providers/implementations/ciphers/cipher_aes_ocb.c +fac3a1878dc9c0c363d0ecdd9f74926157df54ca4f40adf8c479927395082008 providers/implementations/ciphers/cipher_aes_ocb.c 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f providers/implementations/ciphers/cipher_aes_ocb.h 855869ab5a8d7a61a11674cfe5d503dfa67f59e7e393730835d1d8cf0ab85c70 providers/implementations/ciphers/cipher_aes_ocb_hw.c -a872195161ac6c3a2cb59c3d15b212e34bb7596a41712258f5d0b5e771e25239 providers/implementations/ciphers/cipher_aes_wrp.c +6a8782c728575d69c86b735c9f47acda5c0daa04e17f1e0faef2c963f23fab20 providers/implementations/ciphers/cipher_aes_wrp.c 527ff9277b92606517ee7af13225a9d5fcffbbc36eb18bce39f59d594cbe4931 providers/implementations/ciphers/cipher_aes_xts.c c4a2499b214d7cf786dafaaee5c8c6963b3d5d1c27c144eec4b460f839074a3b providers/implementations/ciphers/cipher_aes_xts.h 281157d1da4d7285d878978e6d42d0d33b3a6bc16e3bc5b6879e39093a7d70da providers/implementations/ciphers/cipher_aes_xts_fips.c @@ -530,13 +530,13 @@ 74640ce402acc704af72e055fb7f27e6aa8efd417babc56f710478e571d8631c providers/implementations/ciphers/cipher_cts.h fcc3bb0637864252402aaa9d543209909df9a39611127f777b168bc888498dc0 providers/implementations/ciphers/cipher_tdes.c 77709f7fc3f7c08986cd4f0ebf2ef6e44bacb975c1483ef444b3cf5e5071f9d6 providers/implementations/ciphers/cipher_tdes.h -6fc41326c5f464f27b7d31c16d5ad7116d6244b99e242893f6c96d0c61f3639a providers/implementations/ciphers/cipher_tdes_common.c +f6b81faf6abf3baa926be7c054cda1ff2be109b0a2143b34b2f2d266b6cb2c52 providers/implementations/ciphers/cipher_tdes_common.c 50645122f08ef4891cd96cace833bd550be7f5278ab785515fd61fe8993c8c25 providers/implementations/ciphers/cipher_tdes_hw.c -6bb3c24bfd872e3b4c779b29e9f962348f6ae3effeb4f243c8ea66abefe8a4fa providers/implementations/ciphers/ciphercommon.c +1f44963b1ac450cb77d75df9fbf956b04742e38d236d316c7eb8021bdf0573a4 providers/implementations/ciphers/ciphercommon.c dd72ea861edf70b94197821ceb00e07165d550934a2e851d62afa5034b79f468 providers/implementations/ciphers/ciphercommon_block.c -4b4106f85e36eb2c07acc5a3ca5ccd77b736b3ac46cc4af786cf57405ecd54b2 providers/implementations/ciphers/ciphercommon_ccm.c +8af515e63a0c16ff35dcedcc43c7b4735a10943f1e937eeeb73eb1af3dc92782 providers/implementations/ciphers/ciphercommon_ccm.c 8b6828f188c2590c7d9c6cac13fa0eb6d38a522b0f2859e7c8a766580fa9b66e providers/implementations/ciphers/ciphercommon_ccm_hw.c -3b83f58d6ff1ae77de1ae8bee8a44ea2e5e4491c802b156fa77783ddebd44598 providers/implementations/ciphers/ciphercommon_gcm.c +142785a128a0d694e2457e7d79da545791b73ae388dcf700b538763099f91f65 providers/implementations/ciphers/ciphercommon_gcm.c bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b providers/implementations/ciphers/ciphercommon_gcm_hw.c 23fd89e3239e596c325a8c5d23eb1fe157a8d23aa4d90ed2c574bf06dfabd693 providers/implementations/ciphers/ciphercommon_hw.c c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666 providers/implementations/ciphers/ciphercommon_local.h @@ -547,8 +547,8 @@ 9c46dc0d859875fcc0bc3d61a7b610cd3520b1bf63718775c1124f54a1fe5f24 providers/implementations/exchange/ecdh_exch.c 9bf87b8429398a6465c7e9f749a33b84974303a458736b56f3359b30726d3969 providers/implementations/exchange/ecx_exch.c 0cc02005660c5c340660123decac838c59b7460ef1003d9d50edc604cfd8e375 providers/implementations/exchange/kdf_exch.c -31d3dba3d2e6b043b0d14a74caf6bf1a6c550471fb992a495ab7d3337081a526 providers/implementations/include/prov/ciphercommon.h -6dc876a1a785420e84210f085be6e4c7aca407ffb5433dbca4cd3f1c11bb7f06 providers/implementations/include/prov/ciphercommon_aead.h +a0d1c1d49557d32497877b2d549d2a7a7729a550306275bfe6ddcefca0d8fc80 providers/implementations/include/prov/ciphercommon.h +a9f5de1623221f327245957ec1dfd66a1914bff25adf4bcb81213c7955d19382 providers/implementations/include/prov/ciphercommon_aead.h dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5 providers/implementations/include/prov/ciphercommon_ccm.h 0c1e99d70155402a790e4de65923228c8df8ad970741caccfe8b513837457d7f providers/implementations/include/prov/ciphercommon_gcm.h b9a61ce951c1904d8315b1bb26c0ab0aaadb47e71d4ead5df0a891608c728c4b providers/implementations/include/prov/digestcommon.h @@ -575,7 +575,7 @@ 053a2be39a87f50b877ebdbbf799cf5faf8b2de33b04311d819d212ee1ea329b providers/implementations/keymgmt/kdf_legacy_kmgmt.c 1646b477fa231dd0f6c22444c99098f9b447cab0d39ff69b811262469d4dbe09 providers/implementations/keymgmt/mac_legacy_kmgmt.c 19f22fc70a6321441e56d5bd4aab3d01d52d17069d4e4b5cefce0f411ecece75 providers/implementations/keymgmt/rsa_kmgmt.c -aeb42590728ca87b916b8a3d337351b1c82ee0747213e5ce740c2350b3db7185 providers/implementations/macs/cmac_prov.c +5eb96ea2df635cf79c5aeccae270fbe896b5e6384a5b3e4b187ce8c10fe8dfc7 providers/implementations/macs/cmac_prov.c e69aa06f8f3c6f5a26702b9f44a844b8589b99dc0ee590953a29e8b9ef10acbe providers/implementations/macs/gmac_prov.c 895c8dc7235b9ad5ff893be0293cbc245a5455e8850195ac7d446646e4ea71d0 providers/implementations/macs/hmac_prov.c 8640b63fd8325aaf8f7128d6cc448d9af448a65bf51a8978075467d33a67944e providers/implementations/macs/kmac_prov.c @@ -590,6 +590,6 @@ a30dc6308de0ca33406e7ce909f3bcf7580fb84d863b0976b275839f866258df providers/implementations/signature/ecdsa_sig.c 02e833a767afbe98247d6f09dfb1eb5a5cf7304a93f2c5427a9f6af9c8a3b549 providers/implementations/signature/eddsa_sig.c 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9 providers/implementations/signature/mac_legacy_sig.c -5b5e51acce1f6e86581de9ee870e64772f69562362b34079ac65c5d6fffaddef providers/implementations/signature/rsa_sig.c +166d7e3a049b28ae2c6f94415070720d176a82e46af1613511c4b073ea705476 providers/implementations/signature/rsa_sig.c a14e901b02fe095713624db4080b3aa3ca685d43f9ebec03041f992240973346 ssl/record/tls_pad.c 3f2e01a98d9e3fda6cc5cb4b44dd43f6cae4ec34994e8f734d11b1e643e58636 ssl/s3_cbc.c diff -Nru openssl-3.0.12/providers/fips.checksum openssl-3.0.13/providers/fips.checksum --- openssl-3.0.12/providers/fips.checksum 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/fips.checksum 2024-01-30 13:28:16.000000000 +0000 @@ -1 +1 @@ -114b59f288ec2d6ddfcd26187f43cad614c6d4e4a7aba24410494f46f627671c providers/fips-sources.checksums +9597c676c418928e2ba5075a6352a7d5b398e64db622b577822391424300ed43 providers/fips-sources.checksums diff -Nru openssl-3.0.12/providers/implementations/asymciphers/rsa_enc.c openssl-3.0.13/providers/implementations/asymciphers/rsa_enc.c --- openssl-3.0.12/providers/implementations/asymciphers/rsa_enc.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/asymciphers/rsa_enc.c 2024-01-30 13:28:16.000000000 +0000 @@ -555,6 +555,7 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, NULL, 0), diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes.h openssl-3.0.13/providers/implementations/ciphers/cipher_aes.h --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes.h 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,7 +44,6 @@ /* KMO-AES/KMF-AES parameter block - end */ } param; unsigned int fc; - int res; } s390x; #endif /* defined(OPENSSL_CPUID_OBJ) && defined(__s390__) */ } plat; diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c openssl-3.0.13/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -334,6 +334,16 @@ return ctx; } +static void *aes_cbc_hmac_sha1_dupctx(void *provctx) +{ + PROV_AES_HMAC_SHA1_CTX *ctx = provctx; + + if (ctx == NULL) + return NULL; + + return OPENSSL_memdup(ctx, sizeof(*ctx)); +} + static void aes_cbc_hmac_sha1_freectx(void *vctx) { PROV_AES_HMAC_SHA1_CTX *ctx = (PROV_AES_HMAC_SHA1_CTX *)vctx; @@ -361,6 +371,13 @@ return ctx; } +static void *aes_cbc_hmac_sha256_dupctx(void *provctx) +{ + PROV_AES_HMAC_SHA256_CTX *ctx = provctx; + + return OPENSSL_memdup(ctx, sizeof(*ctx)); +} + static void aes_cbc_hmac_sha256_freectx(void *vctx) { PROV_AES_HMAC_SHA256_CTX *ctx = (PROV_AES_HMAC_SHA256_CTX *)vctx; @@ -386,6 +403,7 @@ const OSSL_DISPATCH ossl_##nm##kbits##sub##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))nm##_##kbits##_##sub##_newctx },\ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))nm##_##sub##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))nm##_##sub##_dupctx}, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))nm##_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))nm##_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))nm##_update }, \ diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_ccm.c openssl-3.0.13/providers/implementations/ciphers/cipher_aes_ccm.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_ccm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_ccm.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -33,6 +33,26 @@ return ctx; } +static void *aes_ccm_dupctx(void *provctx) +{ + PROV_AES_CCM_CTX *ctx = provctx; + PROV_AES_CCM_CTX *dupctx = NULL; + + if (ctx == NULL) + return NULL; + dupctx = OPENSSL_memdup(provctx, sizeof(*ctx)); + if (dupctx == NULL) + return NULL; + /* + * ossl_cm_initctx, via the ossl_prov_aes_hw_ccm functions assign a + * provctx->ccm.ks.ks to the ccm context key so we need to point it to + * the memduped copy + */ + dupctx->base.ccm_ctx.key = &dupctx->ccm.ks.ks; + + return dupctx; +} + static OSSL_FUNC_cipher_freectx_fn aes_ccm_freectx; static void aes_ccm_freectx(void *vctx) { diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_gcm.c openssl-3.0.13/providers/implementations/ciphers/cipher_aes_gcm.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_gcm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_gcm.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,6 +34,21 @@ return ctx; } +static void *aes_gcm_dupctx(void *provctx) +{ + PROV_AES_GCM_CTX *ctx = provctx; + PROV_AES_GCM_CTX *dctx = NULL; + + if (ctx == NULL) + return NULL; + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.gcm.key != NULL) + dctx->base.gcm.key = &dctx->ks.ks; + + return dctx; +} + static OSSL_FUNC_cipher_freectx_fn aes_gcm_freectx; static void aes_gcm_freectx(void *vctx) { diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_hw_s390x.inc openssl-3.0.13/providers/implementations/ciphers/cipher_aes_hw_s390x.inc --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_hw_s390x.inc 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_hw_s390x.inc 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -58,7 +58,6 @@ memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); adat->plat.s390x.fc = S390X_AES_FC(keylen); - adat->plat.s390x.res = 0; return 1; } @@ -66,7 +65,7 @@ const unsigned char *in, size_t len) { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; - int n = adat->plat.s390x.res; + int n = dat->num; int rem; memcpy(adat->plat.s390x.param.kmo_kmf.cv, dat->iv, dat->ivlen); @@ -102,7 +101,7 @@ } memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); - adat->plat.s390x.res = n; + dat->num = n; return 1; } @@ -113,7 +112,6 @@ adat->plat.s390x.fc = S390X_AES_FC(keylen); adat->plat.s390x.fc |= 16 << 24; /* 16 bytes cipher feedback */ - adat->plat.s390x.res = 0; memcpy(adat->plat.s390x.param.kmo_kmf.k, key, keylen); return 1; } @@ -123,7 +121,7 @@ { PROV_AES_CTX *adat = (PROV_AES_CTX *)dat; unsigned int modifier = adat->base.enc ? 0 : S390X_DECRYPT; - int n = adat->plat.s390x.res; + int n = dat->num; int rem; unsigned char tmp; @@ -164,7 +162,7 @@ } memcpy(dat->iv, adat->plat.s390x.param.kmo_kmf.cv, dat->ivlen); - adat->plat.s390x.res = n; + dat->num = n; return 1; } diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_ocb.c openssl-3.0.13/providers/implementations/ciphers/cipher_aes_ocb.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_ocb.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_ocb.c 2024-01-30 13:28:16.000000000 +0000 @@ -387,7 +387,10 @@ /* IV len must be 1 to 15 */ if (sz < OCB_MIN_IV_LEN || sz > OCB_MAX_IV_LEN) return 0; - ctx->base.ivlen = sz; + if (ctx->base.ivlen != sz) { + ctx->base.ivlen = sz; + ctx->iv_state = IV_STATE_UNINITIALISED; + } } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); if (p != NULL) { diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aes_wrp.c openssl-3.0.13/providers/implementations/ciphers/cipher_aes_wrp.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aes_wrp.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aes_wrp.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -66,6 +66,26 @@ return wctx; } +static void *aes_wrap_dupctx(void *wctx) +{ + PROV_AES_WRAP_CTX *ctx = wctx; + PROV_AES_WRAP_CTX *dctx = wctx; + + if (ctx == NULL) + return NULL; + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + + if (dctx != NULL && dctx->base.tlsmac != NULL && dctx->base.alloced) { + dctx->base.tlsmac = OPENSSL_memdup(dctx->base.tlsmac, + dctx->base.tlsmacsize); + if (dctx->base.tlsmac == NULL) { + OPENSSL_free(dctx); + dctx = NULL; + } + } + return dctx; +} + static void aes_wrap_freectx(void *vctx) { PROV_AES_WRAP_CTX *wctx = (PROV_AES_WRAP_CTX *)vctx; @@ -281,6 +301,7 @@ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))aes_##mode##_cipher }, \ { OSSL_FUNC_CIPHER_FINAL, (void (*)(void))aes_##mode##_final }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))aes_##mode##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))aes_##mode##_dupctx }, \ { OSSL_FUNC_CIPHER_GET_PARAMS, \ (void (*)(void))aes_##kbits##_##fname##_get_params }, \ { OSSL_FUNC_CIPHER_GETTABLE_PARAMS, \ diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aria_ccm.c openssl-3.0.13/providers/implementations/ciphers/cipher_aria_ccm.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aria_ccm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aria_ccm.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -28,6 +28,21 @@ return ctx; } +static void *aria_ccm_dupctx(void *provctx) +{ + PROV_ARIA_CCM_CTX *ctx = provctx; + PROV_ARIA_CCM_CTX *dctx = NULL; + + if (ctx == NULL) + return NULL; + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.ccm_ctx.key != NULL) + dctx->base.ccm_ctx.key = &dctx->ks.ks; + + return dctx; +} + static void aria_ccm_freectx(void *vctx) { PROV_ARIA_CCM_CTX *ctx = (PROV_ARIA_CCM_CTX *)vctx; diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_aria_gcm.c openssl-3.0.13/providers/implementations/ciphers/cipher_aria_gcm.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_aria_gcm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_aria_gcm.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -27,6 +27,21 @@ return ctx; } +static void *aria_gcm_dupctx(void *provctx) +{ + PROV_ARIA_GCM_CTX *ctx = provctx; + PROV_ARIA_GCM_CTX *dctx = NULL; + + if (ctx == NULL) + return NULL; + + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.gcm.key != NULL) + dctx->base.gcm.key = &dctx->ks.ks; + + return dctx; +} + static OSSL_FUNC_cipher_freectx_fn aria_gcm_freectx; static void aria_gcm_freectx(void *vctx) { diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_chacha20_poly1305.c openssl-3.0.13/providers/implementations/ciphers/cipher_chacha20_poly1305.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_chacha20_poly1305.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,6 +23,7 @@ static OSSL_FUNC_cipher_newctx_fn chacha20_poly1305_newctx; static OSSL_FUNC_cipher_freectx_fn chacha20_poly1305_freectx; +static OSSL_FUNC_cipher_dupctx_fn chacha20_poly1305_dupctx; static OSSL_FUNC_cipher_encrypt_init_fn chacha20_poly1305_einit; static OSSL_FUNC_cipher_decrypt_init_fn chacha20_poly1305_dinit; static OSSL_FUNC_cipher_get_params_fn chacha20_poly1305_get_params; @@ -58,6 +59,25 @@ return ctx; } +static void *chacha20_poly1305_dupctx(void *provctx) +{ + PROV_CHACHA20_POLY1305_CTX *ctx = provctx; + PROV_CHACHA20_POLY1305_CTX *dctx = NULL; + + if (ctx == NULL) + return NULL; + dctx = OPENSSL_memdup(ctx, sizeof(*ctx)); + if (dctx != NULL && dctx->base.tlsmac != NULL && dctx->base.alloced) { + dctx->base.tlsmac = OPENSSL_memdup(dctx->base.tlsmac, + dctx->base.tlsmacsize); + if (dctx->base.tlsmac == NULL) { + OPENSSL_free(dctx); + dctx = NULL; + } + } + return dctx; +} + static void chacha20_poly1305_freectx(void *vctx) { PROV_CHACHA20_POLY1305_CTX *ctx = (PROV_CHACHA20_POLY1305_CTX *)vctx; @@ -310,6 +330,7 @@ const OSSL_DISPATCH ossl_chacha20_ossl_poly1305_functions[] = { { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))chacha20_poly1305_newctx }, { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))chacha20_poly1305_freectx }, + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))chacha20_poly1305_dupctx }, { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))chacha20_poly1305_einit }, { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))chacha20_poly1305_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))chacha20_poly1305_update }, diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_des.c openssl-3.0.13/providers/implementations/ciphers/cipher_des.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_des.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_des.c 2024-01-30 13:28:16.000000000 +0000 @@ -98,6 +98,7 @@ } if (!ctx->hw->init(ctx, key, keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_rc4_hmac_md5.c openssl-3.0.13/providers/implementations/ciphers/cipher_rc4_hmac_md5.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_rc4_hmac_md5.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_rc4_hmac_md5.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -34,6 +34,7 @@ static OSSL_FUNC_cipher_decrypt_init_fn rc4_hmac_md5_dinit; static OSSL_FUNC_cipher_newctx_fn rc4_hmac_md5_newctx; static OSSL_FUNC_cipher_freectx_fn rc4_hmac_md5_freectx; +static OSSL_FUNC_cipher_dupctx_fn rc4_hmac_md5_dupctx; static OSSL_FUNC_cipher_get_ctx_params_fn rc4_hmac_md5_get_ctx_params; static OSSL_FUNC_cipher_gettable_ctx_params_fn rc4_hmac_md5_gettable_ctx_params; static OSSL_FUNC_cipher_set_ctx_params_fn rc4_hmac_md5_set_ctx_params; @@ -71,6 +72,15 @@ OPENSSL_clear_free(ctx, sizeof(*ctx)); } +static void *rc4_hmac_md5_dupctx(void *vctx) +{ + PROV_RC4_HMAC_MD5_CTX *ctx = vctx; + + if (ctx == NULL) + return NULL; + return OPENSSL_memdup(ctx, sizeof(*ctx)); +} + static int rc4_hmac_md5_einit(void *ctx, const unsigned char *key, size_t keylen, const unsigned char *iv, size_t ivlen, const OSSL_PARAM params[]) @@ -214,6 +224,7 @@ const OSSL_DISPATCH ossl_rc4_hmac_ossl_md5_functions[] = { { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))rc4_hmac_md5_newctx }, { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))rc4_hmac_md5_freectx }, + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))rc4_hmac_md5_dupctx }, { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))rc4_hmac_md5_einit }, { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))rc4_hmac_md5_dinit }, { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))rc4_hmac_md5_update }, diff -Nru openssl-3.0.12/providers/implementations/ciphers/cipher_tdes_common.c openssl-3.0.13/providers/implementations/ciphers/cipher_tdes_common.c --- openssl-3.0.12/providers/implementations/ciphers/cipher_tdes_common.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/cipher_tdes_common.c 2024-01-30 13:28:16.000000000 +0000 @@ -92,6 +92,7 @@ } if (!ctx->hw->init(ctx, key, ctx->keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } diff -Nru openssl-3.0.12/providers/implementations/ciphers/ciphercommon.c openssl-3.0.13/providers/implementations/ciphers/ciphercommon.c --- openssl-3.0.12/providers/implementations/ciphers/ciphercommon.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/ciphercommon.c 2024-01-30 13:28:16.000000000 +0000 @@ -128,7 +128,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return 0; } - ctx->keylen = keylen; + if (ctx->keylen != keylen) { + ctx->keylen = keylen; + ctx->key_set = 0; + } } return 1; } @@ -217,6 +220,7 @@ } if (!ctx->hw->init(ctx, key, ctx->keylen)) return 0; + ctx->key_set = 1; } return ossl_cipher_generic_set_ctx_params(ctx, params); } @@ -249,6 +253,11 @@ size_t blksz = ctx->blocksize; size_t nextblocks; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (ctx->tlsversion > 0) { /* * Each update call corresponds to a TLS record and is individually @@ -390,6 +399,11 @@ if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (ctx->tlsversion > 0) { /* We never finalize TLS, so this is an error */ ERR_raise(ERR_LIB_PROV, PROV_R_CIPHER_OPERATION_FAILED); @@ -456,6 +470,11 @@ { PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (inl == 0) { *outl = 0; return 1; @@ -510,9 +529,16 @@ int ossl_cipher_generic_stream_final(void *vctx, unsigned char *out, size_t *outl, size_t outsize) { + PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx; + if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + *outl = 0; return 1; } @@ -526,6 +552,11 @@ if (!ossl_prov_is_running()) return 0; + if (!ctx->key_set) { + ERR_raise(ERR_LIB_PROV, PROV_R_NO_KEY_SET); + return 0; + } + if (outsize < inl) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; diff -Nru openssl-3.0.12/providers/implementations/ciphers/ciphercommon_ccm.c openssl-3.0.13/providers/implementations/ciphers/ciphercommon_ccm.c --- openssl-3.0.12/providers/implementations/ciphers/ciphercommon_ccm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/ciphercommon_ccm.c 2024-01-30 13:28:16.000000000 +0000 @@ -109,7 +109,10 @@ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - ctx->l = ivlen; + if (ctx->l != ivlen) { + ctx->l = ivlen; + ctx->iv_set = 0; + } } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); diff -Nru openssl-3.0.12/providers/implementations/ciphers/ciphercommon_gcm.c openssl-3.0.13/providers/implementations/ciphers/ciphercommon_gcm.c --- openssl-3.0.12/providers/implementations/ciphers/ciphercommon_gcm.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/ciphers/ciphercommon_gcm.c 2024-01-30 13:28:16.000000000 +0000 @@ -261,7 +261,12 @@ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return 0; } - ctx->ivlen = sz; + if (ctx->ivlen != sz) { + /* If the iv was already set or autogenerated, it is invalid. */ + if (ctx->iv_state != IV_STATE_UNINITIALISED) + ctx->iv_state = IV_STATE_FINISHED; + ctx->ivlen = sz; + } } p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); diff -Nru openssl-3.0.12/providers/implementations/digests/blake2b_prov.c openssl-3.0.13/providers/implementations/digests/blake2b_prov.c --- openssl-3.0.12/providers/implementations/digests/blake2b_prov.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/digests/blake2b_prov.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -323,8 +323,10 @@ for (i = 0; i < iter; ++i) store64(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX)); return 1; diff -Nru openssl-3.0.12/providers/implementations/digests/blake2s_prov.c openssl-3.0.13/providers/implementations/digests/blake2s_prov.c --- openssl-3.0.12/providers/implementations/digests/blake2s_prov.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/digests/blake2s_prov.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -314,8 +314,10 @@ for (i = 0; i < iter; ++i) store32(target + sizeof(c->h[i]) * i, c->h[i]); - if (target != md) + if (target != md) { memcpy(md, target, c->outlen); + OPENSSL_cleanse(target, sizeof(outbuffer)); + } OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX)); return 1; diff -Nru openssl-3.0.12/providers/implementations/encode_decode/encode_key2any.c openssl-3.0.13/providers/implementations/encode_decode/encode_key2any.c --- openssl-3.0.12/providers/implementations/encode_decode/encode_key2any.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/encode_decode/encode_key2any.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -740,7 +740,15 @@ # define ec_pem_type "EC" # ifndef OPENSSL_NO_SM2 -# define sm2_evp_type EVP_PKEY_SM2 +/* + * Albeit SM2 is a slightly different algorithm than ECDSA, the key type + * encoding (in all places where an AlgorithmIdentifier is produced, such + * as PrivateKeyInfo and SubjectPublicKeyInfo) is the same as for ECC keys + * according to the example in GM/T 0015-2012, appendix D.2. + * This leaves the distinction of SM2 keys to the EC group (which is found + * in AlgorithmIdentified.params). + */ +# define sm2_evp_type ec_evp_type # define sm2_input_type "SM2" # define sm2_pem_type "SM2" # endif diff -Nru openssl-3.0.12/providers/implementations/include/prov/ciphercommon.h openssl-3.0.13/providers/implementations/include/prov/ciphercommon.h --- openssl-3.0.12/providers/implementations/include/prov/ciphercommon.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/include/prov/ciphercommon.h 2024-01-30 13:28:16.000000000 +0000 @@ -58,6 +58,7 @@ unsigned int pad : 1; /* Whether padding should be used or not */ unsigned int enc : 1; /* Set to 1 for encrypt, or 0 otherwise */ unsigned int iv_set : 1; /* Set when the iv is copied to the iv/oiv buffers */ + unsigned int key_set : 1; /* Set when key is set on the context */ unsigned int updated : 1; /* Set to 1 during update for one shot ciphers */ unsigned int variable_keylength : 1; unsigned int inverse_cipher : 1; /* set to 1 to use inverse cipher */ diff -Nru openssl-3.0.12/providers/implementations/include/prov/ciphercommon_aead.h openssl-3.0.13/providers/implementations/include/prov/ciphercommon_aead.h --- openssl-3.0.12/providers/implementations/include/prov/ciphercommon_aead.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/include/prov/ciphercommon_aead.h 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -23,9 +23,14 @@ { \ return alg##_##lc##_newctx(provctx, kbits); \ } \ +static void * alg##kbits##lc##_dupctx(void *src) \ +{ \ + return alg##_##lc##_dupctx(src); \ +} \ const OSSL_DISPATCH ossl_##alg##kbits##lc##_functions[] = { \ { OSSL_FUNC_CIPHER_NEWCTX, (void (*)(void))alg##kbits##lc##_newctx }, \ { OSSL_FUNC_CIPHER_FREECTX, (void (*)(void))alg##_##lc##_freectx }, \ + { OSSL_FUNC_CIPHER_DUPCTX, (void (*)(void))alg##kbits##lc##_dupctx }, \ { OSSL_FUNC_CIPHER_ENCRYPT_INIT, (void (*)(void))ossl_##lc##_einit }, \ { OSSL_FUNC_CIPHER_DECRYPT_INIT, (void (*)(void))ossl_##lc##_dinit }, \ { OSSL_FUNC_CIPHER_UPDATE, (void (*)(void))ossl_##lc##_stream_update }, \ diff -Nru openssl-3.0.12/providers/implementations/kdfs/pbkdf1.c openssl-3.0.13/providers/implementations/kdfs/pbkdf1.c --- openssl-3.0.12/providers/implementations/kdfs/pbkdf1.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/kdfs/pbkdf1.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -71,6 +71,11 @@ mdsize = EVP_MD_size(md_type); if (mdsize < 0) goto err; + if (n > (size_t)mdsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE); + goto err; + } + for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(ctx, md_type, NULL)) goto err; @@ -83,6 +88,7 @@ memcpy(out, md_tmp, n); ret = 1; err: + OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE); EVP_MD_CTX_free(ctx); return ret; } diff -Nru openssl-3.0.12/providers/implementations/macs/cmac_prov.c openssl-3.0.13/providers/implementations/macs/cmac_prov.c --- openssl-3.0.12/providers/implementations/macs/cmac_prov.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/macs/cmac_prov.c 2024-01-30 13:28:16.000000000 +0000 @@ -99,8 +99,12 @@ static size_t cmac_size(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; + const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); - return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); + if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) + return 0; + + return EVP_CIPHER_CTX_get_block_size(cipherctx); } static int cmac_setkey(struct cmac_data_st *macctx, diff -Nru openssl-3.0.12/providers/implementations/signature/rsa_sig.c openssl-3.0.13/providers/implementations/signature/rsa_sig.c --- openssl-3.0.12/providers/implementations/signature/rsa_sig.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/signature/rsa_sig.c 2024-01-30 13:28:16.000000000 +0000 @@ -997,6 +997,7 @@ *dstctx = *srcctx; dstctx->rsa = NULL; dstctx->md = NULL; + dstctx->mgf1_md = NULL; dstctx->mdctx = NULL; dstctx->tbuf = NULL; dstctx->propq = NULL; diff -Nru openssl-3.0.12/providers/implementations/signature/sm2_sig.c openssl-3.0.13/providers/implementations/signature/sm2_sig.c --- openssl-3.0.12/providers/implementations/signature/sm2_sig.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/providers/implementations/signature/sm2_sig.c 2024-01-30 13:28:16.000000000 +0000 @@ -330,6 +330,7 @@ free_md(ctx); EC_KEY_free(ctx->ec); + OPENSSL_free(ctx->propq); OPENSSL_free(ctx->id); OPENSSL_free(ctx); } @@ -345,13 +346,21 @@ *dstctx = *srcctx; dstctx->ec = NULL; + dstctx->propq = NULL; dstctx->md = NULL; dstctx->mdctx = NULL; + dstctx->id = NULL; if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec)) goto err; dstctx->ec = srcctx->ec; + if (srcctx->propq != NULL) { + dstctx->propq = OPENSSL_strdup(srcctx->propq); + if (dstctx->propq == NULL) + goto err; + } + if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md)) goto err; dstctx->md = srcctx->md; diff -Nru openssl-3.0.12/ssl/build.info openssl-3.0.13/ssl/build.info --- openssl-3.0.12/ssl/build.info 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/build.info 2024-01-30 13:28:16.000000000 +0000 @@ -37,11 +37,8 @@ SHARED_SOURCE[../libssl]=s3_cbc.c SOURCE[../libssl]=ssl_rsa_legacy.c ENDIF -DEFINE[../libssl]=$AESDEF -IF[{- !$disabled{quic} -}] - SOURCE[../libssl]=ssl_quic.c statem/statem_quic.c -ENDIF +DEFINE[../libssl]=$AESDEF SOURCE[../providers/libcommon.a]=record/tls_pad.c SOURCE[../providers/libdefault.a ../providers/libfips.a]=s3_cbc.c diff -Nru openssl-3.0.12/ssl/d1_lib.c openssl-3.0.13/ssl/d1_lib.c --- openssl-3.0.12/ssl/d1_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/d1_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -130,6 +130,23 @@ while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) { frag = (hm_fragment *)item->data; + + if (frag->msg_header.is_ccs) { + /* + * If we're freeing the CCS then we're done with the old + * enc_write_ctx/write_hash and they can be freed + */ + if (s->enc_write_ctx + != frag->msg_header.saved_retransmit_state.enc_write_ctx) + EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state + .enc_write_ctx); + + if (s->write_hash + != frag->msg_header.saved_retransmit_state.write_hash) + EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state + .write_hash); + } + dtls1_hm_fragment_free(frag); pitem_free(item); } diff -Nru openssl-3.0.12/ssl/record/rec_layer_s3.c openssl-3.0.13/ssl/record/rec_layer_s3.c --- openssl-3.0.12/ssl/record/rec_layer_s3.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/record/rec_layer_s3.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -300,6 +300,10 @@ SSL_set_shutdown(s, SSL_RECEIVED_SHUTDOWN); s->s3.warn_alert = SSL_AD_CLOSE_NOTIFY; } else { + /* + * This reason code is part of the API and may be used by + * applications for control flow decisions. + */ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_UNEXPECTED_EOF_WHILE_READING); } diff -Nru openssl-3.0.12/ssl/s3_enc.c openssl-3.0.13/ssl/s3_enc.c --- openssl-3.0.12/ssl/s3_enc.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/s3_enc.c 2024-01-30 13:28:16.000000000 +0000 @@ -225,7 +225,11 @@ goto err; } - if (EVP_CIPHER_get0_provider(c) != NULL + /* + * The cipher we actually ended up using in the EVP_CIPHER_CTX may be + * different to that in c if we have an ENGINE in use + */ + if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; diff -Nru openssl-3.0.12/ssl/s3_lib.c openssl-3.0.13/ssl/s3_lib.c --- openssl-3.0.12/ssl/s3_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/s3_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -3365,6 +3365,10 @@ OPENSSL_free(s->s3.alpn_selected); OPENSSL_free(s->s3.alpn_proposed); +#ifndef OPENSSL_NO_PSK + OPENSSL_free(s->s3.tmp.psk); +#endif + #ifndef OPENSSL_NO_SRP ssl_srp_ctx_free_intern(s); #endif diff -Nru openssl-3.0.12/ssl/s3_msg.c openssl-3.0.13/ssl/s3_msg.c --- openssl-3.0.12/ssl/s3_msg.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/s3_msg.c 2024-01-30 13:28:16.000000000 +0000 @@ -81,16 +81,6 @@ s->s3.alert_dispatch = 0; alertlen = 2; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (!s->quic_method->send_alert(s, s->quic_write_level, - s->s3.send_alert[1])) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return 0; - } - i = 1; - } else -#endif i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3.send_alert[0], &alertlen, 1, 0, &written); if (i <= 0) { diff -Nru openssl-3.0.12/ssl/ssl_ciph.c openssl-3.0.13/ssl/ssl_ciph.c --- openssl-3.0.12/ssl/ssl_ciph.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_ciph.c 2024-01-30 13:28:16.000000000 +0000 @@ -465,7 +465,8 @@ comp->method = method; comp->id = SSL_COMP_ZLIB_IDX; comp->name = COMP_get_name(method); - sk_SSL_COMP_push(ssl_comp_methods, comp); + if (!sk_SSL_COMP_push(ssl_comp_methods, comp)) + OPENSSL_free(comp); sk_SSL_COMP_sort(ssl_comp_methods); } } @@ -2239,37 +2240,3 @@ "TLS_CHACHA20_POLY1305_SHA256:" "TLS_AES_128_GCM_SHA256"; } - -#ifndef OPENSSL_NO_QUIC -int SSL_CIPHER_get_prf_nid(const SSL_CIPHER *c) -{ - switch (c->algorithm2 & (0xFF << TLS1_PRF_DGST_SHIFT)) { - default: - break; - case TLS1_PRF_SHA1_MD5: /* TLS1_PRF */ - return NID_md5_sha1; - case TLS1_PRF_SHA256: - return NID_sha256; - case TLS1_PRF_SHA384: - return NID_sha384; - case TLS1_PRF_GOST94: - return NID_id_GostR3411_94_prf; - case TLS1_PRF_GOST12_256: - return NID_id_GostR3411_2012_256; - case TLS1_PRF_GOST12_512: - return NID_id_GostR3411_2012_512; - } - /* TLSv1.3 ciphers don't specify separate PRF */ - switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) { - default: - break; - case SSL_HANDSHAKE_MAC_MD5_SHA1: /* SSL_HANDSHAKE_MAC_DEFAULT */ - return NID_md5_sha1; - case SSL_HANDSHAKE_MAC_SHA256: - return NID_sha256; - case SSL_HANDSHAKE_MAC_SHA384: - return NID_sha384; - } - return NID_undef; -} -#endif diff -Nru openssl-3.0.12/ssl/ssl_conf.c openssl-3.0.13/ssl/ssl_conf.c --- openssl-3.0.12/ssl/ssl_conf.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_conf.c 2024-01-30 13:28:16.000000000 +0000 @@ -870,9 +870,12 @@ /* Find index of command in table */ size_t idx = cmd - ssl_conf_cmds; const ssl_switch_tbl *scmd; + /* Sanity check index */ - if (idx >= OSSL_NELEM(ssl_cmd_switches)) + if (idx >= OSSL_NELEM(ssl_cmd_switches)) { + ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); return 0; + } /* Obtain switches entry with same index */ scmd = ssl_cmd_switches + idx; ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1); @@ -888,28 +891,33 @@ } if (!ssl_conf_cmd_skip_prefix(cctx, &cmd)) - return -2; + goto unknown_cmd; runcmd = ssl_conf_cmd_lookup(cctx, cmd); if (runcmd) { - int rv; + int rv = -3; + if (runcmd->value_type == SSL_CONF_TYPE_NONE) { return ctrl_switch_option(cctx, runcmd); } if (value == NULL) - return -3; + goto bad_value; rv = runcmd->cmd(cctx, value); if (rv > 0) return 2; - if (rv == -2) - return -2; + if (rv != -2) + rv = 0; + + bad_value: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE, - "cmd=%s, value=%s", cmd, value); - return 0; + "cmd=%s, value=%s", cmd, + value != NULL ? value : ""); + return rv; } + unknown_cmd: if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd); diff -Nru openssl-3.0.12/ssl/ssl_err.c openssl-3.0.13/ssl/ssl_err.c --- openssl-3.0.12/ssl/ssl_err.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_err.c 2024-01-30 13:28:16.000000000 +0000 @@ -241,8 +241,6 @@ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION), "missing psk kex modes extension"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION), - "missing quic transport parameters extension"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT), @@ -546,8 +544,6 @@ {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED), "wrong cipher returned"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), - "wrong encryption level received"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"}, {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE), diff -Nru openssl-3.0.12/ssl/ssl_lib.c openssl-3.0.13/ssl/ssl_lib.c --- openssl-3.0.12/ssl/ssl_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -341,17 +341,31 @@ case DANETLS_SELECTOR_CERT: if (!d2i_X509(&cert, &p, ilen) || p < data || dlen != (size_t)(p - data)) { + X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); return 0; } if (X509_get0_pubkey(cert) == NULL) { + X509_free(cert); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_CERTIFICATE); return 0; } if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) { + /* + * The Full(0) certificate decodes to a seemingly valid X.509 + * object with a plausible key, so the TLSA record is well + * formed. However, we don't actually need the certifiate for + * usages PKIX-EE(1) or DANE-EE(3), because at least the EE + * certificate is always presented by the peer. We discard the + * certificate, and just use the TLSA data as an opaque blob + * for matching the raw presented DER octets. + * + * DO NOT FREE `t` here, it will be added to the TLSA record + * list below! + */ X509_free(cert); break; } @@ -376,6 +390,7 @@ case DANETLS_SELECTOR_SPKI: if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data || dlen != (size_t)(p - data)) { + EVP_PKEY_free(pkey); tlsa_free(t); ERR_raise(ERR_LIB_SSL, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY); return 0; @@ -566,56 +581,7 @@ ssl_clear_hash_ctx(&s->write_hash); } -#ifndef OPENSSL_NO_QUIC -int SSL_clear(SSL *s) -{ - if (!SSL_clear_not_quic(s)) - return 0; - return SSL_clear_quic(s); -} - -int SSL_clear_quic(SSL *s) -{ - OPENSSL_free(s->ext.peer_quic_transport_params_draft); - s->ext.peer_quic_transport_params_draft = NULL; - s->ext.peer_quic_transport_params_draft_len = 0; - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - s->quic_read_level = ssl_encryption_initial; - s->quic_write_level = ssl_encryption_initial; - s->quic_latest_level_received = ssl_encryption_initial; - while (s->quic_input_data_head != NULL) { - QUIC_DATA *qd; - - qd = s->quic_input_data_head; - s->quic_input_data_head = qd->next; - OPENSSL_free(qd); - } - s->quic_input_data_tail = NULL; - BUF_MEM_free(s->quic_buf); - s->quic_buf = NULL; - s->quic_next_record_start = 0; - memset(s->client_hand_traffic_secret, 0, EVP_MAX_MD_SIZE); - memset(s->server_hand_traffic_secret, 0, EVP_MAX_MD_SIZE); - memset(s->client_early_traffic_secret, 0, EVP_MAX_MD_SIZE); - /* - * CONFIG - DON'T CLEAR - * s->ext.quic_transport_params - * s->ext.quic_transport_params_len - * s->quic_transport_version - * s->quic_method = NULL; - */ - return 1; -} -#endif - -/* Keep this conditional very local */ -#ifndef OPENSSL_NO_QUIC -int SSL_clear_not_quic(SSL *s) -#else int SSL_clear(SSL *s) -#endif { if (s->method == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_NO_METHOD_SPECIFIED); @@ -890,10 +856,6 @@ s->job = NULL; -#ifndef OPENSSL_NO_QUIC - s->quic_method = ctx->quic_method; -#endif - #ifndef OPENSSL_NO_CT if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback, ctx->ct_validation_callback_arg)) @@ -1264,8 +1226,6 @@ SSL_SESSION_free(s->psksession); OPENSSL_free(s->psksession_id); - clear_ciphers(s); - ssl_cert_free(s->cert); OPENSSL_free(s->shared_sigalgs); /* Free up if allocated */ @@ -1293,20 +1253,6 @@ OPENSSL_free(s->pha_context); EVP_MD_CTX_free(s->pha_dgst); -#ifndef OPENSSL_NO_QUIC - OPENSSL_free(s->ext.quic_transport_params); - OPENSSL_free(s->ext.peer_quic_transport_params_draft); - OPENSSL_free(s->ext.peer_quic_transport_params); - BUF_MEM_free(s->quic_buf); - while (s->quic_input_data_head != NULL) { - QUIC_DATA *qd; - - qd = s->quic_input_data_head; - s->quic_input_data_head = qd->next; - OPENSSL_free(qd); - } -#endif - sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free); sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free); @@ -1315,6 +1261,12 @@ if (s->method != NULL) s->method->ssl_free(s); + /* + * Must occur after s->method->ssl_free(). The DTLS sent_messages queue + * may reference the EVP_CIPHER_CTX/EVP_MD_CTX that are freed here. + */ + clear_ciphers(s); + SSL_CTX_free(s->ctx); ASYNC_WAIT_CTX_free(s->waitctx); @@ -1900,12 +1852,6 @@ int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; @@ -2037,12 +1983,6 @@ static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; @@ -2103,12 +2043,6 @@ int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return -1; - } -#endif if (s->handshake_func == NULL) { ERR_raise(ERR_LIB_SSL, SSL_R_UNINITIALIZED); return -1; @@ -3923,11 +3857,6 @@ } if (SSL_want_read(s)) { -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - return SSL_ERROR_WANT_READ; - } -#endif bio = SSL_get_rbio(s); if (BIO_should_read(bio)) return SSL_ERROR_WANT_READ; @@ -4027,21 +3956,6 @@ ret = s->handshake_func(s); } } -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s) && ret == 1) { - if (s->server) { - if (s->early_data_state == SSL_EARLY_DATA_ACCEPTING) { - s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; - s->rwstate = SSL_READING; - ret = 0; - } - } else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) { - s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY; - s->rwstate = SSL_READING; - ret = 0; - } - } -#endif return ret; } @@ -5077,6 +4991,8 @@ * If |dst| points to a NULL pointer, a new stack will be created and owned by * the caller. * Returns the number of SCTs moved, or a negative integer if an error occurs. + * The |dst| stack is created and possibly partially populated even in case + * of error, likewise the |src| stack may be left in an intermediate state. */ static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src, sct_source_t origin) @@ -5096,15 +5012,14 @@ if (SCT_set_source(sct, origin) != 1) goto err; - if (sk_SCT_push(*dst, sct) <= 0) + if (!sk_SCT_push(*dst, sct)) goto err; scts_moved += 1; } return scts_moved; err: - if (sct != NULL) - sk_SCT_push(src, sct); /* Put the SCT back */ + SCT_free(sct); return -1; } diff -Nru openssl-3.0.12/ssl/ssl_local.h openssl-3.0.13/ssl/ssl_local.h --- openssl-3.0.12/ssl/ssl_local.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_local.h 2024-01-30 13:28:16.000000000 +0000 @@ -337,13 +337,6 @@ /* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */ # define SSL3_CK_CIPHERSUITE_FLAG 0x03000000 -/* Check if an SSL structure is using QUIC (which uses TLSv1.3) */ -# ifndef OPENSSL_NO_QUIC -# define SSL_IS_QUIC(s) (s->quic_method != NULL) -# else -# define SSL_IS_QUIC(s) 0 -# endif - /* Check if an SSL structure is using DTLS */ # define SSL_IS_DTLS(s) (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) @@ -773,8 +766,6 @@ TLSEXT_IDX_cryptopro_bug, TLSEXT_IDX_early_data, TLSEXT_IDX_certificate_authorities, - TLSEXT_IDX_quic_transport_parameters_draft, - TLSEXT_IDX_quic_transport_parameters, TLSEXT_IDX_padding, TLSEXT_IDX_psk, /* Dummy index - must always be the last entry */ @@ -1214,25 +1205,10 @@ uint32_t disabled_mac_mask; uint32_t disabled_mkey_mask; uint32_t disabled_auth_mask; - -#ifndef OPENSSL_NO_QUIC - const SSL_QUIC_METHOD *quic_method; -#endif }; typedef struct cert_pkey_st CERT_PKEY; -#ifndef OPENSSL_NO_QUIC -struct quic_data_st { - struct quic_data_st *next; - OSSL_ENCRYPTION_LEVEL level; - size_t start; /* offset into quic_buf->data */ - size_t length; -}; -typedef struct quic_data_st QUIC_DATA; -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level); -#endif - struct ssl_st { /* * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, @@ -1492,11 +1468,6 @@ unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE]; unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE]; unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE]; -# ifndef OPENSSL_NO_QUIC - unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE]; - unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE]; - unsigned char client_early_traffic_secret[EVP_MAX_MD_SIZE]; -# endif unsigned char exporter_master_secret[EVP_MAX_MD_SIZE]; unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE]; EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ @@ -1709,35 +1680,8 @@ * selected. */ int tick_identity; - -#ifndef OPENSSL_NO_QUIC - uint8_t *quic_transport_params; - size_t quic_transport_params_len; - uint8_t *peer_quic_transport_params_draft; - size_t peer_quic_transport_params_draft_len; - uint8_t *peer_quic_transport_params; - size_t peer_quic_transport_params_len; -#endif } ext; -#ifndef OPENSSL_NO_QUIC - OSSL_ENCRYPTION_LEVEL quic_read_level; - OSSL_ENCRYPTION_LEVEL quic_write_level; - OSSL_ENCRYPTION_LEVEL quic_latest_level_received; - BUF_MEM *quic_buf; /* buffer incoming handshake messages */ - /* - * defaults to 0, but can be set to: - * - TLSEXT_TYPE_quic_transport_parameters_draft - * - TLSEXT_TYPE_quic_transport_parameters - * Client: if 0, send both - * Server: if 0, use same version as client sent - */ - int quic_transport_version; - QUIC_DATA *quic_input_data_head; - QUIC_DATA *quic_input_data_tail; - size_t quic_next_record_start; - const SSL_QUIC_METHOD *quic_method; -#endif /* * Parsed form of the ClientHello, kept around across client_hello_cb * calls. @@ -2867,11 +2811,6 @@ void ssl_comp_free_compression_methods_int(void); -#ifndef OPENSSL_NO_QUIC -__owur int SSL_clear_not_quic(SSL *s); -__owur int SSL_clear_quic(SSL *s); -#endif - /* ssl_mcnf.c */ void ssl_ctx_system_config(SSL_CTX *ctx); diff -Nru openssl-3.0.12/ssl/ssl_mcnf.c openssl-3.0.13/ssl/ssl_mcnf.c --- openssl-3.0.12/ssl/ssl_mcnf.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_mcnf.c 2024-01-30 13:28:16.000000000 +0000 @@ -24,7 +24,7 @@ { SSL_CONF_CTX *cctx = NULL; size_t i, idx, cmd_count; - int rv = 0; + int err = 1; unsigned int flags; const SSL_METHOD *meth; const SSL_CONF_CMD *cmds; @@ -66,24 +66,22 @@ flags |= SSL_CONF_FLAG_CLIENT; SSL_CONF_CTX_set_flags(cctx, flags); prev_libctx = OSSL_LIB_CTX_set0_default(libctx); + err = 0; for (i = 0; i < cmd_count; i++) { char *cmdstr, *arg; + int rv; conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); rv = SSL_CONF_cmd(cctx, cmdstr, arg); - if (rv <= 0) { - int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE; - - ERR_raise_data(ERR_LIB_SSL, errcode, - "section=%s, cmd=%s, arg=%s", name, cmdstr, arg); - goto err; - } + if (rv <= 0) + ++err; } - rv = SSL_CONF_CTX_finish(cctx); + if (!SSL_CONF_CTX_finish(cctx)) + ++err; err: OSSL_LIB_CTX_set0_default(prev_libctx); SSL_CONF_CTX_free(cctx); - return rv <= 0 ? 0 : 1; + return err == 0; } int SSL_config(SSL *s, const char *name) diff -Nru openssl-3.0.12/ssl/ssl_quic.c openssl-3.0.13/ssl/ssl_quic.c --- openssl-3.0.12/ssl/ssl_quic.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/ssl_quic.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,378 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "ssl_local.h" -#include "internal/cryptlib.h" -#include "internal/refcount.h" - -int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params, - size_t params_len) -{ - uint8_t *tmp; - - if (params == NULL || params_len == 0) { - tmp = NULL; - params_len = 0; - } else { - tmp = OPENSSL_memdup(params, params_len); - if (tmp == NULL) - return 0; - } - - OPENSSL_free(ssl->ext.quic_transport_params); - ssl->ext.quic_transport_params = tmp; - ssl->ext.quic_transport_params_len = params_len; - return 1; -} - -void SSL_get_peer_quic_transport_params(const SSL *ssl, - const uint8_t **out_params, - size_t *out_params_len) -{ - if (ssl->ext.peer_quic_transport_params_len) { - *out_params = ssl->ext.peer_quic_transport_params; - *out_params_len = ssl->ext.peer_quic_transport_params_len; - } else { - *out_params = ssl->ext.peer_quic_transport_params_draft; - *out_params_len = ssl->ext.peer_quic_transport_params_draft_len; - } -} - -/* Returns the negotiated version, or -1 on error */ -int SSL_get_peer_quic_transport_version(const SSL *ssl) -{ - if (ssl->ext.peer_quic_transport_params_len != 0 - && ssl->ext.peer_quic_transport_params_draft_len != 0) - return -1; - if (ssl->ext.peer_quic_transport_params_len != 0) - return TLSEXT_TYPE_quic_transport_parameters; - if (ssl->ext.peer_quic_transport_params_draft_len != 0) - return TLSEXT_TYPE_quic_transport_parameters_draft; - - return -1; -} - -void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy) -{ - if (use_legacy) - ssl->quic_transport_version = TLSEXT_TYPE_quic_transport_parameters_draft; - else - ssl->quic_transport_version = TLSEXT_TYPE_quic_transport_parameters; -} - -void SSL_set_quic_transport_version(SSL *ssl, int version) -{ - ssl->quic_transport_version = version; -} - -int SSL_get_quic_transport_version(const SSL *ssl) -{ - return ssl->quic_transport_version; -} - -size_t SSL_quic_max_handshake_flight_len(const SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - /* - * Limits flights to 16K by default when there are no large - * (certificate-carrying) messages. - */ - static const size_t DEFAULT_FLIGHT_LIMIT = 16384; - - switch (level) { - case ssl_encryption_initial: - return DEFAULT_FLIGHT_LIMIT; - case ssl_encryption_early_data: - /* QUIC does not send EndOfEarlyData. */ - return 0; - case ssl_encryption_handshake: - if (ssl->server) { - /* - * Servers may receive Certificate message if configured to request - * client certificates. - */ - if ((ssl->verify_mode & SSL_VERIFY_PEER) - && ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) - return ssl->max_cert_list; - } else { - /* - * Clients may receive both Certificate message and a CertificateRequest - * message. - */ - if (2*ssl->max_cert_list > DEFAULT_FLIGHT_LIMIT) - return 2 * ssl->max_cert_list; - } - return DEFAULT_FLIGHT_LIMIT; - case ssl_encryption_application: - return DEFAULT_FLIGHT_LIMIT; - } - - return 0; -} - -OSSL_ENCRYPTION_LEVEL SSL_quic_read_level(const SSL *ssl) -{ - return ssl->quic_read_level; -} - -OSSL_ENCRYPTION_LEVEL SSL_quic_write_level(const SSL *ssl) -{ - return ssl->quic_write_level; -} - -int SSL_provide_quic_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len) -{ - size_t l, offset; - - if (!SSL_IS_QUIC(ssl)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - /* Level can be different than the current read, but not less */ - if (level < ssl->quic_read_level - || (ssl->quic_input_data_tail != NULL && level < ssl->quic_input_data_tail->level) - || level < ssl->quic_latest_level_received) { - ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - return 0; - } - - if (len == 0) - return 1; - - if (ssl->quic_buf == NULL) { - BUF_MEM *buf; - if ((buf = BUF_MEM_new()) == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return 0; - } - if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - BUF_MEM_free(buf); - return 0; - } - ssl->quic_buf = buf; - /* We preallocated storage, but there's still no *data*. */ - ssl->quic_buf->length = 0; - buf = NULL; - } - - /* A TLS message must not cross an encryption level boundary */ - if (ssl->quic_buf->length != ssl->quic_next_record_start - && level != ssl->quic_latest_level_received) { - ERR_raise(ERR_LIB_SSL, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - return 0; - } - ssl->quic_latest_level_received = level; - - offset = ssl->quic_buf->length; - if (!BUF_MEM_grow(ssl->quic_buf, offset + len)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return 0; - } - memcpy(ssl->quic_buf->data + offset, data, len); - - /* Split on handshake message boundaries */ - while (ssl->quic_buf->length > ssl->quic_next_record_start - + SSL3_HM_HEADER_LENGTH) { - QUIC_DATA *qd; - const uint8_t *p; - - /* TLS Handshake message header has 1-byte type and 3-byte length */ - p = (const uint8_t *)ssl->quic_buf->data - + ssl->quic_next_record_start + 1; - n2l3(p, l); - l += SSL3_HM_HEADER_LENGTH; - /* Don't allocate a QUIC_DATA if we don't have a full record */ - if (l > ssl->quic_buf->length - ssl->quic_next_record_start) - break; - - qd = OPENSSL_zalloc(sizeof(*qd)); - if (qd == NULL) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return 0; - } - - qd->next = NULL; - qd->length = l; - qd->start = ssl->quic_next_record_start; - qd->level = level; - - if (ssl->quic_input_data_tail != NULL) - ssl->quic_input_data_tail->next = qd; - else - ssl->quic_input_data_head = qd; - ssl->quic_input_data_tail = qd; - ssl->quic_next_record_start += l; - } - - return 1; -} - -int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) -{ - if (ctx->method->version != TLS_ANY_VERSION) - return 0; - ctx->quic_method = quic_method; - ctx->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - return 1; -} - -int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) -{ - if (ssl->method->version != TLS_ANY_VERSION) - return 0; - ssl->quic_method = quic_method; - ssl->options &= ~SSL_OP_ENABLE_MIDDLEBOX_COMPAT; - return 1; -} - -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - uint8_t *c2s_secret = NULL; - uint8_t *s2c_secret = NULL; - size_t len; - const EVP_MD *md; - - if (!SSL_IS_QUIC(ssl)) - return 1; - - /* secrets from the POV of the client */ - switch (level) { - case ssl_encryption_early_data: - c2s_secret = ssl->client_early_traffic_secret; - break; - case ssl_encryption_handshake: - c2s_secret = ssl->client_hand_traffic_secret; - s2c_secret = ssl->server_hand_traffic_secret; - break; - case ssl_encryption_application: - c2s_secret = ssl->client_app_traffic_secret; - s2c_secret = ssl->server_app_traffic_secret; - break; - default: - return 1; - } - - if (level == ssl_encryption_early_data) { - const SSL_CIPHER *c = SSL_SESSION_get0_cipher(ssl->session); - if (ssl->early_data_state == SSL_EARLY_DATA_CONNECTING - && ssl->max_early_data > 0 - && ssl->session->ext.max_early_data == 0) { - if (!ossl_assert(ssl->psksession != NULL - && ssl->max_early_data == - ssl->psksession->ext.max_early_data)) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - c = SSL_SESSION_get0_cipher(ssl->psksession); - } - - if (c == NULL) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - md = ssl_md(ssl->ctx, c->algorithm2); - } else { - md = ssl_handshake_md(ssl); - if (md == NULL) { - /* May not have selected cipher, yet */ - const SSL_CIPHER *c = NULL; - - /* - * It probably doesn't make sense to use an (external) PSK session, - * but in theory some kinds of external session caches could be - * implemented using it, so allow psksession to be used as well as - * the regular session. - */ - if (ssl->session != NULL) - c = SSL_SESSION_get0_cipher(ssl->session); - else if (ssl->psksession != NULL) - c = SSL_SESSION_get0_cipher(ssl->psksession); - - if (c != NULL) - md = SSL_CIPHER_get_handshake_digest(c); - } - } - - if ((len = EVP_MD_size(md)) <= 0) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - if (ssl->server) { - if (!ssl->quic_method->set_encryption_secrets(ssl, level, c2s_secret, - s2c_secret, len)) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - } else { - if (!ssl->quic_method->set_encryption_secrets(ssl, level, s2c_secret, - c2s_secret, len)) { - SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - } - - return 1; -} - -int SSL_process_quic_post_handshake(SSL *ssl) -{ - int ret; - - if (SSL_in_init(ssl) || !SSL_IS_QUIC(ssl)) { - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - return 0; - } - - /* if there is no data, return success as BoringSSL */ - while (ssl->quic_input_data_head != NULL) { - /* - * This is always safe (we are sure to be at a record boundary) because - * SSL_read()/SSL_write() are never used for QUIC connections -- the - * application data is handled at the QUIC layer instead. - */ - ossl_statem_set_in_init(ssl, 1); - ret = ssl->handshake_func(ssl); - ossl_statem_set_in_init(ssl, 0); - - if (ret <= 0) - return 0; - } - return 1; -} - -int SSL_is_quic(SSL* ssl) -{ - return SSL_IS_QUIC(ssl); -} - -void SSL_set_quic_early_data_enabled(SSL *ssl, int enabled) -{ - if (!SSL_is_quic(ssl) || !SSL_in_before(ssl)) - return; - - if (!enabled) { - ssl->early_data_state = SSL_EARLY_DATA_NONE; - return; - } - - if (ssl->server) { - ssl->early_data_state = SSL_EARLY_DATA_ACCEPTING; - return; - } - - if ((ssl->session == NULL || ssl->session->ext.max_early_data == 0) - && ssl->psk_use_session_cb == NULL) - return; - - ssl->early_data_state = SSL_EARLY_DATA_CONNECTING; -} diff -Nru openssl-3.0.12/ssl/statem/extensions.c openssl-3.0.13/ssl/statem/extensions.c --- openssl-3.0.12/ssl/statem/extensions.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/extensions.c 2024-01-30 13:28:16.000000000 +0000 @@ -59,11 +59,6 @@ static int final_maxfragmentlen(SSL *s, unsigned int context, int sent); static int init_post_handshake_auth(SSL *s, unsigned int context); static int final_psk(SSL *s, unsigned int context, int sent); -#ifndef OPENSSL_NO_QUIC -static int init_quic_transport_params(SSL *s, unsigned int context); -static int final_quic_transport_params_draft(SSL *s, unsigned int context, int sent); -static int final_quic_transport_params(SSL *s, unsigned int context, int sent); -#endif /* Structure to define a built-in extension */ typedef struct extensions_definition_st { @@ -375,29 +370,6 @@ tls_construct_certificate_authorities, tls_construct_certificate_authorities, NULL, }, -#ifndef OPENSSL_NO_QUIC - { - TLSEXT_TYPE_quic_transport_parameters_draft, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, - init_quic_transport_params, - tls_parse_ctos_quic_transport_params_draft, tls_parse_stoc_quic_transport_params_draft, - tls_construct_stoc_quic_transport_params_draft, tls_construct_ctos_quic_transport_params_draft, - final_quic_transport_params_draft, - }, - { - TLSEXT_TYPE_quic_transport_parameters, - SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS - | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY, - init_quic_transport_params, - tls_parse_ctos_quic_transport_params, tls_parse_stoc_quic_transport_params, - tls_construct_stoc_quic_transport_params, tls_construct_ctos_quic_transport_params, - final_quic_transport_params, - }, -#else - INVALID_EXTENSION, - INVALID_EXTENSION, -#endif { /* Must be immediately before pre_shared_key */ TLSEXT_TYPE_padding, @@ -1756,44 +1728,3 @@ return 1; } - -#ifndef OPENSSL_NO_QUIC -static int init_quic_transport_params(SSL *s, unsigned int context) -{ - return 1; -} - -static int final_quic_transport_params_draft(SSL *s, unsigned int context, - int sent) -{ - return 1; -} - -static int final_quic_transport_params(SSL *s, unsigned int context, int sent) -{ - /* called after final_quic_transport_params_draft */ - if (SSL_IS_QUIC(s)) { - if (s->ext.peer_quic_transport_params_len == 0 - && s->ext.peer_quic_transport_params_draft_len == 0) { - SSLfatal(s, SSL_AD_MISSING_EXTENSION, - SSL_R_MISSING_QUIC_TRANSPORT_PARAMETERS_EXTENSION); - return 0; - } - /* if we got both, discard the one we can't use */ - if (s->ext.peer_quic_transport_params_len != 0 - && s->ext.peer_quic_transport_params_draft_len != 0) { - if (s->quic_transport_version == TLSEXT_TYPE_quic_transport_parameters_draft) { - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - } else { - OPENSSL_free(s->ext.peer_quic_transport_params_draft); - s->ext.peer_quic_transport_params_draft = NULL; - s->ext.peer_quic_transport_params_draft_len = 0; - } - } - } - - return 1; -} -#endif diff -Nru openssl-3.0.12/ssl/statem/extensions_clnt.c openssl-3.0.13/ssl/statem/extensions_clnt.c --- openssl-3.0.12/ssl/statem/extensions_clnt.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/extensions_clnt.c 2024-01-30 13:28:16.000000000 +0000 @@ -1196,47 +1196,7 @@ #endif } -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_ctos_quic_transport_params_draft(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - if (s->quic_transport_version == TLSEXT_TYPE_quic_transport_parameters - || s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters_draft) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} - -EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - if (s->quic_transport_version == TLSEXT_TYPE_quic_transport_parameters_draft - || s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} -#endif /* * Parse the server's renegotiation binding and abort if it's not right */ @@ -1939,17 +1899,6 @@ return 0; } -#ifndef OPENSSL_NO_QUIC - /* - * QUIC server must send 0xFFFFFFFF or it's a PROTOCOL_VIOLATION - * per RFC9001 S4.6.1 - */ - if (SSL_IS_QUIC(s) && max_early_data != 0xFFFFFFFF) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_INVALID_MAX_EARLY_DATA); - return 0; - } -#endif - s->session->ext.max_early_data = max_early_data; return 1; @@ -2032,37 +1981,3 @@ return 1; } -#ifndef OPENSSL_NO_QUIC -int tls_parse_stoc_quic_transport_params_draft(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params_draft); - s->ext.peer_quic_transport_params_draft = NULL; - s->ext.peer_quic_transport_params_draft_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params_draft, - &s->ext.peer_quic_transport_params_draft_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} - -int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params, - &s->ext.peer_quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} -#endif diff -Nru openssl-3.0.12/ssl/statem/extensions_cust.c openssl-3.0.13/ssl/statem/extensions_cust.c --- openssl-3.0.12/ssl/statem/extensions_cust.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/extensions_cust.c 2024-01-30 13:28:16.000000000 +0000 @@ -220,6 +220,8 @@ || !WPACKET_start_sub_packet_u16(pkt) || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen)) || !WPACKET_close(pkt)) { + if (meth->free_cb != NULL) + meth->free_cb(s, meth->ext_type, context, out, meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -228,6 +230,9 @@ * We can't send duplicates: code logic should prevent this. */ if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) { + if (meth->free_cb != NULL) + meth->free_cb(s, meth->ext_type, context, out, + meth->add_arg); SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; } @@ -328,6 +333,8 @@ OPENSSL_free(meth->parse_arg); } OPENSSL_free(exts->meths); + exts->meths = NULL; + exts->meths_count = 0; } /* Return true if a client custom extension exists, false otherwise */ diff -Nru openssl-3.0.12/ssl/statem/extensions_srvr.c openssl-3.0.13/ssl/statem/extensions_srvr.c --- openssl-3.0.12/ssl/statem/extensions_srvr.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/extensions_srvr.c 2024-01-30 13:28:16.000000000 +0000 @@ -1232,40 +1232,6 @@ return 1; } -#ifndef OPENSSL_NO_QUIC -int tls_parse_ctos_quic_transport_params_draft(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params_draft); - s->ext.peer_quic_transport_params_draft = NULL; - s->ext.peer_quic_transport_params_draft_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params_draft, - &s->ext.peer_quic_transport_params_draft_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} - -int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx) -{ - OPENSSL_free(s->ext.peer_quic_transport_params); - s->ext.peer_quic_transport_params = NULL; - s->ext.peer_quic_transport_params_len = 0; - - if (!PACKET_memdup(pkt, - &s->ext.peer_quic_transport_params, - &s->ext.peer_quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - return 1; -} -#endif - /* * Add the server's renegotiation binding */ @@ -1905,20 +1871,12 @@ size_t chainidx) { if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) { - uint32_t max_early_data = s->max_early_data; - - if (max_early_data == 0) + if (s->max_early_data == 0) return EXT_RETURN_NOT_SENT; -#ifndef OPENSSL_NO_QUIC - /* QUIC server must always send 0xFFFFFFFF, per RFC9001 S4.6.1 */ - if (SSL_IS_QUIC(s)) - max_early_data = 0xFFFFFFFF; -#endif - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data) || !WPACKET_start_sub_packet_u16(pkt) - || !WPACKET_put_bytes_u32(pkt, max_early_data) + || !WPACKET_put_bytes_u32(pkt, s->max_early_data) || !WPACKET_close(pkt)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return EXT_RETURN_FAIL; @@ -1956,48 +1914,3 @@ return EXT_RETURN_SENT; } - -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_stoc_quic_transport_params_draft(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx) -{ - if (s->quic_transport_version == TLSEXT_TYPE_quic_transport_parameters - || s->ext.peer_quic_transport_params_draft_len == 0 - || s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters_draft) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} - -EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx) -{ - if (s->quic_transport_version == TLSEXT_TYPE_quic_transport_parameters_draft - || s->ext.peer_quic_transport_params_len == 0 - || s->ext.quic_transport_params == NULL - || s->ext.quic_transport_params_len == 0) { - return EXT_RETURN_NOT_SENT; - } - - if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_quic_transport_parameters) - || !WPACKET_sub_memcpy_u16(pkt, s->ext.quic_transport_params, - s->ext.quic_transport_params_len)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return EXT_RETURN_FAIL; - } - - return EXT_RETURN_SENT; -} -#endif diff -Nru openssl-3.0.12/ssl/statem/statem.c openssl-3.0.13/ssl/statem/statem.c --- openssl-3.0.12/ssl/statem/statem.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem.c 2024-01-30 13:28:16.000000000 +0000 @@ -334,13 +334,8 @@ * If we are stateless then we already called SSL_clear() - don't do * it again and clear the STATELESS flag itself. */ -#ifndef OPENSSL_NO_QUIC - if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear_not_quic(s)) - return -1; -#else if ((s->s3.flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s)) return -1; -#endif } #ifndef OPENSSL_NO_SCTP if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) { @@ -588,11 +583,6 @@ * In DTLS we get the whole message in one go - header and body */ ret = dtls_get_message(s, &mt); -#ifndef OPENSSL_NO_QUIC - } else if (SSL_IS_QUIC(s)) { - /* QUIC behaves like DTLS -- all in one go. */ - ret = quic_get_message(s, &mt); -#endif } else { ret = tls_get_message_header(s, &mt); } @@ -622,8 +612,8 @@ return SUB_STATE_ERROR; } - /* dtls_get_message/quic_get_message already did this */ - if (!SSL_IS_DTLS(s) && !SSL_IS_QUIC(s) + /* dtls_get_message already did this */ + if (!SSL_IS_DTLS(s) && s->s3.tmp.message_size > 0 && !grow_init_buf(s, s->s3.tmp.message_size + SSL3_HM_HEADER_LENGTH)) { @@ -641,10 +631,6 @@ * opportunity to do any further processing. */ ret = dtls_get_message_body(s, &len); -#ifndef OPENSSL_NO_QUIC - } else if (SSL_IS_QUIC(s)) { - ret = quic_get_message_body(s, &len); -#endif } else { ret = tls_get_message_body(s, &len); } @@ -935,14 +921,6 @@ int statem_flush(SSL *s) { s->rwstate = SSL_WRITING; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (!s->quic_method->flush_flight(s)) { - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - return 0; - } - } else -#endif if (BIO_flush(s->wbio) <= 0) { return 0; } diff -Nru openssl-3.0.12/ssl/statem/statem_clnt.c openssl-3.0.13/ssl/statem/statem_clnt.c --- openssl-3.0.12/ssl/statem/statem_clnt.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_clnt.c 2024-01-30 13:28:16.000000000 +0000 @@ -904,14 +904,6 @@ break; case TLS_ST_CW_END_OF_EARLY_DATA: -#ifndef OPENSSL_NO_QUIC - /* QUIC does not send EndOfEarlyData, RFC9001 S8.3 */ - if (SSL_IS_QUIC(s)) { - *confunc = NULL; - *mt = SSL3_MT_DUMMY; - break; - } -#endif *confunc = tls_construct_end_of_early_data; *mt = SSL3_MT_END_OF_EARLY_DATA; break; diff -Nru openssl-3.0.12/ssl/statem/statem_dtls.c openssl-3.0.13/ssl/statem/statem_dtls.c --- openssl-3.0.12/ssl/statem/statem_dtls.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_dtls.c 2024-01-30 13:28:16.000000000 +0000 @@ -59,7 +59,7 @@ unsigned char *buf = NULL; unsigned char *bitmask = NULL; - if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) { + if ((frag = OPENSSL_zalloc(sizeof(*frag))) == NULL) { ERR_raise(ERR_LIB_SSL, ERR_R_MALLOC_FAILURE); return NULL; } @@ -95,11 +95,7 @@ { if (!frag) return; - if (frag->msg_header.is_ccs) { - EVP_CIPHER_CTX_free(frag->msg_header. - saved_retransmit_state.enc_write_ctx); - EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash); - } + OPENSSL_free(frag->fragment); OPENSSL_free(frag->reassembly); OPENSSL_free(frag); diff -Nru openssl-3.0.12/ssl/statem/statem_lib.c openssl-3.0.13/ssl/statem/statem_lib.c --- openssl-3.0.12/ssl/statem/statem_lib.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_lib.c 2024-01-30 13:28:16.000000000 +0000 @@ -45,29 +45,8 @@ int ret; size_t written = 0; -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - if (type == SSL3_RT_HANDSHAKE) { - ret = s->quic_method->add_handshake_data(s, s->quic_write_level, - (const uint8_t*)&s->init_buf->data[s->init_off], - s->init_num); - if (!ret) { - ret = -1; - /* QUIC can't sent anything out sice the above failed */ - ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR); - } else { - written = s->init_num; - } - } else { - /* QUIC doesn't use ChangeCipherSpec */ - ret = -1; - ERR_raise(ERR_LIB_SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); - } - } else -#endif - ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], - s->init_num, &written); - + ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off], + s->init_num, &written); if (ret <= 0) return -1; if (type == SSL3_RT_HANDSHAKE) @@ -662,13 +641,6 @@ int tls_construct_key_update(SSL *s, WPACKET *pkt) { -#ifndef OPENSSL_NO_QUIC - if (SSL_is_quic(s)) { - /* TLS KeyUpdate is not used for QUIC, so this is an error. */ - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } -#endif if (!WPACKET_put_bytes_u8(pkt, s->key_update)) { SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); return 0; @@ -691,13 +663,6 @@ return MSG_PROCESS_ERROR; } -#ifndef OPENSSL_NO_QUIC - if (SSL_is_quic(s)) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); - return MSG_PROCESS_ERROR; - } -#endif - if (!PACKET_get_1(pkt, &updatetype) || PACKET_remaining(pkt) != 0) { SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_KEY_UPDATE); diff -Nru openssl-3.0.12/ssl/statem/statem_local.h openssl-3.0.13/ssl/statem/statem_local.h --- openssl-3.0.12/ssl/statem/statem_local.h 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_local.h 2024-01-30 13:28:16.000000000 +0000 @@ -104,10 +104,6 @@ __owur int tls_get_message_body(SSL *s, size_t *len); __owur int dtls_get_message(SSL *s, int *mt); __owur int dtls_get_message_body(SSL *s, size_t *len); -#ifndef OPENSSL_NO_QUIC -__owur int quic_get_message(SSL *s, int *mt); -__owur int quic_get_message_body(SSL *s, size_t *len); -#endif /* Message construction and processing functions */ __owur int tls_process_initial_server_flight(SSL *s); @@ -255,14 +251,6 @@ size_t chainidx); int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -int tls_parse_ctos_quic_transport_params_draft(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); - -int tls_parse_ctos_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -#endif EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, @@ -323,16 +311,6 @@ size_t chainidx); EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_stoc_quic_transport_params_draft(SSL *s, WPACKET *pkt, - unsigned int context, - X509 *x, - size_t chainidx); - -EXT_RETURN tls_construct_stoc_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); -#endif /* Client Extension processing */ EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context, @@ -402,15 +380,6 @@ X509 *x, size_t chainidx); EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -EXT_RETURN tls_construct_ctos_quic_transport_params_draft(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); - -EXT_RETURN tls_construct_ctos_quic_transport_params(SSL *s, WPACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); -#endif int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); @@ -454,14 +423,6 @@ size_t chainidx); int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x, size_t chainidx); -#ifndef OPENSSL_NO_QUIC -int tls_parse_stoc_quic_transport_params_draft(SSL *s, PACKET *pkt, - unsigned int context, X509 *x, - size_t chainidx); - -int tls_parse_stoc_quic_transport_params(SSL *s, PACKET *pkt, unsigned int context, - X509 *x, size_t chainidx); -#endif int tls_handle_alpn(SSL *s); diff -Nru openssl-3.0.12/ssl/statem/statem_quic.c openssl-3.0.13/ssl/statem/statem_quic.c --- openssl-3.0.12/ssl/statem/statem_quic.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_quic.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,117 +0,0 @@ -/* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include "../ssl_local.h" -#include "statem_local.h" -#include "internal/cryptlib.h" - -int quic_get_message(SSL *s, int *mt) -{ - size_t l; - QUIC_DATA *qd = s->quic_input_data_head; - uint8_t *p; - - if (qd == NULL) { - s->rwstate = SSL_READING; - *mt = 0; - return 0; - } - - if (!ossl_assert(qd->length >= SSL3_HM_HEADER_LENGTH)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_LENGTH); - *mt = 0; - return 0; - } - - /* This is where we check for the proper level, not when data is given */ - if (qd->level != s->quic_read_level) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED); - *mt = 0; - return 0; - } - - if (!BUF_MEM_grow_clean(s->init_buf, (int)qd->length)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BUF_LIB); - *mt = 0; - return 0; - } - - /* Copy buffered data */ - memcpy(s->init_buf->data, s->quic_buf->data + qd->start, qd->length); - s->init_buf->length = qd->length; - s->quic_input_data_head = qd->next; - if (s->quic_input_data_head == NULL) - s->quic_input_data_tail = NULL; - OPENSSL_free(qd); - - s->s3.tmp.message_type = *mt = *(s->init_buf->data); - p = (uint8_t*)s->init_buf->data + 1; - n2l3(p, l); - s->init_num = s->s3.tmp.message_size = l; - s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH; - - return 1; -} - -int quic_get_message_body(SSL *s, size_t *len) -{ - /* No CCS in QUIC/TLSv1.3? */ - if (s->s3.tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_CCS_RECEIVED_EARLY); - *len = 0; - return 0; - } - /* No KeyUpdate in QUIC */ - if (s->s3.tmp.message_type == SSL3_MT_KEY_UPDATE) { - SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE); - *len = 0; - return 0; - } - - /* - * If receiving Finished, record MAC of prior handshake messages for - * Finished verification. - */ - if (s->s3.tmp.message_type == SSL3_MT_FINISHED && !ssl3_take_mac(s)) { - /* SSLfatal() already called */ - *len = 0; - return 0; - } - - /* - * We defer feeding in the HRR until later. We'll do it as part of - * processing the message - * The TLsv1.3 handshake transcript stops at the ClientFinished - * message. - */ -#define SERVER_HELLO_RANDOM_OFFSET (SSL3_HM_HEADER_LENGTH + 2) - /* KeyUpdate and NewSessionTicket do not need to be added */ - if (s->s3.tmp.message_type != SSL3_MT_NEWSESSION_TICKET - && s->s3.tmp.message_type != SSL3_MT_KEY_UPDATE) { - if (s->s3.tmp.message_type != SSL3_MT_SERVER_HELLO - || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE - || memcmp(hrrrandom, - s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET, - SSL3_RANDOM_SIZE) != 0) { - if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, - s->init_num + SSL3_HM_HEADER_LENGTH)) { - /* SSLfatal() already called */ - *len = 0; - return 0; - } - } - } - if (s->msg_callback) - s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, - (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s, - s->msg_callback_arg); - - *len = s->init_num; - return 1; -} diff -Nru openssl-3.0.12/ssl/statem/statem_srvr.c openssl-3.0.13/ssl/statem/statem_srvr.c --- openssl-3.0.12/ssl/statem/statem_srvr.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/statem/statem_srvr.c 2024-01-30 13:28:16.000000000 +0000 @@ -74,8 +74,7 @@ return 1; } break; - } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED - && !SSL_IS_QUIC(s)) { + } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { if (mt == SSL3_MT_END_OF_EARLY_DATA) { st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA; return 1; @@ -964,16 +963,6 @@ SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE)) /* SSLfatal() already called */ return WORK_ERROR; - -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s) && s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) { - s->early_data_state = SSL_EARLY_DATA_FINISHED_READING; - if (!s->method->ssl3_enc->change_cipher_state( - s, SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) - /* SSLfatal() already called */ - return WORK_ERROR; - } -#endif } break; @@ -1566,15 +1555,6 @@ goto err; } } -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) { - /* Any other QUIC checks on ClientHello here */ - if (clienthello->session_id_len > 0) { - SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_LENGTH_MISMATCH); - goto err; - } - } -#endif } if (!PACKET_copy_all(&compression, clienthello->compressions, diff -Nru openssl-3.0.12/ssl/t1_enc.c openssl-3.0.13/ssl/t1_enc.c --- openssl-3.0.12/ssl/t1_enc.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/t1_enc.c 2024-01-30 13:28:16.000000000 +0000 @@ -427,7 +427,12 @@ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); goto err; } - if (EVP_CIPHER_get0_provider(c) != NULL + + /* + * The cipher we actually ended up using in the EVP_CIPHER_CTX may be + * different to that in c if we have an ENGINE in use + */ + if (EVP_CIPHER_get0_provider(EVP_CIPHER_CTX_get0_cipher(dd)) != NULL && !tls_provider_set_tls_params(s, dd, c, m)) { /* SSLfatal already called */ goto err; diff -Nru openssl-3.0.12/ssl/tls13_enc.c openssl-3.0.13/ssl/tls13_enc.c --- openssl-3.0.12/ssl/tls13_enc.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/ssl/tls13_enc.c 2024-01-30 13:28:16.000000000 +0000 @@ -400,231 +400,27 @@ return 1; } +int tls13_change_cipher_state(SSL *s, int which) +{ #ifdef CHARSET_EBCDIC -static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; -static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; -static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; -static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char client_early_traffic[] = {0x63, 0x20, 0x65, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_handshake_traffic[] = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_handshake_traffic[] = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00}; + static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; + static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20, /* master*/ 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00}; #else -static const unsigned char client_early_traffic[] = "c e traffic"; -static const unsigned char client_handshake_traffic[] = "c hs traffic"; -static const unsigned char client_application_traffic[] = "c ap traffic"; -static const unsigned char server_handshake_traffic[] = "s hs traffic"; -static const unsigned char server_application_traffic[] = "s ap traffic"; -static const unsigned char exporter_master_secret[] = "exp master"; -static const unsigned char resumption_master_secret[] = "res master"; -static const unsigned char early_exporter_master_secret[] = "e exp master"; + static const unsigned char client_early_traffic[] = "c e traffic"; + static const unsigned char client_handshake_traffic[] = "c hs traffic"; + static const unsigned char client_application_traffic[] = "c ap traffic"; + static const unsigned char server_handshake_traffic[] = "s hs traffic"; + static const unsigned char server_application_traffic[] = "s ap traffic"; + static const unsigned char exporter_master_secret[] = "exp master"; + static const unsigned char resumption_master_secret[] = "res master"; + static const unsigned char early_exporter_master_secret[] = "e exp master"; #endif - -#ifndef OPENSSL_NO_QUIC -static int quic_change_cipher_state(SSL *s, int which) -{ - unsigned char hash[EVP_MAX_MD_SIZE]; - size_t hashlen = 0; - int hashleni; - int ret = 0; - const EVP_MD *md = NULL; - OSSL_ENCRYPTION_LEVEL level; - int is_handshake = ((which & SSL3_CC_HANDSHAKE) == SSL3_CC_HANDSHAKE); - int is_client_read = ((which & SSL3_CHANGE_CIPHER_CLIENT_READ) == SSL3_CHANGE_CIPHER_CLIENT_READ); - int is_server_write = ((which & SSL3_CHANGE_CIPHER_SERVER_WRITE) == SSL3_CHANGE_CIPHER_SERVER_WRITE); - int is_early = (which & SSL3_CC_EARLY); - - if (is_early) { - EVP_MD_CTX *mdctx = NULL; - long handlen; - void *hdata; - unsigned int hashlenui; - const SSL_CIPHER *sslcipher = SSL_SESSION_get0_cipher(s->session); - - handlen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); - if (handlen <= 0) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); - goto err; - } - - if (s->early_data_state == SSL_EARLY_DATA_CONNECTING - && s->max_early_data > 0 - && s->session->ext.max_early_data == 0) { - /* - * If we are attempting to send early data, and we've decided to - * actually do it but max_early_data in s->session is 0 then we - * must be using an external PSK. - */ - if (!ossl_assert(s->psksession != NULL - && s->max_early_data == - s->psksession->ext.max_early_data)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - goto err; - } - sslcipher = SSL_SESSION_get0_cipher(s->psksession); - } - if (sslcipher == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_PSK); - goto err; - } - - /* - * We need to calculate the handshake digest using the digest from - * the session. We haven't yet selected our ciphersuite so we can't - * use ssl_handshake_md(). - */ - mdctx = EVP_MD_CTX_new(); - if (mdctx == NULL) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_MALLOC_FAILURE); - goto err; - } - md = ssl_md(s->ctx, sslcipher->algorithm2); - if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL) - || !EVP_DigestUpdate(mdctx, hdata, handlen) - || !EVP_DigestFinal_ex(mdctx, hash, &hashlenui)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - EVP_MD_CTX_free(mdctx); - goto err; - } - hashlen = hashlenui; - EVP_MD_CTX_free(mdctx); - } else { - md = ssl_handshake_md(s); - if (!ssl3_digest_cached_records(s, 1) - || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) { - /* SSLfatal() already called */; - goto err; - } - - /* Ensure cast to size_t is safe */ - hashleni = EVP_MD_size(md); - if (!ossl_assert(hashleni >= 0)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); - goto err; - } - hashlen = (size_t)hashleni; - } - - if (is_client_read || is_server_write) { - if (is_handshake) { - /* - * This looks a bit weird, since the condition is basically "the - * server is writing" but we set both the server *and* client - * handshake traffic keys here. That's because there's only a fixed - * number of change-cipher-state events in the TLS 1.3 handshake, - * and in particular there's not an event in between when the server - * writes encrypted handshake messages and when the client writes - * encrypted handshake messages, so we generate both here. - */ - level = ssl_encryption_handshake; - - if (!tls13_hkdf_expand(s, md, s->handshake_secret, - client_handshake_traffic, - sizeof(client_handshake_traffic)-1, hash, - hashlen, s->client_hand_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_HANDSHAKE_LABEL, - s->client_hand_traffic_secret, hashlen) - || !tls13_derive_finishedkey(s, md, - s->client_hand_traffic_secret, - s->client_finished_secret, hashlen) - || !tls13_hkdf_expand(s, md, s->handshake_secret, - server_handshake_traffic, - sizeof(server_handshake_traffic)-1, hash, - hashlen, s->server_hand_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, SERVER_HANDSHAKE_LABEL, - s->server_hand_traffic_secret, hashlen) - || !tls13_derive_finishedkey(s, md, - s->server_hand_traffic_secret, - s->server_finished_secret, - hashlen)) { - /* SSLfatal() already called */ - goto err; - } - } else { - /* - * As above, we generate both sets of application traffic keys at - * the same time. - */ - level = ssl_encryption_application; - - if (!tls13_hkdf_expand(s, md, s->master_secret, - client_application_traffic, - sizeof(client_application_traffic)-1, hash, - hashlen, s->client_app_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_APPLICATION_LABEL, - s->client_app_traffic_secret, hashlen) - || !tls13_hkdf_expand(s, md, s->master_secret, - server_application_traffic, - sizeof(server_application_traffic)-1, - hash, hashlen, - s->server_app_traffic_secret, hashlen, 1) - || !ssl_log_secret(s, SERVER_APPLICATION_LABEL, - s->server_app_traffic_secret, hashlen)) { - /* SSLfatal() already called */ - goto err; - } - } - if (!quic_set_encryption_secrets(s, level)) { - /* SSLfatal() already called */ - goto err; - } - if (s->server) - s->quic_write_level = level; - else - s->quic_read_level = level; - } else { - /* is_client_write || is_server_read */ - - if (is_early) { - level = ssl_encryption_early_data; - - if (!tls13_hkdf_expand(s, md, s->early_secret, client_early_traffic, - sizeof(client_early_traffic)-1, hash, - hashlen, s->client_early_traffic_secret, - hashlen, 1) - || !ssl_log_secret(s, CLIENT_EARLY_LABEL, - s->client_early_traffic_secret, hashlen) - || !quic_set_encryption_secrets(s, level)) { - /* SSLfatal() already called */ - goto err; - } - } else if (is_handshake) { - level = ssl_encryption_handshake; - } else { - level = ssl_encryption_application; - /* - * We also create the resumption master secret, but this time use the - * hash for the whole handshake including the Client Finished - */ - if (!tls13_hkdf_expand(s, md, s->master_secret, - resumption_master_secret, - sizeof(resumption_master_secret)-1, hash, - hashlen, s->resumption_master_secret, - hashlen, 1)) { - /* SSLfatal() already called */ - goto err; - } - } - - if (level != ssl_encryption_early_data) { - if (s->server) - s->quic_read_level = level; - else - s->quic_write_level = level; - } - } - - ret = 1; - err: - return ret; -} -#endif /* OPENSSL_NO_QUIC */ - -int tls13_change_cipher_state(SSL *s, int which) -{ unsigned char *iv; unsigned char key[EVP_MAX_KEY_LENGTH]; unsigned char secret[EVP_MAX_MD_SIZE]; @@ -645,11 +441,6 @@ BIO *bio; #endif -#ifndef OPENSSL_NO_QUIC - if (SSL_IS_QUIC(s)) - return quic_change_cipher_state(s, which); -#endif - if (which & SSL3_CC_READ) { if (s->enc_read_ctx != NULL) { EVP_CIPHER_CTX_reset(s->enc_read_ctx); @@ -941,7 +732,6 @@ skip_ktls: # endif #endif - ret = 1; err: if ((which & SSL3_CC_EARLY) != 0) { diff -Nru openssl-3.0.12/test/README.md openssl-3.0.13/test/README.md --- openssl-3.0.12/test/README.md 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/README.md 2024-01-30 13:28:16.000000000 +0000 @@ -42,7 +42,7 @@ $ make TESTS='test_rsa test_dsa' test # Unix $ mms/macro="TESTS=test_rsa test_dsa" test ! OpenVMS - $ nmake TESTS='test_rsa test_dsa' test # Windows + $ nmake TESTS="test_rsa test_dsa" test # Windows And of course, you can combine (Unix examples shown): diff -Nru openssl-3.0.12/test/asn1_stable_parse_test.c openssl-3.0.13/test/asn1_stable_parse_test.c --- openssl-3.0.12/test/asn1_stable_parse_test.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/asn1_stable_parse_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,81 @@ +/* + * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "testutil.h" + +static char *config_file = NULL; + +typedef enum OPTION_choice { + OPT_ERR = -1, + OPT_EOF = 0, + OPT_CONFIG_FILE, + OPT_TEST_ENUM +} OPTION_CHOICE; + +const OPTIONS *test_get_options(void) +{ + static const OPTIONS options[] = { + OPT_TEST_OPTIONS_DEFAULT_USAGE, + { "config", OPT_CONFIG_FILE, '<', + "The configuration file to use for the libctx" }, + { NULL } + }; + return options; +} + + +/* + * Test that parsing a config file with incorrect stable settings aren't parsed + * and appropriate errors are raised + */ +static int test_asn1_stable_parse(void) +{ + int testret = 0; + unsigned long errcode; + OSSL_LIB_CTX *newctx = OSSL_LIB_CTX_new(); + + if (!TEST_ptr(newctx)) + goto out; + + if (!TEST_int_eq(OSSL_LIB_CTX_load_config(newctx, config_file), 0)) + goto err; + + errcode = ERR_peek_error(); + if (ERR_GET_LIB(errcode) != ERR_LIB_ASN1) + goto err; + if (ERR_GET_REASON(errcode) != ASN1_R_INVALID_STRING_TABLE_VALUE) + goto err; + + ERR_clear_error(); + + testret = 1; +err: + OSSL_LIB_CTX_free(newctx); +out: + return testret; +} + +int setup_tests(void) +{ + OPTION_CHOICE o; + + while ((o = opt_next()) != OPT_EOF) { + switch (o) { + case OPT_CONFIG_FILE: + config_file = opt_arg(); + break; + default: + return 0; + } + } + + ADD_TEST(test_asn1_stable_parse); + return 1; +} diff -Nru openssl-3.0.12/test/bntest.c openssl-3.0.13/test/bntest.c --- openssl-3.0.12/test/bntest.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/bntest.c 2024-01-30 13:28:16.000000000 +0000 @@ -891,6 +891,14 @@ || !TEST_ptr(d = BN_new())) goto err; + /* Test that a non-sensical, too small value causes a failure */ + if (!TEST_true(BN_one(b[0]))) + goto err; + if (!TEST_true(BN_bntest_rand(a, 512, 0, 0))) + goto err; + if (!TEST_false(BN_GF2m_mod_inv(c, a, b[0], ctx))) + goto err; + if (!(TEST_true(BN_GF2m_arr2poly(p0, b[0])) && TEST_true(BN_GF2m_arr2poly(p1, b[1])))) goto err; @@ -2927,6 +2935,108 @@ return res; } +static int test_mod_inverse(void) +{ + int res = 0; + char *str = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *r = NULL; + + if (!TEST_true(BN_dec2bn(&a, "5193817943"))) + goto err; + if (!TEST_true(BN_dec2bn(&b, "3259122431"))) + goto err; + if (!TEST_ptr(r = BN_new())) + goto err; + if (!TEST_ptr_eq(BN_mod_inverse(r, a, b, ctx), r)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_int_eq(strcmp(str, "2609653924"), 0)) + goto err; + + /* Note that this aliases the result with the modulus. */ + if (!TEST_ptr_null(BN_mod_inverse(b, a, b, ctx))) + goto err; + + res = 1; + +err: + BN_free(a); + BN_free(b); + BN_free(r); + OPENSSL_free(str); + return res; +} + +static int test_mod_exp_alias(int idx) +{ + int res = 0; + char *str = NULL; + BIGNUM *a = NULL; + BIGNUM *b = NULL; + BIGNUM *c = NULL; + BIGNUM *r = NULL; + + if (!TEST_true(BN_dec2bn(&a, "15"))) + goto err; + if (!TEST_true(BN_dec2bn(&b, "10"))) + goto err; + if (!TEST_true(BN_dec2bn(&c, "39"))) + goto err; + if (!TEST_ptr(r = BN_new())) + goto err; + + if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple + : BN_mod_exp_recp)(r, a, b, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + + OPENSSL_free(str); + str = NULL; + + BN_copy(r, b); + + /* Aliasing with exponent must work. */ + if (!TEST_int_eq((idx == 0 ? BN_mod_exp_simple + : BN_mod_exp_recp)(r, a, r, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(r), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + + OPENSSL_free(str); + str = NULL; + + /* Aliasing with modulus should return failure for the simple call. */ + if (idx == 0) { + if (!TEST_int_eq(BN_mod_exp_simple(c, a, b, c, ctx), 0)) + goto err; + } else { + if (!TEST_int_eq(BN_mod_exp_recp(c, a, b, c, ctx), 1)) + goto err; + if (!TEST_ptr_ne(str = BN_bn2dec(c), NULL)) + goto err; + if (!TEST_str_eq(str, "36")) + goto err; + } + + res = 1; + +err: + BN_free(a); + BN_free(b); + BN_free(c); + BN_free(r); + OPENSSL_free(str); + return res; +} + static int file_test_run(STANZA *s) { static const FILETEST filetests[] = { @@ -3036,6 +3146,8 @@ ADD_ALL_TESTS(test_signed_mod_replace_ab, OSSL_NELEM(signed_mod_tests)); ADD_ALL_TESTS(test_signed_mod_replace_ba, OSSL_NELEM(signed_mod_tests)); ADD_TEST(test_mod); + ADD_TEST(test_mod_inverse); + ADD_ALL_TESTS(test_mod_exp_alias, 2); ADD_TEST(test_modexp_mont5); ADD_TEST(test_kronecker); ADD_TEST(test_rand); diff -Nru openssl-3.0.12/test/build.info openssl-3.0.13/test/build.info --- openssl-3.0.12/test/build.info 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/build.info 2024-01-30 13:28:16.000000000 +0000 @@ -51,7 +51,7 @@ bioprinttest sslapitest dtlstest sslcorrupttest \ bio_enc_test pkey_meth_test pkey_meth_kdf_test evp_kdf_test uitest \ cipherbytes_test threadstest_fips \ - asn1_encode_test asn1_decode_test asn1_string_table_test \ + asn1_encode_test asn1_decode_test asn1_string_table_test asn1_stable_parse_test \ x509_time_test x509_dup_cert_test x509_check_cert_pkey_test \ recordlentest drbgtest rand_status_test sslbuffertest \ time_offset_test pemtest ssl_cert_table_internal_test ciphername_test \ @@ -172,6 +172,14 @@ SOURCE[evp_extra_test]=evp_extra_test.c INCLUDE[evp_extra_test]=../include ../apps/include DEPEND[evp_extra_test]=../libcrypto.a libtestutil.a + IF[{- !$disabled{module} && !$disabled{legacy} -}] + DEFINE[evp_extra_test]=STATIC_LEGACY + SOURCE[evp_extra_test]=../providers/legacyprov.c + INCLUDE[evp_extra_test]=../providers/common/include \ + ../providers/implementations/include + DEPEND[evp_extra_test]=../providers/liblegacy.a \ + ../providers/libcommon.a + ENDIF SOURCE[evp_extra_test2]=evp_extra_test2.c INCLUDE[evp_extra_test2]=../include ../apps/include @@ -537,6 +545,10 @@ INCLUDE[asn1_string_table_test]=../include ../apps/include DEPEND[asn1_string_table_test]=../libcrypto libtestutil.a + SOURCE[asn1_stable_parse_test]=asn1_stable_parse_test.c + INCLUDE[asn1_stable_parse_test]=../include ../apps/include + DEPEND[asn1_stable_parse_test]=../libcrypto libtestutil.a + SOURCE[time_offset_test]=time_offset_test.c INCLUDE[time_offset_test]=../include ../apps/include DEPEND[time_offset_test]=../libcrypto libtestutil.a @@ -852,6 +864,13 @@ SOURCE[p_test]=p_test.ld GENERATE[p_test.ld]=../util/providers.num ENDIF + MODULES{noinst}=p_minimal + SOURCE[p_minimal]=p_minimal.c + INCLUDE[p_minimal]=../include .. + IF[{- defined $target{shared_defflag} -}] + SOURCE[p_minimal]=p_minimal.ld + GENERATE[p_minimal.ld]=../util/providers.num + ENDIF ENDIF IF[{- $disabled{module} || !$target{dso_scheme} -}] DEFINE[provider_test]=NO_PROVIDER_MODULE diff -Nru openssl-3.0.12/test/cmp_ctx_test.c openssl-3.0.13/test/cmp_ctx_test.c --- openssl-3.0.12/test/cmp_ctx_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/cmp_ctx_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -391,6 +391,7 @@ } else { \ if (DUP && val1_read == val1) { \ TEST_error("first set did not dup the value"); \ + val1_read = 0; \ res = 0; \ } \ if (DEFAULT(val1_read)) { \ @@ -419,6 +420,7 @@ } else { \ if (DUP && val2_read == val2) { \ TEST_error("second set did not dup the value"); \ + val2_read = 0; \ res = 0; \ } \ if (val2 == val1) { \ @@ -448,6 +450,7 @@ } else { \ if (DUP && val3_read == val2_read) { \ TEST_error("third get did not create a new dup"); \ + val3_read = 0; \ res = 0; \ } \ } \ diff -Nru openssl-3.0.12/test/danetest.in openssl-3.0.13/test/danetest.in --- openssl-3.0.12/test/danetest.in 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/danetest.in 2024-01-30 13:28:16.000000000 +0000 @@ -50,7 +50,7 @@ # 1 1 1 1 0 0 -3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365 +3 0 0 3081ec308193a003020102020101300a06082a8648ce3d0403023000301e170d3135313231343030313033345a170d3135313231333030313033345a30003059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109300a06082a8648ce3d040302034800304502206ae7b7a870df21081e9a9896020aaf8560984875c812b36d671631abc879f872022100b0889ad2b3814ee64bddd5a7f6a98dea43cb435049469cb50a4404cbdeee1fd6 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -65,7 +65,7 @@ # 2 1 1 1 0 0 -3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E +3 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004c5a4ffa008eebc0369b974799f9479cb47360544fafc02c4204fb3df31e88a1a4f18c85831e93f985c5b231094541b4316b5cb1c9c0c950886fe1143f39f6109 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -80,7 +80,7 @@ # 3 1 1 1 0 0 -3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1 +3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1365 subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -95,7 +95,7 @@ # 4 1 1 1 0 0 -3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3 +3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33E subject= issuer= notBefore=Dec 14 00:10:34 2015 GMT @@ -109,6 +109,36 @@ -----END CERTIFICATE----- # 5 +1 1 1 0 0 +3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E1 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 6 +1 1 1 0 0 +3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A3 +subject= +issuer= +notBefore=Dec 14 00:10:34 2015 GMT +notAfter=Dec 13 00:10:34 2015 GMT +-----BEGIN CERTIFICATE----- +MIHsMIGToAMCAQICAQEwCgYIKoZIzj0EAwIwADAeFw0xNTEyMTQwMDEwMzRaFw0x +NTEyMTMwMDEwMzRaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATFpP+gCO68 +A2m5dHmflHnLRzYFRPr8AsQgT7PfMeiKGk8YyFgx6T+YXFsjEJRUG0MWtcscnAyV +CIb+EUPzn2EJMAoGCCqGSM49BAMCA0gAMEUCIGrnt6hw3yEIHpqYlgIKr4VgmEh1 +yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= +-----END CERTIFICATE----- + +# 7 1 1 1 65 -1 3 0 1 588FD5F414E3327EAFE3169DC040AE161247D1296BF38304AB9CF464850A1366 subject= @@ -123,7 +153,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 6 +# 8 1 1 1 65 -1 3 1 1 05C66146D7909EAE2379825F6D0F5284146B79598DA12E403DC29C33147CF33F subject= @@ -138,7 +168,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 7 +# 9 1 1 1 65 -1 3 0 2 42BEE929852C8063A0D619B53D0DD35703BBAD2FC25F2055F737C7A14DDFEA544491F8C00F50FA083BD0AD1B5C98529994FF811BBA5E5170CC6EE9F3ED5563E2 subject= @@ -153,7 +183,7 @@ yBKzbWcWMavIefhyAiEAsIia0rOBTuZL3dWn9qmN6kPLQ1BJRpy1CkQEy97uH9Y= -----END CERTIFICATE----- -# 8 +# 10 1 1 1 65 -1 3 1 2 D91A3E5DC34879CD77AD1E989F56FA78FACADF05EF8D445EDF5652BD58EE392C87C02F84C0119D62309041F2D5128A73399DF25D1F47BCD497357EAF1A1009A4 subject= @@ -170,7 +200,7 @@ ## -- DANE-?? chain tests -- -# 9 +# 11 1 3 0 0 0 3 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F subject= /CN=example.com @@ -217,7 +247,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 10 +# 12 1 3 0 0 0 3 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 subject= /CN=example.com @@ -264,7 +294,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 11 +# 13 1 3 0 0 0 3 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 subject= /CN=example.com @@ -311,7 +341,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 12 +# 14 1 3 0 0 0 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 subject= /CN=example.com @@ -358,7 +388,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 13 +# 15 1 3 0 0 1 2 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD subject= /CN=example.com @@ -405,7 +435,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 14 +# 16 1 3 0 0 1 2 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 subject= /CN=example.com @@ -452,7 +482,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 15 +# 17 1 3 0 0 1 2 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C subject= /CN=example.com @@ -499,7 +529,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 16 +# 18 1 3 0 0 1 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 subject= /CN=example.com @@ -546,7 +576,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 17 +# 19 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C subject= /CN=example.com @@ -593,7 +623,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 18 +# 20 1 3 0 0 2 2 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C subject= /CN=example.com @@ -640,7 +670,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 19 +# 21 1 3 0 0 2 2 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E subject= /CN=example.com @@ -687,7 +717,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 20 +# 22 1 3 0 0 2 2 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E subject= /CN=example.com @@ -736,7 +766,73 @@ ## -- PKIX-?? chain tests -- -# 21 +# 23 +1 2 0 0 0 +1 0 0 308201943082013ba003020102020102300a06082a8648ce3d04030230143112301006035504030c094973737565722043413020170d3135313231333233323335325a180f33303135303431353233323335325a30163114301206035504030c0b6578616d706c652e636f6d3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8a37a3078301d0603551d0e041604145b20ca417d9088c7a4c017cb6c0c1c739bb07d8a301f0603551d230418301680147ab75a3cd295ca5df7c5150916e18ff5cc376a1530090603551d130402300030130603551d25040c300a06082b0601050507030130160603551d11040f300d820b6578616d706c652e636f6d300a06082a8648ce3d0403020347003044021f21c9032a5c8a93872d3f4aef321a9574dd956d43bd93c369944c72d6902858022100c8b3290d7af37e571a84d704dbad339d2987d41852dc5936f212947063911181 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 24 +1 2 0 0 0 +1 1 0 3059301306072a8648ce3d020106082a8648ce3d03010703420004664995f47bde35e7b4de48b258e9e8a07adebbdb863b3d06f481a1946c83da9f56cff4d9389b855d2f364b1585b0c734fcfa263026964ff5a4308b3fc879bdb8 +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 25 1 2 0 0 0 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F subject= /CN=example.com @@ -769,7 +865,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 22 +# 26 1 2 0 0 0 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 subject= /CN=example.com @@ -802,7 +898,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 23 +# 27 1 3 0 0 0 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9923 subject= /CN=example.com @@ -849,7 +945,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 24 +# 28 1 3 0 0 0 1 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 subject= /CN=example.com @@ -896,7 +992,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 25 +# 29 1 2 0 0 1 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBD subject= /CN=example.com @@ -929,7 +1025,40 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 26 +# 30 +1 2 0 0 1 +0 1 0 3059301306072a8648ce3d020106082a8648ce3d030107034200047d4bae18b49f5dc69d0a3c85c66a3e2119de92cfad081fad55c12d510ec97b6c00e13695a8d9713548fe60df15573390433e2a1bd92db4b7aa016ec6185dc5af +subject= /CN=example.com +issuer= /CN=Issuer CA +notBefore=Dec 13 23:23:52 2015 GMT +notAfter=Apr 15 23:23:52 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBlDCCATugAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDDAlJc3N1ZXIg +Q0EwIBcNMTUxMjEzMjMyMzUyWhgPMzAxNTA0MTUyMzIzNTJaMBYxFDASBgNVBAMM +C2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZkmV9HveNee0 +3kiyWOnooHreu9uGOz0G9IGhlGyD2p9Wz/TZOJuFXS82SxWFsMc0/PomMCaWT/Wk +MIs/yHm9uKN6MHgwHQYDVR0OBBYEFFsgykF9kIjHpMAXy2wMHHObsH2KMB8GA1Ud +IwQYMBaAFHq3WjzSlcpd98UVCRbhj/XMN2oVMAkGA1UdEwQCMAAwEwYDVR0lBAww +CgYIKwYBBQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwID +RwAwRAIfIckDKlyKk4ctP0rvMhqVdN2VbUO9k8NplExy1pAoWAIhAMizKQ16835X +GoTXBNutM50ph9QYUtxZNvISlHBjkRGB +-----END CERTIFICATE----- +subject= /CN=Issuer CA +issuer= /CN=Root CA +notBefore=Dec 13 23:20:09 2015 GMT +notAfter=Apr 15 23:20:09 3015 GMT +-----BEGIN CERTIFICATE----- +MIIBaDCCAQ2gAwIBAgIBAjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdSb290IENB +MCAXDTE1MTIxMzIzMjAwOVoYDzMwMTUwNDE1MjMyMDA5WjAUMRIwEAYDVQQDDAlJ +c3N1ZXIgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR9S64YtJ9dxp0KPIXG +aj4hGd6Sz60IH61VwS1RDsl7bADhNpWo2XE1SP5g3xVXM5BDPiob2S20t6oBbsYY +XcWvo1AwTjAdBgNVHQ4EFgQUerdaPNKVyl33xRUJFuGP9cw3ahUwHwYDVR0jBBgw +FoAU5L1AXwUqgg3fmIP5PX0/kKrscj8wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQD +AgNJADBGAiEAgx3NiC2oeF1Q5BAgiYwCSIed3fctcB0dwd5r4IFVtD4CIQC4Sy+1 +GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== +-----END CERTIFICATE----- + +# 31 1 2 0 0 1 0 1 1 65A457617072DA3E7F1152471EB3D406526530097D0A9AA34EB47C990A1FCDA3 subject= /CN=example.com @@ -962,7 +1091,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 27 +# 32 1 3 0 0 1 0 0 2 6BC0C0F2500320A49392910965263A3EBDD594173D3E36CCE38A003D2EC3FAFBC315EDB776CD3139637DF494FB60359601542A4F821BF0542F926E6270C9762C subject= /CN=example.com @@ -1009,7 +1138,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 28 +# 33 1 3 0 0 1 0 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 subject= /CN=example.com @@ -1056,7 +1185,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 29 +# 34 1 2 0 0 2 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C subject= /CN=example.com @@ -1089,7 +1218,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 30 +# 35 1 2 0 0 2 0 1 1 91D942E4A2D4226DDAF28CADAA7F13018E4ED0D9A43A529247E51C965188576C subject= /CN=example.com @@ -1122,7 +1251,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 31 +# 36 1 3 0 0 2 0 0 2 361029F20A3B59DAFAAF05D41811EFC1A9439B972BC6B9D7F13BC5469570E49ACAE0CB0C877C75D58346590EA950AC7A39AED6E8AA8004EA7F5DE3AB9462047E subject= /CN=example.com @@ -1169,7 +1298,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 32 +# 37 1 3 0 0 2 0 1 2 5F414D4D7BFDF22E39952D9F46C51370FDD050F10C55B4CDB42E40FA98611FDE23EEE9B23315EE1ECDB198C7419E9A2D6742860E4806AF45164507799C3B452E subject= /CN=example.com @@ -1218,7 +1347,7 @@ ## -- PKIX-?? chain failures -- -# 33 +# 38 # Missing intermediate CA 1 1 0 20 0 1 0 1 BEDC04764CECAE80AEE454D332758F50847DCA424216466E4012E0DEAE1F2E5F @@ -1238,7 +1367,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 34 +# 39 # Missing PKIX intermediate, provided via DNS 2 1 0 0 0 1 1 1 3111668338043DE264D0256A702248696C9484B6221A42740F920187B4C61838 @@ -1259,7 +1388,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 35 +# 40 # Wrong leaf digest 1 3 0 65 -1 1 0 2 F756CCD61F3CA50D017653911701CA0052AF0B29E273DD263DD23643D86D4369D03686BD1369EF54BB2DC2DAE3CE4F05AF39D54648F94D54AA86B259AEAD9924 @@ -1307,7 +1436,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 36 +# 41 # Wrong intermediate digest 1 2 0 65 -1 0 0 1 0DAA76425A1FC398C55A643D5A2485AE4CC2B64B9515A75054722B2E83C31BBE @@ -1341,7 +1470,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 37 +# 42 # Wrong root digest 1 2 0 65 -1 0 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3D @@ -1377,7 +1506,7 @@ ## -- Mixed usage cases -# 38 +# 43 # DANE-EE(3) beats DANE-TA(2) 1 3 0 0 0 3 1 2 CB861AF6DDED185EE04472A9092052CCC735120C34785E72C996C94B122EBA6F329BE630B1B4C6E2756E7A75392C21E253C6AEACC31FD45FF4595DED375FAF62 @@ -1426,7 +1555,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 39 +# 44 # DANE-TA(2) depth 1 beats DANE-TA(2) depth 2 1 3 0 0 1 2 1 2 1F484106F765B6F1AC483CC509CDAD36486A83D1BA115F562516F407C1109303658408B455824DA0785A252B205DBEECB1AFB5DB869E8AAC242091B63F258F05 @@ -1475,7 +1604,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 40 +# 45 # DANE-TA(2) depth 2 beats PKIX-TA(0) depth 1 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1524,7 +1653,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 41 +# 46 # DANE-TA(2) depth 2 beats PKIX-EE depth 0 1 3 0 0 2 2 0 1 FE7C8E01110627A782765E468D8CB4D2CC7907EAC4BA5974CD92B540ED2AAC3C @@ -1573,7 +1702,7 @@ vBCcrtNYKWa/JfwFmOq6bHk8WNzDU3zF -----END CERTIFICATE----- -# 42 +# 47 # DANE-TA(2) Full(0) root "from DNS": 1 2 0 0 2 2 0 0 308201643082010BA003020102020101300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233313330385A180F33303135303431353233313330385A30123110300E06035504030C07526F6F742043413059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76CA350304E301D0603551D0E04160414E4BD405F052A820DDF9883F93D7D3F90AAEC723F301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D040302034700304402206869E6AA9F9B4D4BF308091A5A7AB2C30E3619B0D75E528819468E4BB926F4C9022017F1B8458611966FBC109CAED3582966BF25FC0598EABA6C793C58DCC3537CC5 @@ -1607,7 +1736,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 43 +# 48 # DANE-TA(2) Full(0) intermediate "from DNS": 1 1 0 0 1 2 0 0 308201683082010DA003020102020102300A06082A8648CE3D04030230123110300E06035504030C07526F6F742043413020170D3135313231333233323030395A180F33303135303431353233323030395A30143112301006035504030C094973737565722043413059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AFA350304E301D0603551D0E041604147AB75A3CD295CA5DF7C5150916E18FF5CC376A15301F0603551D23041830168014E4BD405F052A820DDF9883F93D7D3F90AAEC723F300C0603551D13040530030101FF300A06082A8648CE3D0403020349003046022100831DCD882DA8785D50E41020898C0248879DDDF72D701D1DC1DE6BE08155B43E022100B84B2FB519C4CD3CBC791603D4488F7707597DB7980D9C173E7FDD0ECD7CA308 @@ -1627,7 +1756,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 44 +# 49 # DANE-TA(2) SPKI(1) Full(0) intermediate "from DNS": 1 1 0 0 0 2 1 0 3059301306072A8648CE3D020106082A8648CE3D030107034200047D4BAE18B49F5DC69D0A3C85C66A3E2119DE92CFAD081FAD55C12D510EC97B6C00E13695A8D9713548FE60DF15573390433E2A1BD92DB4B7AA016EC6185DC5AF @@ -1647,7 +1776,7 @@ GoTXBNutM50ph9QYUtxZNvISlHBjkRGB -----END CERTIFICATE----- -# 45 +# 50 # DANE-TA(2) SPKI(1) Full(0) root "from DNS": 1 2 0 0 1 2 1 0 3059301306072A8648CE3D020106082A8648CE3D03010703420004D1DA578FD18FB86456B0D91B5656BDD68D4DDBD250E337571127C75E0560F41D0AF91BFAF8805F80C28C026A14D4FE8C30A9673B9EC0C05A84AA810D1341B76C @@ -1681,7 +1810,7 @@ GcTNPLx5FgPUSI93B1l9t5gNnBc+f90OzXyjCA== -----END CERTIFICATE----- -# 46 +# 51 # Mismatched name "example.org", should still succeed given a # DANE-EE(3) match. 1 3 1 0 0 @@ -1730,7 +1859,7 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 47 +# 52 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the intermediate CA. 1 3 0 62 1 @@ -1779,7 +1908,7 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 48 +# 53 # Mismatched name "example.org", should fail despite a DANE-TA(2) # match for the root CA. 1 3 0 62 2 @@ -1828,7 +1957,7 @@ fEevg+GOsr1P6nNMCAsQd9NwsvTQ+jm+TBArWQ== -----END CERTIFICATE----- -# 49 +# 54 # Mismatched name "example.org", should fail when name checks # are not disabled for DANE-EE(3). 1 3 0 62 0 diff -Nru openssl-3.0.12/test/evp_extra_test.c openssl-3.0.13/test/evp_extra_test.c --- openssl-3.0.12/test/evp_extra_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/evp_extra_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -37,6 +37,10 @@ #include "internal/sizes.h" #include "crypto/evp.h" +#ifdef STATIC_LEGACY +OSSL_provider_init_fn ossl_legacy_provider_init; +#endif + static OSSL_LIB_CTX *testctx = NULL; static char *testpropq = NULL; @@ -486,6 +490,10 @@ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; +static const unsigned char cfbPlaintext_partial[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, + 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, +}; static const unsigned char gcmDefaultPlaintext[16] = { 0 }; @@ -502,6 +510,16 @@ 0xE8, 0x3C, 0xFB, 0x4A }; +static const unsigned char cfbCiphertext_partial[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 +}; + +static const unsigned char ofbCiphertext_partial[] = { + 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, + 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 +}; + static const unsigned char gcmDefaultCiphertext[] = { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 @@ -3740,6 +3758,30 @@ } }; +/* use same key, iv and plaintext for cfb and ofb */ +static const EVP_INIT_TEST_st evp_reinit_tests[] = { + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), + sizeof(cfbCiphertext_partial), 0, 0, 1, 0 + }, + { + "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, + cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 + }, + { + "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, + ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), + sizeof(ofbCiphertext_partial), 0, 0, 1, 0 + }, + { + "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, + cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), + sizeof(cfbPlaintext_partial), 0, 0, 0, 0 + }, +}; + static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) { int res = 0; @@ -3844,6 +3886,44 @@ return testresult; } +/* + * Test re-initialization of cipher context without changing key or iv. + * The result of both iteration should be the same. + */ +static int test_evp_reinit_seq(int idx) +{ + int outlen1, outlen2, outlen_final; + int testresult = 0; + unsigned char outbuf1[1024]; + unsigned char outbuf2[1024]; + const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *type = NULL; + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) + /* setup cipher context */ + || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) + /* first iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) + /* check test results iteration 1 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) + /* now re-init the context (same cipher, key and iv) */ + || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) + /* second iteration */ + || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) + || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) + /* check test results iteration 2 */ + || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) + goto err; + testresult = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(type); + return testresult; +} + typedef struct { const unsigned char *input; const unsigned char *expected; @@ -3927,7 +4007,7 @@ TEST_info("test_evp_reset %d: %s", idx, errmsg); EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_free(type); - return testresult; + return testresult; } typedef struct { @@ -4164,6 +4244,134 @@ return testresult; } +static const char *ivlen_change_ciphers[] = { + "AES-256-GCM", +#ifndef OPENSSL_NO_OCB + "AES-256-OCB", +#endif + "AES-256-CCM" +}; + +/* Negative test for ivlen change after iv being set */ +static int test_ivlen_change(int idx) +{ + int outlen; + int res = 0; + unsigned char outbuf[1024]; + static const unsigned char iv[] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + }; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *ciph = NULL; + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t ivlen = 13; /* non-default IV length */ + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], + testpropq))) + goto err; + + if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) + goto err; + + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, + &ivlen); + if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) + goto err; + + ERR_set_mark(); + if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + res = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(ciph); + return res; +} + +static const char *keylen_change_ciphers[] = { +#ifndef OPENSSL_NO_BF + "BF-ECB", +#endif +#ifndef OPENSSL_NO_CAST + "CAST5-ECB", +#endif +#ifndef OPENSSL_NO_RC2 + "RC2-ECB", +#endif +#ifndef OPENSSL_NO_RC4 + "RC4", +#endif +#ifndef OPENSSL_NO_RC5 + "RC5-ECB", +#endif + NULL +}; + +/* Negative test for keylen change after key was set */ +static int test_keylen_change(int idx) +{ + int outlen; + int res = 0; + unsigned char outbuf[1024]; + static const unsigned char key[] = { + 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, + 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 + }; + EVP_CIPHER_CTX *ctx = NULL; + EVP_CIPHER *ciph = NULL; + OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; + size_t keylen = 12; /* non-default key length */ + + if (lgcyprov == NULL) + return TEST_skip("Test requires legacy provider to be loaded"); + + if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) + goto err; + + if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], + testpropq))) + goto err; + + if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) + goto err; + + if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) + goto err; + + params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, + &keylen); + if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) + goto err; + + ERR_set_mark(); + if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, + sizeof(gcmDefaultPlaintext)))) { + ERR_clear_last_mark(); + goto err; + } + ERR_pop_to_mark(); + + res = 1; + err: + EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_free(ciph); + return res; +} + #ifndef OPENSSL_NO_DEPRECATED_3_0 static EVP_PKEY_METHOD *custom_pmeth = NULL; static const EVP_PKEY_METHOD *orig_pmeth = NULL; @@ -5109,6 +5317,15 @@ testctx = OSSL_LIB_CTX_new(); if (!TEST_ptr(testctx)) return 0; +#ifdef STATIC_LEGACY + /* + * This test is always statically linked against libcrypto. We must not + * attempt to load legacy.so that might be dynamically linked against + * libcrypto. Instead we use a built-in version of the legacy provider. + */ + if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) + return 0; +#endif /* Swap the libctx to test non-default context only */ nullprov = OSSL_PROVIDER_load(NULL, "null"); deflprov = OSSL_PROVIDER_load(testctx, "default"); @@ -5213,8 +5430,12 @@ ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); + ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); + ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); + if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) + ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); #ifndef OPENSSL_NO_DEPRECATED_3_0 ADD_ALL_TESTS(test_custom_pmeth, 12); diff -Nru openssl-3.0.12/test/evp_extra_test2.c openssl-3.0.13/test/evp_extra_test2.c --- openssl-3.0.12/test/evp_extra_test2.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/evp_extra_test2.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1221,6 +1221,24 @@ } #endif +/* + * Currently, EVP__fetch doesn't support + * colon separated alternative names for lookup + * so add a test here to ensure that when one is provided + * libcrypto returns an error + */ +static int evp_test_name_parsing(void) +{ + EVP_MD *md; + + if (!TEST_ptr_null(md = EVP_MD_fetch(mainctx, "SHA256:BogusName", NULL))) { + EVP_MD_free(md); + return 0; + } + + return 1; +} + int setup_tests(void) { if (!test_get_libctx(&mainctx, &nullprov, NULL, NULL, NULL)) { @@ -1229,6 +1247,7 @@ return 0; } + ADD_TEST(evp_test_name_parsing); ADD_TEST(test_alternative_default); ADD_ALL_TESTS(test_d2i_AutoPrivateKey_ex, OSSL_NELEM(keydata)); #ifndef OPENSSL_NO_EC diff -Nru openssl-3.0.12/test/evp_kdf_test.c openssl-3.0.13/test/evp_kdf_test.c --- openssl-3.0.12/test/evp_kdf_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/evp_kdf_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2018-2020, Oracle and/or its affiliates. All rights reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -544,6 +544,55 @@ return ret; } +static int test_kdf_pbkdf1_key_too_long(void) +{ + int ret = 0; + EVP_KDF_CTX *kctx = NULL; + unsigned char out[EVP_MAX_MD_SIZE + 1]; + unsigned int iterations = 4096; + OSSL_LIB_CTX *libctx = NULL; + OSSL_PARAM *params = NULL; + OSSL_PROVIDER *legacyprov = NULL; + OSSL_PROVIDER *defprov = NULL; + + if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())) + goto err; + + /* PBKDF1 only available in the legacy provider */ + legacyprov = OSSL_PROVIDER_load(libctx, "legacy"); + if (legacyprov == NULL) { + OSSL_LIB_CTX_free(libctx); + return TEST_skip("PBKDF1 only available in legacy provider"); + } + + if (!TEST_ptr(defprov = OSSL_PROVIDER_load(libctx, "default"))) + goto err; + + params = construct_pbkdf1_params("passwordPASSWORDpassword", "sha256", + "saltSALTsaltSALTsaltSALTsaltSALTsalt", + &iterations); + + /* + * This is the same test sequence as test_kdf_pbkdf1, but we expect + * failure here as the requested key size is longer than the digest + * can provide + */ + if (!TEST_ptr(params) + || !TEST_ptr(kctx = get_kdfbyname_libctx(libctx, OSSL_KDF_NAME_PBKDF1)) + || !TEST_true(EVP_KDF_CTX_set_params(kctx, params)) + || !TEST_int_eq(EVP_KDF_derive(kctx, out, sizeof(out), NULL), 0)) + goto err; + + ret = 1; +err: + EVP_KDF_CTX_free(kctx); + OPENSSL_free(params); + OSSL_PROVIDER_unload(defprov); + OSSL_PROVIDER_unload(legacyprov); + OSSL_LIB_CTX_free(libctx); + return ret; +} + static OSSL_PARAM *construct_pbkdf2_params(char *pass, char *digest, char *salt, unsigned int *iter, int *mode) { @@ -1630,6 +1679,7 @@ int setup_tests(void) { ADD_TEST(test_kdf_pbkdf1); + ADD_TEST(test_kdf_pbkdf1_key_too_long); #if !defined(OPENSSL_NO_CMAC) && !defined(OPENSSL_NO_CAMELLIA) ADD_TEST(test_kdf_kbkdf_6803_128); ADD_TEST(test_kdf_kbkdf_6803_256); diff -Nru openssl-3.0.12/test/evp_pkey_provided_test.c openssl-3.0.13/test/evp_pkey_provided_test.c --- openssl-3.0.12/test/evp_pkey_provided_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/evp_pkey_provided_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -1130,6 +1130,12 @@ /* This should succeed because there are no parameters to copy */ || !TEST_true(EVP_PKEY_copy_parameters(copy_pk, pk))) goto err; + if (!TEST_ptr(ctx2 = EVP_PKEY_CTX_new_from_pkey(NULL, copy_pk, NULL)) + /* This should fail because copy_pk has no pubkey */ + || !TEST_int_le(EVP_PKEY_public_check(ctx2), 0)) + goto err; + EVP_PKEY_CTX_free(ctx2); + ctx2 = NULL; EVP_PKEY_free(copy_pk); copy_pk = NULL; diff -Nru openssl-3.0.12/test/evp_test.c openssl-3.0.13/test/evp_test.c --- openssl-3.0.12/test/evp_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/evp_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -696,6 +696,9 @@ int ok = 0, tmplen, chunklen, tmpflen, i; EVP_CIPHER_CTX *ctx_base = NULL; EVP_CIPHER_CTX *ctx = NULL; + int fips_dupctx_supported = (fips_provider_version_gt(libctx, 3, 0, 12) + && fips_provider_version_lt(libctx, 3, 1, 0)) + || fips_provider_version_ge(libctx, 3, 1, 3); t->err = "TEST_FAILURE"; if (!TEST_ptr(ctx_base = EVP_CIPHER_CTX_new())) @@ -826,12 +829,20 @@ /* Test that the cipher dup functions correctly if it is supported */ ERR_set_mark(); - if (EVP_CIPHER_CTX_copy(ctx, ctx_base)) { - EVP_CIPHER_CTX_free(ctx_base); - ctx_base = NULL; - } else { + if (!EVP_CIPHER_CTX_copy(ctx, ctx_base)) { + if (fips_dupctx_supported) { + TEST_info("Doing a copy of Cipher %s Fails!\n", + EVP_CIPHER_get0_name(expected->cipher)); + ERR_print_errors_fp(stderr); + goto err; + } else { + TEST_info("Allowing copy fail as an old fips provider is in use."); + } EVP_CIPHER_CTX_free(ctx); ctx = ctx_base; + } else { + EVP_CIPHER_CTX_free(ctx_base); + ctx_base = NULL; } ERR_pop_to_mark(); @@ -1016,6 +1027,7 @@ int rv, frag = 0; size_t out_misalign, inp_misalign; + TEST_info("RUNNING TEST FOR CIPHER %s\n", EVP_CIPHER_get0_name(cdat->cipher)); if (!cdat->key) { t->err = "NO_KEY"; return 0; @@ -1408,6 +1420,7 @@ EVP_MAC_CTX *ctx = NULL; unsigned char *got = NULL; size_t got_len = 0, size = 0; + size_t size_before_init = 0, size_after_init, size_val = 0; int i, block_size = -1, output_size = -1; OSSL_PARAM params[21], sizes[3], *psizes = sizes; size_t params_n = 0; @@ -1504,6 +1517,9 @@ } params_n++; + if (strcmp(tmpkey, "size") == 0) + size_val = (size_t)strtoul(tmpval, NULL, 0); + OPENSSL_free(tmpkey); } params[params_n] = OSSL_PARAM_construct_end(); @@ -1512,11 +1528,31 @@ t->err = "MAC_CREATE_ERROR"; goto err; } - + if (fips_provider_version_gt(libctx, 3, 1, 4) + || (fips_provider_version_lt(libctx, 3, 1, 0) + && fips_provider_version_gt(libctx, 3, 0, 12))) + size_before_init = EVP_MAC_CTX_get_mac_size(ctx); if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { t->err = "MAC_INIT_ERROR"; goto err; } + size_after_init = EVP_MAC_CTX_get_mac_size(ctx); + if (!TEST_false(size_before_init == 0 && size_after_init == 0)) { + t->err = "MAC SIZE not set"; + goto err; + } + if (size_before_init != 0) { + /* mac-size not modified by init params */ + if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + /* mac-size modified by init params */ + if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + } if (expected->output_size >= 0) *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, &output_size); diff -Nru openssl-3.0.12/test/ext_internal_test.c openssl-3.0.13/test/ext_internal_test.c --- openssl-3.0.12/test/ext_internal_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/ext_internal_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -69,13 +69,6 @@ EXT_ENTRY(cryptopro_bug), EXT_ENTRY(early_data), EXT_ENTRY(certificate_authorities), -#ifndef OPENSSL_NO_QUIC - EXT_ENTRY(quic_transport_parameters_draft), - EXT_ENTRY(quic_transport_parameters), -#else - EXT_EXCEPTION(quic_transport_parameters_draft), - EXT_EXCEPTION(quic_transport_parameters), -#endif EXT_ENTRY(padding), EXT_ENTRY(psk), EXT_END(num_builtins) diff -Nru openssl-3.0.12/test/http_test.c openssl-3.0.13/test/http_test.c --- openssl-3.0.12/test/http_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/http_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -298,7 +298,8 @@ static int test_http_url_invalid_port(void) { - return test_http_url_invalid("https://1.2.3.4:65536/pkix"); + return test_http_url_invalid("https://1.2.3.4:65536/pkix") + && test_http_url_invalid("https://1.2.3.4:"); } static int test_http_url_invalid_path(void) diff -Nru openssl-3.0.12/test/invalid-x509.cnf openssl-3.0.13/test/invalid-x509.cnf --- openssl-3.0.12/test/invalid-x509.cnf 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/invalid-x509.cnf 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,6 @@ +[ext] +issuerSignTool = signTool +sbgp-autonomousSysNum = AS +issuingDistributionPoint = fullname +sbgp-ipAddrBlock = IPv4-SAFI + diff -Nru openssl-3.0.12/test/p_minimal.c openssl-3.0.13/test/p_minimal.c --- openssl-3.0.12/test/p_minimal.c 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/p_minimal.c 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,24 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This is the most minimal provider imaginable. It can be loaded, and does + * absolutely nothing else. + */ + +#include + +OSSL_provider_init_fn OSSL_provider_init; /* Check the function signature */ +int OSSL_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *oin, + const OSSL_DISPATCH **out, + void **provctx) +{ + return 1; +} diff -Nru openssl-3.0.12/test/params_test.c openssl-3.0.13/test/params_test.c --- openssl-3.0.12/test/params_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/params_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,6 +15,7 @@ #include #include #include +#include #include #include "internal/numbers.h" #include "internal/nelem.h" @@ -558,6 +559,7 @@ /* Arbitrary size buffer. Make sure the result fits in a long */ OSSL_PARAM_DEFN("num", OSSL_PARAM_INTEGER, NULL, 0), OSSL_PARAM_DEFN("unum", OSSL_PARAM_UNSIGNED_INTEGER, NULL, 0), + OSSL_PARAM_DEFN("octets", OSSL_PARAM_OCTET_STRING, NULL, 0), OSSL_PARAM_END, }; @@ -655,14 +657,56 @@ return a.expected_res; } +static int check_octetstr_from_hexstr(void) +{ + OSSL_PARAM param; + static const char *values[] = { "", "F", "FF", "FFF", "FFFF", NULL }; + int i; + int errcnt = 0; + + /* Test odd vs even number of hex digits */ + for (i = 0; values[i] != NULL; i++) { + int expected = (strlen(values[i]) % 2) != 1; + int result; + + ERR_clear_error(); + memset(¶m, 0, sizeof(param)); + if (expected) + result = + TEST_true(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); + else + result = + TEST_false(OSSL_PARAM_allocate_from_text(¶m, + params_from_text, + "hexoctets", values[i], 0, + NULL)); + if (!result) { + TEST_error("unexpected OSSL_PARAM_allocate_from_text() %s for 'octets' \"%s\"", + (expected ? "failure" : "success"), values[i]); + errcnt++; + } + OPENSSL_free(param.data); + } + return errcnt == 0; +} + static int test_allocate_from_text(int i) { return check_int_from_text(int_from_text_test_cases[i]); } +static int test_more_allocate_from_text(void) +{ + return check_octetstr_from_hexstr(); +} + int setup_tests(void) { ADD_ALL_TESTS(test_case, OSSL_NELEM(test_cases)); ADD_ALL_TESTS(test_allocate_from_text, OSSL_NELEM(int_from_text_test_cases)); + ADD_TEST(test_more_allocate_from_text); return 1; } diff -Nru openssl-3.0.12/test/property_test.c openssl-3.0.13/test/property_test.c --- openssl-3.0.12/test/property_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/property_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -107,6 +107,10 @@ { "n=0x3", "n=3", 1 }, { "n=0x3", "n=-3", -1 }, { "n=0x33", "n=51", 1 }, + { "n=0x123456789abcdef", "n=0x123456789abcdef", 1 }, + { "n=0x7fffffffffffffff", "n=0x7fffffffffffffff", 1 }, /* INT64_MAX */ + { "n=9223372036854775807", "n=9223372036854775807", 1 }, /* INT64_MAX */ + { "n=0777777777777777777777", "n=0777777777777777777777", 1 }, /* INT64_MAX */ { "n=033", "n=27", 1 }, { "n=0", "n=00", 1 }, { "n=0x0", "n=0", 1 }, @@ -169,6 +173,9 @@ { 1, "a=2, n=012345678" }, /* Bad octal digit */ { 0, "n=0x28FG, a=3" }, /* Bad hex digit */ { 0, "n=145d, a=2" }, /* Bad decimal digit */ + { 0, "n=0x8000000000000000, a=3" }, /* Hex overflow */ + { 0, "n=922337203000000000d, a=2" }, /* Decimal overflow */ + { 0, "a=2, n=1000000000000000000000" }, /* Octal overflow */ { 1, "@='hello'" }, /* Invalid name */ { 1, "n0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" diff -Nru openssl-3.0.12/test/prov_config_test.c openssl-3.0.13/test/prov_config_test.c --- openssl-3.0.12/test/prov_config_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/prov_config_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -8,9 +8,11 @@ */ #include +#include #include "testutil.h" static char *configfile = NULL; +static char *recurseconfigfile = NULL; /* * Test to make sure there are no leaks or failures from loading the config @@ -44,6 +46,30 @@ return testresult; } +static int test_recursive_config(void) +{ + OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); + int testresult = 0; + unsigned long err; + + if (!TEST_ptr(recurseconfigfile)) + goto err; + + if (!TEST_ptr(ctx)) + goto err; + + if (!TEST_false(OSSL_LIB_CTX_load_config(ctx, recurseconfigfile))) + goto err; + + err = ERR_peek_error(); + /* We expect to get a recursion error here */ + if (ERR_GET_REASON(err) == CONF_R_RECURSIVE_SECTION_REFERENCE) + testresult = 1; + err: + OSSL_LIB_CTX_free(ctx); + return testresult; +} + OPT_TEST_DECLARE_USAGE("configfile\n") int setup_tests(void) @@ -56,6 +82,10 @@ if (!TEST_ptr(configfile = test_get_argument(0))) return 0; + if (!TEST_ptr(recurseconfigfile = test_get_argument(1))) + return 0; + + ADD_TEST(test_recursive_config); ADD_TEST(test_double_config); return 1; } diff -Nru openssl-3.0.12/test/recipes/01-test_symbol_presence.t openssl-3.0.13/test/recipes/01-test_symbol_presence.t --- openssl-3.0.12/test/recipes/01-test_symbol_presence.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/01-test_symbol_presence.t 2024-01-30 13:28:16.000000000 +0000 @@ -70,17 +70,35 @@ note "Number of lines in \@def_lines before massaging: ", scalar @def_lines; # Massage the nm output to only contain defined symbols + # Common symbols need separate treatment + my %commons; + foreach (@nm_lines) { + if (m|^(.*) C .*|) { + $commons{$1}++; + } + } + foreach (sort keys %commons) { + note "Common symbol: $_"; + } + @nm_lines = sort - map { - # Drop the first space and everything following it - s| .*||; - # Drop OpenSSL dynamic version information if there is any - s|\@\@.+$||; - # Return the result - $_ - } - grep(m|.* [BCDST] .*|, @nm_lines); + ( map { + # Drop the first space and everything following it + s| .*||; + # Drop OpenSSL dynamic version information if there is any + s|\@\@.+$||; + # Return the result + $_ + } + # Drop any symbol starting with a double underscore, they + # are reserved for the compiler / system ABI and are none + # of our business + grep !m|^__|, + # Only look at external definitions + grep m|.* [BDST] .*|, + @nm_lines ), + keys %commons; # Massage the mkdef.pl output to only contain global symbols # The output we got is in Unix .map format, which has a global diff -Nru openssl-3.0.12/test/recipes/04-test_asn1_parse.t openssl-3.0.13/test/recipes/04-test_asn1_parse.t --- openssl-3.0.12/test/recipes/04-test_asn1_parse.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recipes/04-test_asn1_parse.t 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,26 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use OpenSSL::Test qw(:DEFAULT srctop_file); +use OpenSSL::Test::Utils; + +setup("test_asn1_parse"); + +plan tests => 3; + +$ENV{OPENSSL_CONF} = srctop_file("test", "test_asn1_parse.cnf"); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.1'])))); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.2'])))); + +ok(run(app(([ 'openssl', 'asn1parse', + '-genstr', 'OID:1.2.3.4.3'])))); diff -Nru openssl-3.0.12/test/recipes/04-test_asn1_stable_parse.t openssl-3.0.13/test/recipes/04-test_asn1_stable_parse.t --- openssl-3.0.12/test/recipes/04-test_asn1_stable_parse.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recipes/04-test_asn1_stable_parse.t 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,24 @@ +#! /usr/bin/env perl +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir bldtop_dir bldtop_file data_dir/; +use OpenSSL::Test::Utils; +use Cwd qw(abs_path); + +BEGIN { +setup("test_asn1_stable_parse"); +} +my $config_path = srctop_file("test", "recipes", "04-test_asn1_stable_parse_data", "asn1_stable_parse.cnf"); + +plan tests => 1; + +ok(run(test(["asn1_stable_parse_test", "-config", $config_path])), + "Confirm that malformed entries in stable section are not parsed"); + diff -Nru openssl-3.0.12/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf openssl-3.0.13/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf --- openssl-3.0.12/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recipes/04-test_asn1_stable_parse_data/asn1_stable_parse.cnf 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,16 @@ +openssl_conf = openssl_init +config_diagnostics = 1 + +[openssl_init] +s = mstbl + +[mstbl] +id-tc26 = min +id-tc27 = :::::: +id-tc28 = ,,,,,, +id-tc29 = :,:,:, +id-tc30 = n1:min +id-tc31 = n2:max +id-tc32 = n3: +id-tc33 = :0 + diff -Nru openssl-3.0.12/test/recipes/04-test_provider.t openssl-3.0.13/test/recipes/04-test_provider.t --- openssl-3.0.12/test/recipes/04-test_provider.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/04-test_provider.t 2024-01-30 13:28:16.000000000 +0000 @@ -12,10 +12,17 @@ setup("test_provider"); -plan tests => 2; +plan tests => 3; ok(run(test(['provider_test'])), "provider_test"); $ENV{"OPENSSL_MODULES"} = bldtop_dir("test"); ok(run(test(['provider_test', '-loaded'])), "provider_test -loaded"); + + SKIP: { + skip "no module support", 1 if disabled("module"); + + ok(run(app(['openssl', 'list', '-provider', 'p_minimal', + '-providers', '-verbose']))); +} diff -Nru openssl-3.0.12/test/recipes/15-test_gensm2.t openssl-3.0.13/test/recipes/15-test_gensm2.t --- openssl-3.0.12/test/recipes/15-test_gensm2.t 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recipes/15-test_gensm2.t 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,61 @@ +#! /usr/bin/env perl +# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + + +use strict; +use warnings; + +use File::Spec; +use OpenSSL::Test qw(:DEFAULT pipe); +use OpenSSL::Test::Utils; + +# These are special key generation tests for SM2 keys specifically, +# as they could be said to be a bit special in their encoding. +# This is an auxilliary test to 15-test_genec.t + +setup("test_gensm2"); + +plan skip_all => "This test is unsupported in a no-sm2 build" + if disabled("sm2"); + +plan tests => 2; + +# According to the example in GM/T 0015-2012, appendix D.2, +# generating an EC key with the named SM2 curve or generating +# an SM2 key should end up with the same encoding (apart from +# key private key field itself). This regular expressions +# shows us what 'openssl asn1parse' should display. + +my $sm2_re = qr| + ^ + .*?\Qcons: SEQUENCE\E\s+?\R + .*?\Qprim: INTEGER :00\E\R + .*?\Qcons: SEQUENCE\E\s+?\R + .*?\Qprim: OBJECT :id-ecPublicKey\E\R + .*?\Qprim: OBJECT :sm2\E\R + .*?\Qprim: OCTET STRING [HEX DUMP]:\E + |mx; + +my $cmd_genec = app([ 'openssl', 'genpkey', + '-algorithm', 'EC', + '-pkeyopt', 'ec_paramgen_curve:SM2', + '-pkeyopt', 'ec_param_enc:named_curve' ]); +my $cmd_gensm2 = app([ 'openssl', 'genpkey', '-algorithm', 'SM2' ]); +my $cmd_asn1parse = app([ 'openssl', 'asn1parse', '-i' ]); + +my $result_ec = join("", run(pipe($cmd_genec, $cmd_asn1parse), + capture => 1)); + +like($result_ec, $sm2_re, + "Check that 'genpkey -algorithm EC' resulted in a correctly encoded SM2 key"); + +my $result_sm2 = join("", run(pipe($cmd_gensm2, $cmd_asn1parse), + capture => 1)); + +like($result_sm2, $sm2_re, + "Check that 'genpkey -algorithm SM2' resulted in a correctly encoded SM2 key"); diff -Nru openssl-3.0.12/test/recipes/25-test_req.t openssl-3.0.13/test/recipes/25-test_req.t --- openssl-3.0.12/test/recipes/25-test_req.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/25-test_req.t 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -15,7 +15,7 @@ setup("test_req"); -plan tests => 46; +plan tests => 49; require_ok(srctop_file('test', 'recipes', 'tconversion.pl')); @@ -40,14 +40,19 @@ "-key", srctop_file("test", "certs", "ee-key.pem"), "-config", srctop_file("test", "test.cnf"), @req_new ); my $val = "subjectAltName=DNS:example.com"; +my $val1 = "subjectAltName=otherName:1.2.3.4;UTF8:test,email:info\@example.com"; my $val2 = " " . $val; my $val3 = $val; $val3 =~ s/=/ =/; ok( run(app([@addext_args, "-addext", $val]))); +ok( run(app([@addext_args, "-addext", $val1]))); +$val1 =~ s/UTF8/XXXX/; # execute the error handling in do_othername +ok(!run(app([@addext_args, "-addext", $val1]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val2]))); ok(!run(app([@addext_args, "-addext", $val, "-addext", $val3]))); ok(!run(app([@addext_args, "-addext", $val2, "-addext", $val3]))); +ok(run(app([@addext_args, "-addext", "SXNetID=1:one, 2:two, 3:three"]))); # If a CSR is provided with neither of -key or -CA/-CAkey, this should fail. ok(!run(app(["openssl", "req", "-x509", diff -Nru openssl-3.0.12/test/recipes/25-test_x509.t openssl-3.0.13/test/recipes/25-test_x509.t --- openssl-3.0.12/test/recipes/25-test_x509.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/25-test_x509.t 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -16,7 +16,7 @@ setup("test_x509"); -plan tests => 28; +plan tests => 29; # Prevent MSys2 filename munging for arguments that look like file paths but # aren't @@ -186,6 +186,14 @@ # verify issuer is CA ok (get_issuer($a2_cert) =~ /CN = ca.example.com/); +my $in_csr = srctop_file('test', 'certs', 'x509-check.csr'); +my $in_key = srctop_file('test', 'certs', 'x509-check-key.pem'); +my $invextfile = srctop_file('test', 'invalid-x509.cnf'); +# Test that invalid extensions settings fail +ok(!run(app(["openssl", "x509", "-req", "-in", $in_csr, "-signkey", $in_key, + "-out", "/dev/null", "-days", "3650" , "-extensions", "ext", + "-extfile", $invextfile]))); + # Tests for issue #16080 (fixed in 1.1.1o) my $b_key = "b-key.pem"; my $b_csr = "b-cert.csr"; diff -Nru openssl-3.0.12/test/recipes/30-test_prov_config.t openssl-3.0.13/test/recipes/30-test_prov_config.t --- openssl-3.0.12/test/recipes/30-test_prov_config.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/30-test_prov_config.t 2024-01-30 13:28:16.000000000 +0000 @@ -22,11 +22,14 @@ plan tests => 2; -ok(run(test(["prov_config_test", srctop_file("test", "default.cnf")])), +ok(run(test(["prov_config_test", srctop_file("test", "default.cnf"), + srctop_file("test", "recursive.cnf")])), "running prov_config_test default.cnf"); + SKIP: { skip "Skipping FIPS test in this build", 1 if $no_fips; - ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf")])), + ok(run(test(["prov_config_test", srctop_file("test", "fips.cnf"), + srctop_file("test", "recursive.cnf")])), "running prov_config_test fips.cnf"); } diff -Nru openssl-3.0.12/test/recipes/80-test_cms.t openssl-3.0.13/test/recipes/80-test_cms.t --- openssl-3.0.12/test/recipes/80-test_cms.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/80-test_cms.t 2024-01-30 13:28:16.000000000 +0000 @@ -50,7 +50,7 @@ $no_rc2 = 1 if disabled("legacy"); -plan tests => 18; +plan tests => 19; ok(run(test(["pkcs7_test"])), "test pkcs7"); @@ -222,13 +222,15 @@ \&final_compare ], - [ "enveloped content test streaming S/MIME format, DES, 3 recipients, key only used", + [ "enveloped content test streaming S/MIME format, DES, 3 recipients, cert and key files used", [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont, "-stream", "-out", "{output}.cms", $smrsa1, catfile($smdir, "smrsa2.pem"), - catfile($smdir, "smrsa3.pem") ], - [ "{cmd2}", @defaultprov, "-decrypt", "-inkey", catfile($smdir, "smrsa3.pem"), + catfile($smdir, "smrsa3-cert.pem") ], + [ "{cmd2}", @defaultprov, "-decrypt", + "-recip", catfile($smdir, "smrsa3-cert.pem"), + "-inkey", catfile($smdir, "smrsa3-key.pem"), "-in", "{output}.cms", "-out", "{output}.txt" ], \&final_compare ], @@ -1019,3 +1021,51 @@ ])), "Check for failure when cipher does not have an assigned OID (issue#22225)"); }); + +# Test encrypt to three recipients, and decrypt using key-only; +# i.e. do not follow the recommended practice of providing the +# recipient cert in the decrypt op. +# +# Use RSAES-OAEP for key-transport, not RSAES-PKCS-v1_5. +# +# Because the cert is not provided during decrypt, all RSA ciphertexts +# are decrypted in turn, and when/if there is a valid decryption, it +# is assumed the correct content-key has been recovered. +# +# That process may fail with RSAES-PKCS-v1_5 b/c there is a +# non-negligible chance that decrypting a random input using +# RSAES-PKCS-v1_5 can result in a valid plaintext (so two content-keys +# could be recovered and the wrong one might be used). +# +# See https://github.com/openssl/project/issues/380 +subtest "encrypt to three recipients with RSA-OAEP, key only decrypt" => sub { + plan tests => 3; + + my $pt = srctop_file("test", "smcont.txt"); + my $ct = "smtst.cms"; + my $ptpt = "smtst.txt"; + + ok(run(app(['openssl', 'cms', + @defaultprov, + '-encrypt', '-aes128', + '-in', $pt, + '-out', $ct, + '-stream', + '-recip', catfile($smdir, "smrsa1.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + '-recip', catfile($smdir, "smrsa2.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + '-recip', catfile($smdir, "smrsa3-cert.pem"), + '-keyopt', 'rsa_padding_mode:oaep', + ])), + "encrypt to three recipients with RSA-OAEP (avoid openssl/project issue#380)"); + ok(run(app(['openssl', 'cms', + @defaultprov, + '-decrypt', '-aes128', + '-in', $ct, + '-out', $ptpt, + '-inkey', catfile($smdir, "smrsa3-key.pem"), + ])), + "decrypt with key only"); + is(compare($pt, $ptpt), 0, "compare original message with decrypted ciphertext"); +}; diff -Nru openssl-3.0.12/test/recipes/80-test_pkcs12.t openssl-3.0.13/test/recipes/80-test_pkcs12.t --- openssl-3.0.12/test/recipes/80-test_pkcs12.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/80-test_pkcs12.t 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -9,7 +9,7 @@ use strict; use warnings; -use OpenSSL::Test qw/:DEFAULT srctop_file/; +use OpenSSL::Test qw/:DEFAULT srctop_file with/; use OpenSSL::Test::Utils; use Encode; @@ -54,7 +54,7 @@ } $ENV{OPENSSL_WIN32_UTF8}=1; -plan tests => 13; +plan tests => 17; # Test different PKCS#12 formats ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats"); @@ -148,4 +148,25 @@ # Test that the expected friendly name is present in the output ok(grep(/testname/, @pkcs12info) == 1, "test friendly name in output"); +# Test some bad pkcs12 files +my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12"); +my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12"); +my $bad3 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad3.p12"); + +with({ exit_checker => sub { return shift == 1; } }, + sub { + ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:"])), + "test bad pkcs12 file 1"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad1, "-password", "pass:", + "-nomacver"])), + "test bad pkcs12 file 1 (nomacver)"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad2, "-password", "pass:"])), + "test bad pkcs12 file 2"); + + ok(run(app(["openssl", "pkcs12", "-in", $bad3, "-password", "pass:"])), + "test bad pkcs12 file 3"); + }); + SetConsoleOutputCP($savedcp) if (defined($savedcp)); Binary files /tmp/tmptjm9n1k2/6B8QtGLfI4/openssl-3.0.12/test/recipes/80-test_pkcs12_data/bad1.p12 and /tmp/tmptjm9n1k2/HmBIDqc8rX/openssl-3.0.13/test/recipes/80-test_pkcs12_data/bad1.p12 differ Binary files /tmp/tmptjm9n1k2/6B8QtGLfI4/openssl-3.0.12/test/recipes/80-test_pkcs12_data/bad2.p12 and /tmp/tmptjm9n1k2/HmBIDqc8rX/openssl-3.0.13/test/recipes/80-test_pkcs12_data/bad2.p12 differ Binary files /tmp/tmptjm9n1k2/6B8QtGLfI4/openssl-3.0.12/test/recipes/80-test_pkcs12_data/bad3.p12 and /tmp/tmptjm9n1k2/HmBIDqc8rX/openssl-3.0.13/test/recipes/80-test_pkcs12_data/bad3.p12 differ diff -Nru openssl-3.0.12/test/recipes/91-test_pkey_check.t openssl-3.0.13/test/recipes/91-test_pkey_check.t --- openssl-3.0.12/test/recipes/91-test_pkey_check.t 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/91-test_pkey_check.t 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ #! /usr/bin/env perl -# Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -70,7 +70,7 @@ "dhpkey.pem" )) unless disabled("dh"); -my @negative_pubtests = (); +my @negative_pubtests = ("rsapub_17k.pem"); # Too big RSA public key push(@negative_pubtests, ( "dsapub_noparam.der" diff -Nru openssl-3.0.12/test/recipes/91-test_pkey_check_data/rsapub_17k.pem openssl-3.0.13/test/recipes/91-test_pkey_check_data/rsapub_17k.pem --- openssl-3.0.12/test/recipes/91-test_pkey_check_data/rsapub_17k.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recipes/91-test_pkey_check_data/rsapub_17k.pem 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,48 @@ +-----BEGIN PUBLIC KEY----- +MIIIbzANBgkqhkiG9w0BAQEFAAOCCFwAMIIIVwKCCE4Ang+cE5H+hg3RbapDAHqR +B9lUnp2MlAwsZxQ/FhYepaR60bFQeumbu7817Eo5YLMObVI99hF1C4u/qcpD4Jph +gZt87/JAYDbP+DIh/5gUXCL9m5Fp4u7mvZaZdnlcftBvR1uKUTCAwc9pZ/Cfr8W2 +GzrRODzsNYnk2DcZMfe2vRDuDZRopE+Y+I72rom2SZLxoN547N1daM/M/CL9KVQ/ +XMI/YOpJrBI0jI3brMRhLkvLckwies9joufydlGbJkeil9H7/grj3fQZtFkZ2Pkj +b87XDzRVX7wsEpAgPJxskL3jApokCp1kQYKG+Uc3dKM9Ade6IAPK7VKcmbAQTYw2 +gZxsc28dtstazmfGz0ACCTSMrmbgWAM3oPL7RRzhrXDWgmYQ0jHefGh8SNTIgtPq +TuHxPYkDMQNaf0LmDGCxqlnf4b5ld3YaU8zZ/RqIRx5v/+w0rJUvU53qY1bYSnL1 +vbqKSnN2mip0GYyQ4AUgkS1NBV4rGYU/VTvzEjLfkg02KOtHKandvEoUjmZPzCT0 +V2ZhGc8K1UJNGYlIiHqCdwCBoghvly/pYajTkDXyd6BsukzA5H3IkZB1xDgl035j +/0Cr7QeZLEOdi9fPdSSaBT6OmD0WFuZfJF0wMr7ucRhWzPXvSensD9v7MBE7tNfH +SLeTSx8tLt8UeWriiM+0CnkPR1IOqMOxubOyf1eV8NQqEWm5wEQG/0IskbOKnaHa +PqLFJZn/bvyL3XK5OxVIJG3z6bnRDOMS9SzkjqgPdIO8tkySEHVSi/6iuGUltx3Y +Fmq6ye/r34ekyHPbfn6UuTON7joM6SIXb5bHM64x4iMVWx4hMvDjfy0UqfywAUyu +C1o7BExSMxxFG8GJcqR0K8akpPp7EM588PC+YuItoxzXgfUJnP3BQ1Beev2Ve7/J +xeGZH0N4ntfr+cuaLAakAER9zDglwChWflw3NNFgIdAgSxXv3XXx5xDXpdP4lxUo +F5zAN4Mero3yV90FaJl7Vhq/UFVidbwFc15jUDwaE0mKRcsBeVd3GOhoECAgE0id +aIPT20z8oVY0FyTJlRk7QSjo8WjJSrHY/Fn14gctX07ZdfkufyL6w+NijBdYluvB +nIrgHEvpkDEWoIa8qcx0EppoIcmqgMV2mTShfFYSybsO33Pm8WXec2FXjwhzs1Pi +R/BuIW8rHPI67xqWm0h8dEw11vtfi9a/BBBikFHe59KBjMTG+lW/gADNvRoTzGh7 +kN4+UVDS3jlSisRZZOn1XoeQtpubNYWgUsecjKy45IwIj8h1SHgn3wkmUesY0woN +mOdoNtq+NezN4RFtbCOHhxFVpKKDi/HQP2ro0ykkXMDjwEIVf2Lii1Mg9UP8m+Ux +AOqkTrIkdogkRx+70h7/wUOfDIFUq2JbKzqxJYamyEphcdAko7/B8efQKc61Z93O +f2SHa4++4WI7wIIx18v5KV4M/cRmrfc8w9WRkQN3gBT5AJMuqwcSHVXBWvNQeGmi +ScMh7X6cCZ0daEujqb8svq4WgsJ8UT4GaGBRIYtt7QUKEh+JQwNJzneRYZ3pzpaH +UJeeoYobMlkp3rM9cYzdq90nBQiI9Jsbim9m9ggb2dMOS5CsI9S/IuG2O5uTjfxx +wkwsd5nLDFtNXHYZ7W6XlVJ1Rc6zShnEmdCn3mmibb6OaMUmun2yl9ryEjVSoXLP +fSA8W9K9yNhKTRkzdXJfqlC+s/ovX2xBGxsuOoUDaXhRVz0qmpKIHeSFjIP4iXq4 +y8gDiwvM3HbZfvVonbg6siPwpn4uvw3hesojk1DKAENS52i6U3uK2fs1ALVxsFNS +Yh914rDu0Q3e4RXVhURaYzoEbLCot6WGYeCCfQOK0rkETMv+sTYYscC8/THuW7SL +HG5zy9Ed95N1Xmf8J+My7gM7ZFodGdHsWvdzEmqsdOFh6IVx/VfHFX0MDBq0t6lZ +eRvVgVCfu3gkYLwPScn/04E02vOom51ISKHsF/I11erC66jjNYV9BSpH8O7sAHxZ +EmPT2ZVVRSgivOHdQW/FZ3UZQQhVaVSympo2Eb4yWEMFn84Q8T+9Honj6gnB5PXz +chmeCsOMlcg1mwWwhn0k+OAWEZy7VRUk5Ahp0fBAGJgwBdqrZ3kM356DjUkVBiYq +4eHyvafNKmjf2mnFsI3g2NKRNyl1Lh63wyCFx60yYvBUfXF/W9PFJbD9CiP83kEW +gV36gxTsbOSfhpO1OXR90ODy0kx06XzWmJCUugK8u9bx4F/CjV+LIHExuNJiethC +A8sIup/MT0fWp4RO/SsVblGqfoqJTaPnhptQzeH2N07pbWkxeMuL6ppPuwFmfVjK +FJndqCVrAukcPEOQ16iVURuloJMudqYRc9QKkJFsnv0W/iMNbqQGmXe8Q/5qFiys +26NIQBiE2ad9hNLnoccEnmYSRgnW3ZPSKuq5TDdYyDqTZH2r8cam65pr3beKw2XC +xw4cc7VaxiwGC2Mg2wRmwwPaTjrcEt6sMa3RjwFEVBxBFyM26wnTEZsTBquCxV0J +pgERaeplkixP2Q0m7XAdlDaob973SM2vOoUgypzDchWmpx7u775bnOfU5CihwXl+ +k0i09WZuT8bPmhEAiGCw5sNzMkz1BC2cCZFfJIkE2vc/wXYOrGxBTJo0EKaUFswa +2dnP/u0bn+VksBUM7ywW9LJSXh4mN+tpzdeJtxEObKwX1I0dQxSPWmjd2++wMr9q +Unre5fCrDToy2H7C2VKSpuOCT2/Kv4JDQRWwI4KxQOpn0UknAGNmfBoTtpIZ3LEb +77oBUJdMQD7tQBBLL0a6f1TdK0dHVprWWawJ+gGFMiMQXqAqblHcxFKWuHv9bQID +AQAB +-----END PUBLIC KEY----- diff -Nru openssl-3.0.12/test/recipes/95-test_external_gost_engine_data/gost_engine.sh openssl-3.0.13/test/recipes/95-test_external_gost_engine_data/gost_engine.sh --- openssl-3.0.12/test/recipes/95-test_external_gost_engine_data/gost_engine.sh 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/recipes/95-test_external_gost_engine_data/gost_engine.sh 2024-01-30 13:28:16.000000000 +0000 @@ -1,6 +1,6 @@ #!/bin/sh # -# Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy @@ -45,7 +45,7 @@ echo " OpenSSL version: $OPENSSL_VERSION" echo "------------------------------------------------------------------" -cmake $SRCTOP/gost-engine -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" +cmake $SRCTOP/gost-engine -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" -DOPENSSL_ENGINES_DIR="$OPENSSL_ROOT_DIR/engines" make export CTEST_OUTPUT_ON_FAILURE=1 export HARNESS_OSSL_PREFIX='' diff -Nru openssl-3.0.12/test/recursive.cnf openssl-3.0.13/test/recursive.cnf --- openssl-3.0.12/test/recursive.cnf 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/recursive.cnf 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,8 @@ +openssl_conf = openssl_init +config_diagnostics = yes + +[openssl_init] +providers = provider_sect + +[provider_sect] + = provider_sect diff -Nru openssl-3.0.12/test/siphash_internal_test.c openssl-3.0.13/test/siphash_internal_test.c --- openssl-3.0.12/test/siphash_internal_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/siphash_internal_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -257,7 +257,7 @@ static int test_siphash_basic(void) { SIPHASH siphash = { 0, }; - unsigned char key[SIPHASH_KEY_SIZE]; + static const unsigned char key[SIPHASH_KEY_SIZE] = {0}; unsigned char output[SIPHASH_MAX_DIGEST_SIZE]; /* Use invalid hash size */ diff -Nru openssl-3.0.12/test/smime-certs/smrsa3-cert.pem openssl-3.0.13/test/smime-certs/smrsa3-cert.pem --- openssl-3.0.12/test/smime-certs/smrsa3-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/smime-certs/smrsa3-cert.pem 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDeTCCAmGgAwIBAgIUIDyc//j/LoNDesZTGbPBoVarv4EwDQYJKoZIhvcNAQEL +BQAwRDELMAkGA1UEBhMCVUsxFjAUBgNVBAoMDU9wZW5TU0wgR3JvdXAxHTAbBgNV +BAMMFFRlc3QgUy9NSU1FIFJTQSBSb290MCAXDTIyMDYwMjE1MzMxM1oYDzIxMjIw +NTA5MTUzMzEzWjBFMQswCQYDVQQGEwJVSzEWMBQGA1UECgwNT3BlblNTTCBHcm91 +cDEeMBwGA1UEAwwVVGVzdCBTL01JTUUgRUUgUlNBICMzMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEA+QP7d56K4/9eu7aChtWILYNxvqWeDcJeWvX5Z5vC +XUjFuUxBD9U0rw1SBLgFYu8aqAJ+oXsqaGjJARifgKEqPUe7pnYYatr55lhTbHR+ +qA88p1V4sclEaPNWKzd7J/V3eeYr04kqWV5XYhAq9k9AWLzsNIePe2z7OoGPS6oK +wRzWFRd5RYXTpmFr/tqknbYvtYFd7duKb9QqytgHV+RKXXeY0fnjZ7frLmaqDwtI +U3DY7MyS3Hw2BVx72vQXBNA364HGEpqEgVOdzI7et0wpSumaFXDye714xUR53L7N +f3fp3PQXS/RbBiNXs7KUsHCR6nsdsIKO+sg66gxOLNt6zwIDAQABo2AwXjAMBgNV +HRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIF4DAdBgNVHQ4EFgQUN9pGq/UFS3o50rTi +V+AYgAk+3R4wHwYDVR0jBBgwFoAUFcETIWviVV+nah1XINbP86lzZFkwDQYJKoZI +hvcNAQELBQADggEBAGcOh380/6aJqMpYBssuf2CB3DX/hGKdvEF7fF8iNSfl5HHq +112kHl3MhbL9Th/safJq9sLDJqjXRNdVCUJJbU4YI2P2gsi04paC0qxWxMLtzQLd +CE7ki2xH94Fuu/dThbpzZBABROO1RrdI24GDGt9t4Gf0WVkobmT/zNlwGppKTIB2 +iV/Ug30iKr/C49UzwUIa+XXXujkjPTmGSnrKwVQNxQh81rb+iTL7GEnNuqDsatHW +ZyLS2SaVdG5tMqDkITPMDGjehUzJcAbVc8Bv4m8Ukuov3uDj2Doc6MxlvrVkV0AE +BcSCb/bWQJJ/X4LQZlx9cMk4NINxV9UeFPZOefg= +-----END CERTIFICATE----- diff -Nru openssl-3.0.12/test/smime-certs/smrsa3-key.pem openssl-3.0.13/test/smime-certs/smrsa3-key.pem --- openssl-3.0.12/test/smime-certs/smrsa3-key.pem 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/smime-certs/smrsa3-key.pem 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQD5A/t3norj/167 +toKG1Ygtg3G+pZ4Nwl5a9flnm8JdSMW5TEEP1TSvDVIEuAVi7xqoAn6heypoaMkB +GJ+AoSo9R7umdhhq2vnmWFNsdH6oDzynVXixyURo81YrN3sn9Xd55ivTiSpZXldi +ECr2T0BYvOw0h497bPs6gY9LqgrBHNYVF3lFhdOmYWv+2qSdti+1gV3t24pv1CrK +2AdX5Epdd5jR+eNnt+suZqoPC0hTcNjszJLcfDYFXHva9BcE0DfrgcYSmoSBU53M +jt63TClK6ZoVcPJ7vXjFRHncvs1/d+nc9BdL9FsGI1ezspSwcJHqex2wgo76yDrq +DE4s23rPAgMBAAECggEAEDi+VWD5VUpjD5zWOoPQiRDGBJBhtMAKkl6okxEmXvWb +Xz3STFnjHgA1JFHW3bRU9BHI9k8vSHmnlnkfKb3V/ZX5IHNcKCHb/x9NBak+QLVQ +0zLtfE9vxiTC0B/oac+MPaiD4hYFQ81pFwK6VS0Poi8ZCBJtOkRqfUvsyV8zZrgh +/6cs4mwOVyZPFRgF9eWXYv7PJz8pNRizhII0iv9H/r2I3DzsZLPCg7c29mP+I/SG +A7Pl82UXjtOc0KurGY2M5VheZjxJT/k/FLMkWY2GS5n6dfcyzsVSKb25HoeuvQsI +vs1mKs+Onbobdc17hCcKVJzbi3DwXs5XDhrEzfHccQKBgQD88uBxVCRV31PsCN6I +pKxQDGgz+1BqPqe7KMRiZI7HgDUK0eCM3/oG089/jsBtJcSxnScLSVNBjQ+xGiFi +YCD4icQoJSzpqJyR6gDq5lTHASAe+9LWRW771MrtyACQWNXowYEyu8AjekrZkCUS +wIKVpw57oWykzIoS7ixZsJ8gxwKBgQD8BPWqJEsLiQvOlS5E/g88eV1KTpxm9Xs+ +BbwsDXZ7m4Iw5lYaUu5CwBB/2jkGGRl8Q/EfAdUT7gXv3t6x5b1qMXaIczmRGYto +NuI3AH2MPxAa7lg5TgBgie1r7PKwyPMfG3CtDx6n8W5sexgJpbIy5u7E+U6d8s1o +c7EcsefduQKBgCkHJAx9v18GWFBip+W2ABUDzisQSlzRSNd8p03mTZpiWzgkDq4K +7j0JQhDIkMGjbKH6gYi9Hfn17WOmf1+7g92MSvrP/NbxeGPadsejEIEu14zu/6Wt +oXDLdRbYZ+8B2cBlEpWuCl42yck8Lic6fnPTou++oSah3otvglYR5d2lAoGACd8L +3FE1m0sP6lSPjmZBJIZAcDOqDqJY5HIHD9arKGZL8CxlfPx4lqa9PrTGfQWoqORk +YmmI9hHhq6aYJHGyPKGZWfjhbVyJyFg1/h+Hy2GA+P0S+ZOjkiR050BNtTz5wOMr +Q6wO8FcVkywzIdWaqEHBYne9a5RiFVBKxKv3QAkCgYBxmCBKajFkMVb4Uc55WqJs +Add0mctGgmZ1l5vq81eWe3wjM8wgfJgaD3Q3gwx2ABUX/R+OsVWSh4o5ZR86sYoz +TviknBHF8GeDLjpT49+04fEaz336J2JOptF9zIpz7ZK1nrOEjzaZGtumReVjUP7X +fNcb5iDYqZRzD8ixBbLxUw== +-----END PRIVATE KEY----- diff -Nru openssl-3.0.12/test/ssl_old_test.c openssl-3.0.13/test/ssl_old_test.c --- openssl-3.0.12/test/ssl_old_test.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/ssl_old_test.c 2024-01-30 13:28:16.000000000 +0000 @@ -894,7 +894,8 @@ { APP_CALLBACK_STRING, 0 }; SSL_CTX *c_ctx = NULL; const SSL_METHOD *meth = NULL; - SSL *c_ssl, *s_ssl; + SSL *c_ssl = NULL; + SSL *s_ssl = NULL; int number = 1, reuse = 0; int should_reuse = -1; int no_ticket = 0; @@ -1759,6 +1760,8 @@ c_ssl = SSL_new(c_ctx); s_ssl = SSL_new(s_ctx); + if (c_ssl == NULL || s_ssl == NULL) + goto end; if (sn_client) SSL_set_tlsext_host_name(c_ssl, sn_client); @@ -1819,10 +1822,11 @@ case BIO_IPV4: case BIO_IPV6: ret = EXIT_FAILURE; - goto err; + goto end; #endif } - if (ret != EXIT_SUCCESS) break; + if (ret != EXIT_SUCCESS) + break; } if (should_negotiate && ret == EXIT_SUCCESS && @@ -1832,13 +1836,13 @@ if (version < 0) { BIO_printf(bio_err, "Error parsing: %s\n", should_negotiate); ret = EXIT_FAILURE; - goto err; + goto end; } if (SSL_version(c_ssl) != version) { BIO_printf(bio_err, "Unexpected version negotiated. " "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl)); ret = EXIT_FAILURE; - goto err; + goto end; } } @@ -1849,20 +1853,20 @@ "Expected: %d, server: %d, client: %d\n", should_reuse, SSL_session_reused(s_ssl), SSL_session_reused(c_ssl)); ret = EXIT_FAILURE; - goto err; + goto end; } } if (server_sess_out != NULL) { if (write_session(server_sess_out, SSL_get_session(s_ssl)) == 0) { ret = EXIT_FAILURE; - goto err; + goto end; } } if (client_sess_out != NULL) { if (write_session(client_sess_out, SSL_get_session(c_ssl)) == 0) { ret = EXIT_FAILURE; - goto err; + goto end; } } @@ -1888,11 +1892,9 @@ #endif } - err: + end: SSL_free(s_ssl); SSL_free(c_ssl); - - end: SSL_CTX_free(s_ctx); SSL_CTX_free(s_ctx2); SSL_CTX_free(c_ctx); diff -Nru openssl-3.0.12/test/sslapitest.c openssl-3.0.13/test/sslapitest.c --- openssl-3.0.12/test/sslapitest.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/sslapitest.c 2024-01-30 13:28:16.000000000 +0000 @@ -10128,6 +10128,27 @@ } #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) + +static ENGINE *load_dasync(void) +{ + ENGINE *e; + + if (!TEST_ptr(e = ENGINE_by_id("dasync"))) + return NULL; + + if (!TEST_true(ENGINE_init(e))) { + ENGINE_free(e); + return NULL; + } + + if (!TEST_true(ENGINE_register_ciphers(e))) { + ENGINE_free(e); + return NULL; + } + + return e; +} + /* * Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not * support this yet. The only pipeline capable cipher that we have is in the @@ -10143,6 +10164,8 @@ * Test 4: Client has pipelining enabled, server does not: more data than all * the available pipelines can take * Test 5: Client has pipelining enabled, server does not: Maximum size pipeline + * Test 6: Repeat of test 0, but the engine is loaded late (after the SSL_CTX + * is created) */ static int test_pipelining(int idx) { @@ -10155,25 +10178,28 @@ size_t written, readbytes, offset, msglen, fragsize = 10, numpipes = 5; size_t expectedreads; unsigned char *buf = NULL; - ENGINE *e; - - if (!TEST_ptr(e = ENGINE_by_id("dasync"))) - return 0; + ENGINE *e = NULL; - if (!TEST_true(ENGINE_init(e))) { - ENGINE_free(e); - return 0; + if (idx != 6) { + e = load_dasync(); + if (e == NULL) + return 0; } - if (!TEST_true(ENGINE_register_ciphers(e))) - goto end; - if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(), 0, TLS1_2_VERSION, &sctx, &cctx, cert, privkey))) goto end; + if (idx == 6) { + e = load_dasync(); + if (e == NULL) + goto end; + /* Now act like test 0 */ + idx = 0; + } + if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL, NULL))) goto end; @@ -10309,9 +10335,11 @@ SSL_free(clientssl); SSL_CTX_free(sctx); SSL_CTX_free(cctx); - ENGINE_unregister_ciphers(e); - ENGINE_finish(e); - ENGINE_free(e); + if (e != NULL) { + ENGINE_unregister_ciphers(e); + ENGINE_finish(e); + ENGINE_free(e); + } OPENSSL_free(buf); if (fragsize == SSL3_RT_MAX_PLAIN_LENGTH) OPENSSL_free(msg); @@ -10415,365 +10443,6 @@ return testresult; } -#ifndef OPENSSL_NO_QUIC -static int test_quic_set_encryption_secrets(SSL *ssl, - OSSL_ENCRYPTION_LEVEL level, - const uint8_t *read_secret, - const uint8_t *write_secret, - size_t secret_len) -{ - test_printf_stderr("quic_set_encryption_secrets() %s, lvl=%d, len=%zd\n", - ssl->server ? "server" : "client", level, secret_len); - return 1; -} - -static int test_quic_add_handshake_data(SSL *ssl, OSSL_ENCRYPTION_LEVEL level, - const uint8_t *data, size_t len) -{ - SSL *peer = (SSL*)SSL_get_app_data(ssl); - - TEST_info("quic_add_handshake_data() %s, lvl=%d, *data=0x%02X, len=%zd\n", - ssl->server ? "server" : "client", level, (int)*data, len); - if (!TEST_ptr(peer)) - return 0; - - /* We're called with what is locally written; this gives it to the peer */ - if (!TEST_true(SSL_provide_quic_data(peer, level, data, len))) { - ERR_print_errors_fp(stderr); - return 0; - } - - return 1; -} - -static int test_quic_flush_flight(SSL *ssl) -{ - test_printf_stderr("quic_flush_flight() %s\n", ssl->server ? "server" : "client"); - return 1; -} - -static int test_quic_send_alert(SSL *ssl, enum ssl_encryption_level_t level, uint8_t alert) -{ - test_printf_stderr("quic_send_alert() %s, lvl=%d, alert=%d\n", - ssl->server ? "server" : "client", level, alert); - return 1; -} - -static SSL_QUIC_METHOD quic_method = { - test_quic_set_encryption_secrets, - test_quic_add_handshake_data, - test_quic_flush_flight, - test_quic_send_alert, -}; - -static int test_quic_api_set_versions(SSL *ssl, int ver) -{ - SSL_set_quic_transport_version(ssl, ver); - return 1; -} - -static int test_quic_api_version(int clnt, int srvr) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - - static const char *server_str = "SERVER"; - static const char *client_str = "CLIENT"; - const uint8_t *peer_str; - size_t peer_str_len; - - TEST_info("original clnt=0x%X, srvr=0x%X\n", clnt, srvr); - - if (!TEST_true(create_ssl_ctx_pair(libctx, - TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, 0, - &sctx, &cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) - || !TEST_true(SSL_CTX_set_quic_method(cctx, &quic_method)) - || !TEST_true(create_ssl_objects(sctx, cctx, &serverssl, - &clientssl, NULL, NULL)) - || !TEST_true(SSL_set_quic_transport_params(serverssl, - (unsigned char*)server_str, - strlen(server_str)+1)) - || !TEST_true(SSL_set_quic_transport_params(clientssl, - (unsigned char*)client_str, - strlen(client_str)+1)) - || !TEST_true(SSL_set_app_data(serverssl, clientssl)) - || !TEST_true(SSL_set_app_data(clientssl, serverssl)) - || !TEST_true(test_quic_api_set_versions(clientssl, clnt)) - || !TEST_true(test_quic_api_set_versions(serverssl, srvr)) - || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, - SSL_ERROR_NONE, 0)) - || !TEST_true(SSL_version(serverssl) == TLS1_3_VERSION) - || !TEST_true(SSL_version(clientssl) == TLS1_3_VERSION) - || !(TEST_int_eq(SSL_quic_read_level(clientssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_read_level(serverssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_write_level(clientssl), ssl_encryption_application)) - || !(TEST_int_eq(SSL_quic_write_level(serverssl), ssl_encryption_application))) - goto end; - - SSL_get_peer_quic_transport_params(serverssl, &peer_str, &peer_str_len); - if (!TEST_mem_eq(peer_str, peer_str_len, client_str, strlen(client_str)+1)) - goto end; - SSL_get_peer_quic_transport_params(clientssl, &peer_str, &peer_str_len); - if (!TEST_mem_eq(peer_str, peer_str_len, server_str, strlen(server_str)+1)) - goto end; - - /* Deal with two NewSessionTickets */ - if (!TEST_true(SSL_process_quic_post_handshake(clientssl))) - goto end; - - /* Dummy handshake call should succeed */ - if (!TEST_true(SSL_do_handshake(clientssl))) - goto end; - /* Test that we (correctly) fail to send KeyUpdate */ - if (!TEST_true(SSL_key_update(clientssl, SSL_KEY_UPDATE_NOT_REQUESTED)) - || !TEST_int_le(SSL_do_handshake(clientssl), 0)) - goto end; - if (!TEST_true(SSL_key_update(serverssl, SSL_KEY_UPDATE_NOT_REQUESTED)) - || !TEST_int_le(SSL_do_handshake(serverssl), 0)) - goto end; - - TEST_info("original clnt=0x%X, srvr=0x%X\n", clnt, srvr); - if (srvr == 0 && clnt == 0) - srvr = clnt = TLSEXT_TYPE_quic_transport_parameters; - else if (srvr == 0) - srvr = clnt; - else if (clnt == 0) - clnt = srvr; - TEST_info("expected clnt=0x%X, srvr=0x%X\n", clnt, srvr); - if (!TEST_int_eq(SSL_get_peer_quic_transport_version(serverssl), clnt)) - goto end; - if (!TEST_int_eq(SSL_get_peer_quic_transport_version(clientssl), srvr)) - goto end; - - testresult = 1; - - end: - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - - return testresult; -} - -static int test_quic_api(int tst) -{ - SSL_CTX *sctx = NULL; - SSL *serverssl = NULL; - int testresult = 0; - static int clnt_params[] = { 0, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters, - 0, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters, - 0, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters }; - static int srvr_params[] = { 0, - 0, - 0, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters_draft, - TLSEXT_TYPE_quic_transport_parameters, - TLSEXT_TYPE_quic_transport_parameters, - TLSEXT_TYPE_quic_transport_parameters }; - static int results[] = { 1, 1, 1, 1, 1, 0, 1, 0, 1 }; - - /* Failure cases: - * test 6/[5] clnt = parameters, srvr = draft - * test 8/[7] clnt = draft, srvr = parameters - */ - - /* Clean up logging space */ - memset(client_log_buffer, 0, sizeof(client_log_buffer)); - memset(server_log_buffer, 0, sizeof(server_log_buffer)); - client_log_buffer_index = 0; - server_log_buffer_index = 0; - error_writing_log = 0; - - if (!TEST_ptr(sctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())) - || !TEST_true(SSL_CTX_set_quic_method(sctx, &quic_method)) - || !TEST_ptr(sctx->quic_method) - || !TEST_ptr(serverssl = SSL_new(sctx)) - || !TEST_true(SSL_IS_QUIC(serverssl)) - || !TEST_true(SSL_set_quic_method(serverssl, NULL)) - || !TEST_false(SSL_IS_QUIC(serverssl)) - || !TEST_true(SSL_set_quic_method(serverssl, &quic_method)) - || !TEST_true(SSL_IS_QUIC(serverssl))) - goto end; - - if (!TEST_int_eq(test_quic_api_version(clnt_params[tst], srvr_params[tst]), results[tst])) - goto end; - - testresult = 1; - -end: - SSL_CTX_free(sctx); - sctx = NULL; - SSL_free(serverssl); - serverssl = NULL; - return testresult; -} - -# ifndef OSSL_NO_USABLE_TLS1_3 -/* - * Helper method to setup objects for QUIC early data test. Caller - * frees objects on error. - */ -static int quic_setupearly_data_test(SSL_CTX **cctx, SSL_CTX **sctx, - SSL **clientssl, SSL **serverssl, - SSL_SESSION **sess, int idx) -{ - static const char *server_str = "SERVER"; - static const char *client_str = "CLIENT"; - - if (*sctx == NULL - && (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(), - TLS_client_method(), - TLS1_3_VERSION, 0, - sctx, cctx, cert, privkey)) - || !TEST_true(SSL_CTX_set_quic_method(*sctx, &quic_method)) - || !TEST_true(SSL_CTX_set_quic_method(*cctx, &quic_method)) - || !TEST_true(SSL_CTX_set_max_early_data(*sctx, 0xffffffffu)))) - return 0; - - if (idx == 1) { - /* When idx == 1 we repeat the tests with read_ahead set */ - SSL_CTX_set_read_ahead(*cctx, 1); - SSL_CTX_set_read_ahead(*sctx, 1); - } else if (idx == 2) { - /* When idx == 2 we are doing early_data with a PSK. Set up callbacks */ - SSL_CTX_set_psk_use_session_callback(*cctx, use_session_cb); - SSL_CTX_set_psk_find_session_callback(*sctx, find_session_cb); - use_session_cb_cnt = 0; - find_session_cb_cnt = 0; - srvid = pskid; - } - - if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, clientssl, - NULL, NULL)) - || !TEST_true(SSL_set_quic_transport_params(*serverssl, - (unsigned char*)server_str, - strlen(server_str)+1)) - || !TEST_true(SSL_set_quic_transport_params(*clientssl, - (unsigned char*)client_str, - strlen(client_str)+1)) - || !TEST_true(SSL_set_app_data(*serverssl, *clientssl)) - || !TEST_true(SSL_set_app_data(*clientssl, *serverssl))) - return 0; - - /* - * For one of the run throughs (doesn't matter which one), we'll try sending - * some SNI data in the initial ClientHello. This will be ignored (because - * there is no SNI cb set up by the server), so it should not impact - * early_data. - */ - if (idx == 1 - && !TEST_true(SSL_set_tlsext_host_name(*clientssl, "localhost"))) - return 0; - - if (idx == 2) { - clientpsk = create_a_psk(*clientssl, SHA256_DIGEST_LENGTH); - if (!TEST_ptr(clientpsk) - || !TEST_true(SSL_SESSION_set_max_early_data(clientpsk, - 0xffffffffu)) - || !TEST_true(SSL_SESSION_up_ref(clientpsk))) { - SSL_SESSION_free(clientpsk); - clientpsk = NULL; - return 0; - } - serverpsk = clientpsk; - - if (sess != NULL) { - if (!TEST_true(SSL_SESSION_up_ref(clientpsk))) { - SSL_SESSION_free(clientpsk); - SSL_SESSION_free(serverpsk); - clientpsk = serverpsk = NULL; - return 0; - } - *sess = clientpsk; - } - - SSL_set_quic_early_data_enabled(*serverssl, 1); - SSL_set_quic_early_data_enabled(*clientssl, 1); - - return 1; - } - - if (sess == NULL) - return 1; - - if (!TEST_true(create_bare_ssl_connection(*serverssl, *clientssl, - SSL_ERROR_NONE, 0))) - return 0; - - /* Deal with two NewSessionTickets */ - if (!TEST_true(SSL_process_quic_post_handshake(*clientssl))) - return 0; - - *sess = SSL_get1_session(*clientssl); - SSL_shutdown(*clientssl); - SSL_shutdown(*serverssl); - SSL_free(*serverssl); - SSL_free(*clientssl); - *serverssl = *clientssl = NULL; - - if (!TEST_true(create_ssl_objects(*sctx, *cctx, serverssl, - clientssl, NULL, NULL)) - || !TEST_true(SSL_set_session(*clientssl, *sess)) - || !TEST_true(SSL_set_quic_transport_params(*serverssl, - (unsigned char*)server_str, - strlen(server_str)+1)) - || !TEST_true(SSL_set_quic_transport_params(*clientssl, - (unsigned char*)client_str, - strlen(client_str)+1)) - || !TEST_true(SSL_set_app_data(*serverssl, *clientssl)) - || !TEST_true(SSL_set_app_data(*clientssl, *serverssl))) - return 0; - - SSL_set_quic_early_data_enabled(*serverssl, 1); - SSL_set_quic_early_data_enabled(*clientssl, 1); - - return 1; -} - -static int test_quic_early_data(int tst) -{ - SSL_CTX *cctx = NULL, *sctx = NULL; - SSL *clientssl = NULL, *serverssl = NULL; - int testresult = 0; - SSL_SESSION *sess = NULL; - - if (!TEST_true(quic_setupearly_data_test(&cctx, &sctx, &clientssl, - &serverssl, &sess, tst))) - goto end; - - if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0)) - || !TEST_true(SSL_get_early_data_status(serverssl))) - goto end; - - testresult = 1; - - end: - SSL_SESSION_free(sess); - SSL_SESSION_free(clientpsk); - SSL_SESSION_free(serverpsk); - clientpsk = serverpsk = NULL; - SSL_free(serverssl); - SSL_free(clientssl); - SSL_CTX_free(sctx); - SSL_CTX_free(cctx); - return testresult; -} -# endif /* OSSL_NO_USABLE_TLS1_3 */ -#endif /* OPENSSL_NO_QUIC */ - OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n") int setup_tests(void) @@ -11043,15 +10712,9 @@ ADD_ALL_TESTS(test_serverinfo_custom, 4); #endif #if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE) - ADD_ALL_TESTS(test_pipelining, 6); + ADD_ALL_TESTS(test_pipelining, 7); #endif ADD_ALL_TESTS(test_handshake_retry, 16); -#ifndef OPENSSL_NO_QUIC - ADD_ALL_TESTS(test_quic_api, 9); -# ifndef OSSL_NO_USABLE_TLS1_3 - ADD_ALL_TESTS(test_quic_early_data, 3); -# endif -#endif return 1; err: diff -Nru openssl-3.0.12/test/sysdefault.cnf openssl-3.0.13/test/sysdefault.cnf --- openssl-3.0.12/test/sysdefault.cnf 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/sysdefault.cnf 2024-01-30 13:28:16.000000000 +0000 @@ -18,5 +18,6 @@ system_default = ssl_default_sect [ssl_default_sect] +SignatureAlgorithms = RSA+SHA256:nonex MaxProtocol = TLSv1.2 MinProtocol = TLSv1.2 diff -Nru openssl-3.0.12/test/test_asn1_parse.cnf openssl-3.0.13/test/test_asn1_parse.cnf --- openssl-3.0.12/test/test_asn1_parse.cnf 1970-01-01 00:00:00.000000000 +0000 +++ openssl-3.0.13/test/test_asn1_parse.cnf 2024-01-30 13:28:16.000000000 +0000 @@ -0,0 +1,12 @@ +openssl_conf = openssl_init + +# Comment out the next line to ignore configuration errors +config_diagnostics = 1 + +[openssl_init] +oid_section = oids + +[oids] +testoid1 = 1.2.3.4.1 +testoid2 = A Very Long OID Name, 1.2.3.4.2 +testoid3 = ,1.2.3.4.3 diff -Nru openssl-3.0.12/test/tls13secretstest.c openssl-3.0.13/test/tls13secretstest.c --- openssl-3.0.12/test/tls13secretstest.c 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/test/tls13secretstest.c 2024-01-30 13:28:16.000000000 +0000 @@ -224,13 +224,6 @@ { } -#ifndef OPENSSL_NO_QUIC -int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level) -{ - return 1; -} -#endif - /* End of mocked out code */ static int test_secret(SSL *s, unsigned char *prk, diff -Nru openssl-3.0.12/util/libssl.num openssl-3.0.13/util/libssl.num --- openssl-3.0.12/util/libssl.num 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/util/libssl.num 2024-01-30 13:28:16.000000000 +0000 @@ -520,19 +520,3 @@ SSL_set0_tmp_dh_pkey 521 3_0_0 EXIST::FUNCTION: SSL_CTX_set0_tmp_dh_pkey 522 3_0_0 EXIST::FUNCTION: SSL_group_to_name 523 3_0_0 EXIST::FUNCTION: -SSL_quic_read_level 20000 3_0_0 EXIST::FUNCTION:QUIC -SSL_set_quic_transport_params 20001 3_0_0 EXIST::FUNCTION:QUIC -SSL_CIPHER_get_prf_nid 20002 3_0_0 EXIST::FUNCTION:QUIC -SSL_is_quic 20003 3_0_0 EXIST::FUNCTION:QUIC -SSL_get_peer_quic_transport_params 20004 3_0_0 EXIST::FUNCTION:QUIC -SSL_quic_write_level 20005 3_0_0 EXIST::FUNCTION:QUIC -SSL_CTX_set_quic_method 20006 3_0_0 EXIST::FUNCTION:QUIC -SSL_set_quic_method 20007 3_0_0 EXIST::FUNCTION:QUIC -SSL_quic_max_handshake_flight_len 20008 3_0_0 EXIST::FUNCTION:QUIC -SSL_process_quic_post_handshake 20009 3_0_0 EXIST::FUNCTION:QUIC -SSL_provide_quic_data 20010 3_0_0 EXIST::FUNCTION:QUIC -SSL_set_quic_use_legacy_codepoint 20011 3_0_0 EXIST::FUNCTION:QUIC -SSL_set_quic_transport_version 20012 3_0_0 EXIST::FUNCTION:QUIC -SSL_get_peer_quic_transport_version 20013 3_0_0 EXIST::FUNCTION:QUIC -SSL_get_quic_transport_version 20014 3_0_0 EXIST::FUNCTION:QUIC -SSL_set_quic_early_data_enabled 20015 3_0_0 EXIST::FUNCTION:QUIC diff -Nru openssl-3.0.12/util/missingcrypto.txt openssl-3.0.13/util/missingcrypto.txt --- openssl-3.0.12/util/missingcrypto.txt 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/util/missingcrypto.txt 2024-01-30 13:28:16.000000000 +0000 @@ -331,27 +331,7 @@ CMS_is_detached(3) CMS_set1_signers_certs(3) CMS_set_detached(3) -CMS_signed_add1_attr(3) -CMS_signed_add1_attr_by_NID(3) -CMS_signed_add1_attr_by_OBJ(3) -CMS_signed_add1_attr_by_txt(3) -CMS_signed_delete_attr(3) -CMS_signed_get0_data_by_OBJ(3) -CMS_signed_get_attr(3) -CMS_signed_get_attr_by_NID(3) -CMS_signed_get_attr_by_OBJ(3) -CMS_signed_get_attr_count(3) CMS_stream(3) -CMS_unsigned_add1_attr(3) -CMS_unsigned_add1_attr_by_NID(3) -CMS_unsigned_add1_attr_by_OBJ(3) -CMS_unsigned_add1_attr_by_txt(3) -CMS_unsigned_delete_attr(3) -CMS_unsigned_get0_data_by_OBJ(3) -CMS_unsigned_get_attr(3) -CMS_unsigned_get_attr_by_NID(3) -CMS_unsigned_get_attr_by_OBJ(3) -CMS_unsigned_get_attr_count(3) COMP_CTX_free(3) COMP_CTX_get_method(3) COMP_CTX_get_type(3) @@ -605,18 +585,9 @@ EVP_PKEY_CTX_set0_keygen_info(3) EVP_PKEY_CTX_set_data(3) EVP_PKEY_CTX_str2ctrl(3) -EVP_PKEY_add1_attr(3) -EVP_PKEY_add1_attr_by_NID(3) -EVP_PKEY_add1_attr_by_OBJ(3) -EVP_PKEY_add1_attr_by_txt(3) EVP_PKEY_assign(3) EVP_PKEY_decrypt_old(3) -EVP_PKEY_delete_attr(3) EVP_PKEY_encrypt_old(3) -EVP_PKEY_get_attr(3) -EVP_PKEY_get_attr_by_NID(3) -EVP_PKEY_get_attr_by_OBJ(3) -EVP_PKEY_get_attr_count(3) EVP_PKEY_save_parameters(3) EVP_add_alg_module(3) EVP_add_cipher(3) @@ -763,9 +734,6 @@ OCSP_url_svcloc_new(3) OPENSSL_DIR_end(3) OPENSSL_DIR_read(3) -OPENSSL_LH_get_down_load(3) -OPENSSL_LH_num_items(3) -OPENSSL_LH_set_down_load(3) OPENSSL_LH_strhash(3) OPENSSL_asc2uni(3) OPENSSL_die(3) @@ -1132,17 +1100,7 @@ X509V3_set_nconf(3) X509V3_string_free(3) X509_ALGORS_it(3) -X509_ATTRIBUTE_count(3) -X509_ATTRIBUTE_create(3) -X509_ATTRIBUTE_create_by_NID(3) -X509_ATTRIBUTE_create_by_OBJ(3) -X509_ATTRIBUTE_create_by_txt(3) -X509_ATTRIBUTE_get0_data(3) -X509_ATTRIBUTE_get0_object(3) -X509_ATTRIBUTE_get0_type(3) X509_ATTRIBUTE_it(3) -X509_ATTRIBUTE_set1_data(3) -X509_ATTRIBUTE_set1_object(3) X509_CERT_AUX_it(3) X509_CINF_it(3) X509_CRL_INFO_it(3) @@ -1198,17 +1156,10 @@ X509_REQ_add1_attr_by_NID(3) X509_REQ_add1_attr_by_OBJ(3) X509_REQ_add1_attr_by_txt(3) -X509_REQ_add_extensions(3) -X509_REQ_add_extensions_nid(3) X509_REQ_delete_attr(3) X509_REQ_extension_nid(3) X509_REQ_get1_email(3) -X509_REQ_get_attr(3) -X509_REQ_get_attr_by_NID(3) -X509_REQ_get_attr_by_OBJ(3) -X509_REQ_get_attr_count(3) X509_REQ_get_extension_nids(3) -X509_REQ_get_extensions(3) X509_REQ_it(3) X509_REQ_print(3) X509_REQ_print_ex(3) @@ -1311,16 +1262,6 @@ X509_to_X509_REQ(3) X509_trust_clear(3) X509_trusted(3) -X509at_add1_attr(3) -X509at_add1_attr_by_NID(3) -X509at_add1_attr_by_OBJ(3) -X509at_add1_attr_by_txt(3) -X509at_delete_attr(3) -X509at_get0_data_by_OBJ(3) -X509at_get_attr(3) -X509at_get_attr_by_NID(3) -X509at_get_attr_by_OBJ(3) -X509at_get_attr_count(3) X509v3_addr_add_inherit(3) X509v3_addr_add_prefix(3) X509v3_addr_add_range(3) diff -Nru openssl-3.0.12/util/other.syms openssl-3.0.13/util/other.syms --- openssl-3.0.12/util/other.syms 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/util/other.syms 2024-01-30 13:28:16.000000000 +0000 @@ -113,6 +113,7 @@ UI_STRING datatype UI_string_types datatype UI_string_types datatype +X509_ATTRIBUTE datatype X509_STORE_CTX_cert_crl_fn datatype X509_STORE_CTX_check_crl_fn datatype X509_STORE_CTX_check_issued_fn datatype @@ -142,8 +143,6 @@ custom_ext_parse_cb datatype pem_password_cb datatype ssl_ct_validation_cb datatype -OSSL_ENCRYPTION_LEVEL datatype -SSL_QUIC_METHOD datatype # ASN1_BIT_STRING_digest define BIO_append_filename define diff -Nru openssl-3.0.12/util/perl/OpenSSL/config.pm openssl-3.0.13/util/perl/OpenSSL/config.pm --- openssl-3.0.12/util/perl/OpenSSL/config.pm 2023-10-24 23:15:07.000000000 +0000 +++ openssl-3.0.13/util/perl/OpenSSL/config.pm 2024-01-30 13:28:16.000000000 +0000 @@ -82,7 +82,7 @@ [ 'HP-UX:.*', sub { my $HPUXVER = $RELEASE; - $HPUXVER = s/[^.]*.[0B]*//; + $HPUXVER =~ s/[^.]*.[0B]*//; # HPUX 10 and 11 targets are unified return "${MACHINE}-hp-hpux1x" if $HPUXVER =~ m@1[0-9]@; return "${MACHINE}-hp-hpux"; @@ -321,6 +321,7 @@ # If we got a version number, process it if ($v) { + $v =~ s/[^.]*.0*// if $SYSTEM eq 'HP-UX'; $CCVENDOR = $k; # The returned version is expected to be one of @@ -358,8 +359,15 @@ # However, other letters have been seen as well (for example X), # and it's documented that HP (now VSI) reserve the letter W, X, # Y and Z for their own uses. - my ($vendor, $version) = - ( $v =~ m/^([A-Z]+) C [VWXYZ]([0-9\.-]+)(:? +\(.*?\))? on / ); + my ($vendor, $arch, $version, $extra) = + ( $v =~ m/^ + ([A-Z]+) # Usually VSI + \s+ C + (?:\s+(.*?))? # Possible build arch + \s+ [VWXYZ]([0-9\.-]+) # Version + (?:\s+\((.*?)\))? # Possible extra data + \s+ on + /x ); my ($major, $minor, $patch) = ( $version =~ m/^([0-9]+)\.([0-9]+)-0*?(0|[1-9][0-9]*)$/ ); $CC = 'CC';